diff --git a/cfn/provisioning-node-nodc.cft.yaml b/cfn/provisioning-node-nodc.cft.yaml index 2daf5a1..fc624a9 100644 --- a/cfn/provisioning-node-nodc.cft.yaml +++ b/cfn/provisioning-node-nodc.cft.yaml @@ -336,7 +336,13 @@ Resources: bkt_pfx="$s3bkt/$s3pfx" req_ver="${QClusterVersion}" - #Functions are getqq, ssmput, ssmget, getsecret, stackprotect, ec2protect, vercomp, cmkmodpolicy, tagvols + if [ $(curl -sI -w "%{http_code}\\n" "s3.$region.amazonaws.com" -o /dev/null --connect-timeout 3 --max-time 5) == "405" ]; then + echo "S3 Reachable" + else + echo "S3 Unreachable, Inet access or VPC S3 gateway and VPC endpoints required." + exit 1 + fi + if [[ -e "functions-v2.sh" ]]; then echo "functions-v2 exist" else diff --git a/cfn/qadd-sg-cidrs.cft.yaml b/cfn/qadd-sg-cidrs.cft.yaml new file mode 100644 index 0000000..b396341 --- /dev/null +++ b/cfn/qadd-sg-cidrs.cft.yaml @@ -0,0 +1,384 @@ +AWSTemplateFormatVersion: "2010-09-09" + +# MIT License +# +# Copyright (c) 2021 Qumulo, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +Parameters: + QSgId: + Type: String + QSgCidr2: + Type: String + QSgCidr3: + Type: String + QSgCidr4: + Type: String + +Conditions: + ProvSg2: !Not + - !Equals + - !Ref QSgCidr2 + - "" + + ProvSg3: !Not + - !Equals + - !Ref QSgCidr3 + - "" + + ProvSg4: !Not + - !Equals + - !Ref QSgCidr4 + - "" + +Resources: + QumuloSgCIDR2Port21: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for FTP' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 21 + ToPort: 21 + QumuloSgCIDR2Port22: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for SSH' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 22 + ToPort: 22 + QumuloSgCIDR2Port80: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for HTTP' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 80 + ToPort: 80 + QumuloSgCIDR2Port111U: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'UDP ports for SUNRPC' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: udp + FromPort: 111 + ToPort: 111 + QumuloSgCIDR2Port111T: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for SUNRPC' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 111 + ToPort: 111 + QumuloSgCIDR2Port443: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for HTTPS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 443 + ToPort: 443 + QumuloSgCIDR2Port445: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for SMB' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 445 + ToPort: 445 + QumuloSgCIDR2Port2049U: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'UDP ports for NFS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: udp + FromPort: 2049 + ToPort: 2049 + QumuloSgCIDR2Port2049T: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for NFS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 2049 + ToPort: 2049 + QumuloSgCIDR2Port3712: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for Replication' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 3712 + ToPort: 3713 + QumuloSgCIDR2Port8000: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg2 + Properties: + Description: 'TCP ports for REST' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr2 + IpProtocol: tcp + FromPort: 8000 + ToPort: 8000 + + QumuloSgCIDR3Port21: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for FTP' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 21 + ToPort: 21 + QumuloSgCIDR3Port22: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for SSH' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 22 + ToPort: 22 + QumuloSgCIDR3Port80: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for HTTP' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 80 + ToPort: 80 + QumuloSgCIDR3Port111U: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'UDP ports for SUNRPC' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: udp + FromPort: 111 + ToPort: 111 + QumuloSgCIDR3Port111T: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for SUNRPC' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 111 + ToPort: 111 + QumuloSgCIDR3Port443: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for HTTPS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 443 + ToPort: 443 + QumuloSgCIDR3Port445: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for SMB' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 445 + ToPort: 445 + QumuloSgCIDR3Port2049U: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'UDP ports for NFS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: udp + FromPort: 2049 + ToPort: 2049 + QumuloSgCIDR3Port2049T: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for NFS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 2049 + ToPort: 2049 + QumuloSgCIDR3Port3712: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for Replication' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 3712 + ToPort: 3713 + QumuloSgCIDR3Port8000: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg3 + Properties: + Description: 'TCP ports for REST' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr3 + IpProtocol: tcp + FromPort: 8000 + ToPort: 8000 + + QumuloSgCIDR4Port21: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for FTP' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 21 + ToPort: 21 + QumuloSgCIDR4Port22: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for SSH' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 22 + ToPort: 22 + QumuloSgCIDR4Port80: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for HTTP' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 80 + ToPort: 80 + QumuloSgCIDR4Port111U: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'UDP ports for SUNRPC' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: udp + FromPort: 111 + ToPort: 111 + QumuloSgCIDR4Port111T: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for SUNRPC' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 111 + ToPort: 111 + QumuloSgCIDR4Port443: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for HTTPS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 443 + ToPort: 443 + QumuloSgCIDR4Port445: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for SMB' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 445 + ToPort: 445 + QumuloSgCIDR4Port2049U: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'UDP ports for NFS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: udp + FromPort: 2049 + ToPort: 2049 + QumuloSgCIDR4Port2049T: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for NFS' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 2049 + ToPort: 2049 + QumuloSgCIDR4Port3712: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for Replication' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 3712 + ToPort: 3713 + QumuloSgCIDR4Port8000: + Type: 'AWS::EC2::SecurityGroupIngress' + Condition: ProvSg4 + Properties: + Description: 'TCP ports for REST' + GroupId: !Ref QSgId + CidrIp: !Ref QSgCidr4 + IpProtocol: tcp + FromPort: 8000 + ToPort: 8000 + \ No newline at end of file diff --git a/cfn/r53-private-zone.cft.yaml b/cfn/r53-private-zone.cft.yaml index 297e09e..edf7e84 100644 --- a/cfn/r53-private-zone.cft.yaml +++ b/cfn/r53-private-zone.cft.yaml @@ -130,6 +130,11 @@ Mappings: Conditions: + ProvRecordName: !Not + - !Equals + - !Ref RecordName + - "" + Ripple: !Equals ["A", "A"] Provision5: !Or [!Equals [!FindInMap [FloatMap, !Ref NumNodes, !Ref NumIPs], "5"], Condition: Provision6] @@ -227,798 +232,797 @@ Resources: - " - Hosted Private Zone" RoundRobinGroup: Type: AWS::Route53::RecordSetGroup - DependsOn: DNSZone Properties: Comment: "A Records for DNS RR to Qumulo Cluster Frontend" HostedZoneId: !Ref DNSZone RecordSets: - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [0, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 1" Type: A TTL: "0" - Weight: "0" - - Name: !Sub "${RecordName}.${FQDName}" + Weight: 0 + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [1, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 2" Type: A TTL: "0" - Weight: "0" - - Name: !Sub "${RecordName}.${FQDName}" + Weight: 0 + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [2, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 3" Type: A TTL: "0" - Weight: "0" - - Name: !Sub "${RecordName}.${FQDName}" + Weight: 0 + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [3, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 4" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !If - Provision5 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [4, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 5" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision6 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [5, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 6" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision7 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [6, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 7" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision8 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [7, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 8" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision9 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [8, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 9" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision10 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [9, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 10" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision11 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [10, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 11" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision12 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [11, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 12" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision13 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [12, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 13" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision14 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [13, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 14" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision15 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [14, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 15" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision16 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [15, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 16" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision17 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [16, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 17" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision18 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [17, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 18" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision19 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [18, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 19" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision20 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [19, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 20" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision21 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [20, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 21" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision22 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [21, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 22" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision23 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [22, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 23" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision24 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [23, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 24" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision25 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [24, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 25" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision26 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [25, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 26" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision27 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [26, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 27" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision28 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [27, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 28" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision29 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [28, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 29" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision30 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [29, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 30" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision31 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [30, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 31" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision32 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [31, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 32" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision33 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [32, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 33" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision34 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [33, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 34" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision35 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [34, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 35" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision36 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [35, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 36" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision37 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [36, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 37" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision38 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [37, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 38" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision39 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [38, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 39" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision40 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [39, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 40" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision41 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [40, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 41" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision42 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [41, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 42" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision43 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [42, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 43" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision44 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [43, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 44" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision45 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [44, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 45" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision46 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [45, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 46" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision47 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [46, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 47" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision48 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [47, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 48" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision49 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [48, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 49" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision50 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [49, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 50" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision51 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [50, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 51" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision52 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [51, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 52" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision53 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [52, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 53" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision54 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [53, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 54" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision55 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [54, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 55" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision56 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [55, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 56" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision57 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [56, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 57" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision58 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [57, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 58" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision59 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [58, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 59" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision60 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [59, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 60" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision61 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [60, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 61" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision62 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [61, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 62" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision63 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [62, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 63" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision64 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [63, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 64" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision65 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [64, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 65" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision66 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [65, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 66" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision67 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [66, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 67" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision68 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [67, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 68" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision69 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [68, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 69" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision70 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [69, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 70" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision71 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [70, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 71" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision72 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [71, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 72" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision73 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [72, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 73" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision74 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [73, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 74" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision75 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [74, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 75" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision76 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [75, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 76" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision77 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [76, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 77" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision78 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [77, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 78" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision79 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [78, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 79" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue - !If - Provision80 - - Name: !Sub "${RecordName}.${FQDName}" + - Name: !If [ProvRecordName, !Sub "${RecordName}.${FQDName}", !Ref FQDName] ResourceRecords: - !Select [79, !Split [", ", !Ref FloatIPs]] SetIdentifier: "Qumulo FIP 80" Type: A TTL: "0" - Weight: "0" + Weight: 0 - !Ref AWS::NoValue diff --git a/docs/aws-sa-waf-cluster.pdf b/docs/aws-sa-waf-cluster.pdf index 314bed8..cdb881b 100644 Binary files a/docs/aws-sa-waf-cluster.pdf and b/docs/aws-sa-waf-cluster.pdf differ diff --git a/qcluster-existingVPC.cft.yaml b/qcluster-existingVPC.cft.yaml index 46577fc..c650a76 100644 --- a/qcluster-existingVPC.cft.yaml +++ b/qcluster-existingVPC.cft.yaml @@ -28,7 +28,7 @@ Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: - default: AWS Template Configuration - aws-sa-waf-cluster version 3.6 + default: AWS Template Configuration - aws-sa-waf-cluster version 3.7 Parameters: - S3BucketName - S3KeyPrefix @@ -40,7 +40,10 @@ Metadata: default: AWS Network Configuration Parameters: - VPCId - - QSgCidr + - QSgCidr1 + - QSgCidr2 + - QSgCidr3 + - QSgCidr4 - PrivateSubnetID - QClusterLocalZone - SideCarPrivateSubnetID @@ -73,8 +76,6 @@ Metadata: default: Qumulo EBS Monitoring/Replacement & CloudWatch Metrics Configuration Parameters: - SideCarProv - - SideCarUsername - - SideCarPassword - SideCarVersion - SideCarSNSTopic @@ -95,8 +96,14 @@ Metadata: default: "AWS Private Subnet ID" PublicSubnetID: default: "AWS Public Subnet ID" - QSgCidr: - default: "Qumulo Security Group " + QSgCidr1: + default: "Qumulo Security Group CIDR #1 " + QSgCidr2: + default: "OPTIONAL: Qumulo Security Group CIDR #2 " + QSgCidr3: + default: "OPTIONAL: Qumulo Security Group CIDR #3 " + QSgCidr4: + default: "OPTIONAL: Qumulo Security Group CIDR #4 " QPublicMgmt: default: "OPTIONAL: Provision Public IP for Qumulo Management" QPublicRepl: @@ -130,7 +137,7 @@ Metadata: QPermissionsBoundary: default: "OPTIONAL: AWS Permissions Boundary Policy Name" QInstanceRecoveryTopic: - default: "OPTIONAL: Qumulo Instance Recovery Topic" + default: "OPTIONAL: Qumulo EC2 Instance Recovery Topic" QAuditLog: default: "OPTIONAL: Send Qumulo Audit Log messages to CloudWatch Logs? " TermProtection: @@ -143,12 +150,8 @@ Metadata: default: "Qumulo Sidecar Lambdas Private Subnet ID" SideCarVersion: default: "Qumulo Sidecar Software Version " - SideCarUsername: - default: "Qumulo Sidecar Username " - SideCarPassword: - default: "Qumulo Sidecar Password " SideCarSNSTopic: - default: "OPTIONAL: Qumulo Sidecar SNS Topic " + default: "OPTIONAL: Qumulo EBS Volume Recovery SNS Topic " Parameters: @@ -223,12 +226,11 @@ Parameters: Description: AWS Private Subnet in the VPC. DomainName: - Description: "IF NONE.local, R53 config will be skipped. Private R53 DNS Fully Qualified Domain Name. The .local domain is one way to provide public query resolution for overlapping names: qumulo.com vs qumulo.local" - AllowedPattern: '[a-zA-Z0-9-]+\..+' + Description: "IF blank, R53 config will be skipped. If populated a Private R53 DNS Fully Qualified Domain Name will be created. The .local suffix is one way to private DNS query resolution for the Qumulo cluster: e.g. qumulo.companyname.local" + AllowedPattern: '^$|^([a-zA-Z0-9-]+\..+)$' MaxLength: '255' - MinLength: '2' Type: String - Default: "NONE.local" + Default: "" QDr: AllowedValues: @@ -239,9 +241,9 @@ Parameters: Default: "NO" QFloatRecordName: - Description: ONLY APPLICABLE if a domain name was provided above. Record Name for R53 Private Hosted Zone Qumulo Cluster floating IPs. + Description: "ONLY APPLICABLE if a domain name was provided above. Record Name for R53 Private Hosted Zone Qumulo Cluster floating IPs. This will add a prefix to the example FQDN above: e.g. cluster1.qumulo.mycompanyname.local" Type: String - Default: qumulo + Default: "" QNodeCount: Description: "Total number of EC2 instances, or Qumulo Nodes, in the Qumulo Cluster: (4-10). NOTE: This field may be used to add nodes with a CloudFormation Stack Update after initial provisioning." @@ -345,7 +347,7 @@ Parameters: MaxLength: 11 MinLength: 5 Type: String - Default: "4.2.3" + Default: "4.2.4" QClusterAdminPwd: AllowedPattern: "^(?=.*[a-z])(?=.*[A-Z])(?=.*[@$!%*?&\\-_])[A-Za-z\\d@$!%*?&\\-_]{8,}$" @@ -387,11 +389,29 @@ Parameters: Type: String Default: "" - QSgCidr: + QSgCidr1: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" - Description: An IPv4 CIDR block for specifying the generated security group's allowed addresses for inbound traffic. Set to the VPC CIDR. + Description: An IPv4 CIDR block for specifying the generated security group's allowed addresses for inbound traffic. Typically set to the VPC CIDR. + Type: String + Default: "10.0.0.0/16" + + QSgCidr2: + AllowedPattern: "^$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" + Description: An IPv4 CIDR block for specifying the generated security group's allowed addresses for inbound traffic. Type: String - Default: "172.31.0.0/16" + Default: "" + + QSgCidr3: + AllowedPattern: "^$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" + Description: An IPv4 CIDR block for specifying the generated security group's allowed addresses for inbound traffic. + Type: String + Default: "" + + QSgCidr4: + AllowedPattern: "^$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(3[0-2]|[1-2][0-9]|[0-9]))$" + Description: An IPv4 CIDR block for specifying the generated security group's allowed addresses for inbound traffic. + Type: String + Default: "" TermProtection: Description: Enable Termination Protection for EC2 instances and the CloudFormation stack @@ -436,19 +456,7 @@ Parameters: MaxLength: 11 MinLength: 5 Type: String - Default: "4.2.3" - - SideCarUsername: - Type: String - Default: SideCarUser - - SideCarPassword: - AllowedPattern: "^(?=.*[a-z])(?=.*[A-Z])(?=.*[@$!%*?&\\-_])[A-Za-z\\d@$!%*?&\\-_]{8,}$" - Description: "Minumum 8 characters and must include one each of: uppercase, lowercase, and a special character. This field must be filled in regardless of the Sidecar provisioning option above." - MaxLength: 128 - MinLength: 8 - Type: String - NoEcho: "true" + Default: "4.2.4" SideCarSNSTopic: Description: Optionally enter an SNS topic ARN that lambda errors and successful disk replacements will be published to. @@ -456,10 +464,28 @@ Parameters: Default: "" Conditions: + + ProvSg2: !Not + - !Equals + - !Ref QSgCidr2 + - "" + + ProvSg3: !Not + - !Equals + - !Ref QSgCidr3 + - "" + + ProvSg4: !Not + - !Equals + - !Ref QSgCidr4 + - "" + + AddQSgCidr: !Or [Condition: ProvSg2, Condition: ProvSg3, Condition: ProvSg4] + ProvR53: !Not - !Equals - !Ref DomainName - - "NONE.local" + - "" ProvSideCar: !Equals - !Ref SideCarProv @@ -669,8 +695,8 @@ Resources: Type: "AWS::CloudFormation::Stack" Properties: Parameters: - SideCarUsername: !If [ProvSideCar, !Ref SideCarUsername, ""] - SideCarPassword: !If [ProvSideCar, !Ref SideCarPassword, ""] + SideCarUsername: !If [ProvSideCar, "SideCarUser", ""] + SideCarPassword: !If [ProvSideCar, !Ref QClusterAdminPwd, ""] ClusterAdminPwd: !Ref QClusterAdminPwd TemplateURL: !Sub "https://${S3BucketName}.s3.${AWS::URLSuffix}/${S3KeyPrefix}cfn/store-secrets.cft.yaml" TimeoutInMinutes: 150 @@ -686,7 +712,6 @@ Resources: QSTACK: Type: 'AWS::CloudFormation::Stack' - DependsOn: QIAMSTACK Properties: Parameters: ClusterName: !Ref QClusterName @@ -696,7 +721,7 @@ Resources: InstanceRecoveryTopic: !Ref QInstanceRecoveryTopic InstanceType: !Ref QInstanceType KeyName: !Ref KeyPair - SgCidr: !Ref QSgCidr + SgCidr: !Ref QSgCidr1 SubnetId: !Ref PrivateSubnetID VolumesEncryptionKey: !Ref VolumesEncryptionKey VpcId: !Ref VPCId @@ -712,24 +737,34 @@ Resources: - "-SA.cft.json" TimeoutInMinutes: 150 + QADDCIDRSTACK: + Type: 'AWS::CloudFormation::Stack' + Condition: AddQSgCidr + Properties: + Parameters: + QSgId: !GetAtt QSTACK.Outputs.ClusterSGID + QSgCidr2: !Ref QSgCidr2 + QSgCidr3: !Ref QSgCidr3 + QSgCidr4: !Ref QSgCidr4 + TemplateURL: !Sub "https://${S3BucketName}.s3.${AWS::URLSuffix}/${S3KeyPrefix}cfn/qadd-sg-cidrs.cft.yaml" + TimeoutInMinutes: 150 + QSIDECARSTACK: Type: 'AWS::CloudFormation::Stack' - DependsOn: QSTACK Condition: ProvSideCar Properties: Parameters: SecurityGroup: !GetAtt QSTACK.Outputs.ClusterSGID SNSTopic: !Ref SideCarSNSTopic Subnet: !If [LocalAZ, !Ref SideCarPrivateSubnetID, !Ref PrivateSubnetID] - Username: !Ref SideCarUsername - Password: !Ref SideCarPassword + Username: "SideCarUser" + Password: !Ref QClusterAdminPwd Hosts: !GetAtt QSTACK.Outputs.ClusterPrivateIPs TemplateURL: !Sub "https://qumulo-sidecar-us-east-1.s3.amazonaws.com/${SideCarVersion}/sidecar_cft.json" TimeoutInMinutes: 150 PROVISIONINGSTACK: Type: 'AWS::CloudFormation::Stack' - DependsOn: QSTACK Properties: Parameters: SideCarProv: !Ref SideCarProv @@ -738,7 +773,7 @@ Resources: KeyName: !Ref KeyPair Region: !Ref AWS::Region PrivateSubnetId: !Ref PrivateSubnetID - PrivateSubnetCidr: !Ref QSgCidr + PrivateSubnetCidr: !Ref QSgCidr1 Node1IP: !Select [0, !Split [", ", !GetAtt QSTACK.Outputs.ClusterPrivateIPs]] NodeIPs: !GetAtt QSTACK.Outputs.ClusterPrivateIPs FloatIPs: !GetAtt QSTACK.Outputs.ClusterSecondaryPrivateIPs @@ -762,7 +797,6 @@ Resources: CLOUDWATCHSTACK: Type: 'AWS::CloudFormation::Stack' - DependsOn: QSTACK Properties: Parameters: QClusterName: !Ref QClusterName @@ -776,7 +810,6 @@ Resources: MGMTNLBSTACK: Type: 'AWS::CloudFormation::Stack' - DependsOn: QSTACK Condition: ProvMgmt Properties: Parameters: @@ -790,7 +823,6 @@ Resources: DNSSTACK: Type: 'AWS::CloudFormation::Stack' - DependsOn: QSTACK Condition: ProvR53 Properties: Parameters: