From 6e986888c5d6a831264f2b98afb705850f5cc957 Mon Sep 17 00:00:00 2001 From: Tony Vattathil Date: Wed, 17 Apr 2019 20:45:15 -0700 Subject: [PATCH] Merge Prototype to development branch (#2) Prototype seednode1 - Add linux utilities - Add cfn-hup - Add stub for deploy-script - Add VPC `submodule` --- .gitmodules | 4 + ci/datastax-ddac-input.json | 26 + ci/{config.yml => taskcat.yaml} | 11 +- scripts/deploy.tar | Bin 0 -> 4608 bytes scripts/scripts_userdata.sh | 1 - submodules/quickstart-aws-vpc | 1 + .../templates/aws-vpc.template | 4146 ----------------- templates/datacenter.template | 326 -- .../datastax-ddac-clusternode.template.yaml | 254 + templates/datastax-ddac-master.template.yaml | 173 + templates/ddac.template | 294 -- templates/noderegister.yaml.template | 361 ++ templates/quickstart-datastax-no-vpc.template | 740 --- templates/quickstart-ddac-master.template | 392 -- 14 files changed, 824 insertions(+), 5905 deletions(-) create mode 100644 .gitmodules create mode 100644 ci/datastax-ddac-input.json rename ci/{config.yml => taskcat.yaml} (54%) create mode 100644 scripts/deploy.tar delete mode 100644 scripts/scripts_userdata.sh create mode 160000 submodules/quickstart-aws-vpc delete mode 100644 submodules/quickstart-aws-vpc/templates/aws-vpc.template delete mode 100644 templates/datacenter.template create mode 100644 templates/datastax-ddac-clusternode.template.yaml create mode 100644 templates/datastax-ddac-master.template.yaml delete mode 100644 templates/ddac.template create mode 100644 templates/noderegister.yaml.template delete mode 100644 templates/quickstart-datastax-no-vpc.template delete mode 100644 templates/quickstart-ddac-master.template diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..05784ac --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "submodules/quickstart-aws-vpc"] + path = submodules/quickstart-aws-vpc + url = https://github.com/aws-quickstart/quickstart-aws-vpc.git + branch = master diff --git a/ci/datastax-ddac-input.json b/ci/datastax-ddac-input.json new file mode 100644 index 0000000..655f0af --- /dev/null +++ b/ci/datastax-ddac-input.json @@ -0,0 +1,26 @@ +[ + { + "ParameterKey": "AvailabilityZones", + "ParameterValue": "$[taskcat_getaz_2]" + }, + { + "ParameterKey": "EmailAddress", + "ParameterValue": "tonynv@amazon.com" + }, + { + "ParameterKey": "KeyPairName", + "ParameterValue": "tonynv" + }, + { + "ParameterKey": "RemoteAccessCIDR", + "ParameterValue": "0.0.0.0/0" + }, + { + "ParameterKey": "QSS3KeyPrefix", + "ParameterValue": "quickstart-datastax-ddac/" + }, + { + "ParameterKey": "QSS3BucketName", + "ParameterValue": "$[taskcat_autobucket]" + } +] diff --git a/ci/config.yml b/ci/taskcat.yaml similarity index 54% rename from ci/config.yml rename to ci/taskcat.yaml index b37c600..04e524b 100644 --- a/ci/config.yml +++ b/ci/taskcat.yaml @@ -19,9 +19,8 @@ global: reporting: true tests: - quickstart-datastax-ddact1: - parameter_input: quickstart-datastax-ddac-example-params1.json - template_file: quickstart-datastax-ddac-example1.template - quickstart-datastax-ddact2: - parameter_input: quickstart-datastax-ddac-example-params2.json - template_file: quickstart-datastax-ddac-example2.template + datastax-ddac: + parameter_input: datastax-ddac-input.json + template_file: datastax-ddac-master.template.yaml + regions: + - us-east-1 diff --git a/scripts/deploy.tar b/scripts/deploy.tar new file mode 100644 index 0000000000000000000000000000000000000000..e09d5e2dd32746dd4388bea15591a14ea0842e7d GIT binary patch literal 4608 zcmeH~&2G~`5XX(U`6*VtG=D%DOx6uFw00xmornYV*e{B*q<5D3i zGNBo81qvc|Gr(SYDYu()zK#IOBHV`S-t>bV&8;xXR2h5l{~kGzTlOi>Qf{3Flm=`} zo^9n3ilejAU@U>H%6#Qhj?^Or>Q%x8D0D*DYIbpOcD_F=0ku^eRIDt!n7(@X?)CZf z{aLbDdx|Z>Z}CDWXi!z#4AUJ!F|KMD8 zI_&Wu6IBr!ozj2fKUfEvCzfb{N}#w0`h)xjI=Vpj_|HfF_a26w{+r>bs_&L+^?ygM zKk=VK`~KJJABg}FgD%Bzzn(b%{bE_LlNr4Om+W+Q#!l<6fRzvBNn94&#gcuWd|Yos d+yuVKL%vz|B8O|wn0c(gSb?zuV+Dq(z%LRo@}B?z literal 0 HcmV?d00001 diff --git a/scripts/scripts_userdata.sh b/scripts/scripts_userdata.sh deleted file mode 100644 index 32f8011..0000000 --- a/scripts/scripts_userdata.sh +++ /dev/null @@ -1 +0,0 @@ -#UserData and or scripts should be stored here, but only for source code revision purposes and CloudFormation templates should always refer to 'quickstart-reference' S3 bucket diff --git a/submodules/quickstart-aws-vpc b/submodules/quickstart-aws-vpc new file mode 160000 index 0000000..ac8786c --- /dev/null +++ b/submodules/quickstart-aws-vpc @@ -0,0 +1 @@ +Subproject commit ac8786cff8fd030798dc26d6c9566ef730536bd4 diff --git a/submodules/quickstart-aws-vpc/templates/aws-vpc.template b/submodules/quickstart-aws-vpc/templates/aws-vpc.template deleted file mode 100644 index de24514..0000000 --- a/submodules/quickstart-aws-vpc/templates/aws-vpc.template +++ /dev/null @@ -1,4146 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "This template creates a Multi-AZ, multi-subnet VPC infrastructure with managed NAT gateways in the public subnet for each Availability Zone. You can also create additional private subnets with dedicated custom network access control lists (ACLs). If you deploy the Quick Start in a region that doesn't support NAT gateways, NAT instances are deployed instead. **WARNING** This template creates AWS resources. You will be billed for the AWS resources used if you create a stack from this template. QS(0027)", - "Metadata": { - "AWS::CloudFormation::Interface": { - "ParameterGroups": [ - { - "Label": { - "default": "Availability Zone Configuration" - }, - "Parameters": [ - "AvailabilityZones", - "NumberOfAZs" - ] - }, - { - "Label": { - "default": "Network Configuration" - }, - "Parameters": [ - "VPCCIDR", - "PublicSubnet1CIDR", - "PublicSubnet2CIDR", - "PublicSubnet3CIDR", - "PublicSubnet4CIDR", - "PublicSubnetTag1", - "PublicSubnetTag2", - "PublicSubnetTag3", - "CreatePrivateSubnets", - "PrivateSubnet1ACIDR", - "PrivateSubnet2ACIDR", - "PrivateSubnet3ACIDR", - "PrivateSubnet4ACIDR", - "PrivateSubnetATag1", - "PrivateSubnetATag2", - "PrivateSubnetATag3", - "CreateAdditionalPrivateSubnets", - "PrivateSubnet1BCIDR", - "PrivateSubnet2BCIDR", - "PrivateSubnet3BCIDR", - "PrivateSubnet4BCIDR", - "PrivateSubnetBTag1", - "PrivateSubnetBTag2", - "PrivateSubnetBTag3", - "VPCTenancy" - ] - }, - { - "Label": { - "default": "Amazon EC2 Configuration" - }, - "Parameters": [ - "KeyPairName", - "NATInstanceType" - ] - } - ], - "ParameterLabels": { - "AvailabilityZones": { - "default": "Availability Zones" - }, - "CreateAdditionalPrivateSubnets": { - "default": "Create additional private subnets with dedicated network ACLs" - }, - "CreatePrivateSubnets": { - "default": "Create private subnets" - }, - "KeyPairName": { - "default": "Key pair name" - }, - "NATInstanceType": { - "default": "NAT instance type" - }, - "NumberOfAZs": { - "default": "Number of Availability Zones" - }, - "PrivateSubnet1ACIDR": { - "default": "Private subnet 1A CIDR" - }, - "PrivateSubnet1BCIDR": { - "default": "Private subnet 1B with dedicated network ACL CIDR" - }, - "PrivateSubnet2ACIDR": { - "default": "Private subnet 2A CIDR" - }, - "PrivateSubnet2BCIDR": { - "default": "Private subnet 2B with dedicated network ACL CIDR" - }, - "PrivateSubnet3ACIDR": { - "default": "Private subnet 3A CIDR" - }, - "PrivateSubnet3BCIDR": { - "default": "Private subnet 3B with dedicated network ACL CIDR" - }, - "PrivateSubnet4ACIDR": { - "default": "Private subnet 4A CIDR" - }, - "PrivateSubnet4BCIDR": { - "default": "Private subnet 4B with dedicated network ACL CIDR" - }, - "PrivateSubnetATag1": { - "default": "Tag for Private A Subnets" - }, - "PrivateSubnetATag2": { - "default": "Tag for Private A Subnets" - }, - "PrivateSubnetATag3": { - "default": "Tag for Private A Subnets" - }, - "PrivateSubnetBTag1": { - "default": "Tag for Private B Subnets" - }, - "PrivateSubnetBTag2": { - "default": "Tag for Private B Subnets" - }, - "PrivateSubnetBTag3": { - "default": "Tag for Private B Subnets" - }, - "PublicSubnet1CIDR": { - "default": "Public subnet 1 CIDR" - }, - "PublicSubnet2CIDR": { - "default": "Public subnet 2 CIDR" - }, - "PublicSubnet3CIDR": { - "default": "Public subnet 3 CIDR" - }, - "PublicSubnet4CIDR": { - "default": "Public subnet 4 CIDR" - }, - "PublicSubnetTag1": { - "default": "Tag for Public Subnets" - }, - "PublicSubnetTag2": { - "default": "Tag for Public Subnets" - }, - "PublicSubnetTag3": { - "default": "Tag for Public Subnets" - }, - "VPCCIDR": { - "default": "VPC CIDR" - }, - "VPCTenancy": { - "default": "VPC Tenancy" - } - } - } - }, - "Parameters": { - "AvailabilityZones": { - "Description": "List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved.", - "Type": "List" - }, - "CreateAdditionalPrivateSubnets": { - "AllowedValues": [ - "true", - "false" - ], - "Default": "false", - "Description": "Set to true to create a network ACL protected subnet in each Availability Zone. If false, the CIDR parameters for those subnets will be ignored. If true, it also requires that the 'Create private subnets' parameter is also true to have any effect.", - "Type": "String" - }, - "CreatePrivateSubnets": { - "AllowedValues": [ - "true", - "false" - ], - "Default": "true", - "Description": "Set to false to create only public subnets. If false, the CIDR parameters for ALL private subnets will be ignored.", - "Type": "String" - }, - "KeyPairName": { - "Description": "Public/private key pairs allow you to securely connect to your NAT instance after it launches. This is used only if the region does not support NAT gateways.", - "Type": "AWS::EC2::KeyPair::KeyName" - }, - "NATInstanceType": { - "AllowedValues": [ - "t2.nano", - "t2.micro", - "t2.small", - "t2.medium", - "t2.large", - "m3.medium", - "m3.large", - "m4.large" - ], - "Default": "t2.small", - "Description": "Amazon EC2 instance type for the NAT instances. This is used only if the region does not support NAT gateways.", - "Type": "String" - }, - "NumberOfAZs": { - "AllowedValues": [ - "2", - "3", - "4" - ], - "Default": "2", - "Description": "Number of Availability Zones to use in the VPC. This must match your selections in the list of Availability Zones parameter.", - "Type": "String" - }, - "PrivateSubnet1ACIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.0.0/19", - "Description": "CIDR block for private subnet 1A located in Availability Zone 1", - "Type": "String" - }, - "PrivateSubnet1BCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.192.0/21", - "Description": "CIDR block for private subnet 1B with dedicated network ACL located in Availability Zone 1", - "Type": "String" - }, - "PrivateSubnet2ACIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.32.0/19", - "Description": "CIDR block for private subnet 2A located in Availability Zone 2", - "Type": "String" - }, - "PrivateSubnet2BCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.200.0/21", - "Description": "CIDR block for private subnet 2B with dedicated network ACL located in Availability Zone 2", - "Type": "String" - }, - "PrivateSubnet3ACIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.64.0/19", - "Description": "CIDR block for private subnet 3A located in Availability Zone 3", - "Type": "String" - }, - "PrivateSubnet3BCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.208.0/21", - "Description": "CIDR block for private subnet 3B with dedicated network ACL located in Availability Zone 3", - "Type": "String" - }, - "PrivateSubnet4ACIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.96.0/19", - "Description": "CIDR block for private subnet 4A located in Availability Zone 4", - "Type": "String" - }, - "PrivateSubnet4BCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.216.0/21", - "Description": "CIDR block for private subnet 4B with dedicated network ACL located in Availability Zone 4", - "Type": "String" - }, - "PrivateSubnetATag1": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "Network=Private", - "Description": "tag to add to private subnets A, in format Key=Value (Optional)", - "Type": "String" - }, - "PrivateSubnetATag2": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "", - "Description": "tag to add to private subnets A, in format Key=Value (Optional)", - "Type": "String" - }, - "PrivateSubnetATag3": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "", - "Description": "tag to add to private subnets A, in format Key=Value (Optional)", - "Type": "String" - }, - "PrivateSubnetBTag1": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "Network=Private", - "Description": "tag to add to private subnets B, in format Key=Value (Optional)", - "Type": "String" - }, - "PrivateSubnetBTag2": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "", - "Description": "tag to add to private subnets B, in format Key=Value (Optional)", - "Type": "String" - }, - "PrivateSubnetBTag3": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "", - "Description": "tag to add to private subnets B, in format Key=Value (Optional)", - "Type": "String" - }, - "PublicSubnet1CIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.128.0/20", - "Description": "CIDR block for the public DMZ subnet 1 located in Availability Zone 1", - "Type": "String" - }, - "PublicSubnet2CIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.144.0/20", - "Description": "CIDR block for the public DMZ subnet 2 located in Availability Zone 2", - "Type": "String" - }, - "PublicSubnet3CIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.160.0/20", - "Description": "CIDR block for the public DMZ subnet 3 located in Availability Zone 3", - "Type": "String" - }, - "PublicSubnet4CIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.176.0/20", - "Description": "CIDR block for the public DMZ subnet 4 located in Availability Zone 4", - "Type": "String" - }, - "PublicSubnetTag1": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "Network=Public", - "Description": "tag to add to public subnets, in format Key=Value (Optional)", - "Type": "String" - }, - "PublicSubnetTag2": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "", - "Description": "tag to add to public subnets, in format Key=Value (Optional)", - "Type": "String" - }, - "PublicSubnetTag3": { - "AllowedPattern": "^([a-zA-Z0-9+\\-._:/@]+=[a-zA-Z0-9+\\-.,_:/@ *\\\\\"'\\[\\]\\{\\}]*)?$", - "ConstraintDescription": "tags must be in format \"Key=Value\" keys can only contain [a-zA-Z0-9+\\-._:/@], values can contain [a-zA-Z0-9+\\-._:/@ *\\\\\"'\\[\\]\\{\\}]", - "Default": "", - "Description": "tag to add to public subnets, in format Key=Value (Optional)", - "Type": "String" - }, - "VPCCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", - "Default": "10.0.0.0/16", - "Description": "CIDR block for the VPC", - "Type": "String" - }, - "VPCTenancy": { - "AllowedValues": [ - "default", - "dedicated" - ], - "Default": "default", - "Description": "The allowed tenancy of instances launched into the VPC", - "Type": "String" - } - }, - "Mappings": { - "AWSAMIRegionMap": { - "AMI": { - "AWSNATHVM": "amzn-ami-vpc-nat-hvm-2017.03.0.20170401-x86_64-ebs" - }, - "us-gov-west-1": { - "AWSNATHVM": "ami-3f0a8f5e" - } - } - }, - "Conditions": { - "3AZCondition": { - "Fn::Or": [ - { - "Fn::Equals": [ - { - "Ref": "NumberOfAZs" - }, - "3" - ] - }, - { - "Condition": "4AZCondition" - } - ] - }, - "4AZCondition": { - "Fn::Equals": [ - { - "Ref": "NumberOfAZs" - }, - "4" - ] - }, - "AdditionalPrivateSubnetsCondition": { - "Fn::And": [ - { - "Fn::Equals": [ - { - "Ref": "CreatePrivateSubnets" - }, - "true" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "CreateAdditionalPrivateSubnets" - }, - "true" - ] - } - ] - }, - "AdditionalPrivateSubnets&3AZCondition": { - "Fn::And": [ - { - "Condition": "AdditionalPrivateSubnetsCondition" - }, - { - "Condition": "3AZCondition" - } - ] - }, - "AdditionalPrivateSubnets&4AZCondition": { - "Fn::And": [ - { - "Condition": "AdditionalPrivateSubnetsCondition" - }, - { - "Condition": "4AZCondition" - } - ] - }, - "GovCloudCondition": { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-gov-west-1" - ] - }, - "NATInstanceCondition": { - "Fn::And": [ - { - "Condition": "PrivateSubnetsCondition" - }, - { - "Condition": "GovCloudCondition" - } - ] - }, - "NATGatewayCondition": { - "Fn::And": [ - { - "Condition": "PrivateSubnetsCondition" - }, - { - "Fn::Not": [ - { - "Condition": "GovCloudCondition" - } - ] - } - ] - }, - "NATInstance&3AZCondition": { - "Fn::And": [ - { - "Condition": "NATInstanceCondition" - }, - { - "Condition": "3AZCondition" - } - ] - }, - "NATInstance&4AZCondition": { - "Fn::And": [ - { - "Condition": "NATInstanceCondition" - }, - { - "Condition": "4AZCondition" - } - ] - }, - "NATGateway&3AZCondition": { - "Fn::And": [ - { - "Condition": "NATGatewayCondition" - }, - { - "Condition": "3AZCondition" - } - ] - }, - "NATGateway&4AZCondition": { - "Fn::And": [ - { - "Condition": "NATGatewayCondition" - }, - { - "Condition": "4AZCondition" - } - ] - }, - "NVirginiaRegionCondition": { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-east-1" - ] - }, - "PrivateSubnetsCondition": { - "Fn::Equals": [ - { - "Ref": "CreatePrivateSubnets" - }, - "true" - ] - }, - "PrivateSubnets&3AZCondition": { - "Fn::And": [ - { - "Condition": "PrivateSubnetsCondition" - }, - { - "Condition": "3AZCondition" - } - ] - }, - "PrivateSubnets&4AZCondition": { - "Fn::And": [ - { - "Condition": "PrivateSubnetsCondition" - }, - { - "Condition": "4AZCondition" - } - ] - }, - "PrivateSubnetATag1Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PrivateSubnetATag1" - }, - "" - ] - } - ] - }, - "PrivateSubnetATag2Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PrivateSubnetATag2" - }, - "" - ] - } - ] - }, - "PrivateSubnetATag3Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PrivateSubnetATag3" - }, - "" - ] - } - ] - }, - "PrivateSubnetBTag1Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PrivateSubnetBTag1" - }, - "" - ] - } - ] - }, - "PrivateSubnetBTag2Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PrivateSubnetBTag2" - }, - "" - ] - } - ] - }, - "PrivateSubnetBTag3Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PrivateSubnetBTag3" - }, - "" - ] - } - ] - }, - "PublicSubnetTag1Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PublicSubnetTag1" - }, - "" - ] - } - ] - }, - "PublicSubnetTag2Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PublicSubnetTag2" - }, - "" - ] - } - ] - }, - "PublicSubnetTag3Condition": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "PublicSubnetTag3" - }, - "" - ] - } - ] - }, - "S3VPCEndpointCondition": { - "Fn::And": [ - { - "Condition": "PrivateSubnetsCondition" - }, - { - "Fn::Not": [ - { - "Fn::Or": [ - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-gov-west-1" - ] - }, - { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "cn-north-1" - ] - } - ] - } - ] - } - ] - } - }, - "Resources": { - "DHCPOptions": { - "Type": "AWS::EC2::DHCPOptions", - "Properties": { - "DomainName": { - "Fn::If": [ - "NVirginiaRegionCondition", - "ec2.internal", - { - "Fn::Join": [ - "", - [ - { - "Ref": "AWS::Region" - }, - ".compute.internal" - ] - ] - } - ] - }, - "DomainNameServers": [ - "AmazonProvidedDNS" - ] - } - }, - "VPC": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": { - "Ref": "VPCCIDR" - }, - "InstanceTenancy": { - "Ref": "VPCTenancy" - }, - "EnableDnsSupport": "true", - "EnableDnsHostnames": "true", - "Tags": [ - { - "Key": "Name", - "Value": { - "Ref": "AWS::StackName" - } - } - ] - } - }, - "VPCDHCPOptionsAssociation": { - "Type": "AWS::EC2::VPCDHCPOptionsAssociation", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "DhcpOptionsId": { - "Ref": "DHCPOptions" - } - } - }, - "InternetGateway": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": { - "Ref": "AWS::StackName" - } - } - ] - } - }, - "VPCGatewayAttachment": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "InternetGatewayId": { - "Ref": "InternetGateway" - } - } - }, - "PrivateSubnet1A": { - "Condition": "PrivateSubnetsCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PrivateSubnet1ACIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "0", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 1A" - }, - { - "Fn::If": [ - "PrivateSubnetATag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetATag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetATag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ] - } - }, - "PrivateSubnet1B": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PrivateSubnet1BCIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "0", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 1B" - }, - { - "Fn::If": [ - "PrivateSubnetBTag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetBTag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetBTag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ] - } - }, - "PrivateSubnet2A": { - "Condition": "PrivateSubnetsCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PrivateSubnet2ACIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "1", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 2A" - }, - { - "Fn::If": [ - "PrivateSubnetATag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetATag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetATag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ] - } - }, - "PrivateSubnet2B": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PrivateSubnet2BCIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "1", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 2B" - }, - { - "Fn::If": [ - "PrivateSubnetBTag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetBTag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetBTag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ] - } - }, - "PrivateSubnet3A": { - "Condition": "PrivateSubnets&3AZCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PrivateSubnet3ACIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "2", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 3A" - }, - { - "Fn::If": [ - "PrivateSubnetATag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetATag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetATag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ] - } - }, - "PrivateSubnet3B": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PrivateSubnet3BCIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "2", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 3B" - }, - { - "Fn::If": [ - "PrivateSubnetBTag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetBTag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetBTag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ] - } - }, - "PrivateSubnet4A": { - "Condition": "PrivateSubnets&4AZCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PrivateSubnet4ACIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "3", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 4A" - }, - { - "Fn::If": [ - "PrivateSubnetATag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetATag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetATag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetATag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ] - } - }, - "PrivateSubnet4B": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PrivateSubnet4BCIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "3", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 4B" - }, - { - "Fn::If": [ - "PrivateSubnetBTag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetBTag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnetBTag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PrivateSubnetBTag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ] - } - }, - "PublicSubnet1": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PublicSubnet1CIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "0", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Public subnet 1" - }, - { - "Fn::If": [ - "PublicSubnetTag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PublicSubnetTag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PublicSubnetTag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ], - "MapPublicIpOnLaunch": true - } - }, - "PublicSubnet2": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PublicSubnet2CIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "1", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Public subnet 2" - }, - { - "Fn::If": [ - "PublicSubnetTag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PublicSubnetTag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PublicSubnetTag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ], - "MapPublicIpOnLaunch": true - } - }, - "PublicSubnet3": { - "Condition": "3AZCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PublicSubnet3CIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "2", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Public subnet 3" - }, - { - "Fn::If": [ - "PublicSubnetTag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PublicSubnetTag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PublicSubnetTag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ], - "MapPublicIpOnLaunch": true - } - }, - "PublicSubnet4": { - "Condition": "4AZCondition", - "Type": "AWS::EC2::Subnet", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "CidrBlock": { - "Ref": "PublicSubnet4CIDR" - }, - "AvailabilityZone": { - "Fn::Select": [ - "3", - { - "Ref": "AvailabilityZones" - } - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "Public subnet 4" - }, - { - "Fn::If": [ - "PublicSubnetTag1Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag1" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag1" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PublicSubnetTag2Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag2" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag2" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PublicSubnetTag3Condition", - { - "Key": { - "Fn::Select": [ - "0", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag3" - } - ] - } - ] - }, - "Value": { - "Fn::Select": [ - "1", - { - "Fn::Split": [ - "=", - { - "Ref": "PublicSubnetTag3" - } - ] - } - ] - } - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ], - "MapPublicIpOnLaunch": true - } - }, - "PrivateSubnet1ARouteTable": { - "Condition": "PrivateSubnetsCondition", - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 1A" - }, - { - "Key": "Network", - "Value": "Private" - } - ] - } - }, - "PrivateSubnet1ARoute": { - "Condition": "PrivateSubnetsCondition", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PrivateSubnet1ARouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance1" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NatGatewayId": { - "Fn::If": [ - "NATGatewayCondition", - { - "Ref": "NATGateway1" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "PrivateSubnet1ARouteTableAssociation": { - "Condition": "PrivateSubnetsCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet1A" - }, - "RouteTableId": { - "Ref": "PrivateSubnet1ARouteTable" - } - } - }, - "PrivateSubnet2ARouteTable": { - "Condition": "PrivateSubnetsCondition", - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 2A" - }, - { - "Key": "Network", - "Value": "Private" - } - ] - } - }, - "PrivateSubnet2ARoute": { - "Condition": "PrivateSubnetsCondition", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PrivateSubnet2ARouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance2" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NatGatewayId": { - "Fn::If": [ - "NATGatewayCondition", - { - "Ref": "NATGateway2" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "PrivateSubnet2ARouteTableAssociation": { - "Condition": "PrivateSubnetsCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet2A" - }, - "RouteTableId": { - "Ref": "PrivateSubnet2ARouteTable" - } - } - }, - "PrivateSubnet3ARouteTable": { - "Condition": "PrivateSubnets&3AZCondition", - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 3A" - }, - { - "Key": "Network", - "Value": "Private" - } - ] - } - }, - "PrivateSubnet3ARoute": { - "Condition": "PrivateSubnets&3AZCondition", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PrivateSubnet3ARouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance3" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NatGatewayId": { - "Fn::If": [ - "NATGatewayCondition", - { - "Ref": "NATGateway3" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "PrivateSubnet3ARouteTableAssociation": { - "Condition": "PrivateSubnets&3AZCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet3A" - }, - "RouteTableId": { - "Ref": "PrivateSubnet3ARouteTable" - } - } - }, - "PrivateSubnet4ARouteTable": { - "Condition": "PrivateSubnets&4AZCondition", - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 4A" - }, - { - "Key": "Network", - "Value": "Private" - } - ] - } - }, - "PrivateSubnet4ARoute": { - "Condition": "PrivateSubnets&4AZCondition", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PrivateSubnet4ARouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance4" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NatGatewayId": { - "Fn::If": [ - "NATGatewayCondition", - { - "Ref": "NATGateway4" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "PrivateSubnet4ARouteTableAssociation": { - "Condition": "PrivateSubnets&4AZCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet4A" - }, - "RouteTableId": { - "Ref": "PrivateSubnet4ARouteTable" - } - } - }, - "PrivateSubnet1BRouteTable": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 1B" - }, - { - "Key": "Network", - "Value": "Private" - } - ] - } - }, - "PrivateSubnet1BRoute": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PrivateSubnet1BRouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance1" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NatGatewayId": { - "Fn::If": [ - "NATGatewayCondition", - { - "Ref": "NATGateway1" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "PrivateSubnet1BRouteTableAssociation": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet1B" - }, - "RouteTableId": { - "Ref": "PrivateSubnet1BRouteTable" - } - } - }, - "PrivateSubnet1BNetworkAcl": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "NACL Protected subnet 1" - }, - { - "Key": "Network", - "Value": "NACL Protected" - } - ] - } - }, - "PrivateSubnet1BNetworkAclEntryInbound": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "CidrBlock": "0.0.0.0/0", - "Egress": "false", - "NetworkAclId": { - "Ref": "PrivateSubnet1BNetworkAcl" - }, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": "100" - } - }, - "PrivateSubnet1BNetworkAclEntryOutbound": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "CidrBlock": "0.0.0.0/0", - "Egress": "true", - "NetworkAclId": { - "Ref": "PrivateSubnet1BNetworkAcl" - }, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": "100" - } - }, - "PrivateSubnet1BNetworkAclAssociation": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::SubnetNetworkAclAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet1B" - }, - "NetworkAclId": { - "Ref": "PrivateSubnet1BNetworkAcl" - } - } - }, - "PrivateSubnet2BRouteTable": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 2B" - }, - { - "Key": "Network", - "Value": "Private" - } - ] - } - }, - "PrivateSubnet2BRoute": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PrivateSubnet2BRouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance2" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NatGatewayId": { - "Fn::If": [ - "NATGatewayCondition", - { - "Ref": "NATGateway2" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "PrivateSubnet2BRouteTableAssociation": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet2B" - }, - "RouteTableId": { - "Ref": "PrivateSubnet2BRouteTable" - } - } - }, - "PrivateSubnet2BNetworkAcl": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "NACL Protected subnet 2" - }, - { - "Key": "Network", - "Value": "NACL Protected" - } - ] - } - }, - "PrivateSubnet2BNetworkAclEntryInbound": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "CidrBlock": "0.0.0.0/0", - "Egress": "false", - "NetworkAclId": { - "Ref": "PrivateSubnet2BNetworkAcl" - }, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": "100" - } - }, - "PrivateSubnet2BNetworkAclEntryOutbound": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "CidrBlock": "0.0.0.0/0", - "Egress": "true", - "NetworkAclId": { - "Ref": "PrivateSubnet2BNetworkAcl" - }, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": "100" - } - }, - "PrivateSubnet2BNetworkAclAssociation": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Type": "AWS::EC2::SubnetNetworkAclAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet2B" - }, - "NetworkAclId": { - "Ref": "PrivateSubnet2BNetworkAcl" - } - } - }, - "PrivateSubnet3BRouteTable": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 3B" - }, - { - "Key": "Network", - "Value": "Private" - } - ] - } - }, - "PrivateSubnet3BRoute": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PrivateSubnet3BRouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance3" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NatGatewayId": { - "Fn::If": [ - "NATGatewayCondition", - { - "Ref": "NATGateway3" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "PrivateSubnet3BRouteTableAssociation": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet3B" - }, - "RouteTableId": { - "Ref": "PrivateSubnet3BRouteTable" - } - } - }, - "PrivateSubnet3BNetworkAcl": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "NACL Protected subnet 3" - }, - { - "Key": "Network", - "Value": "NACL Protected" - } - ] - } - }, - "PrivateSubnet3BNetworkAclEntryInbound": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "CidrBlock": "0.0.0.0/0", - "Egress": "false", - "NetworkAclId": { - "Ref": "PrivateSubnet3BNetworkAcl" - }, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": "100" - } - }, - "PrivateSubnet3BNetworkAclEntryOutbound": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "CidrBlock": "0.0.0.0/0", - "Egress": "true", - "NetworkAclId": { - "Ref": "PrivateSubnet3BNetworkAcl" - }, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": "100" - } - }, - "PrivateSubnet3BNetworkAclAssociation": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Type": "AWS::EC2::SubnetNetworkAclAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet3B" - }, - "NetworkAclId": { - "Ref": "PrivateSubnet3BNetworkAcl" - } - } - }, - "PrivateSubnet4BRouteTable": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Private subnet 4B" - }, - { - "Key": "Network", - "Value": "Private" - } - ] - } - }, - "PrivateSubnet4BRoute": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PrivateSubnet4BRouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance4" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NatGatewayId": { - "Fn::If": [ - "NATGatewayCondition", - { - "Ref": "NATGateway4" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "PrivateSubnet4BRouteTableAssociation": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet4B" - }, - "RouteTableId": { - "Ref": "PrivateSubnet4BRouteTable" - } - } - }, - "PrivateSubnet4BNetworkAcl": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "NACL Protected subnet 4" - }, - { - "Key": "Network", - "Value": "NACL Protected" - } - ] - } - }, - "PrivateSubnet4BNetworkAclEntryInbound": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "CidrBlock": "0.0.0.0/0", - "Egress": "false", - "NetworkAclId": { - "Ref": "PrivateSubnet4BNetworkAcl" - }, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": "100" - } - }, - "PrivateSubnet4BNetworkAclEntryOutbound": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "CidrBlock": "0.0.0.0/0", - "Egress": "true", - "NetworkAclId": { - "Ref": "PrivateSubnet4BNetworkAcl" - }, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": "100" - } - }, - "PrivateSubnet4BNetworkAclAssociation": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Type": "AWS::EC2::SubnetNetworkAclAssociation", - "Properties": { - "SubnetId": { - "Ref": "PrivateSubnet4B" - }, - "NetworkAclId": { - "Ref": "PrivateSubnet4BNetworkAcl" - } - } - }, - "PublicSubnetRouteTable": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPC" - }, - "Tags": [ - { - "Key": "Name", - "Value": "Public Subnets" - }, - { - "Key": "Network", - "Value": "Public" - } - ] - } - }, - "PublicSubnetRoute": { - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "PublicSubnetRouteTable" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "InternetGateway" - } - } - }, - "PublicSubnet1RouteTableAssociation": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PublicSubnet1" - }, - "RouteTableId": { - "Ref": "PublicSubnetRouteTable" - } - } - }, - "PublicSubnet2RouteTableAssociation": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PublicSubnet2" - }, - "RouteTableId": { - "Ref": "PublicSubnetRouteTable" - } - } - }, - "PublicSubnet3RouteTableAssociation": { - "Condition": "3AZCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PublicSubnet3" - }, - "RouteTableId": { - "Ref": "PublicSubnetRouteTable" - } - } - }, - "PublicSubnet4RouteTableAssociation": { - "Condition": "4AZCondition", - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "SubnetId": { - "Ref": "PublicSubnet4" - }, - "RouteTableId": { - "Ref": "PublicSubnetRouteTable" - } - } - }, - "NAT1EIP": { - "Condition": "PrivateSubnetsCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance1" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "NAT2EIP": { - "Condition": "PrivateSubnetsCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance2" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "NAT3EIP": { - "Condition": "PrivateSubnets&3AZCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance3" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "NAT4EIP": { - "Condition": "PrivateSubnets&4AZCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "InstanceId": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "NATInstance4" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - } - }, - "NATGateway1": { - "Condition": "NATGatewayCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "NAT1EIP", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "PublicSubnet1" - } - } - }, - "NATGateway2": { - "Condition": "NATGatewayCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "NAT2EIP", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "PublicSubnet2" - } - } - }, - "NATGateway3": { - "Condition": "NATGateway&3AZCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "NAT3EIP", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "PublicSubnet3" - } - } - }, - "NATGateway4": { - "Condition": "NATGateway&4AZCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": [ - "NAT4EIP", - "AllocationId" - ] - }, - "SubnetId": { - "Ref": "PublicSubnet4" - } - } - }, - "NATInstance1": { - "Condition": "NATInstanceCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::Instance", - "Properties": { - "ImageId": { - "Fn::FindInMap": [ - "AWSAMIRegionMap", - { - "Ref": "AWS::Region" - }, - "AWSNATHVM" - ] - }, - "InstanceType": { - "Ref": "NATInstanceType" - }, - "Tags": [ - { - "Key": "Name", - "Value": "NAT1" - } - ], - "NetworkInterfaces": [ - { - "GroupSet": [ - { - "Ref": "NATInstanceSecurityGroup" - } - ], - "AssociatePublicIpAddress": "true", - "DeviceIndex": "0", - "DeleteOnTermination": "true", - "SubnetId": { - "Ref": "PublicSubnet1" - } - } - ], - "KeyName": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "KeyPairName" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "SourceDestCheck": "false" - } - }, - "NATInstance2": { - "Condition": "NATInstanceCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::Instance", - "Properties": { - "ImageId": { - "Fn::FindInMap": [ - "AWSAMIRegionMap", - { - "Ref": "AWS::Region" - }, - "AWSNATHVM" - ] - }, - "InstanceType": { - "Ref": "NATInstanceType" - }, - "Tags": [ - { - "Key": "Name", - "Value": "NAT2" - } - ], - "NetworkInterfaces": [ - { - "GroupSet": [ - { - "Ref": "NATInstanceSecurityGroup" - } - ], - "AssociatePublicIpAddress": "true", - "DeviceIndex": "0", - "DeleteOnTermination": "true", - "SubnetId": { - "Ref": "PublicSubnet2" - } - } - ], - "KeyName": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "KeyPairName" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "SourceDestCheck": "false" - } - }, - "NATInstance3": { - "Condition": "NATInstance&3AZCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::Instance", - "Properties": { - "ImageId": { - "Fn::FindInMap": [ - "AWSAMIRegionMap", - { - "Ref": "AWS::Region" - }, - "AWSNATHVM" - ] - }, - "InstanceType": { - "Ref": "NATInstanceType" - }, - "Tags": [ - { - "Key": "Name", - "Value": "NAT3" - } - ], - "NetworkInterfaces": [ - { - "GroupSet": [ - { - "Ref": "NATInstanceSecurityGroup" - } - ], - "AssociatePublicIpAddress": "true", - "DeviceIndex": "0", - "DeleteOnTermination": "true", - "SubnetId": { - "Ref": "PublicSubnet3" - } - } - ], - "KeyName": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "KeyPairName" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "SourceDestCheck": "false" - } - }, - "NATInstance4": { - "Condition": "NATInstance&4AZCondition", - "DependsOn": "VPCGatewayAttachment", - "Type": "AWS::EC2::Instance", - "Properties": { - "ImageId": { - "Fn::FindInMap": [ - "AWSAMIRegionMap", - { - "Ref": "AWS::Region" - }, - "AWSNATHVM" - ] - }, - "InstanceType": { - "Ref": "NATInstanceType" - }, - "Tags": [ - { - "Key": "Name", - "Value": "NAT4" - } - ], - "NetworkInterfaces": [ - { - "GroupSet": [ - { - "Ref": "NATInstanceSecurityGroup" - } - ], - "AssociatePublicIpAddress": "true", - "DeviceIndex": "0", - "DeleteOnTermination": "true", - "SubnetId": { - "Ref": "PublicSubnet4" - } - } - ], - "KeyName": { - "Fn::If": [ - "NATInstanceCondition", - { - "Ref": "KeyPairName" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "SourceDestCheck": "false" - } - }, - "NATInstanceSecurityGroup": { - "Condition": "NATInstanceCondition", - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Enables outbound internet access for the VPC via the NAT instances", - "VpcId": { - "Ref": "VPC" - }, - "SecurityGroupIngress": [ - { - "IpProtocol": "-1", - "FromPort": "1", - "ToPort": "65535", - "CidrIp": { - "Ref": "VPCCIDR" - } - } - ] - } - }, - "S3VPCEndpoint": { - "Condition": "S3VPCEndpointCondition", - "Type": "AWS::EC2::VPCEndpoint", - "Properties": { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Resource": "*", - "Principal": "*" - } - ] - }, - "RouteTableIds": [ - { - "Ref": "PrivateSubnet1ARouteTable" - }, - { - "Ref": "PrivateSubnet2ARouteTable" - }, - { - "Fn::If": [ - "PrivateSubnets&3AZCondition", - { - "Ref": "PrivateSubnet3ARouteTable" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "PrivateSubnets&4AZCondition", - { - "Ref": "PrivateSubnet4ARouteTable" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "AdditionalPrivateSubnetsCondition", - { - "Ref": "PrivateSubnet1BRouteTable" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "AdditionalPrivateSubnetsCondition", - { - "Ref": "PrivateSubnet2BRouteTable" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "AdditionalPrivateSubnets&3AZCondition", - { - "Ref": "PrivateSubnet3BRouteTable" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Fn::If": [ - "AdditionalPrivateSubnets&4AZCondition", - { - "Ref": "PrivateSubnet4BRouteTable" - }, - { - "Ref": "AWS::NoValue" - } - ] - } - ], - "ServiceName": { - "Fn::Join": [ - "", - [ - "com.amazonaws.", - { - "Ref": "AWS::Region" - }, - ".s3" - ] - ] - }, - "VpcId": { - "Ref": "VPC" - } - } - } - }, - "Outputs": { - "NAT1EIP": { - "Condition": "PrivateSubnetsCondition", - "Description": "NAT 1 IP address", - "Value": { - "Ref": "NAT1EIP" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-NAT1EIP" - } - } - }, - "NAT2EIP": { - "Condition": "PrivateSubnetsCondition", - "Description": "NAT 2 IP address", - "Value": { - "Ref": "NAT2EIP" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-NAT2EIP" - } - } - }, - "NAT3EIP": { - "Condition": "PrivateSubnets&3AZCondition", - "Description": "NAT 3 IP address", - "Value": { - "Ref": "NAT3EIP" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-NAT3EIP" - } - } - }, - "NAT4EIP": { - "Condition": "PrivateSubnets&4AZCondition", - "Description": "NAT 4 IP address", - "Value": { - "Ref": "NAT4EIP" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-NAT4EIP" - } - } - }, - "PrivateSubnet1ACIDR": { - "Condition": "PrivateSubnetsCondition", - "Description": "Private subnet 1A CIDR in Availability Zone 1", - "Value": { - "Ref": "PrivateSubnet1ACIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet1ACIDR" - } - } - }, - "PrivateSubnet1AID": { - "Condition": "PrivateSubnetsCondition", - "Description": "Private subnet 1A ID in Availability Zone 1", - "Value": { - "Ref": "PrivateSubnet1A" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet1AID" - } - } - }, - "PrivateSubnet1BCIDR": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Description": "Private subnet 1B CIDR in Availability Zone 1", - "Value": { - "Ref": "PrivateSubnet1BCIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet1BCIDR" - } - } - }, - "PrivateSubnet1BID": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Description": "Private subnet 1B ID in Availability Zone 1", - "Value": { - "Ref": "PrivateSubnet1B" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet1BID" - } - } - }, - "PrivateSubnet2ACIDR": { - "Condition": "PrivateSubnetsCondition", - "Description": "Private subnet 2A CIDR in Availability Zone 2", - "Value": { - "Ref": "PrivateSubnet2ACIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet2ACIDR" - } - } - }, - "PrivateSubnet2AID": { - "Condition": "PrivateSubnetsCondition", - "Description": "Private subnet 2A ID in Availability Zone 2", - "Value": { - "Ref": "PrivateSubnet2A" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet2AID" - } - } - }, - "PrivateSubnet2BCIDR": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Description": "Private subnet 2B CIDR in Availability Zone 2", - "Value": { - "Ref": "PrivateSubnet2BCIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet2BCIDR" - } - } - }, - "PrivateSubnet2BID": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Description": "Private subnet 2B ID in Availability Zone 2", - "Value": { - "Ref": "PrivateSubnet2B" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet2BID" - } - } - }, - "PrivateSubnet3ACIDR": { - "Condition": "PrivateSubnets&3AZCondition", - "Description": "Private subnet 3A CIDR in Availability Zone 3", - "Value": { - "Ref": "PrivateSubnet3ACIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet3ACIDR" - } - } - }, - "PrivateSubnet3AID": { - "Condition": "PrivateSubnets&3AZCondition", - "Description": "Private subnet 3A ID in Availability Zone 3", - "Value": { - "Ref": "PrivateSubnet3A" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet3AID" - } - } - }, - "PrivateSubnet3BCIDR": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Description": "Private subnet 3B CIDR in Availability Zone 3", - "Value": { - "Ref": "PrivateSubnet3BCIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet3BCIDR" - } - } - }, - "PrivateSubnet3BID": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Description": "Private subnet 3B ID in Availability Zone 3", - "Value": { - "Ref": "PrivateSubnet3B" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet3BID" - } - } - }, - "PrivateSubnet4ACIDR": { - "Condition": "PrivateSubnets&4AZCondition", - "Description": "Private subnet 4A CIDR in Availability Zone 4", - "Value": { - "Ref": "PrivateSubnet4ACIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet4ACIDR" - } - } - }, - "PrivateSubnet4AID": { - "Condition": "PrivateSubnets&4AZCondition", - "Description": "Private subnet 4A ID in Availability Zone 4", - "Value": { - "Ref": "PrivateSubnet4A" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet4AID" - } - } - }, - "PrivateSubnet4BCIDR": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Description": "Private subnet 4B CIDR in Availability Zone 4", - "Value": { - "Ref": "PrivateSubnet4BCIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet4BCIDR" - } - } - }, - "PrivateSubnet4BID": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Description": "Private subnet 4B ID in Availability Zone 4", - "Value": { - "Ref": "PrivateSubnet4B" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet4BID" - } - } - }, - "PublicSubnet1CIDR": { - "Description": "Public subnet 1 CIDR in Availability Zone 1", - "Value": { - "Ref": "PublicSubnet1CIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnet1CIDR" - } - } - }, - "PublicSubnet1ID": { - "Description": "Public subnet 1 ID in Availability Zone 1", - "Value": { - "Ref": "PublicSubnet1" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnet1ID" - } - } - }, - "PublicSubnet2CIDR": { - "Description": "Public subnet 2 CIDR in Availability Zone 2", - "Value": { - "Ref": "PublicSubnet2CIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnet2CIDR" - } - } - }, - "PublicSubnet2ID": { - "Description": "Public subnet 2 ID in Availability Zone 2", - "Value": { - "Ref": "PublicSubnet2" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnet2ID" - } - } - }, - "PublicSubnet3CIDR": { - "Condition": "3AZCondition", - "Description": "Public subnet 3 CIDR in Availability Zone 3", - "Value": { - "Ref": "PublicSubnet3CIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnet3CIDR" - } - } - }, - "PublicSubnet3ID": { - "Condition": "3AZCondition", - "Description": "Public subnet 3 ID in Availability Zone 3", - "Value": { - "Ref": "PublicSubnet3" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnet3ID" - } - } - }, - "PublicSubnet4CIDR": { - "Condition": "4AZCondition", - "Description": "Public subnet 4 CIDR in Availability Zone 4", - "Value": { - "Ref": "PublicSubnet4CIDR" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnet4CIDR" - } - } - }, - "PublicSubnet4ID": { - "Condition": "4AZCondition", - "Description": "Public subnet 4 ID in Availability Zone 4", - "Value": { - "Ref": "PublicSubnet4" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnet4ID" - } - } - }, - "S3VPCEndpoint": { - "Condition": "S3VPCEndpointCondition", - "Description": "S3 VPC Endpoint", - "Value": { - "Ref": "S3VPCEndpoint" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-S3VPCEndpoint" - } - } - }, - "PrivateSubnet1ARouteTable": { - "Condition": "PrivateSubnetsCondition", - "Value": { - "Ref": "PrivateSubnet1ARouteTable" - }, - "Description": "Private subnet 1A route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet1ARouteTable" - } - } - }, - "PrivateSubnet1BRouteTable": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Value": { - "Ref": "PrivateSubnet1BRouteTable" - }, - "Description": "Private subnet 1B route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet1BRouteTable" - } - } - }, - "PrivateSubnet2ARouteTable": { - "Condition": "PrivateSubnetsCondition", - "Value": { - "Ref": "PrivateSubnet2ARouteTable" - }, - "Description": "Private subnet 2A route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet2ARouteTable" - } - } - }, - "PrivateSubnet2BRouteTable": { - "Condition": "AdditionalPrivateSubnetsCondition", - "Value": { - "Ref": "PrivateSubnet2BRouteTable" - }, - "Description": "Private subnet 2B route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet2BRouteTable" - } - } - }, - "PrivateSubnet3ARouteTable": { - "Condition": "PrivateSubnets&3AZCondition", - "Value": { - "Ref": "PrivateSubnet3ARouteTable" - }, - "Description": "Private subnet 3A route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet3ARouteTable" - } - } - }, - "PrivateSubnet3BRouteTable": { - "Condition": "AdditionalPrivateSubnets&3AZCondition", - "Value": { - "Ref": "PrivateSubnet3BRouteTable" - }, - "Description": "Private subnet 3B route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet3BRouteTable" - } - } - }, - "PrivateSubnet4ARouteTable": { - "Condition": "PrivateSubnets&4AZCondition", - "Value": { - "Ref": "PrivateSubnet4ARouteTable" - }, - "Description": "Private subnet 4A route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet4ARouteTable" - } - } - }, - "PrivateSubnet4BRouteTable": { - "Condition": "AdditionalPrivateSubnets&4AZCondition", - "Value": { - "Ref": "PrivateSubnet4BRouteTable" - }, - "Description": "Private subnet 4B route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PrivateSubnet4BRouteTable" - } - } - }, - "PublicSubnetRouteTable": { - "Value": { - "Ref": "PublicSubnetRouteTable" - }, - "Description": "Public subnet route table", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-PublicSubnetRouteTable" - } - } - }, - "VPCCIDR": { - "Value": { - "Ref": "VPCCIDR" - }, - "Description": "VPC CIDR", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-VPCCIDR" - } - } - }, - "VPCID": { - "Value": { - "Ref": "VPC" - }, - "Description": "VPC ID", - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-VPCID" - } - } - } - } -} diff --git a/templates/datacenter.template b/templates/datacenter.template deleted file mode 100644 index d78587e..0000000 --- a/templates/datacenter.template +++ /dev/null @@ -1,326 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Datastax template, License: Apache 2.0 (Please do not remove) May,30,2017 (qs-1nbqhl4uk)", - "Parameters": { - "KeyName": { - "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance", - "Type": "AWS::EC2::KeyPair::KeyName", - "ConstraintDescription": "must be the name of an existing EC2 KeyPair." - }, - "Profile": { - "Description": "InstanceProfile for DDAC instance", - "Type": "String" - }, - "S3Bucket": { - "Description": "S3Bucket for public key passing", - "Default": "scotth-test", - "Type": "String" - }, - "InstanceType": { - "Description": "Node EC2 instance type", - "Type": "String", - "Default": "m4.2xlarge", - "AllowedValues": [ - "m4.2xlarge", - "m4.4xlarge", - "m4.10xlarge", - "m4.16xlarge" - ], - "ConstraintDescription": "must be a valid EC2 instance type." - }, - "VolumeSize": { - "Type": "Number", - "Description": "EBS volume size in GB", - "Default": "1024" - }, - "SecurityCIDR": { - "Description": "The IP address range covering node instances", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." - }, - "AvailabilityZones": { - "Type": "CommaDelimitedList", - "Description": "List of AZs in VPC" - }, - "VPC": { - "Type": "AWS::EC2::VPC::Id", - "Description": "VPC id" - }, - "Subnets": { - "Type": "CommaDelimitedList", - "Description": "List of subnet ids to deploy nodes into" - } - }, - "Mappings": { - "AWSAMIRegionMap": { - "AMI": { - "US1604HVM": "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20181012" - }, - - "us-east-1": { - "US1604HVM": "ami-06a588297e63a6798" - }, - "us-west-2": { - "US1604HVM": "ami-0b2825a83f642000e" - } - } - }, - "Resources": { - "CassandraGroup": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "AvailabilityZones": { - "Ref": "AvailabilityZones" - }, - "LaunchConfigurationName": { - "Ref": "CassandraLaunchConfig" - }, - "MinSize": 2, - "MaxSize": 2, - "VPCZoneIdentifier": { - "Ref": "Subnets" - }, - }, - "CreationPolicy": { - "ResourceSignal": { - "Timeout": "PT35M", - "Count": "1" - } - }, - "UpdatePolicy": { - "AutoScalingRollingUpdate": { - "MinInstancesInService": "1", - "MaxBatchSize": "1", - "PauseTime": "PT35M", - "WaitOnResourceSignals": "true" - } - } - }, - "CassandraLaunchConfig": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Metadata": { - "AWS::CloudFormation::Init": { - "configSets": { - "full_install": [ - "install_cfn", - "setup_disk", - "add_node" - ] - }, - "install_cfn": { - "files": { - "/etc/cfn/cfn-hup.conf": { - "content": { - "Fn::Join": [ - "", - [ - "[main]\n", - "stack=", - { - "Ref": "AWS::StackId" - }, - "\n", - "region=", - { - "Ref": "AWS::Region" - }, - "\n" - ] - ] - }, - "mode": "000400", - "owner": "root", - "group": "root" - }, - "/etc/cfn/hooks.d/cfn-auto-reloader.conf": { - "content": { - "Fn::Join": [ - "", - [ - "[cfn-auto-reloader-hook]\n", - "triggers=post.update\n", - "path=Resources.CassandraLaunchConfig.Metadata.AWS::CloudFormation::Init\n", - "action=/usr/local/bin/cfn-init -v ", - " --stack ", - { - "Ref": "AWS::StackName" - }, - " --resource CassandraLaunchConfig ", - " --configsets full_install ", - " --region ", - { - "Ref": "AWS::Region" - }, - "\n", - "runas=root\n" - ] - ] - } - } - }, - "services": { - "sysvinit": { - "cfn-hup": { - "enabled": "true", - "ensureRunning": "true", - "files": [ - "/etc/cfn/cfn-hup.conf", - "/etc/cfn/hooks.d/cfn-auto-reloader.conf" - ] - } - } - } - }, - "setup_disk": { - "commands": { - "01_setup_disk": { - "command": { - "Fn::Join": [ - "", - [ - "#!/bin/bash -xe\n", - "mkfs -t ext4 /dev/xvdf \n", - "mkdir -p /data/cassandra \n", - "mount /dev/xvdf /data/cassandra \n", - "mkdir /data/cassandra/data \n", - "mkdir /data/cassandra/commitlog \n", - "mkdir /data/cassandra/saved_caches \n", - "useradd cassandra \n", - "chown -R cassandra:cassandra /data/cassandra \n", - "cp /etc/fstab /etc/fstab.bak \n", - "echo \"/dev/xvdf /data/cassandra ext4 defaults,nofail 0 2\" >> /etc/fstab \n" - ] - ] - } - } - } - }, - "add_node": { - "commands": { - "01_add_node": { - "command": { - "Fn::Join": [ - "", - [ - "#!/usr/bin/env bash -e \n", - "apt-get -y install awscli unzip\n", - "cd ~ubuntu/scripts \n" - ] - ] - } - } - } - } - } - }, - "Properties": { - "ImageId": { - "Fn::FindInMap": [ - "AWSAMIRegionMap", - { - "Ref": "AWS::Region" - }, - "US1604HVM" - ] - }, - "InstanceType": { - "Ref": "InstanceType" - }, - "IamInstanceProfile": { - "Ref": "Profile" - }, - "SecurityGroups": [ - { - "Ref": "DSESecurityGroup" - } - ], - "KeyName": { - "Ref": "KeyName" - }, - "BlockDeviceMappings": [ - { - "DeviceName": "/dev/xvdf", - "Ebs": { - "VolumeType": "gp2", - "VolumeSize": { - "Ref": "VolumeSize" - } - } - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash -xe\n", - "apt-get update\n", - "apt-get -y install python python-setuptools python-pip\n", - "n=1 \n", - "until [ $n -ge 8 ] \n", - "do \n", - "pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz && break \n", - "echo \"pip install cfn-bootstrap try $n failed, retry...\" \n", - "n=$[$n+1] \n", - "done \n", - "ln -s /usr/local/init/ubuntu/cfn-hup /etc/init.d/cfn-hup \n", - "chmod 775 /usr/local/init/ubuntu/cfn-hup \n", - "update-rc.d cfn-hup defaults \n", - "/usr/local/bin/cfn-init -v ", - " --stack ", - { - "Ref": "AWS::StackId" - }, - " --resource CassandraLaunchConfig ", - " --configsets full_install ", - " --region ", - { - "Ref": "AWS::Region" - }, - "\n", - "/usr/local/bin/cfn-signal -e $? ", - " --stack ", - { - "Ref": "AWS::StackId" - }, - " --resource CassandraGroup ", - " --region ", - { - "Ref": "AWS::Region" - }, - "\n" - ] - ] - } - } - }, - "CreationPolicy": { - "ResourceSignal": { - "Timeout": "PT35M" - } - } - }, - "DSESecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Enable HTTP(S), SSH access, and DSE ports", - "VpcId": { - "Ref": "VPC" - }, - "SecurityGroupIngress": [ - { - "IpProtocol": "tcp", - "FromPort": "1", - "ToPort": "65535", - "CidrIp": { - "Ref": "SecurityCIDR" - } - } - ] - } - } - } -} diff --git a/templates/datastax-ddac-clusternode.template.yaml b/templates/datastax-ddac-clusternode.template.yaml new file mode 100644 index 0000000..f405531 --- /dev/null +++ b/templates/datastax-ddac-clusternode.template.yaml @@ -0,0 +1,254 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: >- + DataStax ddac template +Parameters: + InstanceType: + Description: EC2 instance type + Type: String + Default: t2.medium + AllowedValues: + - t2.micro + - t2.small + - t2.medium + - t2.large + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m4.10xlarge + - c4.large + - c4.xlarge + - c4.2xlarge + - c4.4xlarge + - c4.8xlarge + - r4.large + - r4.xlarge + - r4.2xlarge + - r4.4xlarge + - r4.8xlarge + ConstraintDescription: must be a valid EC2 instance type. + EmailAddress: + Description: Email Address for notification + Type: String + AllowedPattern: >- + ([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?) + ConstraintDescription: Must be a valid email id. + KeyPairName: + Type: 'AWS::EC2::KeyPair::KeyName' + ConstraintDescription: Name of an existing EC2 KeyPair. + RemoteAccessCIDR: + AllowedPattern: >- + ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x + Description: Allowed CIDR block for external SSH access + Type: String + QSS3BucketName: + AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' + ConstraintDescription: >- + Quick Start bucket name can include numbers, lowercase letters, uppercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: aws-quickstart + Description: >- + S3 bucket name for the Quick Start assets. Quick Start bucket name can + include numbers, lowercase letters, uppercase letters, and hyphens (-). It + cannot start or end with a hyphen (-). + Type: String + QSS3KeyPrefix: + AllowedPattern: '^[0-9a-zA-Z-/]*$' + ConstraintDescription: >- + Quick Start key prefix can include numbers, lowercase letters, uppercase + letters, hyphens (-), and forward slash (/). + Default: implementing/ + Description: >- + S3 key prefix for the Quick Start assets. Quick Start key prefix can + include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + Type: String + PrivateSubnet1ID: + Description: Private Subnet Id 1 + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2ID: + Description: Private Subnet Id 2 + Type: 'AWS::EC2::Subnet::Id' + PublicSubnet1ID: + Description: Public Subnet Id 1 + Type: 'AWS::EC2::Subnet::Id' + PublicSubnet2ID: + Description: Public Subnet Id 2 + Type: 'AWS::EC2::Subnet::Id' + VPCID: + Description: 'ID of the VPC (e.g., vpc-0343606e)' + Type: 'AWS::EC2::VPC::Id' +Mappings: + AWSAMIRegionMap: + AMI: + US1604HVM: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180405 + ap-northeast-1: + US1604HVM: ami-60a4b21c + ap-northeast-2: + US1604HVM: ami-633d920d + ap-south-1: + US1604HVM: ami-dba580b4 + ap-southeast-1: + US1604HVM: ami-82c9ecfe + ap-southeast-2: + US1604HVM: ami-2b12dc49 + ca-central-1: + US1604HVM: ami-9d7afcf9 + eu-central-1: + US1604HVM: ami-cd491726 + eu-west-1: + US1604HVM: ami-74e6b80d + eu-west-2: + US1604HVM: ami-506e8f37 + sa-east-1: + US1604HVM: ami-5782d43b + us-east-1: + US1604HVM: ami-6dfe5010 + us-east-2: + US1604HVM: ami-e82a1a8d + us-west-1: + US1604HVM: ami-493f2f29 + us-west-2: + US1604HVM: ami-ca89eeb2 +Conditions: + GovCloudCondition: !Equals + - !Ref 'AWS::Region' + - us-gov-west-1 +Resources: + NotificationTopic: + Type: 'AWS::SNS::Topic' + Properties: + Subscription: + - Endpoint: !Ref EmailAddress + Protocol: email + ClusterNodeGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + VPCZoneIdentifier: + - !Ref PublicSubnet1ID + - !Ref PublicSubnet2ID + LaunchConfigurationName: !Ref ClusterNodeLaunchConfig + MinSize: '1' + MaxSize: '2' + NotificationConfiguration: + TopicARN: !Ref NotificationTopic + NotificationTypes: + - 'autoscaling:EC2_INSTANCE_LAUNCH' + - 'autoscaling:EC2_INSTANCE_LAUNCH_ERROR' + - 'autoscaling:EC2_INSTANCE_TERMINATE' + - 'autoscaling:EC2_INSTANCE_TERMINATE_ERROR' + CreationPolicy: + ResourceSignal: + Timeout: PT15M + Count: '1' + UpdatePolicy: + AutoScalingRollingUpdate: + MinInstancesInService: '1' + MaxBatchSize: '1' + PauseTime: PT15M + WaitOnResourceSignals: 'true' + ClusterNodeLaunchConfig: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Init': + configSets: + workload_install: + - config-workload + - run_service-workload + config-workload: + packages: + apt: + wget: [] + run_service-workload: + commands: + start_services: + command: echo "Replace with service start command" + Properties: + KeyName: !Ref KeyPairName + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - US1604HVM + InstanceType: !Ref InstanceType + SecurityGroups: + - !Ref ClusterNodeSecurityGroup + UserData: !Base64 + 'Fn::Sub': + - | + #!/bin/bash -x + function cfn_fail { + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ClusterNodeGroup; exit 1 + } + function cfn_success { + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ClusterNodeGroup; exit 0 + } + S3URI=https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix} + git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git; + source /quickstart-linux-utilities/quickstart-cfn-tools.source; + qs_update-os || qs_err + qs_bootstrap_pip || qs_err + qs_aws-cfn-bootstrap || qs_err + cfn-init -v --stack ${AWS::StackName} --resource ClusterNodeLaunchConfig --configsets workload_install --region ${AWS::Region} || cfn_fail + [ $(qs_status) == 0 ] && cfn_success || cfn_fail + + - S3Region: !If + - GovCloudCondition + - s3-us-gov-west-1 + - s3 + ClusterNodeScaleUpPolicy: + Type: 'AWS::AutoScaling::ScalingPolicy' + Properties: + AdjustmentType: ChangeInCapacity + AutoScalingGroupName: !Ref ClusterNodeGroup + Cooldown: '60' + ScalingAdjustment: '1' + ClusterNodeScaleDownPolicy: + Type: 'AWS::AutoScaling::ScalingPolicy' + Properties: + AdjustmentType: ChangeInCapacity + AutoScalingGroupName: !Ref ClusterNodeGroup + Cooldown: '60' + ScalingAdjustment: '-1' + ClusterNodeCPUAlarmHigh: + Type: 'AWS::CloudWatch::Alarm' + Properties: + AlarmDescription: Scale-up if CPU > 90% for 10 minutes + MetricName: CPUUtilization + Namespace: AWS/EC2 + Statistic: Average + Period: '300' + EvaluationPeriods: '2' + Threshold: '90' + AlarmActions: + - !Ref ClusterNodeScaleUpPolicy + Dimensions: + - Name: AutoScalingGroupName + Value: !Ref ClusterNodeGroup + ComparisonOperator: GreaterThanThreshold + ClusterNodeCPUAlarmLow: + Type: 'AWS::CloudWatch::Alarm' + Properties: + AlarmDescription: Scale-down if CPU < 70% for 10 minutes + MetricName: CPUUtilization + Namespace: AWS/EC2 + Statistic: Average + Period: '300' + EvaluationPeriods: '2' + Threshold: '70' + AlarmActions: + - !Ref ClusterNodeScaleDownPolicy + Dimensions: + - Name: AutoScalingGroupName + Value: !Ref ClusterNodeGroup + ComparisonOperator: LessThanThreshold + ClusterNodeSecurityGroup: + Type: 'AWS::EC2::SecurityGroup' + Properties: + GroupDescription: Enable SSH Access from RemoteAccessCIDR + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: '22' + ToPort: '22' + CidrIp: !Ref RemoteAccessCIDR + VpcId: !Ref VPCID diff --git a/templates/datastax-ddac-master.template.yaml b/templates/datastax-ddac-master.template.yaml new file mode 100644 index 0000000..23f1d6c --- /dev/null +++ b/templates/datastax-ddac-master.template.yaml @@ -0,0 +1,173 @@ +--- +AWSTemplateFormatVersion: 2010-09-09 +Parameters: + EmailAddress: + AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)" + ConstraintDescription: "Must be a valid email id." + Description: "Email Address for notification" + Type: String + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Only + two Availability Zones are used for this deployment, and the logical order of + your selections is preserved. + Type: List + InstanceType: + AllowedValues: + - t2.micro + - t2.small + - t2.medium + - t2.large + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m4.10xlarge + - c4.large + - c4.xlarge + - c4.2xlarge + - c4.4xlarge + - c4.8xlarge + - r4.large + - r4.xlarge + - r4.2xlarge + - r4.4xlarge + - r4.8xlarge + ConstraintDescription: "must be a valid EC2 instance type." + Default: t2.medium + Description: "EC2 instance type" + Type: String + KeyPairName: + ConstraintDescription: "Name of an existing EC2 KeyPair." + Type: "AWS::EC2::KeyPair::KeyName" + PrivateSubnet1CIDR: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Description: CIDR block for private subnet 1 located in Availability Zone 1 + Type: String + PrivateSubnet2CIDR: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Description: CIDR block for private subnet 2 located in Availability Zone 2 + Type: String + PublicSubnet1CIDR: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.128.0/20 + Description: CIDR block for the public (DMZ) subnet 1 located in Availability + Zone 1 + Type: String + PublicSubnet2CIDR: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.144.0/20 + Description: CIDR block for the public (DMZ) subnet 2 located in Availability + Zone 2 + Type: String + VPCCIDR: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Description: CIDR block for the VPC + Type: String + QSS3BucketName: + AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$" + ConstraintDescription: "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)." + Default: aws-quickstart + Description: "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)." + Type: String + QSS3KeyPrefix: + AllowedPattern: "^[0-9a-zA-Z-/]*$" + ConstraintDescription: "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/)." + Default: quickstart-datastax-ddac/ + Description: "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/)." + Type: String + RemoteAccessCIDR: + AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$" + ConstraintDescription: "CIDR block parameter must be in the form x.x.x.x/x" + Description: "Allowed CIDR block for external SSH access" + Type: String +Resources: + VPCStack: + Type: 'AWS::CloudFormation::Stack' + Properties: + TemplateURL: !Sub >- + https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template + Parameters: + AvailabilityZones: !Join + - ',' + - !Ref AvailabilityZones + KeyPairName: !Ref KeyPairName + NumberOfAZs: '2' + PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR + PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR + PublicSubnet1CIDR: !Ref PublicSubnet1CIDR + PublicSubnet2CIDR: !Ref PublicSubnet2CIDR + VPCCIDR: !Ref VPCCIDR + # ClusterNodeStack: + # Type: AWS::CloudFormation::Stack + # Properties: + # TemplateURL: + # Fn::Sub: https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/datastax-ddac-clusternode.template.yaml + # Parameters: + # EmailAddress: + # Ref: EmailAddress + # InstanceType: + # Ref: InstanceType + # KeyPairName: + # Ref: KeyPairName + # PrivateSubnet1ID: + # Fn::GetAtt: + # - VPCStack + # - Outputs.PrivateSubnet1AID + # PrivateSubnet2ID: + # Fn::GetAtt: + # - VPCStack + # - Outputs.PrivateSubnet2AID + # PublicSubnet1ID: + # Fn::GetAtt: + # - VPCStack + # - Outputs.PublicSubnet1ID + # PublicSubnet2ID: + # Fn::GetAtt: + # - VPCStack + # - Outputs.PublicSubnet2ID + # QSS3BucketName: + # Ref: QSS3BucketName + # QSS3KeyPrefix: + # Ref: QSS3KeyPrefix + # RemoteAccessCIDR: + # Ref: RemoteAccessCIDR + # VPCID: + # Fn::GetAtt: + # - VPCStack + # - Outputs.VPCID + SeedNode1: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: + Fn::Sub: https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/noderegister.yaml.template + Parameters: + PublicSubnet1ID: + Fn::GetAtt: + - VPCStack + - Outputs.PublicSubnet1ID + VPCID: + Fn::GetAtt: + - VPCStack + - Outputs.VPCID + VPCCIDR : + Fn::GetAtt: + - VPCStack + - Outputs.VPCCIDR + InstanceType: + Ref: InstanceType + KeyPairName: + Ref: KeyPairName + RemoteAccessCIDR: + Ref: RemoteAccessCIDR + QSS3KeyPrefix: + Ref: QSS3KeyPrefix + QSS3BucketName: + Ref: QSS3BucketName diff --git a/templates/ddac.template b/templates/ddac.template deleted file mode 100644 index bce379c..0000000 --- a/templates/ddac.template +++ /dev/null @@ -1,294 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Datastax template, License: Apache 2.0 (Please do not remove) May,30,2017 (qs-1nbqhl4uf)", - "Parameters": { - "KeyName": { - "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance", - "Type": "AWS::EC2::KeyPair::KeyName", - "ConstraintDescription": "must be the name of an existing EC2 KeyPair." - }, - "DDACSecurityGroupId": { - "Type": "AWS::EC2::SecurityGroup::Id", - "Description": "DDAC security group id" - }, - "SubnetId": { - "Type": "AWS::EC2::Subnet::Id", - "Description": "SubnetId in existing VPC`" - }, - "Profile": { - "Description": "InstanceProfile for DDAC instance", - "Type": "String" - }, - "S3Bucket": { - "Description": "S3Bucket for public key passing - seeds", - "Default": "scotth-test", - "Type": "String" - }, - "InstanceType": { - "Description": "Node EC2 instance type", - "Type": "String", - "Default": "m4.2xlarge", - "AllowedValues": [ - "m4.2xlarge", - "m4.4xlarge" - ], - "ConstraintDescription": "must be a valid EC2 instance type." - } - }, - "Mappings": { - "AWSAMIRegionMap": { - "AMI": { - "US1604HVM": "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20181012" - }, - "us-east-1": { - "US1604HVM": "ami-02fcb77bea0e7dc6d" - }, - "us-west-2": { - "US1604HVM": "ami-016ee641d8bb1b9fd" - } - } - }, - "Resources": { - "DDACEIP": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc" - } - }, - "IPAssoc": { - "Type": "AWS::EC2::EIPAssociation", - "Properties": { - "InstanceId": { - "Ref": "DDACInstance" - }, - "AllocationId": { - "Fn::GetAtt": [ - "DDACEIP", - "AllocationId" - ] - } - } - }, - "DDACInstance": { - "Type": "AWS::EC2::Instance", - "Metadata": { - "AWS::CloudFormation::Init": { - "configSets": { - "full_install": [ - "install_cfn", - "install_ddac", - "post_install" - ] - }, - "install_cfn": { - "files": { - "/etc/cfn/cfn-hup.conf": { - "content": { - "Fn::Join": [ - "", - [ - "[main]\n", - "stack=", - { - "Ref": "AWS::StackId" - }, - "\n", - "region=", - { - "Ref": "AWS::Region" - }, - "\n" - ] - ] - }, - "mode": "000400", - "owner": "root", - "group": "root" - }, - "/etc/cfn/hooks.d/cfn-auto-reloader.conf": { - "content": { - "Fn::Join": [ - "", - [ - "[cfn-auto-reloader-hook]\n", - "triggers=post.update\n", - "path=Resources.DDACInstance.Metadata.AWS::CloudFormation::Init\n", - "action=/usr/local/bin/cfn-init -v ", - " --stack ", - { - "Ref": "AWS::StackName" - }, - " --resource DDACInstance ", - " --configsets full_install ", - " --region ", - { - "Ref": "AWS::Region" - }, - "\n", - "runas=root\n" - ] - ] - } - } - }, - "services": { - "sysvinit": { - "cfn-hup": { - "enabled": "true", - "ensureRunning": "true", - "files": [ - "/etc/cfn/cfn-hup.conf", - "/etc/cfn/hooks.d/cfn-auto-reloader.conf" - ] - } - } - } - }, - "install_ddac": { - "commands": { - "01_install_ddac": { - "command": { - "Fn::Join": [ - "", - [ - "#!/usr/bin/env bash -e \n", - "cloud_type=\"aws\" \n", - "cd ~ubuntu \n", - "cd scripts \n", - "./deploy-dse.sh \n", - "' \n" - ] - ] - } - } - } - }, - "gen_ssh_key": { - "commands": { - "01_gen_ssh_key": { - "command": { - "Fn::Join": [ - "", - [ - "#!/usr/bin/env bash -e \n", - "apt-get -y install awscli \n", - "cd ~ubuntu/.ssh/ \n", - "ssh-keygen -t rsa -N '' -f lcm.pem \n", - "chown ubuntu:ubuntu lcm.pem* \n", - "echo 'Generated lcm.pem and lcm.pem.pub' \n", - "aws s3 cp lcm.pem.pub s3://", - { - "Ref": "S3Bucket" - }, - " --region ", - { - "Ref": "AWS::Region" - }, - " \n" - ] - ] - } - } - } - } - } - }, - "Properties": { - "ImageId": { - "Fn::FindInMap": [ - "AWSAMIRegionMap", - { - "Ref": "AWS::Region" - }, - "US1604HVM" - ] - }, - "InstanceType": { - "Ref": "InstanceType" - }, - "IamInstanceProfile": { - "Ref": "Profile" - }, - "SecurityGroupIds": [ - { - "Ref": "DDACSecurityGroupId" - } - ], - "SubnetId": { - "Ref": "SubnetId" - }, - "KeyName": { - "Ref": "KeyName" - }, - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash -xe\n", - "apt-get update\n", - "pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz && break \n", - "echo \"pip install cfn-bootstrap try $n failed, retry...\" \n", - "n=$[$n+1] \n", - "done \n", - "ln -s /usr/local/init/ubuntu/cfn-hup /etc/init.d/cfn-hup \n", - "chmod 775 /usr/local/init/ubuntu/cfn-hup \n", - "update-rc.d cfn-hup defaults \n", - "/usr/local/bin/cfn-init -v ", - " --stack ", - { - "Ref": "AWS::StackId" - }, - " --resource DDACInstance ", - " --configsets full_install ", - " --region ", - { - "Ref": "AWS::Region" - }, - "\n" - ] - ] - } - } - } - } - }, - "Outputs": { - "DDACURL": { - "Value": { - "Fn::Join": [ - "", - [ - "http://", - { - "Fn::GetAtt": [ - "DDACInstance", - "PublicDnsName" - ] - }, - ":8080/ddac" - ] - ] - }, - "Description": "URL for DDAC" - }, - "DDACPublicIP": { - "Value": { - "Fn::GetAtt": [ - "DDACInstance", - "PublicIp" - ] - }, - "Description": "Public IP for DDAC" - }, - "DDACPrivateIP": { - "Value": { - "Fn::GetAtt": [ - "DDACInstance", - "PrivateIp" - ] - }, - "Description": "Private IP for DDAC" - } - } -} diff --git a/templates/noderegister.yaml.template b/templates/noderegister.yaml.template new file mode 100644 index 0000000..8cfa242 --- /dev/null +++ b/templates/noderegister.yaml.template @@ -0,0 +1,361 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: Create the seednodes +Parameters: + HashKeyElementName: + Description: HashType PrimaryKey Name + Type: String + Default: hostname + AllowedPattern: '[a-zA-Z0-9]*' + MinLength: '1' + MaxLength: '2048' + ConstraintDescription: must contain only alphanumberic characters + PublicSubnet1ID: + Description: Public Subnet Id 1 + Type: 'AWS::EC2::Subnet::Id' + KeyPairName: + Type: 'AWS::EC2::KeyPair::KeyName' + ConstraintDescription: Name of an existing EC2 KeyPair. + RemoteAccessCIDR: + AllowedPattern: >- + ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x + Description: Allowed CIDR block for external SSH access + Type: String + VPCID: + Description: VPC ID + Type: 'AWS::EC2::VPC::Id' + VPCCIDR: + AllowedPattern: >- + ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Description: CIDR Block for the VPC + Type: String + QSS3BucketName: + AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' + ConstraintDescription: >- + Quick Start bucket name can include numbers, lowercase letters, uppercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: aws-quickstart + Type: String + QSS3KeyPrefix: + AllowedPattern: '^[0-9a-zA-Z-/]*$' + ConstraintDescription: >- + Quick Start key prefix can include numbers, lowercase letters, uppercase + letters, hyphens (-), and forward slash (/). + Default: quickstart-datastax-ddac/ + Description: >- + S3 key prefix for the Quick Start assets. Quick Start key prefix can + include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + Type: String + InstanceType: + AllowedValues: + - t2.micro + - t2.small + - t2.medium + - t2.large + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m4.10xlarge + - c4.large + - c4.xlarge + - c4.2xlarge + - c4.4xlarge + - c4.8xlarge + - r4.large + - r4.xlarge + - r4.2xlarge + - r4.4xlarge + - r4.8xlarge + ConstraintDescription: "must be a valid EC2 instance type." + Default: t2.medium + Description: "EC2 instance type" + Type: String +Conditions: + GovCloudCondition: !Equals + - !Ref AWS::Region + - us-gov-west-1 +Mappings: + AWSAMIRegionMap: + AMI: + US1604HVM: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180405 + ap-northeast-1: + US1604HVM: ami-60a4b21c + ap-northeast-2: + US1604HVM: ami-633d920d + ap-south-1: + US1604HVM: ami-dba580b4 + ap-southeast-1: + US1604HVM: ami-82c9ecfe + ap-southeast-2: + US1604HVM: ami-2b12dc49 + ca-central-1: + US1604HVM: ami-9d7afcf9 + eu-central-1: + US1604HVM: ami-cd491726 + eu-west-1: + US1604HVM: ami-74e6b80d + eu-west-2: + US1604HVM: ami-506e8f37 + sa-east-1: + US1604HVM: ami-5782d43b + us-east-1: + US1604HVM: ami-6dfe5010 + us-east-2: + US1604HVM: ami-e82a1a8d + us-west-1: + US1604HVM: ami-493f2f29 + us-west-2: + US1604HVM: ami-ca89eeb2 +Resources: + InstanceRole: + Type: 'AWS::IAM::Role' + Properties: + AssumeRolePolicyDocument: + Statement: + - + Effect: 'Allow' + Principal: + Service: + - 'ec2.amazonaws.com' + Action: + - 'sts:AssumeRole' + Path: '/' + InstanceProfile: + Type: 'AWS::IAM::InstanceProfile' + Properties: + Path: '/' + Roles: + - Ref: 'InstanceRole' + DynamoPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: dynamo-policy + Roles: + - !Ref InstanceRole + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: ListAndDescribe + Effect: Allow + Action: + - 'dynamodb:List*' + - 'dynamodb:DescribeReservedCapacity*' + - 'dynamodb:DescribeLimits' + - 'dynamodb:DescribeTimeToLive' + Resource: '*' + - Sid: SpecificTable + Effect: Allow + Action: + - 'dynamodb:BatchGet*' + - 'dynamodb:DescribeStream' + - 'dynamodb:DescribeTable' + - 'dynamodb:Get*' + - 'dynamodb:Query' + - 'dynamodb:Scan' + - 'dynamodb:BatchWrite*' + - 'dynamodb:CreateTable' + - 'dynamodb:Delete*' + - 'dynamodb:Update*' + - 'dynamodb:PutItem' + Resource: !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${DDBTable}* + AuthenticatedS3Policy: + Type: AWS::IAM::Policy + Properties: + PolicyName: AuthenticatedS3GetObjects + Roles: + - !Ref InstanceRole + PolicyDocument: + Statement: + - Sid: BucketAccess + Effect: Allow + Action: + - 's3:GetObject' + Resource: !Sub arn:aws:s3:::${QSS3BucketName}/* + DDBTable: + Type: 'AWS::DynamoDB::Table' + Properties: + AttributeDefinitions: + - AttributeName: !Ref HashKeyElementName + AttributeType: S + KeySchema: + - AttributeName: !Ref HashKeyElementName + KeyType: HASH + ProvisionedThroughput: + ReadCapacityUnits: 5 + WriteCapacityUnits: 10 + DDACSecGroup: + Type: 'AWS::EC2::SecurityGroup' + Properties: + GroupDescription: Enables SSH access to the DDAC Seed. + VpcId: !Ref VPCID + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref RemoteAccessCIDR + - IpProtocol: tcp + FromPort: 0 + ToPort: 65535 + CidrIp: !Ref VPCCIDR + DDACSeedNode1: + Type: 'AWS::EC2::Instance' + CreationPolicy: + ResourceSignal: + Timeout: PT15M + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: !Ref InstanceRole + buckets: !Ref QSS3BucketName + 'AWS::CloudFormation::Init': + configSets: + cs_install: + - install_and_enable_cfn_hup + - install_ddac + - post_install + install_and_enable_cfn_hup: + files: + /etc/cfn/cfn-hup.conf: + content: !Join + - '' + - - | + [main] + - stack= + - !Ref 'AWS::StackId' + - |+ + + - region= + - !Ref 'AWS::Region' + - |+ + + mode: '000400' + owner: root + group: root + /etc/cfn/hooks.d/cfn-auto-reloader.conf: + content: !Join + - '' + - - | + [cfn-auto-reloader-hook] + - | + triggers=post.update + - > + path=Resources.DDACSeedNode1.Metadata.AWS::CloudFormation::Init + - 'action=/usr/local/bin/cfn-init -v ' + - ' --stack ' + - !Ref 'AWS::StackName' + - ' --resource DDACSeedNode1 ' + - ' --configsets cs_install ' + - ' --region ' + - !Ref 'AWS::Region' + - |+ + + - | + runas=root + /lib/systemd/system/cfn-hup.service: + content: !Join + - '' + - - | + [Unit] + - |+ + Description=cfn-hup daemon + + - | + [Service] + - | + Type=simple + - | + ExecStart=/usr/local/bin/cfn-hup + - |+ + Restart=always + - | + [Install] + - WantedBy=multi-user.target + commands: + 01enable_cfn_hup: + command: systemctl enable cfn-hup.service + 02start_cfn_hup: + command: systemctl start cfn-hup.service + install_ddac: + sources: + /home/ubuntu: !Sub + - >- + https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/deploy.tar + - QSS3BucketName: !Ref QSS3BucketName + S3Region: !If [ GovCloudCondition, s3-us-gov-west-1, s3 ] + QSS3KeyPrefix: !Ref QSS3KeyPrefix + commands: + 01_install_ddac: + command: touch /tmp/01_install_ddac + post_install: + commands: + 01_post_install_ddac: + command: touch /tmp/01_post_install_ddac + Properties: + InstanceType: !Ref InstanceType + IamInstanceProfile: !Ref InstanceProfile + NetworkInterfaces: + - DeleteOnTermination: true + DeviceIndex: '0' + SubnetId: !Ref PublicSubnet1ID + GroupSet: + - !Ref DDACSecGroup + KeyName: !Ref KeyPairName + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - US1604HVM + BlockDeviceMappings: + - DeviceName: /dev/sda1 + Ebs: + VolumeSize: 20 + VolumeType: gp2 + Tags: + - Key: Name + Value: seednode1 + UserData: + Fn::Base64: !Sub + - | + #!/bin/bash -xe + #CFN Signaling fuctions (begin) + function cfn_fail + { + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource DDACSeedNode1 + exit 1 + } + function cfn_success + { + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource DDACSeedNode1 + exit 0 + } + #Load Linux utils + until git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git ; do echo "Retrying"; done + cd /quickstart-linux-utilities && source quickstart-cfn-tools.source + # Constants + S3URI=https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix} + REGISTER=${DDBTable} + # Prep operating systems + qs_update-os || qs_err + qs_bootstrap_pip || qs_err + qs_aws-cfn-bootstrap || qs_err + # Node Registeration + pip3 install noderegister + echo "Register Node to $REGISTER" + noderegister -r -D ${!REGISTER} + noderegister -a ${SeedType} -D ${!REGISTER} + noderegister -l -D ${!REGISTER} + #Run cfn-init configsets + cfn-init -v --stack ${AWS::StackName} --resource DDACSeedNode1 --configsets cs_install --region ${AWS::Region} || qs_err + # Signal cfn-init (final check) + [ $(qs_status) == 0 ] && cfn_success || cfn_fail + + - S3Region: !If [ GovCloudCondition, s3-us-gov-west-1, s3 ] + SeedType: 'seednode1' + +Outputs: + TableName: + Value: !Ref DDBTable + Description: NodeRegister DynamoDB table + diff --git a/templates/quickstart-datastax-no-vpc.template b/templates/quickstart-datastax-no-vpc.template deleted file mode 100644 index c0e5f78..0000000 --- a/templates/quickstart-datastax-no-vpc.template +++ /dev/null @@ -1,740 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Datastax template, License: Apache 2.0 (Please do not remove) June,27,2017 (qs-1nbqhl4up)", - "Metadata": { - "AWS::CloudFormation::Interface": { - "ParameterGroups": [{ - "Label": { - "default": " VPC Network Configuration" - }, - "Parameters": [ - "AvailabilityZones", - "AccessLocation", - "PrivateSubnetCIDR", - "PrivateSubnets", - "PublicSubnetId", - "VPCId" - ] - }, { - "Label": { - "default": "Datastax Setup" - }, - "Parameters": [ - "KeyName", - "DSAcademyUser", - "DSAcademyPW", - "DSEVersion", - "DBPassword", - "NumberDCs", - "DataCenters", - "Instances", - "DCSizes", - "VolumeSizes", - "ClusterName" - ] - }, { - "Label": { - "default": "AWS Quick Start Configuration" - }, - "Parameters": [ - "QSS3BucketName", - "QSS3KeyPrefix" - ] - }], - "ParameterLabels": { - "AccessLocation": { - "default": "Permitted IP range" - }, - "AvailabilityZones": { - "default": "Availability Zones" - }, - "KeyName": { - "default": "Key Name" - }, - "DSAcademyUser": { - "default": "DataStax Academy Username" - }, - "DBPassword": { - "default": "Database Password" - }, - "DSEVersion": { - "default": "DSE version" - }, - "DataCenters": { - "default": "Data Center Names" - }, - "DSAcademyPW": { - "default": "DataStax Academy Password" - }, - "NumberDCs": { - "default": "Number of Data Centers" - }, - "Instances": { - "default": "Instances Types" - }, - "DCSizes": { - "default": "Data Center Sizes" - }, - "ClusterName": { - "default": "Cluster Name" - }, - "VolumeSizes": { - "default": "Volume Sizes" - }, - "QSS3BucketName": { - "default": "Quick Start S3 Bucket Name" - }, - "QSS3KeyPrefix": { - "default": "Quick Start S3 Key Prefix" - }, - "VPCId": { - "default": "VPC ID" - }, - "PrivateSubnets": { - "default": "Private Subnets" - }, - "PrivateSubnetCIDR": { - "default": "Private Subnet CIDR" - }, - "PublicSubnetId": { - "default": "Public Subnet ID" - } - } - } - }, - "Parameters": { - "KeyName": { - "Description": "Public/private key pair, which allows you to connect securely to your instance after it launches.", - "Type": "AWS::EC2::KeyPair::KeyName", - "ConstraintDescription": "must be the name of an existing EC2 KeyPair." - }, - "AccessLocation": { - "Description": "The CIDR IP range that is permitted to access the DDAC web console or SSH to the EC2 instance for the console.", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." - }, - "VPCId": { - "Description": "Id of existing VPC", - "Type": "AWS::EC2::VPC::Id" - }, - "AvailabilityZones": { - "Type": "CommaDelimitedList", - "Description": "The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses three Availability Zones from your list and preserves the logical order you specify." - }, - "PrivateSubnets": { - "Type": "CommaDelimitedList", - "Description": "List of private subnet ids to deploy nodes into" - }, - "PrivateSubnetCIDR": { - "Description": "CIDR block covering private subnets.", - "Type": "String" - }, - "PublicSubnetId": { - "Description": "Id for a public subnet in existing VPC, used for DDAC instance", - "Type": "AWS::EC2::Subnet::Id" - }, - "DSEVersion": { - "Type": "String", - "Description": "DSE version to install.", - "Default": "6.0.4", - "AllowedValues": ["5.1.9","6.0.4"] - }, - "DSAcademyUser": { - "Type": "String", - "Description": "User name for your academy.datastax.com account." - }, - "DSAcademyPW": { - "Type": "String", - "Description": "Password for your academy.datastax.com account.", - "NoEcho": true - }, - "DBPassword": { - "Type": "String", - "Description": "Password for the default Cassandra user 'cassandra'.", - "NoEcho": true - }, - "NumberDCs": { - "Type": "Number", - "Description": "The number of DSE data centers to create. Using multiple data centers enables you to separate your workloads by type.", - "Default": 1, - "AllowedValues": [1, 2, 3, 4], - "ConstraintDescription": "Value must be an integer from 1-4" - }, - "DataCenters": { - "Description": "The list of data center names to create, separated by commas. The number of names must match the NumberDCs parameter.", - "Type": "CommaDelimitedList", - "Default": "DC0" - }, - "Instances": { - "Description": "EC2 instance type for the nodes in each DSE data center, separated by commas. The number of instance types must match the NumberDCs parameter.", - "Type": "CommaDelimitedList", - "Default": "m4.2xlarge" - }, - "VolumeSizes": { - "Description": "The EBS volume size, in GiB, for the nodes in each data center, separated by commas. The number of volume sizes in this array must match the NumberDCs parameter.", - "Type": "List", - "Default": "1024" - }, - "DCSizes": { - "Description": "The number of nodes to create for each DSE data center, separated by commas. The number of sizes in this array must match the NumberDCs parameter.", - "Type": "List", - "Default": "3" - }, - "ClusterName": { - "Description": "The name of the DSE cluster. This is the name used by DDDAC.", - "Type": "String", - "Default": "DSE Cluster" - }, - "QSS3BucketName": { - "AllowedPattern": "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$", - "ConstraintDescription": "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Default": "aws-quickstart", - "Description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Type": "String" - }, - "QSS3KeyPrefix": { - "AllowedPattern": "^[0-9a-zA-Z-/]*$", - "ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Default": "quickstart-datastax/", - "Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Type": "String" - } - }, - "Conditions": { - "GovCloudCondition": { - "Fn::Equals": [{ - "Ref": "AWS::Region" - }, - "us-gov-west-1" - ] - }, - "CreateDC1": { - "Fn::Or": [{ - "Fn::Equals": [{ - "Ref": "NumberDCs" - }, 2] - }, { - "Fn::Equals": [{ - "Ref": "NumberDCs" - }, 3] - }, { - "Fn::Equals": [{ - "Ref": "NumberDCs" - }, 4] - }] - }, - "CreateDC2": { - "Fn::Or": [{ - "Fn::Equals": [{ - "Ref": "NumberDCs" - }, 3] - }, { - "Fn::Equals": [{ - "Ref": "NumberDCs" - }, 4] - }] - }, - "CreateDC3": { - "Fn::Equals": [{ - "Ref": "NumberDCs" - }, 4] - } - }, - "Resources": { - "S3Bucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "Private" - }, - "DeletionPolicy": "Delete" - }, - "S3RoleDDAC": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [{ - "Effect": "Allow", - "Principal": { - "Service": ["ec2.amazonaws.com"] - }, - "Action": ["sts:AssumeRole"] - }] - }, - "Path": "/" - } - }, - "S3RolePoliciesDDAC": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "s3-access", - "PolicyDocument": { - "Statement": [{ - "Action": [ - "s3:GetObject", - "s3:DeleteObject", - "s3:PutObject" - ], - "Resource": { - "Fn::Join": ["", ["arn:aws:s3:::", { - "Ref": "S3Bucket" - }, "/*"]] - }, - "Effect": "Allow" - }] - }, - "Roles": [{ - "Ref": "S3RoleDDAC" - }] - } - }, - "S3ProfileDDAC": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Path": "/", - "Roles": [{ - "Ref": "S3RoleDDAC" - }] - } - }, - "S3RoleNode": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [{ - "Effect": "Allow", - "Principal": { - "Service": ["ec2.amazonaws.com"] - }, - "Action": ["sts:AssumeRole"] - }] - }, - "Path": "/" - } - }, - "S3RolePoliciesNode": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "s3-access", - "PolicyDocument": { - "Statement": [{ - "Effect": "Allow", - "Action": [ - "s3:GetObject" - ], - "Resource": { - "Fn::Join": ["", ["arn:aws:s3:::", { - "Ref": "S3Bucket" - }, "/*"]] - } - }] - }, - "Roles": [{ - "Ref": "S3RoleNode" - }] - } - }, - "S3ProfileNode": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Path": "/", - "Roles": [{ - "Ref": "S3RoleNode" - }] - } - }, - "DDACSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Enable SSH access, and DDAC port", - "VpcId": { - "Ref": "VPCId" - }, - "SecurityGroupIngress": [{ - "IpProtocol": "tcp", - "FromPort": "22", - "ToPort": "22", - "CidrIp": { - "Ref": "AccessLocation" - } - }, { - "IpProtocol": "tcp", - "FromPort": "8080", - "ToPort": "8080", - "CidrIp": { - "Ref": "AccessLocation" - } - }, { - "IpProtocol": "tcp", - "FromPort": "22", - "ToPort": "22", - "CidrIp": { - "Ref": "PrivateSubnetCIDR" - } - }, { - "IpProtocol": "tcp", - "FromPort": "61620", - "ToPort": "61620", - "CidrIp": { - "Ref": "PrivateSubnetCIDR" - } - }] - } - }, - "DDACCstack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}templates/ddac.template", { - "S3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "KeyName": { - "Ref": "KeyName" - }, - "DDACSecurityGroupId": { - "Fn::GetAtt": ["DDACSecurityGroup", "GroupId"] - }, - "SubnetId": { - "Ref": "PublicSubnetId" - }, - "ClusterName": { - "Ref": "ClusterName" - }, - "NumberDCs": { - "Ref": "NumberDCs" - }, - "DCSizes": { - "Fn::Join": [",", { - "Ref": "DCSizes" - }] - }, - "DSEVersion": { - "Ref": "DSEVersion" - }, - "DSAcademyUser": { - "Ref": "DSAcademyUser" - }, - "DSAcademyPW": { - "Ref": "DSAcademyPW" - }, - "DBPassword": { - "Ref": "DBPassword" - }, - "Profile": { - "Ref": "S3ProfileDDAC" - }, - "S3Bucket": { - "Ref": "S3Bucket" - }, - "InstanceType": "t2.medium" - } - } - }, - "DC0stack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}templates/datacenter.template", { - "S3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "KeyName": { - "Ref": "KeyName" - }, - "Profile": { - "Ref": "S3ProfileNode" - }, - "S3Bucket": { - "Ref": "S3Bucket" - }, - "DDACIP": { - "Fn::GetAtt": ["DDACstack", "Outputs.DDACPrivateIP"] - }, - "ClusterName": { - "Ref": "ClusterName" - }, - "DataCenterName": { - "Fn::Select": ["0", { - "Ref": "DataCenters" - }] - }, - "DataCenterSize": { - "Fn::Select": ["0", { - "Ref": "DCSizes" - }] - }, - "InstanceType": { - "Fn::Select": ["0", { - "Ref": "Instances" - }] - }, - "VolumeSize": { - "Fn::Select": ["0", { - "Ref": "VolumeSizes" - }] - }, - "VPC": { - "Ref": "VPCId" - }, - "AvailabilityZones": { - "Fn::Join": [",", { - "Ref": "AvailabilityZones" - }] - }, - "Subnets": { - "Fn::Join": [",", { - "Ref": "PrivateSubnets" - }] - }, - "SecurityCIDR": { - "Ref": "PrivateSubnetCIDR" - } - } - } - }, - "DC1stack": { - "Type": "AWS::CloudFormation::Stack", - "Condition": "CreateDC1", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}templates/datacenter.template", { - "S3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "KeyName": { - "Ref": "KeyName" - }, - "Profile": { - "Ref": "S3ProfileNode" - }, - "S3Bucket": { - "Ref": "S3Bucket" - }, - "DDACIP": { - "Fn::GetAtt": ["DDACstack", "Outputs.DDACPrivateIP"] - }, - "ClusterName": { - "Ref": "ClusterName" - }, - "DataCenterName": { - "Fn::Select": ["1", { - "Ref": "DataCenters" - }] - }, - "DataCenterSize": { - "Fn::Select": ["1", { - "Ref": "DCSizes" - }] - }, - "InstanceType": { - "Fn::Select": ["1", { - "Ref": "Instances" - }] - }, - "VolumeSize": { - "Fn::Select": ["1", { - "Ref": "VolumeSizes" - }] - }, - "VPC": { - "Ref": "VPCId" - }, - "AvailabilityZones": { - "Fn::Join": [",", { - "Ref": "AvailabilityZones" - }] - }, - "Subnets": { - "Fn::Join": [",", { - "Ref": "PrivateSubnets" - }] - }, - "SecurityCIDR": { - "Ref": "PrivateSubnetCIDR" - } - } - } - }, - "DC2stack": { - "Type": "AWS::CloudFormation::Stack", - "Condition": "CreateDC2", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}templates/datacenter.template", { - "S3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "KeyName": { - "Ref": "KeyName" - }, - "Profile": { - "Ref": "S3ProfileNode" - }, - "S3Bucket": { - "Ref": "S3Bucket" - }, - "DDACIP": { - "Fn::GetAtt": ["DDACstack", "Outputs.DDACPrivateIP"] - }, - "ClusterName": { - "Ref": "ClusterName" - }, - "DataCenterName": { - "Fn::Select": ["2", { - "Ref": "DataCenters" - }] - }, - "DataCenterSize": { - "Fn::Select": ["2", { - "Ref": "DCSizes" - }] - }, - "InstanceType": { - "Fn::Select": ["2", { - "Ref": "Instances" - }] - }, - "VolumeSize": { - "Fn::Select": ["2", { - "Ref": "VolumeSizes" - }] - }, - "VPC": { - "Ref": "VPCId" - }, - "AvailabilityZones": { - "Fn::Join": [",", { - "Ref": "AvailabilityZones" - }] - }, - "Subnets": { - "Fn::Join": [",", { - "Ref": "PrivateSubnets" - }] - }, - "SecurityCIDR": { - "Ref": "PrivateSubnetCIDR" - } - } - } - }, - "DC3stack": { - "Type": "AWS::CloudFormation::Stack", - "Condition": "CreateDC3", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}templates/datacenter.template", { - "S3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "KeyName": { - "Ref": "KeyName" - }, - "Profile": { - "Ref": "S3ProfileNode" - }, - "S3Bucket": { - "Ref": "S3Bucket" - }, - "DDACIP": { - "Fn::GetAtt": ["DDACstack", "Outputs.DDACPrivateIP"] - }, - "ClusterName": { - "Ref": "ClusterName" - }, - "DataCenterName": { - "Fn::Select": ["3", { - "Ref": "DataCenters" - }] - }, - "DataCenterSize": { - "Fn::Select": ["3", { - "Ref": "DCSizes" - }] - }, - "InstanceType": { - "Fn::Select": ["3", { - "Ref": "Instances" - }] - }, - "VolumeSize": { - "Fn::Select": ["3", { - "Ref": "VolumeSizes" - }] - }, - "VPC": { - "Ref": "VPCId" - }, - "AvailabilityZones": { - "Fn::Join": [",", { - "Ref": "AvailabilityZones" - }] - }, - "Subnets": { - "Fn::Join": [",", { - "Ref": "PrivateSubnets" - }] - }, - "SecurityCIDR": { - "Ref": "PrivateSubnetCIDR" - } - } - } - } - }, - "Outputs": { - "DDACURL": { - "Value": { - "Fn::GetAtt": ["DDACstack", "Outputs.DDACURL"] - } - } - } -} diff --git a/templates/quickstart-ddac-master.template b/templates/quickstart-ddac-master.template deleted file mode 100644 index fc4d67c..0000000 --- a/templates/quickstart-ddac-master.template +++ /dev/null @@ -1,392 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Datastax template, License: Apache 2.0 (Please do not remove) June,27,2017 (qs-1nbqhl4up)", - "Metadata": { - "AWS::CloudFormation::Interface": { - "ParameterGroups": [{ - "Label": { - "default": " VPC Network Configuration" - }, - "Parameters": [ - "AvailabilityZones", - "AccessLocation" - ] - }, { - "Label": { - "default": "Datastax Setup" - }, - "Parameters": [ - "KeyName", - "Instances", - "VolumeSizes" - ] - }, { - "Label": { - "default": "AWS Quick Start Configuration" - }, - "Parameters": [ - "QSS3BucketName", - "QSS3KeyPrefix" - ] - }], - "ParameterLabels": { - "AccessLocation": { - "default": "Permitted IP range" - }, - "AvailabilityZones": { - "default": "Availability Zones" - }, - "KeyName": { - "default": "Key Name" - }, - "Instances": { - "default": "Instances Types" - }, - "VolumeSizes": { - "default": "Volume Sizes" - }, - "QSS3BucketName": { - "default": "Quick Start S3 Bucket Name" - }, - "QSS3KeyPrefix": { - "default": "Quick Start S3 Key Prefix" - } - } - } - }, - "Parameters": { - "KeyName": { - "Description": "Public/private key pair, which allows you to connect securely to your instance after it launches.", - "Type": "AWS::EC2::KeyPair::KeyName", - "ConstraintDescription": "must be the name of an existing EC2 KeyPair." - }, - "AccessLocation": { - "Description": "The CIDR IP range that is permitted to access the DDAC web console or SSH to the EC2 instance for the console.", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." - }, - "AvailabilityZones": { - "Type": "List", - "Description": "The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses three Availability Zones from your list and preserves the logical order you specify." - }, - "Instances": { - "Description": "EC2 instance type for the nodes in each DSE data center, separated by commas. The number of instance types must match the NumberDCs parameter.", - "Type": "CommaDelimitedList", - "Default": "m4.2xlarge" - }, - "VolumeSizes": { - "Description": "The EBS volume size, in GiB, for the nodes in each data center, separated by commas. The number of volume sizes in this array must match the NumberDCs parameter.", - "Type": "List", - "Default": "1024" - }, - "QSS3BucketName": { - "AllowedPattern": "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$", - "ConstraintDescription": "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Default": "aws-quickstart", - "Description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Type": "String" - }, - "QSS3KeyPrefix": { - "AllowedPattern": "^[0-9a-zA-Z-/]*$", - "ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Default": "quickstart-datastax/", - "Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Type": "String" - } - }, - "Conditions": { - "GovCloudCondition": { - "Fn::Equals": [{ - "Ref": "AWS::Region" - }, - "us-gov-west-1" - ] - } - }, - "Resources": { - "S3Bucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "Private" - }, - "DeletionPolicy": "Retain" - }, - "S3RoleDDAC": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [{ - "Effect": "Allow", - "Principal": { - "Service": ["ec2.amazonaws.com"] - }, - "Action": ["sts:AssumeRole"] - }] - }, - "Path": "/" - } - }, - "S3RolePoliciesDDAC": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "s3-access", - "PolicyDocument": { - "Statement": [{ - "Action": [ - "s3:GetObject", - "s3:DeleteObject", - "s3:PutObject" - ], - "Resource": { - "Fn::Join": ["", ["arn:aws:s3:::", { - "Ref": "S3Bucket" - }, "/*"]] - }, - "Effect": "Allow" - }] - }, - "Roles": [{ - "Ref": "S3RoleDDAC" - }] - } - }, - "S3ProfileDDAC": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Path": "/", - "Roles": [{ - "Ref": "S3RoleDDAC" - }] - } - }, - "S3RoleNode": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [{ - "Effect": "Allow", - "Principal": { - "Service": ["ec2.amazonaws.com"] - }, - "Action": ["sts:AssumeRole"] - }] - }, - "Path": "/" - } - }, - "S3RolePoliciesNode": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "s3-access", - "PolicyDocument": { - "Statement": [{ - "Effect": "Allow", - "Action": [ - "s3:GetObject", - "s3:DeleteObject", - "s3:PutObject" - ], - "Resource": { - "Fn::Join": ["", ["arn:aws:s3:::", { - "Ref": "S3Bucket" - }, "/*"]] - } - }] - }, - "Roles": [{ - "Ref": "S3RoleNode" - }] - } - }, - "S3ProfileNode": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Path": "/", - "Roles": [{ - "Ref": "S3RoleNode" - }] - } - }, - "VPCstack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template", { - "S3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "AvailabilityZones": { - "Fn::Join": [",", { - "Ref": "AvailabilityZones" - }] - }, - "NumberOfAZs": 3, - "CreatePrivateSubnets": "true", - "KeyPairName": { - "Ref": "KeyName" - } - } - } - }, - "DDACSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Enable SSH access, and DDAC port", - "VpcId": { - "Fn::GetAtt": ["VPCstack", "Outputs.VPCID"] - }, - "SecurityGroupIngress": [{ - "IpProtocol": "tcp", - "FromPort": "22", - "ToPort": "22", - "CidrIp": { - "Ref": "AccessLocation" - } - }, { - "IpProtocol": "tcp", - "FromPort": "8080", - "ToPort": "8080", - "CidrIp": { - "Ref": "AccessLocation" - } - }, { - "IpProtocol": "tcp", - "FromPort": "22", - "ToPort": "22", - "CidrIp": { - "Fn::GetAtt": ["VPCstack", "Outputs.VPCCIDR"] - } - }, { - "IpProtocol": "tcp", - "FromPort": "61620", - "ToPort": "61620", - "CidrIp": { - "Fn::GetAtt": ["VPCstack", "Outputs.VPCCIDR"] - } - }] - }, - "DependsOn": "VPCstack" - }, - "DDACstack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}templates/ddac.template", { - "S3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "KeyName": { - "Ref": "KeyName" - }, - "DDACSecurityGroupId": { - "Fn::GetAtt": ["DDACSecurityGroup", "GroupId"] - }, - "SubnetId": { - "Fn::GetAtt": ["VPCstack", "Outputs.PublicSubnet1ID"] - }, - "Profile": { - "Ref": "S3ProfileDDAC" - }, - "S3Bucket": { - "Ref": "S3Bucket" - }, - "InstanceType": "m4.2xlarge" - } - }, - "DependsOn": "VPCstack" - }, - "DC0stack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}templates/datacenter.template", { - "S3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "KeyName": { - "Ref": "KeyName" - }, - "Profile": { - "Ref": "S3ProfileNode" - }, - "S3Bucket": { - "Ref": "S3Bucket" - }, - "InstanceType": { - "Fn::Select": ["0", { - "Ref": "Instances" - }] - }, - "VolumeSize": { - "Fn::Select": ["0", { - "Ref": "VolumeSizes" - }] - }, - "VPC": { - "Fn::GetAtt": ["VPCstack", "Outputs.VPCID"] - }, - "AvailabilityZones": { - "Fn::Join": [",", { - "Ref": "AvailabilityZones" - }] - }, - "Subnets": { - "Fn::Join": [",", [{ - "Fn::GetAtt": ["VPCstack", "Outputs.PrivateSubnet1AID"] - }, { - "Fn::GetAtt": ["VPCstack", "Outputs.PrivateSubnet2AID"] - }, { - "Fn::GetAtt": ["VPCstack", "Outputs.PrivateSubnet3AID"] - }]] - }, - "SecurityCIDR": { - "Fn::GetAtt": ["VPCstack", "Outputs.VPCCIDR"] - } - } - }, - "DependsOn": "VPCstack" - } - }, - "Outputs": { - "DDACURL": { - "Value": { - "Fn::GetAtt": ["DDACstack", "Outputs.DDACURL"] - } - }, - "VPCstackRef": { - "Value": { - "Ref": "VPCstack" - } - } - } -}