--- AWSTemplateFormatVersion: "2010-09-09" Description: "Enterprise Accelerator - Provides nesting for required stacks to deploy a full sample web application with reverse proxy, ELBs, IAM, and other resources (for demonstration/POC/testing)" Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: "Please provide the following parameter values:" Parameters: - "pDBPassword" - "pNotifyEmail" - "pEC2KeyPairBastion" - "pEC2KeyPair" - "pSupportsConfig" - "pAvailabilityZoneA" - "pAvailabilityZoneB" - Label: default: "AWS Quick Start Configuration" Parameters: - "QSS3BucketName" - "QSS3KeyPrefix" ParameterLabels: pDBPassword: default: "Database Password" pNotifyEmail: default: "Notification Email Address" pEC2KeyPairBastion: default: "Existing SSH Key for the Bastion Instance" pEC2KeyPair: default: "Existing SSH Key for Other Instances" pSupportsConfig: default: "Support Config" pAvailabilityZoneA: default: "First Availability Zone" pAvailabilityZoneB: default: "Second Availability zone" pVPCTenancy: default: "Instance tenancy" QSS3BucketName: default: "Quick Start S3 Bucket Name" QSS3KeyPrefix: default: "Quick Start S3 Key Prefix" Stack: Value: "0" VersionDate: Value: "20160518" Identifier: Value: "main" Input: Description: "Input of all required parameters in nested stacks" Output: Description: "N/A" Parameters: pDBPassword: Description: "Mixed alphanumeric and must be between 8 and 28 characters and contain at least one capital letter" NoEcho: true Type: "String" MinLength: 8 MaxLength: 28 AllowedPattern: "[a-zA-Z0-9!^*\\-_+]*" ConstraintDescription: "Can only contain alphanumeric characters or the following special characters !^*-_+, between 8 and 28 characters" pNotifyEmail: Description: "Notification email address for security events (you will receive a confirmation email)" Type: "String" Default: "distlist@example.org" pEC2KeyPairBastion: Description: "The SSH key pair in your account to use for the bastion host login" Type: "AWS::EC2::KeyPair::KeyName" pEC2KeyPair: Description: "The SSH key pair in your account to use for all other EC2 instance logins" Type: "AWS::EC2::KeyPair::KeyName" pSupportsConfig: Description: "Is AWS Config Rules already configured for this region? Use \"No\" if you are uncertain. AWS Config Rules is available in these regions: US East (Virginia), US West (Oregon), EU West (Ireland), and EU Central (Frankfurt). See AWS Config Management Console or Deployment Guide for details." AllowedValues: - "Yes" - "No" Default: "No" Type: "String" pAvailabilityZoneA: Description: "Availability Zone 1" Type: "AWS::EC2::AvailabilityZone::Name" pAvailabilityZoneB: Description: "Availability Zone 2" Type: "AWS::EC2::AvailabilityZone::Name" pVPCTenancy: Description: "Instance tenancy behavior for this VPC" Type: "String" Default: "default" AllowedValues: - "default" - "dedicated" QSS3BucketName: AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$" ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: quickstart-reference Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3KeyPrefix: AllowedPattern: "^[0-9a-zA-Z-]+(/[0-9a-zA-Z-]+)*$" ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). It cannot start or end with forward slash (/) because they are automatically appended. Default: enterprise-accelerator/nist/latest Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). It cannot start or end with forward slash (/) because they are automatically appended. Type: String Mappings: AWSInfoRegionMap: ap-northeast-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ap-northeast-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ap-south-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ap-southeast-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com ap-southeast-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com eu-central-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com eu-west-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com sa-east-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com us-east-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com us-east-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com us-gov-west-1: Partition: aws-us-gov QuickStartS3URL: https://s3-us-gov-west-1.amazonaws.com us-west-1: Partition: aws QuickStartS3URL: https://s3.amazonaws.com us-west-2: Partition: aws QuickStartS3URL: https://s3.amazonaws.com CustomVariables: vResourceEnvironmentTagKey: Value: "Environment" vResourceEnvironmentTagValue: Value: "development" RegionServiceSupport: us-east-1: ConfigRules: "true" NatGateway: "true" Glacier: "true" us-east-2: ConfigRules: "true" NatGateway: "true" Glacier: "true" us-west-1: ConfigRules: "false" NatGateway: "false" Glacier: "false" us-west-2: ConfigRules: "true" NatGateway: "true" Glacier: "true" eu-central-1: NatGateway: "true" ConfigRules: "true" Glacier: "true" eu-west-1: ConfigRules: "true" NatGateway: "true" Glacier: "true" ap-northeast-1: ConfigRules: "true" NatGateway: "true" Glacier: "true" ap-northeast-2: ConfigRules: "false" NatGateway: "true" Glacier: "false" ap-south-1: ConfigRules: "false" NatGateway: "true" Glacier: "true" ap-southeast-1: ConfigRules: "true" NatGateway: "true" Glacier: "false" ap-southeast-2: ConfigRules: "true" NatGateway: "true" Glacier: "true" sa-east-1: ConfigRules: "false" NatGateway: "true" Glacier: "false" us-gov-west-1: ConfigRules: "false" NatGateway: "false" Glacier: "false" RegionMap: us-east-1: AMI: "ami-c481fad3" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" us-east-2: AMI: "ami-58277d3d" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" us-west-1: AMI: "ami-de347abe" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" us-west-2: AMI: "ami-b04e92d0" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" eu-west-1: AMI: "ami-d41d58a7" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" eu-central-1: AMI: "ami-0044b96f" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" ap-southeast-1: AMI: "ami-7243e611" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" ap-south-1: AMI: "ami-cacbbea5" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" ap-southeast-2: AMI: "ami-55d4e436" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" ap-northeast-1: AMI: "ami-1a15c77b" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" ap-northeast-2: AMI: "ami-a04297ce" InstanceType: "m4.large" InstanceTypeDatabase: "db.m4.large" us-gov-west-1: AMI: "ami-0a60dc6b" InstanceType: "m4.large" InstanceTypeDatabase: "db.m3.large" sa-east-1: AMI: "ami-b777e4db" InstanceType: "m4.large" InstanceTypeDatabase: "db.m3.large" Conditions: LoadConfigRulesTemplate: Fn::Equals: - Ref: "pSupportsConfig" - "Yes" LaunchAsDedicatedInstance: Fn::Equals: - Ref: "pVPCTenancy" - "dedicated" Resources: IamTemplate: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: Fn::Join: - "/" - - Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL - Ref: QSS3BucketName - Ref: QSS3KeyPrefix - submodules/quickstart-compliance-common - templates/iam.template TimeoutInMinutes: "20" LoggingTemplate: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: Fn::Join: - "/" - - Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL - Ref: QSS3BucketName - Ref: QSS3KeyPrefix - submodules/quickstart-compliance-common - templates/logging.template TimeoutInMinutes: "20" Parameters: pNotifyEmail: Ref: "pNotifyEmail" pSupportsGlacier: Fn::FindInMap: - "RegionServiceSupport" - Ref: "AWS::Region" - "Glacier" ProductionVpcTemplate: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: Fn::Join: - "/" - - Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL - Ref: QSS3BucketName - Ref: QSS3KeyPrefix - submodules/quickstart-compliance-common - templates/vpc-production.template TimeoutInMinutes: "20" Parameters: pRegionAZ1Name: Ref: "pAvailabilityZoneA" pRegionAZ2Name: Ref: "pAvailabilityZoneB" pProductionVPCName: "Production VPC" pBastionSSHCIDR: "0.0.0.0/0" pDMZSubnetACIDR: "10.100.10.0/24" pDMZSubnetBCIDR: "10.100.20.0/24" pManagementCIDR: "10.10.0.0/16" pAppPrivateSubnetACIDR: "10.100.96.0/21" pAppPrivateSubnetBCIDR: "10.100.119.0/21" pDBPrivateSubnetACIDR: "10.100.194.0/21" pDBPrivateSubnetBCIDR: "10.100.212.0/21" pVPCTenancy: Ref: "pVPCTenancy" pEnvironment: Fn::FindInMap: - "CustomVariables" - "vResourceEnvironmentTagValue" - "Value" pEC2KeyPair: Ref: "pEC2KeyPair" pSupportsNatGateway: Fn::FindInMap: - "RegionServiceSupport" - Ref: "AWS::Region" - "NatGateway" pNatAmi: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "AMI" pNatInstanceType: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "InstanceType" QuickStartS3URL: Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL QSS3BucketName: Ref: "QSS3BucketName" QSS3KeyPrefix: Ref: "QSS3KeyPrefix" ManagementVpcTemplate: Type: "AWS::CloudFormation::Stack" DependsOn: "ProductionVpcTemplate" Properties: TemplateURL: Fn::Join: - "/" - - Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL - Ref: QSS3BucketName - Ref: QSS3KeyPrefix - submodules/quickstart-compliance-common - templates/vpc-management.template TimeoutInMinutes: "20" Parameters: pProductionVPC: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rVPCProduction" pRouteTableProdPrivate: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rRouteTableProdPrivate" pRouteTableProdPublic: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rRouteTableProdPublic" pProductionCIDR: "10.100.0.0/16" pBastionSSHCIDR: "0.0.0.0/0" pManagementCIDR: "10.10.0.0/16" pManagementDMZSubnetACIDR: "10.10.1.0/24" pManagementDMZSubnetBCIDR: "10.10.2.0/24" pManagementPrivateSubnetACIDR: "10.10.20.0/24" pManagementPrivateSubnetBCIDR: "10.10.30.0/24" pManagementVPCName: "Management VPC" pEC2KeyPairBastion: Ref: "pEC2KeyPairBastion" pEC2KeyPair: Ref: "pEC2KeyPair" pVPCTenancy: Ref: "pVPCTenancy" pBastionAmi: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "AMI" pRegionAZ1Name: Ref: "pAvailabilityZoneA" pRegionAZ2Name: Ref: "pAvailabilityZoneB" pEnvironment: Fn::FindInMap: - "CustomVariables" - "vResourceEnvironmentTagValue" - "Value" pBastionInstanceType: Fn::If: - "LaunchAsDedicatedInstance" - "m4.large" - "t2.small" pSupportsNatGateway: Fn::FindInMap: - "RegionServiceSupport" - Ref: "AWS::Region" - "NatGateway" pNatAmi: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "AMI" pNatInstanceType: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "InstanceType" QuickStartS3URL: Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL QSS3BucketName: Ref: "QSS3BucketName" QSS3KeyPrefix: Ref: "QSS3KeyPrefix" ConfigRulesTemplate: Type: "AWS::CloudFormation::Stack" Condition: "LoadConfigRulesTemplate" DependsOn: - "IamTemplate" - "ProductionVpcTemplate" - "ManagementVpcTemplate" - "LoggingTemplate" Properties: TemplateURL: Fn::Join: - "/" - - Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL - Ref: QSS3BucketName - Ref: QSS3KeyPrefix - submodules/quickstart-compliance-common - templates/config-rules.template TimeoutInMinutes: "20" Parameters: pRequiredTagKey: Fn::FindInMap: - "CustomVariables" - "vResourceEnvironmentTagKey" - "Value" ApplicationTemplate: Type: "AWS::CloudFormation::Stack" DependsOn: "ProductionVpcTemplate" Properties: TemplateURL: Fn::Join: - "/" - - Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL - Ref: QSS3BucketName - Ref: QSS3KeyPrefix - templates/application.template TimeoutInMinutes: "30" Parameters: pSecurityAlarmTopic: Fn::GetAtt: - "LoggingTemplate" - "Outputs.rSecurityAlarmTopic" pEC2KeyPair: Ref: "pEC2KeyPair" pProductionCIDR: "10.100.0.0/16" pProductionVPC: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rVPCProduction" pDMZSubnetA: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rDMZSubnetA" pDMZSubnetB: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rDMZSubnetB" pAppPrivateSubnetA: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rAppPrivateSubnetA" pAppPrivateSubnetB: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rAppPrivateSubnetB" pWebInstanceType: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "InstanceType" pAppInstanceType: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "InstanceType" pDBPrivateSubnetA: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rDBPrivateSubnetA" pDBPrivateSubnetB: Fn::GetAtt: - "ProductionVpcTemplate" - "Outputs.rDBPrivateSubnetB" pManagementCIDR: "10.10.0.0/16" pRegionAZ1Name: Ref: "pAvailabilityZoneA" pRegionAZ2Name: Ref: "pAvailabilityZoneB" pWebServerAMI: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "AMI" pAppAmi: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "AMI" pDBUser: "testuserdb" pDBName: "testDB" pDBPassword: Ref: "pDBPassword" pDBClass: Fn::FindInMap: - "RegionMap" - Ref: "AWS::Region" - "InstanceTypeDatabase" pDBAllocatedStorage: "10" pEnvironment: Fn::FindInMap: - "CustomVariables" - "vResourceEnvironmentTagValue" - "Value" pBastionSSHCIDR: "0.0.0.0/0" pSupportsGlacier: Fn::FindInMap: - "RegionServiceSupport" - Ref: "AWS::Region" - "Glacier" QuickStartS3URL: Fn::FindInMap: - AWSInfoRegionMap - Ref: AWS::Region - QuickStartS3URL QSS3BucketName: Ref: "QSS3BucketName" QSS3KeyPrefix: Ref: "QSS3KeyPrefix" Outputs: TemplateType: Value: "Standard Multi-Tier Web Application" TemplateVersion: Value: "2.0" BastionIP: Description: "Use this IP via SSH to connect to Bastion Instance" Value: Fn::GetAtt: - "ManagementVpcTemplate" - "Outputs.rBastionInstanceIP" LandingPageURL: Value: Fn::GetAtt: - "ApplicationTemplate" - "Outputs.LandingPageURL" WebsiteURL: Value: Fn::GetAtt: - "ApplicationTemplate" - "Outputs.WebsiteURL" Help: Description: "For assistance or questions regarding this quickstart please email compliance-accelerator@amazon.com" Value: ""