--- AWSTemplateFormatVersion: 2010-09-09 Description: Enterprise Accelerator - Provides nesting for required stacks to deploy a full sample web application with reverse proxy, ELBs, IAM, and other resources (for demonstration/POC/testing) Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: 'Please provide the following parameter values:' Parameters: - pDBPassword - pNotifyEmail - pEC2KeyPairBastion - pEC2KeyPair - pSupportsConfig - pAvailabilityZoneA - pAvailabilityZoneB - Label: default: AWS Quick Start Configuration Parameters: - QSS3BucketName - QSS3KeyPrefix ParameterLabels: pDBPassword: default: Database Password pNotifyEmail: default: Notification Email Address pEC2KeyPairBastion: default: Existing SSH Key for the Bastion Instance pEC2KeyPair: default: Existing SSH Key for Other Instances pSupportsConfig: default: Support Config pAvailabilityZoneA: default: First Availability Zone pAvailabilityZoneB: default: Second Availability zone pVPCTenancy: default: Instance tenancy QSS3BucketName: default: Quick Start S3 Bucket Name QSS3KeyPrefix: default: Quick Start S3 Key Prefix Stack: Value: 0 VersionDate: Value: 20160518 Identifier: Value: main Input: Description: Input of all required parameters in nested stacks Output: Description: N/A Parameters: pDBPassword: Description: Mixed alphanumeric and must be between 8 and 28 characters and contain at least one capital letter NoEcho: true Type: String MinLength: 8 MaxLength: 28 AllowedPattern: '[a-zA-Z0-9!^*\-_+]*' ConstraintDescription: Can only contain alphanumeric characters or the following special characters !^*-_+, between 8 and 28 characters pNotifyEmail: Description: Notification email address for security events (you will receive a confirmation email) Type: String Default: distlist@example.org pEC2KeyPairBastion: Description: The SSH key pair in your account to use for the bastion host login Type: AWS::EC2::KeyPair::KeyName pEC2KeyPair: Description: The SSH key pair in your account to use for all other EC2 instance logins Type: AWS::EC2::KeyPair::KeyName pSupportsConfig: Description: Is AWS Config Rules already configured for this region? Use 'No' if you are uncertain. The AWS Config rules feature is currently available in the AWS Regions listed on the http://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region page AllowedValues: - 'Yes' - 'No' Default: 'No' Type: String pAvailabilityZoneA: Description: Availability Zone 1 Type: AWS::EC2::AvailabilityZone::Name pAvailabilityZoneB: Description: Availability Zone 2 Type: AWS::EC2::AvailabilityZone::Name pVPCTenancy: Description: (Optional)If you require Dedicated tendency, VPC tenancy can be set to dedicated. As of May 2017 the BAA no longer requires this. Type: String Default: default AllowedValues: - default - dedicated QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-.]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, periods (.), and hyphens (-). It cannot start or end with a hyphen (-). Default: quickstart-reference Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-]+(/[0-9a-zA-Z-]+)*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). It cannot start or end with forward slash (/) because they are automatically appended. Default: enterprise-accelerator/hipaa/latest Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). It cannot start or end with forward slash (/) because they are automatically appended. Type: String Mappings: AWSInfoRegionMap: ap-northeast-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ap-northeast-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ap-south-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ap-southeast-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ap-southeast-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ca-central-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com eu-central-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com eu-west-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com eu-west-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com sa-east-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com us-east-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com us-east-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com us-gov-west-1: Partition: aws-us-gov QuickStartS3URL: https://s3-us-gov-west-1.amazonaws.com us-west-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com us-west-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com CustomVariables: vResourceEnvironmentTagKey: Value: Environment vResourceEnvironmentTagValue: Value: development RegionServiceSupport: us-east-1: ConfigRules: true NatGateway: false Glacier: true us-east-2: ConfigRules: true NatGateway: false Glacier: true us-west-1: ConfigRules: true NatGateway: false Glacier: true us-west-2: ConfigRules: true NatGateway: false Glacier: true ca-central-1: ConfigRules: true NatGateway: false Glacier: true eu-central-1: NatGateway: false ConfigRules: true Glacier: true eu-west-1: ConfigRules: true NatGateway: false Glacier: true eu-west-2: ConfigRules: true NatGateway: false Glacier: true ap-northeast-1: ConfigRules: true NatGateway: false Glacier: true ap-northeast-2: ConfigRules: true NatGateway: false Glacier: true ap-south-1: ConfigRules: true NatGateway: false Glacier: true ap-southeast-1: ConfigRules: true NatGateway: false Glacier: false ap-southeast-2: ConfigRules: true NatGateway: false Glacier: true sa-east-1: ConfigRules: true NatGateway: false Glacier: false us-gov-west-1: ConfigRules: true NatGateway: false Glacier: false AWSAMIRegionMap: AMI: AMZNLINUXHVM: amzn-ami-hvm-2017.03.1.20170812-x86_64-gp2 ap-northeast-1: AMZNLINUXHVM: ami-4af5022c InstanceType: m4.large InstanceTypeDatabase: db.m4.large ap-northeast-2: AMZNLINUXHVM: ami-8663bae8 InstanceType: m4.large InstanceTypeDatabase: db.m4.large ap-south-1: AMZNLINUXHVM: ami-d7abd1b8 InstanceType: m4.large InstanceTypeDatabase: db.m4.large ap-southeast-1: AMZNLINUXHVM: ami-fdb8229e InstanceType: m4.large InstanceTypeDatabase: db.m4.large ap-southeast-2: AMZNLINUXHVM: ami-30041c53 InstanceType: m4.large InstanceTypeDatabase: db.m4.large ca-central-1: AMZNLINUXHVM: ami-5ac17f3e InstanceType: m4.large InstanceTypeDatabase: db.m4.large eu-central-1: AMZNLINUXHVM: ami-657bd20a InstanceType: m4.large InstanceTypeDatabase: db.m4.large eu-west-1: AMZNLINUXHVM: ami-ebd02392 InstanceType: m4.large InstanceTypeDatabase: db.m4.large eu-west-2: AMZNLINUXHVM: ami-489f8e2c InstanceType: m4.large InstanceTypeDatabase: db.m4.large sa-east-1: AMZNLINUXHVM: ami-d27203be InstanceType: m4.large InstanceTypeDatabase: db.m3.large us-east-1: AMZNLINUXHVM: ami-4fffc834 InstanceType: m4.large InstanceTypeDatabase: db.m4.large us-east-2: AMZNLINUXHVM: ami-ea87a78f InstanceType: m4.large InstanceTypeDatabase: db.m4.large us-gov-west-1: AMZNLINUXHVM: ami-ffa61d9e InstanceType: m4.large InstanceTypeDatabase: db.m3.large us-west-1: AMZNLINUXHVM: ami-3a674d5a InstanceType: m4.large InstanceTypeDatabase: db.m4.large us-west-2: AMZNLINUXHVM: ami-aa5ebdd2 InstanceType: m4.large InstanceTypeDatabase: db.m4.large Conditions: LoadConfigRulesTemplate: !Equals - !Ref pSupportsConfig - 'Yes' LaunchAsDedicatedInstance: !Equals - !Ref pVPCTenancy - dedicated Resources: IamTemplate: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - ${QuickStartS3URL}/${QSS3BucketName}/${QSS3KeyPrefix}/submodules/quickstart-compliance-common/templates/iam.template - QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL TimeoutInMinutes: 20 LoggingTemplate: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - ${QuickStartS3URL}/${QSS3BucketName}/${QSS3KeyPrefix}/submodules/quickstart-compliance-common/templates/logging.template - QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL TimeoutInMinutes: 20 Parameters: pNotifyEmail: !Ref pNotifyEmail pSupportsGlacier: !FindInMap - RegionServiceSupport - !Ref AWS::Region - Glacier ProductionVpcTemplate: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - ${QuickStartS3URL}/${QSS3BucketName}/${QSS3KeyPrefix}/submodules/quickstart-compliance-common/templates/vpc-production.template - QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL TimeoutInMinutes: 20 Parameters: pRegionAZ1Name: !Ref pAvailabilityZoneA pRegionAZ2Name: !Ref pAvailabilityZoneB pProductionVPCName: Production VPC pBastionSSHCIDR: 0.0.0.0/0 pDMZSubnetACIDR: 10.100.10.0/24 pDMZSubnetBCIDR: 10.100.20.0/24 pManagementCIDR: 10.10.0.0/16 pAppPrivateSubnetACIDR: 10.100.96.0/21 pAppPrivateSubnetBCIDR: 10.100.119.0/21 pDBPrivateSubnetACIDR: 10.100.194.0/21 pDBPrivateSubnetBCIDR: 10.100.212.0/21 pVPCTenancy: !Ref pVPCTenancy pEnvironment: !FindInMap - CustomVariables - vResourceEnvironmentTagValue - Value pEC2KeyPair: !Ref pEC2KeyPair pSupportsNatGateway: !FindInMap - RegionServiceSupport - !Ref AWS::Region - NatGateway pNatAmi: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - AMZNLINUXHVM pNatInstanceType: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - InstanceType QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix ManagementVpcTemplate: Type: AWS::CloudFormation::Stack DependsOn: ProductionVpcTemplate Properties: TemplateURL: !Sub - ${QuickStartS3URL}/${QSS3BucketName}/${QSS3KeyPrefix}/submodules/quickstart-compliance-common/templates/vpc-management.template - QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL TimeoutInMinutes: 20 Parameters: pProductionVPC: !GetAtt - ProductionVpcTemplate - Outputs.rVPCProduction pRouteTableProdPrivate: !GetAtt - ProductionVpcTemplate - Outputs.rRouteTableProdPrivate pRouteTableProdPublic: !GetAtt - ProductionVpcTemplate - Outputs.rRouteTableProdPublic pProductionCIDR: 10.100.0.0/16 pBastionSSHCIDR: 0.0.0.0/0 pManagementCIDR: 10.10.0.0/16 pManagementDMZSubnetACIDR: 10.10.1.0/24 pManagementDMZSubnetBCIDR: 10.10.2.0/24 pManagementPrivateSubnetACIDR: 10.10.20.0/24 pManagementPrivateSubnetBCIDR: 10.10.30.0/24 pManagementVPCName: Management VPC pEC2KeyPairBastion: !Ref pEC2KeyPairBastion pEC2KeyPair: !Ref pEC2KeyPair pVPCTenancy: !Ref pVPCTenancy pBastionAmi: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - AMZNLINUXHVM pRegionAZ1Name: !Ref pAvailabilityZoneA pRegionAZ2Name: !Ref pAvailabilityZoneB pEnvironment: !FindInMap - CustomVariables - vResourceEnvironmentTagValue - Value pBastionInstanceType: !If - LaunchAsDedicatedInstance - m4.large - t2.small pSupportsNatGateway: !FindInMap - RegionServiceSupport - !Ref AWS::Region - NatGateway pNatAmi: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - AMZNLINUXHVM pNatInstanceType: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - InstanceType QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix ConfigRulesTemplate: Type: AWS::CloudFormation::Stack Condition: LoadConfigRulesTemplate DependsOn: - IamTemplate - ProductionVpcTemplate - ManagementVpcTemplate - LoggingTemplate Properties: TemplateURL: !Sub - ${QuickStartS3URL}/${QSS3BucketName}/${QSS3KeyPrefix}/submodules/quickstart-compliance-common/templates/config-rules.template - QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL TimeoutInMinutes: 20 Parameters: pRequiredTagKey: !FindInMap - CustomVariables - vResourceEnvironmentTagKey - Value ApplicationTemplate: Type: AWS::CloudFormation::Stack DependsOn: ProductionVpcTemplate Properties: TemplateURL: !Sub - ${QuickStartS3URL}/${QSS3BucketName}/${QSS3KeyPrefix}/templates/application.template - QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL TimeoutInMinutes: 30 Parameters: pSecurityAlarmTopic: !GetAtt - LoggingTemplate - Outputs.rSecurityAlarmTopic pEC2KeyPair: !Ref pEC2KeyPair pProductionCIDR: 10.100.0.0/16 pProductionVPC: !GetAtt - ProductionVpcTemplate - Outputs.rVPCProduction pDMZSubnetA: !GetAtt - ProductionVpcTemplate - Outputs.rDMZSubnetA pDMZSubnetB: !GetAtt - ProductionVpcTemplate - Outputs.rDMZSubnetB pAppPrivateSubnetA: !GetAtt - ProductionVpcTemplate - Outputs.rAppPrivateSubnetA pAppPrivateSubnetB: !GetAtt - ProductionVpcTemplate - Outputs.rAppPrivateSubnetB pWebInstanceType: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - InstanceType pAppInstanceType: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - InstanceType pDBPrivateSubnetA: !GetAtt - ProductionVpcTemplate - Outputs.rDBPrivateSubnetA pDBPrivateSubnetB: !GetAtt - ProductionVpcTemplate - Outputs.rDBPrivateSubnetB pManagementCIDR: 10.10.0.0/16 pRegionAZ1Name: !Ref pAvailabilityZoneA pRegionAZ2Name: !Ref pAvailabilityZoneB pWebServerAMI: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - AMZNLINUXHVM pAppAmi: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - AMZNLINUXHVM pDBUser: testuserdb pDBName: testDB pDBPassword: !Ref pDBPassword pDBClass: !FindInMap - AWSAMIRegionMap - !Ref AWS::Region - InstanceTypeDatabase pDBAllocatedStorage: 10 pEnvironment: !FindInMap - CustomVariables - vResourceEnvironmentTagValue - Value pBastionSSHCIDR: 0.0.0.0/0 pSupportsGlacier: !FindInMap - RegionServiceSupport - !Ref AWS::Region - Glacier QuickStartS3URL: !FindInMap - AWSInfoRegionMap - !Ref AWS::Region - QuickStartS3URL QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix Outputs: TemplateType: Value: Standard Multi-Tier Web Application TemplateVersion: Value: 2.0 BastionIP: Description: Use this IP via SSH to connect to Bastion Instance Value: !GetAtt - ManagementVpcTemplate - Outputs.rBastionInstanceIP LandingPageURL: Value: !GetAtt - ApplicationTemplate - Outputs.LandingPageURL WebsiteURL: Value: !GetAtt - ApplicationTemplate - Outputs.WebsiteURL Help: Description: For assistance or questions regarding this quickstart please email compliance-accelerator@amazon.com Value: '' ...