AWSTemplateFormatVersion: '2010-09-09' Description: >- This template creates a new VPC infrastructure for PubSub+ high availability architecture. **WARNING** This template creates Amazon EC2 instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1nju7g5qq) Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: PubSub+ Event Broker Configuration Parameters: - SolaceDockerImage - AdminPassword - MaxClientConnections - MaxQueueMessages - WorkerNodeInstanceType - WorkerNodeStorage - WorkerNodeStorageType - MonitorNodeInstanceType - ContainerLoggingFormat - Label: default: Network Configuration Parameters: - NumberOfAZs - AvailabilityZones - CreatePrivateSubnets - SSHAccessCIDR - RemoteAccessCIDR - Label: default: Common Amazon EC2 Configuration Parameters: - KeyPairName - BootDiskSize - Label: default: AWS Quick Start Configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: SolaceDockerImage: default: PubSub+ Docker image reference AdminPassword: default: Password to access PubSub+ admin console and SEMP ContainerLoggingFormat: default: Container logging format AvailabilityZones: default: Availability Zones NumberOfAZs: default: Number of Availability Zones BootDiskSize: default: Boot Disk Capacity (GiB) MaxClientConnections: default: Maximum Number of Client Connections MaxQueueMessages: default: Maximum Number of Queue Messages WorkerNodeInstanceType: default: Message Routing Node Instance Type WorkerNodeStorage: default: Persistent Storage WorkerNodeStorageType: default: Persistent Storage Type MonitorNodeInstanceType: default: Monitor Node Instance Type KeyPairName: default: Key Pair Name SSHAccessCIDR: default: Permitted IP range for console SSH access RemoteAccessCIDR: default: Allowed External Access CIDR CreatePrivateSubnets: default: Create production ready environment QSS3BucketName: default: Quick Start S3 Bucket Name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 Key Prefix Parameters: SolaceDockerImage: Description: >- Solace PubSub+ event broker Docker image reference: a Docker registry name with optional tag or a download URL. The download URL can be obtained from http://dev.solace.com/downloads/ or it can be a url to an image in a registry or a url to a tar.gz image on a web server Default: solace/solace-pubsub-standard:latest Type: String AdminPassword: Description: Password to allow Solace admin access to configure the event broker instances Type: String NoEcho: 'True' ContainerLoggingFormat: AllowedValues: - graylog - legacy - raw - rfc5424 ConstraintDescription: Must be a valid container logging format. Default: graylog Description: PubSub+ event broker logging format in CloudWatch Type: String AvailabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved. The number of zones to choose must be equal to ''Number of Availability Zones'' previously specified' Type: List NumberOfAZs: ConstraintDescription: Valid numbers are 3 or 2 Default: '3' Description: Number of availability zones, based on availability in the target region, valid numbers are 3 or 2. 3 means each node in own AZ, 2 puts monitor and backup in one AZ. AllowedValues: - '2' - '3' Type: Number BootDiskSize: ConstraintDescription: Deployment supports 8 to 128 GB for boot volumes Default: '24' Description: Allocated EBS storage for boot disk MaxValue: '128' MinValue: '8' Type: Number MaxClientConnections: AllowedValues: - '100' - '1000' - '10000' - '100000' - '200000' ConstraintDescription: Must be a valid value from the list. Default: '100' Description: 'Broker system scaling: the maximum supported number of client connections' Type: String MaxQueueMessages: AllowedValues: - '100' - '240' - '3000' ConstraintDescription: Must be a valid EC2 instance type. Default: '100' Description: 'Broker system scaling: the maximum number of queue messages, in millions' Type: String WorkerNodeInstanceType: AllowedValues: - t2.small - t2.medium - t2.large - t2.xlarge - t2.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge ConstraintDescription: Must be a valid EC2 instance type. Default: m4.large Description: 'Instance Type for PubSub+ event broker message routing nodes. Important: ensure adequate CPU and Memory resources are available to support the selected system scaling parameters. For requirements check https://docs.solace.com/. Also make sure that your region supports the selected instance type before continuing.' Type: String WorkerNodeStorage: ConstraintDescription: No more than 640 GiB per device. Default: '0' Description: Allocated EBS storage for each block device (in GiB); 0 indicates ephemeral storage only. Non-zero will cause a new io1 disk creation for message-spool which will NOT be deleted on stack termination AllowedValues: - '0' - '20' - '40' - '80' - '160' - '320' - '640' Type: Number WorkerNodeStorageType: Default: 'gp2' Description: Storage volume type provided by Amazon EBS. "io1" is recommended for Production environments (better performance, more expensive) and is required for large storage size. AllowedValues: - 'gp2' - 'io1' Type: String KeyPairName: Description: Name of an existing EC2 key pair within the AWS region; all instances will launch with this key pair Type: AWS::EC2::KeyPair::KeyName CreatePrivateSubnets: AllowedValues: - 'true' - 'false' Default: 'true' Description: Whether to create and use Private Subnets with a fronting ELB Type: String RemoteAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: Allowed CIDR block for external access to cluster nodes Type: String SSHAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: Allowed CIDR block for external access to cluster nodes for mgmt Type: String MonitorNodeInstanceType: AllowedValues: - t2.small - t2.medium - m4.large - m5.large ConstraintDescription: Must be a valid EC2 instance type. Default: t2.medium Description: 'Instance Type for PubSub+ event broker monitoring node. For requirements check https://docs.solace.com/. Note: Make sure that your region supports the selected instance type before continuing' Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: solace-products Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: pubsubplus-aws-ha-quickstart/latest/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String Mappings: {} Conditions: Use3AZs: !Equals - !Ref 'NumberOfAZs' - '3' UsePrivateSubnets: !Equals - !Ref 'CreatePrivateSubnets' - 'true' UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref 'AvailabilityZones' NumberOfAZs: !Ref 'NumberOfAZs' BastionHostRole: Type: 'AWS::IAM::Role' Properties: Path: / AssumeRolePolicyDocument: Statement: - Action: - 'sts:AssumeRole' Principal: Service: - !Sub 'ec2.${AWS::URLSuffix}' Effect: Allow Version: 2012-10-17 Policies: - PolicyDocument: Version: '2012-10-17' Statement: - Action: - s3:GetObject Resource: !Sub - arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}* - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Effect: Allow PolicyName: s3-policy ManagedPolicyArns: - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore' - !Sub 'arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy' BastionStack: Type: AWS::CloudFormation::Stack Condition: UsePrivateSubnets DependsOn: VPCStack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AlternativeIAMRole: !Ref BastionHostRole BastionInstanceType: t2.micro EnableBanner: 'true' BastionBanner: !Sub - s3://${S3Bucket}/${QSS3KeyPrefix}scripts/solace-banner.txt - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] NumBastionHosts: '2' KeyPairName: !Ref 'KeyPairName' PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Sub ${QSS3KeyPrefix}submodules/quickstart-linux-bastion/ RemoteAccessCIDR: !Ref 'SSHAccessCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' SolaceStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/solace.template' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: SolaceDockerImage: !Ref 'SolaceDockerImage' AdminPassword: !Ref 'AdminPassword' ContainerLoggingFormat: !Ref 'ContainerLoggingFormat' NumberOfAZs: !Ref 'NumberOfAZs' BootDiskSize: !Ref 'BootDiskSize' MaxClientConnections: !Ref 'MaxClientConnections' MaxQueueMessages: !Ref 'MaxQueueMessages' WorkerNodeInstanceType: !Ref 'WorkerNodeInstanceType' WorkerNodeStorage: !Ref 'WorkerNodeStorage' WorkerNodeStorageType: !Ref 'WorkerNodeStorageType' MonitorNodeInstanceType: !Ref 'MonitorNodeInstanceType' KeyPairName: !Ref 'KeyPairName' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref 'QSS3BucketRegion' QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' RemoteAccessCIDR: !Ref 'RemoteAccessCIDR' UsePrivateSubnets: !Ref 'CreatePrivateSubnets' SSHSecurityGroupID: !If - UsePrivateSubnets - !GetAtt 'BastionStack.Outputs.BastionSecurityGroupID' - default PrivateSubnetIDs: !If - UsePrivateSubnets - !If - Use3AZs - !Join - ',' - - !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' - !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' - !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID' - !Join - ',' - - !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' - !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' - !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnetIDs: !If - Use3AZs - !Join - ',' - - !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' - !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' - !GetAtt 'VPCStack.Outputs.PublicSubnet3ID' - !Join - ',' - - !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' - !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' VPCCIDR: !GetAtt 'VPCStack.Outputs.VPCCIDR'