AWSTemplateFormatVersion: 2010-09-09 Description: Windows Server with NICE DCV ( https://github.com/aws-samples/amazon-ec2-nice-dcv-samples ) Metadata: License: Description: > Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. AWS::CloudFormation::Interface: ParameterGroups: - Label: default: AMI ID Parameters: - imageId - Label: default: EC2 Parameters: - ec2Name - instanceType - Label: default: NICE DCV Parameters: - driverType - teslaDriverVersion - listenPort - Label: default: Network Parameters: - vpcID - subnetID - displayPublicIP - assignStaticIP - Label: default: Allowed source IP and ports Parameters: - ingressIPv4 - ingressIPv6 - allowWebServerPorts - Label: default: EBS volume Parameters: - volumeSize - volumeType Parameters: imageId: Description: AMI ID ( aws ssm get-parameters-by-path --path /aws/service/ami-windows-latest --query "Parameters[].Name" ) Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-windows-latest/Windows_Server-2022-English-Full-Base ec2Name: Type: String Description: EC2 instance name Default: Windows Server-NICE-DCV instanceType: Description: Instance type ( https://console.aws.amazon.com/ec2/#InstanceTypes ) Type: String AllowedPattern: "^[a-z\\d\\.]+$" ConstraintDescription: Specify valid EC2 instance type Default: t3.medium driverType: Description: Graphics driver to install Type: String AllowedValues: - AMD - NICE-DCV - NICE-DCV-IDD - NVIDIA-Gaming - NVIDIA-GRID - NVIDIA-Tesla - none Default: NICE-DCV-IDD teslaDriverVersion: Type: String Description: "[NVIDIA-Tesla] Driver version ( https://www.nvidia.com/Download/Find.aspx : Product Type = Data Center/Tesla )" AllowedPattern: "^[\\d\\.]+$" ConstraintDescription: Specify valid driver version Default: 538.46 listenPort: Type: Number Description: NICE DCV server TCP/UDP port MinValue: 1024 MaxValue: 65535 Default: 8443 vpcID: Type: AWS::EC2::VPC::Id Description: "VPC with internet connectivity ( https://console.aws.amazon.com/vpcconsole/home#vpcs: )" AllowedPattern: ".+" ConstraintDescription: Select a VPC subnetID: Type: AWS::EC2::Subnet::Id Description: "Subnet with internet connectivity ( https://console.aws.amazon.com/vpcconsole/home#subnets: )" AllowedPattern: ".+" ConstraintDescription: Select a Subnet displayPublicIP: Type: String Description: Display EC2 public IP in CloudFormation Outputs (select No if EC2 has no public IP) AllowedValues: - "Yes" - "No" Default: "Yes" assignStaticIP: Type: String Description: Associate static public IPv4 address ( https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html ) AllowedValues: - "Yes" - "No" Default: "Yes" ingressIPv4: Type: String Description: Allowed source prefix (IPv4) ( e.g. 1.2.3.4/32, get your source IP from https://checkip.amazonaws.com ) AllowedPattern: "^\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d+$" ConstraintDescription: Specify valid IPv4 prefix Default: 0.0.0.0/0 ingressIPv6: Type: String Description: Allowed source prefix (IPv6) ( https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#ipv6-addressing ) AllowedPattern: ".+" ConstraintDescription: Specify valid IPv6 prefix Default: ::/0 allowWebServerPorts: Type: String Description: Allow HTTP and/or HTTPS inbound AllowedValues: - "No" - "HTTP-and-HTTPS" - "HTTP" - "HTTPS" Default: "No" volumeSize: Type: Number Description: Volume size in GiB MinValue: 30 MaxValue: 16384 Default: 50 volumeType: Type: String Description: EBS volume type AllowedValues: - "gp3" - "gp2" Default: "gp3" Conditions: useElasticIP: !Equals [!Ref assignStaticIP, "Yes"] displayPublicIP: !Equals [!Ref displayPublicIP, "Yes"] createSgHTTP: !Or [ !Equals [!Ref allowWebServerPorts, "HTTP"], !Equals [!Ref allowWebServerPorts, "HTTP-and-HTTPS"], ] createSgHTTPS: !Or [ !Equals [!Ref allowWebServerPorts, "HTTPS"], !Equals [!Ref allowWebServerPorts, "HTTP-and-HTTPS"], ] hasCFprefix: !Not [ !Equals [ !FindInMap [ CFprefixMap, !Ref AWS::Region, "PrefixList", DefaultValue: pl-none, ], pl-none, ], ] createCFsgHTTP: !And [ !And [!Condition hasCFprefix, !Condition displayPublicIP], !Condition createSgHTTP, ] createCFsgHTTPS: !And [ !And [!Condition hasCFprefix, !Condition displayPublicIP], !Condition createSgHTTPS, ] Mappings: CFprefixMap: # aws ec2 describe-managed-prefix-lists --query "PrefixLists[?PrefixListName=='com.amazonaws.global.cloudfront.origin-facing']" --region af-south-1: PrefixList: pl-c0aa4fa9 ap-east-1: PrefixList: pl-14b2577d ap-northeast-1: PrefixList: pl-58a04531 ap-northeast-2: PrefixList: pl-22a6434b ap-northeast-3: PrefixList: pl-31a14458 ap-south-1: PrefixList: pl-9aa247f3 ap-south-2: PrefixList: pl-0a25c3463226fcc61 ap-southeast-1: PrefixList: pl-31a34658 ap-southeast-2: PrefixList: pl-b8a742d1 ap-southeast-3: PrefixList: pl-bca247d5 ap-southeast-4: PrefixList: pl-0fb7e7cfe038ae0e9 ca-central-1: PrefixList: pl-38a64351 ca-west-1: PrefixList: pl-0530d4c590b35122b eu-central-1: PrefixList: pl-a3a144ca eu-central-2: PrefixList: pl-00b37293991dbe6a8 eu-north-1: PrefixList: pl-fab65393 eu-south-1: PrefixList: pl-1bbc5972 eu-south-2: PrefixList: pl-052dcbe0f793f19da eu-west-1: PrefixList: pl-4fa04526 eu-west-2: PrefixList: pl-93a247fa eu-west-3: PrefixList: pl-75b1541c il-central-1: PrefixList: pl-0dd89524416301988 me-central-1: PrefixList: pl-05266a86378662c23 me-south-1: PrefixList: pl-17b2577e sa-east-1: PrefixList: pl-5da64334 us-east-1: PrefixList: pl-3b927c52 us-east-2: PrefixList: pl-b6a144df us-west-1: PrefixList: pl-4ea04527 us-west-2: PrefixList: pl-82a045eb Resources: instanceIamRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: [ec2.amazonaws.com] Action: ["sts:AssumeRole"] Path: / Policies: - PolicyName: dcvLicensing PolicyDocument: # https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-license.html Version: "2012-10-17" Statement: - Effect: Allow Action: - s3:GetObject Resource: !Sub "arn:${AWS::Partition}:s3:::dcv-license.${AWS::Region}/*" - PolicyName: gpuDrivers PolicyDocument: # https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-amd-driver.html Version: "2012-10-17" Statement: - Effect: Allow Action: - s3:Get* - s3:List* Resource: - !Sub "arn:*:s3:::nvidia-gaming" - !Sub "arn:*:s3:::nvidia-gaming/*" - !Sub "arn:*:s3:::ec2-windows-nvidia-drivers" - !Sub "arn:*:s3:::ec2-windows-nvidia-drivers/*" - !Sub "arn:*:s3:::ec2-amd-windows-drivers" - !Sub "arn:*:s3:::ec2-amd-windows-drivers/*" - PolicyName: Route53CertbotAccess PolicyDocument: # Certbot dns_route53 : https://certbot-dns-route53.readthedocs.io/en/stable/ Version: "2012-10-17" Statement: # https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/specifying-rrset-conditions.html - Effect: Allow Action: - route53:ListHostedZones - route53:GetChange Resource: "*" - Effect: Allow Action: - route53:ChangeResourceRecordSets Resource: !Sub "arn:${AWS::Partition}:route53:::hostedzone/EXAMPLE-ZONE-ID" Condition: ForAllValues:StringEquals: "route53:ChangeResourceRecordSetsRecordTypes": ["TXT"] ForAllValues:StringLike: "route53:ChangeResourceRecordSetsNormalizedRecordNames": ["_acme-challenge.*"] - PolicyName: Route53UpdaterAccess PolicyDocument: Version: "2012-10-17" Statement: # https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/specifying-rrset-conditions.html - Effect: Allow Action: - route53:ListHostedZones - route53:GetChange Resource: "*" - Effect: Allow Action: - route53:ChangeResourceRecordSets Resource: !Sub "arn:${AWS::Partition}:route53:::hostedzone/EXAMPLE-ZONE-ID" Condition: ForAllValues:StringEquals: "route53:ChangeResourceRecordSetsRecordTypes": ["A"] ForAllValues:StringLike: "route53:ChangeResourceRecordSetsNormalizedRecordNames": ["site.example.com"] ManagedPolicyArns: - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore" - !Sub "arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy" - !Sub "arn:${AWS::Partition}:iam::aws:policy/AWSXRayDaemonWriteAccess" Tags: - Key: StackName Value: !Sub ${AWS::StackName} - Key: StackId Value: !Sub ${AWS::StackId} - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples instanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref instanceIamRole securityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow inbound DCV VpcId: !Ref vpcID SecurityGroupIngress: - Description: NICE DCV (IPv4) IpProtocol: "tcp" FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: !Ref ingressIPv4 - Description: NICE DCV (IPv6) IpProtocol: "tcp" FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: !Ref ingressIPv6 - Description: NICE DCV QUIC (IPv4) IpProtocol: "udp" FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: !Ref ingressIPv4 - Description: NICE DCV QUIC (IPv6) IpProtocol: "udp" FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: !Ref ingressIPv6 - !If - createSgHTTP - Description: HTTP (IPv4) IpProtocol: "tcp" FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - !Ref AWS::NoValue - !If - createSgHTTP - Description: HTTP (IPv6) IpProtocol: "tcp" FromPort: 80 ToPort: 80 CidrIpv6: ::/0 - !Ref AWS::NoValue - !If - createSgHTTPS - Description: HTTPS (IPv4) IpProtocol: "tcp" FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 - !Ref AWS::NoValue - !If - createSgHTTPS - Description: HTTPS (IPv6) IpProtocol: "tcp" FromPort: 443 ToPort: 443 CidrIpv6: ::/0 - !Ref AWS::NoValue SecurityGroupEgress: - Description: Allow all outbound traffic (IPv4) IpProtocol: "-1" CidrIp: 0.0.0.0/0 - Description: Allow all outbound traffic (IPv6) IpProtocol: "-1" CidrIpv6: ::/0 Tags: - Key: StackName Value: !Sub ${AWS::StackName} - Key: StackId Value: !Sub ${AWS::StackId} - Key: Name Value: !Sub "[${AWS::StackName}] - ${ec2Name}" - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples securityGroupForCloudFrontHTTP: Type: AWS::EC2::SecurityGroup Condition: createCFsgHTTP Properties: GroupDescription: Allow inbound HTTP from CloudFront VpcId: !Ref vpcID SecurityGroupIngress: - Description: HTTP (CloudFront origin IP) IpProtocol: "tcp" FromPort: 80 ToPort: 80 SourcePrefixListId: !FindInMap [CFprefixMap, !Ref AWS::Region, "PrefixList"] SecurityGroupEgress: - Description: Ping (CloudFront origin IP) IpProtocol: icmp FromPort: -1 ToPort: -1 DestinationPrefixListId: !FindInMap [CFprefixMap, !Ref AWS::Region, "PrefixList"] Tags: - Key: StackName Value: !Sub ${AWS::StackName} - Key: StackId Value: !Sub ${AWS::StackId} - Key: Name Value: !Sub "[${AWS::StackName}] - ${ec2Name} CloudFront HTTP" - Key: GitHub Value: https://github.com/aws-samples/ec2-lamp-server securityGroupForCloudFrontHTTPS: Type: AWS::EC2::SecurityGroup Condition: createCFsgHTTPS Properties: GroupDescription: Allow inbound HTTPS from CloudFront VpcId: !Ref vpcID SecurityGroupIngress: - Description: HTTPS (CloudFront origin IP) IpProtocol: "tcp" FromPort: 443 ToPort: 443 SourcePrefixListId: !FindInMap [CFprefixMap, !Ref AWS::Region, "PrefixList"] SecurityGroupEgress: - Description: Ping (CloudFront origin IP) IpProtocol: icmp FromPort: -1 ToPort: -1 DestinationPrefixListId: !FindInMap [CFprefixMap, !Ref AWS::Region, "PrefixList"] Tags: - Key: StackName Value: !Sub ${AWS::StackName} - Key: StackId Value: !Sub ${AWS::StackId} - Key: Name Value: !Sub "[${AWS::StackName}] - ${ec2Name} CloudFront HTTPS" - Key: GitHub Value: https://github.com/aws-samples/ec2-lamp-server ec2Instance: Type: AWS::EC2::Instance CreationPolicy: ResourceSignal: Timeout: PT90M Metadata: Comment: Install Update files AWS::CloudFormation::Init: configSets: setup: - 00_setup dcv_gpu_install: - 02_dcv_gpu_install 00_setup: files: c:\\Users\\Administrator\\update-DCV.cmd: content: | @echo off cd \windows\temp del \windows\temp\nice-dcv-*.msi del \windows\temp\dcv_install_msi.log "C:\Program Files\NICE\DCV\Server\bin\dcv" close-session console net stop dcvserver powershell -command "(New-Object System.Net.WebClient).DownloadFile('https://d1uj6qtbmh3dt5.cloudfront.net/nice-dcv-server-x64-Release.msi', 'nice-dcv-server-x64-Release.msi')" wmic product where "name like 'NICE%%'" get name,version start /wait msiexec.exe /i nice-dcv-server-x64-Release.msi /quiet /norestart /l*v dcv_install_msi.log reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management\automatic-console-session /v owner /t REG_SZ /d "administrator" /f reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management /v create-session /t REG_DWORD /d 1 /f reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management\automatic-console-session /v storage-root /t REG_SZ /d C:/Users/Administrator/ /f reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\connectivity /v enable-quic-frontend /t REG_DWORD /d 1 /f net start dcvserver wmic product where "name like 'NICE%%'" get name,version c:\\Users\\Administrator\\update-awscli.cmd: content: | @echo off aws --version C:\ProgramData\chocolatey\bin\choco upgrade -y awscli aws --version c:\\Users\\Administrator\\download-NVIDIA-GRID-driver.cmd: content: | @echo off cls @echo. @echo NOTICE: These downloads are for GPU instances and are available to AWS customers only @echo. @echo By downloading, you agree to conditions and are bound by license terms as stated on @echo https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html @echo. pause @echo Downloading drivers... if not exist "C:\Users\Administrator\Downloads\Drivers" md "C:\Users\Administrator\Downloads\Drivers" cd C:\Users\Administrator\Downloads\Drivers cd "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . --region us-east-1 IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . --no-sign-request reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\GridLicensing" /v NvCplDisableManageLicensePage /t REG_DWORD /d 1 /f cd c:\\Users\\Administrator\\download-NVIDIA-Gaming-driver.cmd: content: | @echo off cls @echo. @echo NOTICE: These downloads are for GPU instances and are available to AWS customers only @echo. @echo By downloading, you agree to conditions and are bound by license terms as stated on @echo https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html @echo. pause @echo Downloading drivers... if not exist "C:\Users\Administrator\Downloads\Drivers" md "C:\Users\Administrator\Downloads\Drivers" cd C:\Users\Administrator\Downloads\Drivers cd "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . --region us-east-1 IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . --no-sign-request reg add "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global" /v vGamingMarketplace /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global" /v vGamingMarketplace /t REG_DWORD /d 2 powershell -command "(New-Object System.Net.WebClient).DownloadFile('https://nvidia-gaming.s3.amazonaws.com/GridSwCert-Archive/GridSwCertWindows_2023_9_22.cert', 'C:\Users\Public\Documents\GridSwCert.txt')" cd c:\\Users\\Administrator\\download-AMD-driver.cmd: content: | @echo off cls @echo. @echo NOTICE: These downloads are for GPU instances and are available to AWS customers only @echo. @echo By downloading, you agree to conditions and are bound by license terms as stated on @echo https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-amd-driver.html @echo. pause @echo Downloading drivers... if not exist "C:\Users\Administrator\Downloads\Drivers" md "C:\Users\Administrator\Downloads\Drivers" cd C:\Users\Administrator\Downloads\Drivers cd "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . --region us-east-1 IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . --no-sign-request cd 02_dcv_gpu_install: files: c:\\windows\\temp\\install-gpu-driver.cmd: content: !Sub | @echo off start /wait c:\windows\temp\install-PSReadLine.cmd start /wait c:\windows\temp\install-DisplaySettings.cmd SET DRIVER_TYPE=${driverType} SET "PATH=%PATH%;C:\Program Files\7-zip" cd \windows\temp md driver && cd driver IF %DRIVER_TYPE% EQU NICE-DCV ( @echo ** https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-installing-winprereq.html#setting-up-installing-general powershell -command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; (New-Object System.Net.WebClient).DownloadFile('https://d1uj6qtbmh3dt5.cloudfront.net/nice-dcv-virtual-display-x64-Release.msi', 'nice-dcv-virtual-display-x64-Release.msi')" msiexec.exe /i nice-dcv-virtual-display-x64-Release.msi /quiet /l dcv-display.log ) IF %DRIVER_TYPE% EQU NVIDIA-GRID ( @echo ** https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html#nvidia-GRID-driver "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . --region us-east-1 ) || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . --no-sign-request ) reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\GridLicensing" /v NvCplDisableManageLicensePage /t REG_DWORD /d 1 /f forfiles /M *.exe /C "cmd /c 7z x @file" start /wait setup.exe -s ) IF %DRIVER_TYPE% EQU NVIDIA-Gaming ( @echo ** https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html#nvidia-gaming-driver "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . --region us-east-1 ) || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . --no-sign-request ) reg add "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global" /v vGamingMarketplace /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global" /v vGamingMarketplace /t REG_DWORD /d 2 /f powershell -command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; (New-Object System.Net.WebClient).DownloadFile('https://nvidia-gaming.s3.amazonaws.com/GridSwCert-Archive/GridSwCertWindows_2023_9_22.cert', 'C:\Users\Public\Documents\GridSwCert.txt')" forfiles /M *.exe /C "cmd /c 7z x @file" start /wait setup.exe -s ) IF %DRIVER_TYPE% EQU NVIDIA-Tesla ( @echo ** https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html#public-nvidia-driver if not exist c:\windows\system32\curl.exe choco install --no-progress -y curl copy \windows\temp\install-if-available.cmd \windows\temp\driver\ install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2022-dch-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2019-2022-dch-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2016-2019-2022-dch-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2019-2016-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver2016-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2012r2-64bit-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver2008-2012r2-64bit-international.exe ) IF %DRIVER_TYPE% EQU AMD ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . --region us-east-1 ) || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . --no-sign-request ) REM forfiles /M *.zip /C "cmd /c 7z x @file" @echo ** AMD_GPU_WINDOWS_2K22_DRIVER*.ZIP? reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr /C:"Server 202">nul && ( cmd /c 7z x AMD*2K22*.zip cd *22*\Packages\Drivers\Display\*INF ) || ( echo Not Windows 2022 ) @echo ** AMD_GPU_WINDOWS_2K19_DRIVER*.ZIP? reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr /C:"Server 2019">nul) && ( cmd /c 7z x AMD*2K19*.zip cd *19*\Packages\Drivers\Display\*INF ) || ( echo Not Windows 2019 ) pnputil /add-driver *.inf /install /subdirs cd \windows\temp\driver\Packages\Drivers\Audio\HDMI\W*\ pnputil /add-driver *.inf /install /subdirs ) shutdown /r /t 1 /f exit c:\\windows\\temp\\install-PSReadLine.cmd: content: | @echo off reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr /C:"Server 202">nul && ( @echo ** https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-rdp.html#fleet-rdp-prerequisites powershell -command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.4.201 -Force" powershell -command "Install-Module -Name PSReadLine -Repository PSGallery -MinimumVersion 2.2.2 -Force" ) || ( echo. ) exit c:\\windows\\temp\\install-DisplaySettings.cmd: content: | @echo off reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr "2019 202">nul && ( @echo ** https://www.powershellgallery.com/packages/DisplaySettings powershell -command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force" powershell -command "Install-Module -Name DisplaySettings -Force" powershell -command "Set-DisplayResolution -Width 1920 -Height 1080 -Force" ) || ( echo. ) exit c:\\windows\\temp\\install-if-available.cmd: content: | @echo off echo %1 curl -s -I %1 | findstr /C:" 200">nul && ( echo Download and install curl -s -L %1 -o nvidia-driver.exe start /wait nvidia-driver -s shutdown /r /t 1 /f ) || ( echo. ) commands: # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html#aws-resource-init-commands restart-computer: command: "c:\\windows\\temp\\install-gpu-driver.cmd > c:\\windows\\temp\\gpu-install.log" ignoreErrors: true waitAfterCompletion: forever Properties: ImageId: !Ref imageId InstanceType: !Ref instanceType IamInstanceProfile: !Ref instanceProfile SubnetId: !Ref subnetID Monitoring: true SecurityGroupIds: - !Ref securityGroup - !If [ createCFsgHTTP, !Ref securityGroupForCloudFrontHTTP, !Ref AWS::NoValue, ] - !If [ createCFsgHTTPS, !Ref securityGroupForCloudFrontHTTPS, !Ref AWS::NoValue, ] BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: VolumeType: !Ref volumeType VolumeSize: !Ref volumeSize DeleteOnTermination: true UserData: Fn::Base64: !Sub | Tags: - Key: Name Value: !Ref ec2Name - Key: StackName Value: !Sub ${AWS::StackName} - Key: StackId Value: !Sub ${AWS::StackId} - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples elasticIP: Condition: useElasticIP Type: AWS::EC2::EIP Properties: Domain: vpc NetworkBorderGroup: !Ref AWS::Region InstanceId: !Ref ec2Instance Tags: - Key: StackName Value: !Sub ${AWS::StackName} - Key: StackId Value: !Sub ${AWS::StackId} - Key: Name Value: !Sub "[${AWS::StackName}] - ${ec2Name}" - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples Outputs: RDPconnect: Description: RDP (Remote Desktop Protocol) access via Fleet Manager Value: !Sub "https://${AWS::Region}.console.aws.amazon.com/systems-manager/managed-instances/rdp-connect?region=${AWS::Region}&instances=${ec2Instance}" EC2console: Description: EC2 console Value: !Sub "https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#Instances:search=${ec2Instance}" SSMsessionManager: Description: SSM Session Manager ("net user administrator MyStr@ngAdminPassw0rd" to change administrator password) Value: !Sub "https://${AWS::Region}.console.aws.amazon.com/systems-manager/session-manager/${ec2Instance}" DCVwebConsole: Description: NICE DCV web browser client (login as administrator) Value: !Sub - "https://${IpAddress}:${listenPort}" - IpAddress: !If [ displayPublicIP, !GetAtt ec2Instance.PublicIp, !GetAtt ec2Instance.PrivateIp, ] SecurityGroup: Description: Security Group Value: !Ref securityGroup Export: Name: !Sub ${AWS::StackName}-SecurityGroup InstanceID: Description: Instance ID Value: !Ref ec2Instance Export: Name: !Sub ${AWS::StackName}-InstanceID IAMRole: Description: IAM Role Value: !Ref instanceIamRole Export: Name: !Sub ${AWS::StackName}-IAMRole