AWSTemplateFormatVersion: 2010-09-09 Description: Windows Server with DCV ( https://github.com/aws-samples/amazon-ec2-nice-dcv-samples ) (uksb-632il17651) (tag:Windows) Transform: "AWS::LanguageExtensions" Metadata: License: Description: | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. AWS::CloudFormation::Interface: ParameterGroups: - Label: default: EC2 Parameters: - ec2Name - imageId - instanceType - ec2TerminationProtection - Label: default: DCV Parameters: - driverType - teslaDriverVersion - listenPort - installReverseProxy - Label: default: Network Parameters: - vpcID - subnetID - displayPublicIP - assignStaticIP - Label: default: Remote access Parameters: - ingressIPv4 - ingressIPv6 - allowRDPport - Label: default: Web server Parameters: - enableCloudFront - originType - allowWebServerPorts - Label: default: EBS volume Parameters: - volumeSize - volumeType - Label: default: AWS Backup Parameters: - enableBackup - scheduleExpression - scheduleExpressionTimezone - deleteAfterDays - Label: default: AWS Global Accelerator (AGA) Parameters: - enableAGA - Label: default: Others Parameters: - installDocker - enableR53acmeSupport ParameterLabels: ec2Name: default: "EC2 instance name" imageId: default: "AMI ID" instanceType: default: "Instance type (x86_64)" ec2TerminationProtection: default: "Enable EC2 termination protection to prevent accidental deletion" driverType: default: "Graphics driver to install" teslaDriverVersion: default: "[NVIDIA-Tesla] Tesla driver version" listenPort: default: "TCP/UDP listen port" installReverseProxy: default: "Install HTTPS reverse proxy" vpcID: default: "VPC with outbound internet connectivity" subnetID: default: "Subnet in selected VPC with outbound internet IPv4 connectivity" displayPublicIP: default: "EC2 instance in public subnet with public IP assigned?" assignStaticIP: default: "Elastic IP: assign static public internet IPv4 address" ingressIPv4: default: "Allowed source prefix (IPv4)" ingressIPv6: default: "Allowed source prefix (IPv6)" allowRDPport: default: "Allow remote desktop inbound" enableCloudFront: default: "Create Amazon CloudFront distribution" originType: default: "CloudFront origin type" allowWebServerPorts: default: "Allow HTTP/HTTPS inbound to EC2 instance" volumeSize: default: "Volume size (GiB)" volumeType: default: "Volume type" enableBackup: default: "Backup EC2 instance" scheduleExpression: default: "CRON expression specifying when AWS Backup initiates a backup job" scheduleExpressionTimezone: default: "Timezone to set backup schedule" deleteAfterDays: default: "Number of days after creation that a recovery point (backup) is deleted" enableAGA: default: "Deploy AWS Global Accelerator" installDocker: default: "Install Docker Engine aka Docker CE" enableR53acmeSupport: default: "Enable Route 53 ACME protocol DNS-01 challenge support" Parameters: imageId: Description: aws ssm get-parameters-by-path --path /aws/service/ami-windows-latest --query "Parameters[].Name" Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-windows-latest/Windows_Server-2025-English-Full-Base ec2Name: Type: String #Description: EC2 instance name Default: Windows Server instanceType: Type: String Description: https://console.aws.amazon.com/ec2/#InstanceTypes AllowedPattern: ^[a-z\-\d\.]+$ ConstraintDescription: Specify valid EC2 instance type Default: t3.medium ec2TerminationProtection: Type: String Description: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingDisableAPITermination.html Default: "Yes" AllowedValues: - "Yes" - "No" driverType: Description: https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-installing-winprereq.html#setting-up-installing-general https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-nvidia-driver.html Type: String AllowedValues: - AMD - DCV - DCV-IDD - NVIDIA-Gaming - NVIDIA-GRID - NVIDIA-Tesla - none Default: DCV-IDD teslaDriverVersion: Type: String Description: https://docs.nvidia.com/datacenter/tesla/index.html AllowedPattern: ^[\d\.]+$ ConstraintDescription: Specify valid driver version Default: 582.16 listenPort: Type: Number Description: "Number must be higher than 1024: https://docs.aws.amazon.com/dcv/latest/adminguide/manage-port-addr.html" MinValue: 1024 MaxValue: 65535 Default: 8443 installReverseProxy: Type: String Description: Reverse web proxy on port 443 AllowedValues: - "Yes" - "No" Default: "No" vpcID: Type: AWS::EC2::VPC::Id Description: "https://console.aws.amazon.com/vpcconsole/home#vpcs:" AllowedPattern: .+ ConstraintDescription: Select a VPC subnetID: Type: AWS::EC2::Subnet::Id Description: "https://console.aws.amazon.com/vpcconsole/home#subnets:" AllowedPattern: .+ ConstraintDescription: Select a Subnet displayPublicIP: Type: String Description: Select No if instance has no public IPv4 address AllowedValues: - "Yes" - "No" Default: "Yes" assignStaticIP: Type: String Description: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html AllowedValues: - "Yes" - "No" Default: "Yes" ingressIPv4: Type: String Description: e.g. 1.2.3.4/32, get your internet IPv4 address from https://checkip.amazonaws.com AllowedPattern: "^\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d+$" ConstraintDescription: Specify valid IPv4 prefix Default: 0.0.0.0/0 ingressIPv6: Type: String Description: e.g. 1:2:3:4::/64, get your internet IPv6 address (if any) with tools such as https://ifconfig.co AllowedPattern: .+ ConstraintDescription: Specify valid IPv6 prefix Default: ::/0 allowRDPport: Type: String Description: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-rdp.html AllowedValues: - "Yes" - "No" Default: "No" enableCloudFront: Type: String Description: https://docs.aws.amazon.com/cloudfront/ AllowedValues: - "Yes" - "No" Default: "No" originType: Type: String Description: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-vpc-origins.html AllowedValues: - "EC2" - "VPC Origin" Default: "EC2" allowWebServerPorts: Type: String Description: HTTP is needed for IP address certificate AllowedValues: - "No" - HTTP-and-HTTPS - HTTP - HTTPS Default: "HTTP" volumeSize: Type: Number Description: https://docs.aws.amazon.com/ebs/latest/userguide/volume_constraints.html MinValue: 30 MaxValue: 16384 Default: 50 volumeType: Type: String Description: https://aws.amazon.com/ebs/general-purpose/ AllowedValues: - gp3 - gp2 Default: gp3 enableBackup: Type: String Description: https://docs.aws.amazon.com/aws-backup/ AllowedValues: - "Yes" - "No" Default: "No" scheduleExpression: Type: String Description: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-scheduled-rule-pattern.html AllowedPattern: .+ Default: "cron(0 1 ? * * *)" scheduleExpressionTimezone: # https://nodatime.org/TimeZones?version=2024a&format=json Type: String Description: https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html#time-zones AllowedValues: - Africa/Abidjan - Africa/Algiers - Africa/Bissau - Africa/Cairo - Africa/Casablanca - Africa/Ceuta - Africa/El_Aaiun - Africa/Johannesburg - Africa/Juba - Africa/Khartoum - Africa/Lagos - Africa/Maputo - Africa/Monrovia - Africa/Nairobi - Africa/Ndjamena - Africa/Sao_Tome - Africa/Tripoli - Africa/Tunis - Africa/Windhoek - America/Adak - America/Anchorage - America/Araguaina - America/Argentina/Buenos_Aires - America/Argentina/Catamarca - America/Argentina/Cordoba - America/Argentina/Jujuy - America/Argentina/La_Rioja - America/Argentina/Mendoza - America/Argentina/Rio_Gallegos - America/Argentina/Salta - America/Argentina/San_Juan - America/Argentina/San_Luis - America/Argentina/Tucuman - America/Argentina/Ushuaia - America/Asuncion - America/Bahia - America/Bahia_Banderas - America/Barbados - America/Belem - America/Belize - America/Boa_Vista - America/Bogota - America/Boise - America/Cambridge_Bay - America/Campo_Grande - America/Cancun - America/Caracas - America/Cayenne - America/Chicago - America/Chihuahua - America/Ciudad_Juarez - America/Costa_Rica - America/Cuiaba - America/Danmarkshavn - America/Dawson - America/Dawson_Creek - America/Denver - America/Detroit - America/Edmonton - America/Eirunepe - America/El_Salvador - America/Fort_Nelson - America/Fortaleza - America/Glace_Bay - America/Goose_Bay - America/Grand_Turk - America/Guatemala - America/Guayaquil - America/Guyana - America/Halifax - America/Havana - America/Hermosillo - America/Indiana/Indianapolis - America/Indiana/Knox - America/Indiana/Marengo - America/Indiana/Petersburg - America/Indiana/Tell_City - America/Indiana/Vevay - America/Indiana/Vincennes - America/Indiana/Winamac - America/Inuvik - America/Iqaluit - America/Jamaica - America/Juneau - America/Kentucky/Louisville - America/Kentucky/Monticello - America/La_Paz - America/Lima - America/Los_Angeles - America/Maceio - America/Managua - America/Manaus - America/Martinique - America/Matamoros - America/Mazatlan - America/Menominee - America/Merida - America/Metlakatla - America/Mexico_City - America/Miquelon - America/Moncton - America/Monterrey - America/Montevideo - America/New_York - America/Nome - America/Noronha - America/North_Dakota/Beulah - America/North_Dakota/Center - America/North_Dakota/New_Salem - America/Nuuk - America/Ojinaga - America/Panama - America/Paramaribo - America/Phoenix - America/Port-au-Prince - America/Porto_Velho - America/Puerto_Rico - America/Punta_Arenas - America/Rankin_Inlet - America/Recife - America/Regina - America/Resolute - America/Rio_Branco - America/Santarem - America/Santiago - America/Santo_Domingo - America/Sao_Paulo - America/Scoresbysund - America/Sitka - America/St_Johns - America/Swift_Current - America/Tegucigalpa - America/Thule - America/Tijuana - America/Toronto - America/Vancouver - America/Whitehorse - America/Winnipeg - America/Yakutat - Antarctica/Casey - Antarctica/Davis - Antarctica/Macquarie - Antarctica/Mawson - Antarctica/Palmer - Antarctica/Rothera - Antarctica/Troll - Antarctica/Vostok - Asia/Almaty - Asia/Amman - Asia/Anadyr - Asia/Aqtau - Asia/Aqtobe - Asia/Ashgabat - Asia/Atyrau - Asia/Baghdad - Asia/Baku - Asia/Bangkok - Asia/Barnaul - Asia/Beirut - Asia/Bishkek - Asia/Chita - Asia/Choibalsan - Asia/Colombo - Asia/Damascus - Asia/Dhaka - Asia/Dili - Asia/Dubai - Asia/Dushanbe - Asia/Famagusta - Asia/Gaza - Asia/Hebron - Asia/Ho_Chi_Minh - Asia/Hong_Kong - Asia/Hovd - Asia/Irkutsk - Asia/Jakarta - Asia/Jayapura - Asia/Jerusalem - Asia/Kabul - Asia/Kamchatka - Asia/Karachi - Asia/Kathmandu - Asia/Khandyga - Asia/Kolkata - Asia/Krasnoyarsk - Asia/Kuching - Asia/Macau - Asia/Magadan - Asia/Makassar - Asia/Manila - Asia/Nicosia - Asia/Novokuznetsk - Asia/Novosibirsk - Asia/Omsk - Asia/Oral - Asia/Pontianak - Asia/Pyongyang - Asia/Qatar - Asia/Qostanay - Asia/Qyzylorda - Asia/Riyadh - Asia/Sakhalin - Asia/Samarkand - Asia/Seoul - Asia/Shanghai - Asia/Singapore - Asia/Srednekolymsk - Asia/Taipei - Asia/Tashkent - Asia/Tbilisi - Asia/Tehran - Asia/Thimphu - Asia/Tokyo - Asia/Tomsk - Asia/Ulaanbaatar - Asia/Urumqi - Asia/Ust-Nera - Asia/Vladivostok - Asia/Yakutsk - Asia/Yangon - Asia/Yekaterinburg - Asia/Yerevan - Atlantic/Azores - Atlantic/Bermuda - Atlantic/Canary - Atlantic/Cape_Verde - Atlantic/Faroe - Atlantic/Madeira - Atlantic/South_Georgia - Atlantic/Stanley - Australia/Adelaide - Australia/Brisbane - Australia/Broken_Hill - Australia/Darwin - Australia/Eucla - Australia/Hobart - Australia/Lindeman - Australia/Lord_Howe - Australia/Melbourne - Australia/Perth - Australia/Sydney - CET - CST6CDT - EET - EST - EST5EDT - Etc/GMT - Etc/GMT+1 - Etc/GMT+10 - Etc/GMT+11 - Etc/GMT+12 - Etc/GMT+2 - Etc/GMT+3 - Etc/GMT+4 - Etc/GMT+5 - Etc/GMT+6 - Etc/GMT+7 - Etc/GMT+8 - Etc/GMT+9 - Etc/GMT-1 - Etc/GMT-10 - Etc/GMT-11 - Etc/GMT-12 - Etc/GMT-13 - Etc/GMT-14 - Etc/GMT-2 - Etc/GMT-3 - Etc/GMT-4 - Etc/GMT-5 - Etc/GMT-6 - Etc/GMT-7 - Etc/GMT-8 - Etc/GMT-9 - Etc/UTC - Europe/Andorra - Europe/Astrakhan - Europe/Athens - Europe/Belgrade - Europe/Berlin - Europe/Brussels - Europe/Bucharest - Europe/Budapest - Europe/Chisinau - Europe/Dublin - Europe/Gibraltar - Europe/Helsinki - Europe/Istanbul - Europe/Kaliningrad - Europe/Kirov - Europe/Kyiv - Europe/Lisbon - Europe/London - Europe/Madrid - Europe/Malta - Europe/Minsk - Europe/Moscow - Europe/Paris - Europe/Prague - Europe/Riga - Europe/Rome - Europe/Samara - Europe/Saratov - Europe/Simferopol - Europe/Sofia - Europe/Tallinn - Europe/Tirane - Europe/Ulyanovsk - Europe/Vienna - Europe/Vilnius - Europe/Volgograd - Europe/Warsaw - Europe/Zurich - HST - Indian/Chagos - Indian/Maldives - Indian/Mauritius - MET - MST - MST7MDT - PST8PDT - Pacific/Apia - Pacific/Auckland - Pacific/Bougainville - Pacific/Chatham - Pacific/Easter - Pacific/Efate - Pacific/Fakaofo - Pacific/Fiji - Pacific/Galapagos - Pacific/Gambier - Pacific/Guadalcanal - Pacific/Guam - Pacific/Honolulu - Pacific/Kanton - Pacific/Kiritimati - Pacific/Kosrae - Pacific/Kwajalein - Pacific/Marquesas - Pacific/Nauru - Pacific/Niue - Pacific/Norfolk - Pacific/Noumea - Pacific/Pago_Pago - Pacific/Palau - Pacific/Pitcairn - Pacific/Port_Moresby - Pacific/Rarotonga - Pacific/Tahiti - Pacific/Tarawa - Pacific/Tongatapu - WET Default: Etc/UTC deleteAfterDays: Type: Number # Description: Number of days after creation that a recovery point (backup) is deleted Default: 35 enableAGA: Type: String Description: https://docs.aws.amazon.com/global-accelerator/ AllowedValues: - "Yes" - "No" Default: "No" installDocker: Type: String Description: https://docs.docker.com/engine/ AllowedValues: - "Yes" - "No" Default: "No" enableR53acmeSupport: Type: String Description: https://letsencrypt.org/docs/challenge-types https://certbot-dns-route53.readthedocs.io/ AllowedValues: - "Yes" - "No" Default: "Yes" Conditions: displayPublicIP: !Equals [!Ref displayPublicIP, "Yes"] useElasticIP: !And [!Condition displayPublicIP, !Equals [!Ref assignStaticIP, "Yes"]] enableProtection: !Equals [!Ref ec2TerminationProtection, "Yes"] isGPUinstall: !Not [ !Or [ !Equals [!Ref driverType, "none"], !Equals [!Ref driverType, "DCV-IDD"], ], ] createSgHTTP: !Or [ !Equals [!Ref allowWebServerPorts, HTTP], !Equals [!Ref allowWebServerPorts, HTTP-and-HTTPS], ] installReverseProxy: !Equals [!Ref installReverseProxy, "Yes"] createSgHTTPS: !Or [ !Condition installReverseProxy, !Or [ !Equals [!Ref allowWebServerPorts, HTTPS], !Equals [!Ref allowWebServerPorts, HTTP-and-HTTPS], ], ] hasCFprefix: !Not [ !Equals [ !FindInMap [ CFprefixMap, !Ref AWS::Region, PrefixList, DefaultValue: pl-none, ], pl-none, ], ] createCFsgHTTP: !And [!Condition createCloudFront, !Condition hasCFprefix] createCloudFront: !Equals [!Ref enableCloudFront, "Yes"] cfVPCOrigin: !And [!Condition createCloudFront, !Equals [!Ref originType, "VPC Origin"]] createSgRDP: !Equals [!Ref allowRDPport, "Yes"] createBackup: !Equals [!Ref enableBackup, "Yes"] hasR53Zone: !Equals [!Ref enableR53acmeSupport, "Yes"] createAGA: !Equals [!Ref enableAGA, "Yes"] Mappings: CFprefixMap: # aws ec2 describe-managed-prefix-lists --query "PrefixLists[?PrefixListName=='com.amazonaws.global.cloudfront.origin-facing']" --region af-south-1: PrefixList: pl-c0aa4fa9 Ipv6PrefixList: pl-08e545c506fc11b3d ap-east-1: PrefixList: pl-14b2577d Ipv6PrefixList: pl-09eb2ebd84c23b987 ap-east-2: PrefixList: pl-0b51e244975ca1f58 Ipv6PrefixList: pl-0675c4405f2d19014 ap-northeast-1: PrefixList: pl-58a04531 Ipv6PrefixList: pl-0f28cd4a128e7b13a ap-northeast-2: PrefixList: pl-22a6434b Ipv6PrefixList: pl-07ac407da2b364d6c ap-northeast-3: PrefixList: pl-31a14458 Ipv6PrefixList: pl-04e68c40b871c8e6b ap-south-1: PrefixList: pl-9aa247f3 Ipv6PrefixList: pl-029b73ad1ccf6fe97 ap-south-2: PrefixList: pl-0a25c3463226fcc61 Ipv6PrefixList: pl-045b5138c20f83bab ap-southeast-1: PrefixList: pl-31a34658 Ipv6PrefixList: pl-02d26f62e3b1ed532 ap-southeast-2: PrefixList: pl-b8a742d1 Ipv6PrefixList: pl-033521892361c13a7 ap-southeast-3: PrefixList: pl-bca247d5 Ipv6PrefixList: pl-0b8932aa3ef329011 ap-southeast-4: PrefixList: pl-0fb7e7cfe038ae0e9 Ipv6PrefixList: pl-03292f9327ecaf81c ap-southeast-5: PrefixList: pl-09076f83e90b139d0 Ipv6PrefixList: pl-015db6a9a3f8b7f38 ap-southeast-6: PrefixList: pl-04ed52d45e258dfd3 Ipv6PrefixList: pl-04ec346b0299ab3e3 ap-southeast-7: PrefixList: pl-0857de2e2b1c7f2a2 Ipv6PrefixList: pl-0d394c8e84df4ca56 ca-central-1: PrefixList: pl-38a64351 Ipv6PrefixList: pl-0c0fd74227163049a ca-west-1: PrefixList: pl-0530d4c590b35122b Ipv6PrefixList: pl-0cd01c4f03b66d585 eu-central-1: PrefixList: pl-a3a144ca Ipv6PrefixList: pl-0624f1d638a3e93df eu-central-2: PrefixList: pl-00b37293991dbe6a8 Ipv6PrefixList: pl-05ff33f3c280b2eb8 eu-north-1: PrefixList: pl-fab65393 Ipv6PrefixList: pl-05de9757262c679ba eu-south-1: PrefixList: pl-1bbc5972 Ipv6PrefixList: pl-07b149cb3ccb7e2da eu-south-2: PrefixList: pl-052dcbe0f793f19da Ipv6PrefixList: pl-0454b1d06a3e15f2f eu-west-1: PrefixList: pl-4fa04526 Ipv6PrefixList: pl-010bae2278f1a872d eu-west-2: PrefixList: pl-93a247fa Ipv6PrefixList: pl-0d7c235a121ad5fd1 eu-west-3: PrefixList: pl-75b1541c Ipv6PrefixList: pl-06d246df64d68cb0a il-central-1: PrefixList: pl-0dd89524416301988 Ipv6PrefixList: pl-023722c7ce8718ca2 me-central-1: PrefixList: pl-05266a86378662c23 Ipv6PrefixList: pl-08b3f3c9dc8f45b09 me-south-1: PrefixList: pl-17b2577e Ipv6PrefixList: pl-04baf1fb5ff7e9290 mx-central-1: PrefixList: pl-0246509e78ddf0729 Ipv6PrefixList: pl-0df0f56c679a42f28 sa-east-1: PrefixList: pl-5da64334 Ipv6PrefixList: pl-0051b342e8bc54805 us-east-1: PrefixList: pl-3b927c52 Ipv6PrefixList: pl-02d12e369a4312e03 us-east-2: PrefixList: pl-b6a144df Ipv6PrefixList: pl-079a97b94f32e4ee7 us-west-1: PrefixList: pl-4ea04527 Ipv6PrefixList: pl-06dd7c6e345937257 us-west-2: PrefixList: pl-82a045eb Ipv6PrefixList: pl-07f8c64944f5dc195 ConsoleUrl: aws: url: console.aws.amazon.com aws-cn: url: console.amazonaws.cn aws-gov: url: console.amazonaws-us-gov.com Resources: instanceIamRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: [ec2.amazonaws.com] Action: [sts:AssumeRole] Path: / Policies: - PolicyName: dcvLicensing PolicyDocument: # https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-license.html Version: "2012-10-17" Statement: - Effect: Allow Action: - s3:GetObject Resource: !Sub arn:aws:s3:::dcv-license.${AWS::Region}/* - !If - isGPUinstall - PolicyName: gpuDrivers PolicyDocument: # https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-amd-driver.html Version: "2012-10-17" Statement: - Effect: Allow Action: - s3:Get* - s3:List* Resource: - arn:*:s3:::nvidia-gaming - arn:*:s3:::nvidia-gaming/* - arn:*:s3:::ec2-windows-nvidia-drivers - arn:*:s3:::ec2-windows-nvidia-drivers/* - arn:*:s3:::ec2-amd-windows-drivers - arn:*:s3:::ec2-amd-windows-drivers/* - !Ref AWS::NoValue - !If - hasR53Zone - PolicyName: R53acmeAccess PolicyDocument: # Certbot dns_route53 : https://certbot-dns-route53.readthedocs.io/en/stable/ Version: "2012-10-17" Statement: # https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/specifying-rrset-conditions.html - Effect: Allow Action: - route53:ListHostedZones - route53:GetChange Resource: "*" - Effect: Allow Action: - route53:ChangeResourceRecordSets Resource: !Sub arn:${AWS::Partition}:route53:::hostedzone/* Condition: IpAddress: aws:SourceIp: 0.0.0.0/0 ForAllValues:StringEquals: route53:ChangeResourceRecordSetsRecordTypes: [TXT] ForAllValues:StringLike: route53:ChangeResourceRecordSetsNormalizedRecordNames: [_acme-challenge.*] - !Ref AWS::NoValue ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore - !Sub arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples instanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref instanceIamRole sgEC2Instance: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow inbound DCV VpcId: !Ref vpcID SecurityGroupIngress: - Description: DCV (IPv4) IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: !Ref ingressIPv4 - Description: DCV (IPv6) IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: !Ref ingressIPv6 - Description: DCV QUIC (IPv4) IpProtocol: udp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: !Ref ingressIPv4 - Description: DCV QUIC (IPv6) IpProtocol: udp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: !Ref ingressIPv6 - !If - createSgHTTP - Description: HTTP (IPv4) IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - !Ref AWS::NoValue - !If - createSgHTTP - Description: HTTP (IPv6) IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIpv6: ::/0 - !Ref AWS::NoValue - !If - createSgHTTPS - Description: HTTPS (IPv4) IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: !Ref ingressIPv4 - !Ref AWS::NoValue - !If - createSgHTTPS - Description: HTTPS (IPv6) IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIpv6: !Ref ingressIPv6 - !Ref AWS::NoValue - !If - createSgRDP - Description: RDP (IPv4) IpProtocol: tcp FromPort: 3389 ToPort: 3389 CidrIp: !Ref ingressIPv4 - !Ref AWS::NoValue - !If - createSgRDP - Description: RDP (IPv6) IpProtocol: tcp FromPort: 3389 ToPort: 3389 CidrIpv6: !Ref ingressIPv6 - !Ref AWS::NoValue SecurityGroupEgress: - Description: Allow all outbound traffic (IPv4) IpProtocol: "-1" CidrIp: 0.0.0.0/0 - Description: Allow all outbound traffic (IPv6) IpProtocol: "-1" CidrIpv6: ::/0 Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: Name Value: !Sub - "${AWS::StackName}-securityGroup-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples sgCloudFrontIPv4: Type: AWS::EC2::SecurityGroup Condition: createCFsgHTTP Properties: GroupDescription: Allow inbound HTTP from CloudFront (IPv4) VpcId: !Ref vpcID SecurityGroupIngress: - Description: HTTP (CloudFront origin IPv4) IpProtocol: tcp FromPort: 80 ToPort: 80 SourcePrefixListId: !FindInMap [CFprefixMap, !Ref AWS::Region, PrefixList] SecurityGroupEgress: - Description: Ping (CloudFront origin IPv4) IpProtocol: icmp FromPort: -1 ToPort: -1 DestinationPrefixListId: !FindInMap [CFprefixMap, !Ref AWS::Region, PrefixList] Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: Name Value: !Sub - "${AWS::StackName}-CloudFrontHTTP-IPv4-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples sgCloudFrontIPv6: Type: AWS::EC2::SecurityGroup Condition: createCFsgHTTP Properties: GroupDescription: Allow inbound HTTP from CloudFront (IPv6) VpcId: !Ref vpcID SecurityGroupIngress: - Description: HTTP (CloudFront origin IPv6) IpProtocol: tcp FromPort: 80 ToPort: 80 SourcePrefixListId: !FindInMap [CFprefixMap, !Ref AWS::Region, Ipv6PrefixList] SecurityGroupEgress: - Description: Ping (CloudFront origin IPv6) IpProtocol: icmp FromPort: -1 ToPort: -1 DestinationPrefixListId: !FindInMap [CFprefixMap, !Ref AWS::Region, PrefixList] Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: Name Value: !Sub - "${AWS::StackName}-CloudFrontHTTP-IPv6-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples sgR53HealthChecks: Type: AWS::EC2::SecurityGroup Condition: createAGA Properties: GroupDescription: Allow Route 53 Health Checks VpcId: !Ref vpcID SecurityGroupIngress: - Description: R53 Health Checks (IPv4) 01 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 15.177.0.0/18 - Description: R53 Health Checks (IPv4) 02 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 52.80.197.0/25 - Description: R53 Health Checks (IPv4) 03 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 52.80.197.128/25 - Description: R53 Health Checks (IPv4) 04 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 52.80.198.0/25 - Description: R53 Health Checks (IPv4) 05 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 52.83.34.128/25 - Description: R53 Health Checks (IPv4) 06 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 52.83.35.0/25 - Description: R53 Health Checks (IPv4) 07 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 52.83.35.128/25 - Description: R53 Health Checks (IPv4) 08 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.183.255.128/26 - Description: R53 Health Checks (IPv4) 09 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.228.16.0/26 - Description: R53 Health Checks (IPv4) 10 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.232.40.64/26 - Description: R53 Health Checks (IPv4) 11 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.241.32.64/26 - Description: R53 Health Checks (IPv4) 12 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.243.31.192/26 - Description: R53 Health Checks (IPv4) 13 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.244.52.192/26 - Description: R53 Health Checks (IPv4) 14 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.245.168.0/26 - Description: R53 Health Checks (IPv4) 15 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.248.220.0/26 - Description: R53 Health Checks (IPv4) 16 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.250.253.192/26 - Description: R53 Health Checks (IPv4) 17 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.251.31.128/26 - Description: R53 Health Checks (IPv4) 18 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.252.79.128/26 - Description: R53 Health Checks (IPv4) 19 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.252.254.192/26 - Description: R53 Health Checks (IPv4) 20 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 54.255.254.192/26 - Description: R53 Health Checks (IPv4) 21 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 107.23.255.0/26 - Description: R53 Health Checks (IPv4) 22 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 176.34.159.192/26 - Description: R53 Health Checks (IPv4) 23 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIp: 177.71.207.128/26 - Description: R53 Health Checks (IPv6) 01 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2400:7fc0:83cc:cc00::/56 - Description: R53 Health Checks (IPv6) 02 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2400:7fc0:83cc:cd00::/56 - Description: R53 Health Checks (IPv6) 03 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2400:7fc0:83cc:ce00::/56 - Description: R53 Health Checks (IPv6) 04 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2404:c2c0:83cc:cc00::/56 - Description: R53 Health Checks (IPv6) 05 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2404:c2c0:83cc:cd00::/56 - Description: R53 Health Checks (IPv6) 06 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2404:c2c0:83cc:ce00::/56 - Description: R53 Health Checks (IPv6) 07 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2406:da14:7ff:f800::/56 - Description: R53 Health Checks (IPv6) 08 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2406:da14:fff:f800::/56 - Description: R53 Health Checks (IPv6) 09 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2406:da18:7ff:f800::/56 - Description: R53 Health Checks (IPv6) 10 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2406:da18:fff:f800::/56 - Description: R53 Health Checks (IPv6) 11 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2406:da1c:7ff:f800::/56 - Description: R53 Health Checks (IPv6) 12 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2406:da1c:fff:f800::/56 - Description: R53 Health Checks (IPv6) 13 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:1f14:7ff:f800::/56 - Description: R53 Health Checks (IPv6) 14 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:1f14:fff:f800::/56 - Description: R53 Health Checks (IPv6) 15 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:1f18:3fff:f800::/56 - Description: R53 Health Checks (IPv6) 16 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:1f18:7fff:f800::/56 - Description: R53 Health Checks (IPv6) 17 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:1f1c:7ff:f800::/56 - Description: R53 Health Checks (IPv6) 18 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:1f1c:fff:f800::/56 - Description: R53 Health Checks (IPv6) 19 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:1f1e:7ff:f800::/56 - Description: R53 Health Checks (IPv6) 20 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:1f1e:fff:f800::/56 - Description: R53 Health Checks (IPv6) 21 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:f0f0:300:100::/56 - Description: R53 Health Checks (IPv6) 22 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:f0f0:30e::/48 - Description: R53 Health Checks (IPv6) 23 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2600:f0f0:30f::/48 - Description: R53 Health Checks (IPv6) 24 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2a05:d018:7ff:f800::/56 - Description: R53 Health Checks (IPv6) 25 IpProtocol: tcp FromPort: !Ref listenPort ToPort: !Ref listenPort CidrIpv6: 2a05:d018:fff:f800::/56 SecurityGroupEgress: - Description: Ping IpProtocol: icmp FromPort: -1 ToPort: -1 CidrIp: 127.0.0.1/32 Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: Name Value: !Sub - "${AWS::StackName}-R53HealthChecks-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples ec2Instance: Type: AWS::EC2::Instance CreationPolicy: ResourceSignal: Timeout: PT90M Metadata: Comment: Install Update files AWS::CloudFormation::Init: configSets: setup: - 00_setup dcv_install: - 02_dcv_install dcv_sw_install: - 01_dcv_sw_install dcv_gpu_install: - 03_dcv_gpu_install dcv_docker_install: - 08_dcv_docker_install dcv_cert_install: - 06_dcv_cert_install 00_setup: files: c:\\Users\\Administrator\\update-DCV.cmd: content: | @echo off cd \windows\temp del \windows\temp\nice-dcv-*.msi del \windows\temp\dcv-install-msi.log powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://d1uj6qtbmh3dt5.cloudfront.net/nice-dcv-server-x64-Release.msi', 'nice-dcv-server-x64-Release.msi')" wmic product where "name like '%%DCV%%'" get name,version start /wait msiexec.exe /i nice-dcv-server-x64-Release.msi /quiet /norestart /l*v dcv-install-msi.log reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management\automatic-console-session /v owner /t REG_SZ /d "administrator" /f reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management /v create-session /t REG_DWORD /d 1 /f reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management\automatic-console-session /v storage-root /t REG_SZ /d C:/Users/Administrator/ /f reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\connectivity /v enable-quic-frontend /t REG_DWORD /d 1 /f wmic product where "name like '%%DCV%%'" get name,version c:\\Users\\Administrator\\update-awscli.cmd: content: | @echo off aws --version C:\ProgramData\chocolatey\bin\choco upgrade -y awscli aws --version c:\\Windows\\Temp\\config.json: content: | { "agent": { "metrics_collection_interval": 300 }, "metrics": { "namespace": "CWAgent", "append_dimensions": { "InstanceId": "${aws:InstanceId}" }, "metrics_collected": { "Memory": { "measurement": [ "% Committed Bytes In Use" ] }, "LogicalDisk": { "measurement": [ "% Free Space" ], "resources": [ "*" ] } } } } c:\\Users\\Administrator\\download-NVIDIA-GRID-driver.cmd: content: | @echo off cls @echo. @echo NOTICE: These downloads are for GPU instances and are available to AWS customers only @echo. @echo By downloading, you agree to conditions and are bound by license terms as stated on @echo https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html @echo. pause @echo Downloading drivers... IF NOT EXIST "C:\Users\Administrator\Downloads\Drivers" md "C:\Users\Administrator\Downloads\Drivers" cd C:\Users\Administrator\Downloads\Drivers cd "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . --region us-east-1 IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . --no-sign-request reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\GridLicensing" /v NvCplDisableManageLicensePage /t REG_DWORD /d 1 /f cd c:\\Users\\Administrator\\download-NVIDIA-Gaming-driver.cmd: content: | @echo off cls @echo. @echo NOTICE: These downloads are for GPU instances and are available to AWS customers only @echo. @echo By downloading, you agree to conditions and are bound by license terms as stated on @echo https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html @echo. pause @echo Downloading drivers... IF NOT EXIST "C:\Users\Administrator\Downloads\Drivers" md "C:\Users\Administrator\Downloads\Drivers" cd C:\Users\Administrator\Downloads\Drivers cd "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . --region us-east-1 IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . --no-sign-request reg add "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global" /v vGamingMarketplace /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global" /v vGamingMarketplace /t REG_DWORD /d 2 powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://nvidia-gaming.s3.amazonaws.com/GridSwCert-Archive/GridSwCertWindows_2023_9_22.cert', 'C:\Users\Public\Documents\GridSwCert.txt')" cd c:\\Users\\Administrator\\download-AMD-driver.cmd: content: | @echo off cls @echo. @echo NOTICE: These downloads are for GPU instances and are available to AWS customers only @echo. @echo By downloading, you agree to conditions and are bound by license terms as stated on @echo https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-amd-driver.html @echo. pause @echo Downloading drivers... IF NOT EXIST "C:\Users\Administrator\Downloads\Drivers" md "C:\Users\Administrator\Downloads\Drivers" cd C:\Users\Administrator\Downloads\Drivers cd "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . --region us-east-1 IF %ERRORLEVEL% NEQ 0 "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . --no-sign-request cd 01_dcv_sw_install: files: c:\\windows\\temp\\dcv-sw-install.cmd: content: !Sub | @echo off IF EXIST c:\windows\temp\dcv-sw-install.txt EXIT ECHO amazon-ec2-nice-dcv-samples >> c:\windows\temp\dcv-sw-install.txt @echo ** set administrator password powershell -C "Get-EC2InstanceMetadata -Category InstanceId" > c:\windows\temp\instanceid.txt set /p INSTANCEID=> c:\windows\temp\dcv-sw-install.log ignoreErrors: true waitAfterCompletion: forever 02_dcv_install: files: c:\\windows\\temp\\dcv-install.cmd: content: !Sub | @echo off powershell -Command "Start-Sleep -s 5" IF EXIST c:\windows\temp\dcv-install.txt EXIT ECHO amazon-ec2-nice-dcv-samples >> c:\windows\temp\dcv-install.txt cd \windows\temp @echo ** https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-installing-wininstall.html powershell -Command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; (New-Object System.Net.WebClient).DownloadFile('https://d1uj6qtbmh3dt5.cloudfront.net/nice-dcv-server-x64-Release.msi', 'nice-dcv-server-x64-Release.msi')" @echo ** https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-installing-wininstall.html#setting-up-installing-windows-unattended SET DRIVER_TYPE=${driverType} IF %DRIVER_TYPE% EQU DCV ( msiexec /i nice-dcv-server-x64-Release.msi ADDLOCAL=ALL REMOVE=iddDriver /quiet /norestart /l*v dcv-install-msi.log ) ELSE IF %DRIVER_TYPE% EQU none ( msiexec /i nice-dcv-server-x64-Release.msi ADDLOCAL=ALL REMOVE=iddDriver /quiet /norestart /l*v dcv-install-msi.log ) ELSE ( msiexec.exe /i nice-dcv-server-x64-Release.msi ADDLOCAL=ALL /quiet /norestart /l*v dcv-install-msi.log ) @echo ** https://docs.aws.amazon.com/dcv/latest/adminguide/managing-sessions-start.html#managing-sessions-start-auto reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management /v create-session /t REG_DWORD /d 1 /f reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management\automatic-console-session /v owner /t REG_SZ /d "administrator" /f @echo ** https://docs.aws.amazon.com/dcv/latest/adminguide/manage-storage.html reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management\automatic-console-session /v storage-root /t REG_SZ /d C:/Users/Administrator/ /f @echo ** https://docs.aws.amazon.com/dcv/latest/adminguide/enable-quic.html reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\connectivity /v enable-quic-frontend /t REG_DWORD /d 1 /f @echo ** "Number must be higher than 1024: https://docs.aws.amazon.com/dcv/latest/adminguide/manage-port-addr.html" reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\connectivity /v web-port /t REG_DWORD /d ${listenPort} /f reg add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\connectivity /v quic-port /t REG_DWORD /d ${listenPort} /f @echo ** https://docs.aws.amazon.com/dcv/latest/adminguide/config-param-ref.html#display reg.exe add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\display /v web-client-max-head-resolution /t REG_SZ /d "(0, 0)" /f reg.exe add HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\display /v console-session-default-layout /t REG_SZ /d "[{'w':<1920>, 'h':<1080>, 'x':<0>, 'y': <0>}]" /f @ Port forward HTTPS TCP 443 to DCV IF ${installReverseProxy} EQU Yes ( netsh advfirewall firewall add rule name="HTTPS" dir=in action=allow protocol=tcp localport=443 netsh int portproxy add v4tov4 listenport=443 connectaddress=127.0.0.1 connectport=${listenPort} netsh int portproxy add v6tov6 listenport=443 connectaddress=::1 connectport=${listenPort} ) exit commands: # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html#aws-resource-init-commands install: command: c:\windows\temp\dcv-install.cmd >> c:\windows\temp\dcv-install.log ignoreErrors: true 03_dcv_gpu_install: files: c:\\windows\\temp\\dcv-gpu-install.cmd: content: !Sub | @echo off powershell -Command "Start-Sleep -s 5" IF EXIST c:\windows\temp\dcv-gpu-install.txt EXIT ECHO amazon-ec2-nice-dcv-samples >> c:\windows\temp\dcv-gpu-install.txt start /wait c:\windows\temp\install-PSReadLine.cmd start /wait c:\windows\temp\install-DisplaySettings.cmd SET DRIVER_TYPE=${driverType} SET "PATH=%PATH%;C:\Program Files\7-zip" cd \windows\temp md driver && cd driver IF %DRIVER_TYPE% EQU DCV-IDD ( del c:\Users\Administrator\download-NVIDIA-GRID-driver.cmd del c:\Users\Administrator\download-NVIDIA-Gaming-driver.cmd del c:\Users\Administrator\download-AMD-driver.cmd ) IF %DRIVER_TYPE% EQU DCV ( del c:\Users\Administrator\download-NVIDIA-GRID-driver.cmd del c:\Users\Administrator\download-NVIDIA-Gaming-driver.cmd del c:\Users\Administrator\download-AMD-driver.cmd @echo ** https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-installing-winprereq.html#setting-up-installing-general powershell -Command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; (New-Object System.Net.WebClient).DownloadFile('https://d1uj6qtbmh3dt5.cloudfront.net/nice-dcv-virtual-display-x64-Release.msi', 'nice-dcv-virtual-display-x64-Release.msi')" msiexec.exe /i nice-dcv-virtual-display-x64-Release.msi /quiet /l dcv-display.log ) IF %DRIVER_TYPE% EQU NVIDIA-GRID ( del c:\Users\Administrator\download-NVIDIA-Gaming-driver.cmd del c:\Users\Administrator\download-AMD-driver.cmd IF NOT EXIST c:\windows\system32\curl.exe choco install --no-progress -y curl @echo ** https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvidia-GRID-driver.html "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . --region us-east-1 ) || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-windows-nvidia-drivers/latest/ . --no-sign-request ) || ( curl -s -L -O https://ec2-windows-nvidia-drivers.s3.amazonaws.com/grid-18.4/573.48_grid_win10_win11_server2022_dch_64bit_international_aws_swl.exe ) reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\GridLicensing" /v NvCplDisableManageLicensePage /t REG_DWORD /d 1 /f forfiles /M *.exe /C "cmd /c 7z x @file" @rem ** https://enterprise-support.nvidia.com/s/article/Silent-Install-of-GRID-VM-Driver-for-Windows start /wait setup.exe -s -n ) IF %DRIVER_TYPE% EQU NVIDIA-Gaming ( del c:\Users\Administrator\download-NVIDIA-GRID-driver.cmd del c:\Users\Administrator\download-AMD-driver.cmd IF NOT EXIST c:\windows\system32\curl.exe choco install --no-progress -y curl @echo ** https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvidia-gaming-driver.html "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . --region us-east-1 ) || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://nvidia-gaming/windows/latest/ . --no-sign-request ) || ( curl -s -L -O https://nvidia-gaming.s3.amazonaws.com/windows/552.13_Cloud_Gaming_win10_win11_server2022_dch_64bit_international.exe ) reg add "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global" /v vGamingMarketplace /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global" /v vGamingMarketplace /t REG_DWORD /d 2 /f powershell -Command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; (New-Object System.Net.WebClient).DownloadFile('https://nvidia-gaming.s3.amazonaws.com/GridSwCert-Archive/GridSwCertWindows_2023_9_22.cert', 'C:\Users\Public\Documents\GridSwCert.txt')" forfiles /M *.exe /C "cmd /c 7z x @file" start /wait setup.exe -s ) IF %DRIVER_TYPE% EQU NVIDIA-Tesla ( del c:\Users\Administrator\download-NVIDIA-GRID-driver.cmd del c:\Users\Administrator\download-NVIDIA-Gaming-driver.cmd del c:\Users\Administrator\download-AMD-driver.cmd IF NOT EXIST c:\windows\system32\curl.exe choco install --no-progress -y curl @echo ** https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/public-nvidia-driver.html copy \windows\temp\install-if-available.cmd \windows\temp\driver\ install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2022-dch-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2019-2022-dch-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2016-2019-2022-dch-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2019-2016-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver2016-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver-2012r2-64bit-international.exe install-if-available.cmd https://us.download.nvidia.com/tesla/${teslaDriverVersion}/${teslaDriverVersion}-data-center-tesla-desktop-winserver2008-2012r2-64bit-international.exe ) IF %DRIVER_TYPE% EQU AMD ( del c:\Users\Administrator\download-NVIDIA-GRID-driver.cmd del c:\Users\Administrator\download-NVIDIA-Gaming-driver.cmd @echo ** https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-amd-driver.html#download-amd-driver "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . --region us-east-1 ) || ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp --recursive s3://ec2-amd-windows-drivers/latest/ . --no-sign-request ) @echo ** AMD_GPU_WINDOWS_2K22_DRIVER*.ZIP? reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr /C:"Server 202">nul && ( cmd /c 7z x AMD*2K22*.zip cd Packages\Drivers\Display\*INF ) || ( echo Not Windows 202* ) @echo ** AMD_GPU_WINDOWS_2K19_DRIVER*.ZIP? reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr /C:"Server 2019">nul && ( cmd /c 7z x AMD*2K19*.zip cd Packages\Drivers\Display\*INF ) || ( echo Not Windows 2019 ) @echo ** archives/*2016*.ZIP? reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr /C:"Server 2016">nul && ( "C:\Program Files\Amazon\AWSCLIV2\aws" s3 cp s3://ec2-amd-windows-drivers/archives/Windows_2019_2016-20.10.25.01-201109a-361679C-WHQL.zip . --no-sign-request cmd /c 7z x Windows_2019_2016-20.10.25.01-201109a-361679C-WHQL.zip cd *WHQL*\Drivers\Display\*INF ) || ( echo Not Windows 2016 ) pnputil /add-driver *.inf /install /subdirs ) shutdown /r /t 1 /f powershell -Command "Start-Sleep -s 5" exit c:\\windows\\temp\\install-PSReadLine.cmd: content: | @echo off reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr /C:"Server 202">nul && ( @echo ** https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-rdp.html#fleet-rdp-prerequisites powershell -Command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.4.201 -Force" powershell -Command "Install-Module -Name PSReadLine -Repository PSGallery -MinimumVersion 2.2.2 -Force" ) || ( echo. ) exit c:\\windows\\temp\\install-DisplaySettings.cmd: content: | @echo off reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr "2019 202">nul && ( @echo ** https://www.powershellgallery.com/packages/DisplaySettings powershell -Command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force" powershell -Command "Install-Module -Name DisplaySettings -Force" ) || ( echo. ) exit c:\\windows\\temp\\install-if-available.cmd: content: | @echo off echo %1 curl -s -I %1 | findstr /C:" 200">nul && ( echo Download and install curl -s -L %1 -o nvidia-driver.exe start /wait nvidia-driver -s ECHO amazon-ec2-nice-dcv-samples >> c:\windows\temp\dcv-gpu-install.txt shutdown /r /t 1 /f powershell -Command "Start-Sleep -s 5" ) || ( echo. ) commands: # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html#aws-resource-init-commands restart-computer: command: c:\windows\temp\dcv-gpu-install.cmd >> c:\windows\temp\dcv-gpu-install.log ignoreErrors: true waitAfterCompletion: forever 06_dcv_cert_install: files: c:\\windows\\temp\\dcv-cert-install.cmd: content: | @echo off powershell -Command "Start-Sleep -s 5" IF EXIST c:\windows\temp\dcv-cert-install.txt EXIT @echo ** set administrator password powershell -C "Get-EC2InstanceMetadata -Category InstanceId" > c:\windows\temp\instanceid.txt set /p INSTANCEID=> c:\windows\temp\dcv-cert-install.txt exit c:\\windows\\temp\\install-dcv-cert.ps1: content: | $global:progressPreference = 'silentlyContinue' # Initial cert by SYSTEM $moduleName = "Posh-ACME" if (-not (Get-Module -ListAvailable -Name $moduleName)) { Install-Module -Name $moduleName -Force } Import-Module Posh-ACME Set-PAServer LE_PROD $PublicIp = (Invoke-WebRequest -UseBasicParsing -Uri 'https://checkip.amazonaws.com').Content.Trim() $cert = New-PACertificate $PublicIp -Plugin WebSelfHost -Profile shortlived -AcceptTOS -Name "DCV-Cert" $cert | Format-List New-Item -Path C:\Windows\System32\config\systemprofile\AppData\Local\NICE\dcv\dcv.pem -ItemType SymbolicLink -Value $cert.CertFile New-Item -Path C:\Windows\System32\config\systemprofile\AppData\Local\NICE\dcv\dcv.key -ItemType SymbolicLink -Value $cert.KeyFile C:\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\NICE\\dcv\\renew-dcv-cert.ps1: content: | $global:progressPreference = 'silentlyContinue' # Open HTTP port for ACME HTTP-01 challenge netsh advfirewall firewall add rule name="HTTP" dir=in action=allow protocol=tcp localport=80 $moduleName = "Posh-ACME" if (-not (Get-Module -ListAvailable -Name $moduleName)) { Install-Module -Name $moduleName -Force } Import-Module Posh-ACME Set-PAServer LE_PROD $cert = Get-PACertificate -Name "DCV-Cert" if (!$cert) { New-PAAccount -AcceptTOS -Force $PublicIp = (Invoke-WebRequest -UseBasicParsing -Uri 'https://checkip.amazonaws.com').Content.Trim() $cert = New-PACertificate $PublicIp -Plugin WebSelfHost -Profile shortlived -AcceptTOS -Name "DCV-Cert" $cert | Format-List New-Item -Path C:\Windows\System32\config\systemprofile\AppData\Local\NICE\dcv\dcv.pem -ItemType SymbolicLink -Value $cert.CertFile -Force New-Item -Path C:\Windows\System32\config\systemprofile\AppData\Local\NICE\dcv\dcv.key -ItemType SymbolicLink -Value $cert.KeyFile -Force } else { Set-PAAccount Submit-Renewal -Name "DCV-Cert" } commands: install-cert: command: c:\windows\temp\dcv-cert-install.cmd >> c:\windows\temp\dcv-cert-install.log ignoreErrors: true 08_dcv_docker_install: files: c:\\windows\\temp\\dcv-docker-install.cmd: content: | @echo off powershell -Command "Start-Sleep -s 10" IF EXIST c:\windows\temp\dcv-docker-install.txt EXIT IF EXIST c:\windows\System32\dockerd.exe EXIT powershell -NoProfile -File "c:\windows\temp\install-docker-ce.ps1" c:\windows\System32\dockerd.exe --register-service --service-name docker ECHO amazon-ec2-nice-dcv-samples >> c:\windows\temp\dcv-docker-install.txt shutdown /r /t 1 /f powershell -Command "Start-Sleep -s 5" exit c:\\windows\\temp\\install-docker-ce.ps1: content: | $global:progressPreference = 'silentlyContinue' # Get latest Docker .zip package $availableVersions = ((Invoke-WebRequest -Uri "https://download.docker.com/win/static/stable/x86_64/" -UseBasicParsing).Links | Where-Object {$_.href -like "docker-*.zip"}).href | Sort-Object -Descending $dockerZip = $availableVersions[0] $zipUrl = "https://download.docker.com/win/static/stable/x86_64/$dockerZip" # download package $destinationFolder = "c:\windows\temp" (New-Object System.Net.WebClient).DownloadFile($zipUrl, "$destinationFolder\$dockerZip") # Extract and copy to \windows\system32 Expand-Archive -Path "$destinationFolder\$dockerZip" -DestinationPath "$destinationFolder" Copy-Item -Path "$destinationFolder\docker\docker.exe" -Destination c:\windows\System32\docker.exe Copy-Item -Path "$destinationFolder\docker\dockerd.exe" -Destination c:\windows\System32\dockerd.exe # Prepare docker config path $DockerDataPath = "c:\ProgramData\docker" $dockerConfigPath = Join-Path $global:DockerDataPath "config" md -Path $dockerConfigPath | Out-Null # Prepare docker daemon.json $daemonSettings = New-Object PSObject $daemonSettings | Add-Member NoteProperty hosts @("npipe://") $daemonSettingsFile = Join-Path $dockerConfigPath "daemon.json" $daemonSettings | ConvertTo-Json | Out-File -FilePath $daemonSettingsFile -Encoding ASCII # Register docker service. # &c:\windows\System32\dockerd.exe --register-service --service-name docker $windowsFeature = "Containers" if (-not (Get-WindowsFeature $windowsFeature).Installed) { Add-WindowsFeature $windowsFeature } commands: # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html#aws-resource-init-commands install-docker: command: c:\windows\temp\dcv-docker-install.cmd >> c:\windows\temp\dcv-docker-install.log ignoreErrors: true waitAfterCompletion: forever Properties: ImageId: !Ref imageId InstanceType: !Ref instanceType IamInstanceProfile: !Ref instanceProfile SubnetId: !Ref subnetID Monitoring: false DisableApiTermination: !If [enableProtection, true, false] EbsOptimized: true SecurityGroupIds: - !Ref sgEC2Instance - !If [createCFsgHTTP, !Ref sgCloudFrontIPv4, !Ref AWS::NoValue] - !If [createCFsgHTTP, !Ref sgCloudFrontIPv6, !Ref AWS::NoValue] - !If [createAGA, !Ref sgR53HealthChecks, !Ref AWS::NoValue] BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: VolumeType: !Ref volumeType VolumeSize: !Ref volumeSize DeleteOnTermination: true Encrypted: true UserData: !Base64 Fn::Sub: | Tags: - Key: Name Value: !Ref ec2Name - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples elasticIP: Condition: useElasticIP Type: AWS::EC2::EIP Properties: Domain: vpc NetworkBorderGroup: !Ref AWS::Region InstanceId: !Ref ec2Instance Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: Name Value: !Sub - "${AWS::StackName}-elasticIP-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples backupPlan: Type: AWS::Backup::BackupPlan Condition: createBackup Properties: BackupPlan: BackupPlanName: !Sub - "${AWS::StackName}-backupPlan-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] BackupPlanRule: - RuleName: !Sub - "${AWS::StackName}-backupRule-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] TargetBackupVault: !Ref backupVault ScheduleExpression: !Ref scheduleExpression ScheduleExpressionTimezone: !Ref scheduleExpressionTimezone Lifecycle: DeleteAfterDays: !Ref deleteAfterDays BackupPlanTags: { "StackName": !Ref AWS::StackName, "StackId": !Ref AWS::StackId, "GitHub": "https://github.com/aws-samples/amazon-ec2-nice-dcv-samples", } backupVault: Type: AWS::Backup::BackupVault Condition: createBackup UpdateReplacePolicy: Delete Properties: BackupVaultName: !Sub - "${AWS::StackName}-backupVault-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] BackupVaultTags: { "StackName": !Ref AWS::StackName, "StackId": !Ref AWS::StackId, "GitHub": "https://github.com/aws-samples/amazon-ec2-nice-dcv-samples", } backupSelection: Type: AWS::Backup::BackupSelection Condition: createBackup Properties: BackupPlanId: !Ref backupPlan BackupSelection: IamRoleArn: !GetAtt backupRestoreRole.Arn Resources: - !Sub arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:instance/${ec2Instance} SelectionName: !Sub - "${AWS::StackName}-backupSelection-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] backupRestoreRole: Type: AWS::IAM::Role Condition: createBackup Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: backup.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: restore-EC2-instance-profile PolicyDocument: # https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-ec2.html Version: "2012-10-17" Statement: - Effect: Allow Action: - iam:PassRole Resource: !GetAtt instanceIamRole.Arn ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples aga: Type: AWS::GlobalAccelerator::Accelerator Condition: createAGA Properties: Name: !Sub - "${AWS::StackName}-AGA-${UID}" - UID: !Select [ 3, !Split ["-", !Select [2, !Split ["/", !Ref AWS::StackId]]], ] IpAddressType: IPV4 Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples agaListener1: Type: AWS::GlobalAccelerator::Listener Condition: createAGA Properties: AcceleratorArn: !Ref aga ClientAffinity: SOURCE_IP Protocol: TCP PortRanges: - FromPort: !Ref listenPort ToPort: !Ref listenPort - !If - createSgRDP - FromPort: 3389 ToPort: 3389 - !Ref AWS::NoValue agaListener2: Type: AWS::GlobalAccelerator::Listener Condition: createAGA Properties: AcceleratorArn: !Ref aga ClientAffinity: SOURCE_IP Protocol: UDP PortRanges: - FromPort: !Ref listenPort ToPort: !Ref listenPort agaEndpointGroup1: Type: AWS::GlobalAccelerator::EndpointGroup Condition: createAGA Properties: ListenerArn: !GetAtt agaListener1.ListenerArn EndpointGroupRegion: !Ref AWS::Region HealthCheckPort: !Ref listenPort HealthCheckProtocol: TCP ThresholdCount: 1 EndpointConfigurations: - EndpointId: !Ref ec2Instance agaEndpointGroup2: Type: AWS::GlobalAccelerator::EndpointGroup Condition: createAGA Properties: ListenerArn: !GetAtt agaListener2.ListenerArn EndpointGroupRegion: !Ref AWS::Region HealthCheckPort: !Ref listenPort HealthCheckProtocol: TCP ThresholdCount: 1 EndpointConfigurations: - EndpointId: !Ref ec2Instance cfVpcOrigin: Type: AWS::CloudFront::VpcOrigin Condition: cfVPCOrigin Properties: VpcOriginEndpointConfig: Arn: !Sub arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:instance/${ec2Instance} Name: !Sub ${AWS::StackName}-${ec2Instance} OriginProtocolPolicy: http-only OriginSSLProtocols: - TLSv1.2 Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples cfDistribution: Type: AWS::CloudFront::Distribution DependsOn: ec2Instance Condition: createCloudFront Properties: DistributionConfig: Origins: - !If - cfVPCOrigin - DomainName: !GetAtt ec2Instance.PrivateDnsName Id: !Ref ec2Instance VpcOriginConfig: VpcOriginId: !GetAtt cfVpcOrigin.Id - DomainName: !GetAtt ec2Instance.PublicDnsName Id: !Ref ec2Instance CustomOriginConfig: OriginProtocolPolicy: http-only OriginSSLProtocols: - TLSv1.2 Enabled: true Comment: !Sub "${AWS::StackName}-CloudFront" HttpVersion: http2and3 ViewerCertificate: CloudFrontDefaultCertificate: true MinimumProtocolVersion: TLSv1.2_2021 DefaultCacheBehavior: AllowedMethods: !Split [",", "GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE"] CachedMethods: - "HEAD" - "GET" Compress: true CachePolicyId: "4cc15a8a-d715-48a4-82b8-cc0b614638fe" OriginRequestPolicyId: "216adef6-5c7f-47e4-b989-5492eafa07d3" ResponseHeadersPolicyId: "67f7725c-6f97-4210-82d7-5512b31e9d03" TargetOriginId: !Ref ec2Instance ViewerProtocolPolicy: "redirect-to-https" Tags: - Key: StackName Value: !Ref AWS::StackName - Key: StackId Value: !Ref AWS::StackId - Key: GitHub Value: https://github.com/aws-samples/amazon-ec2-nice-dcv-samples Outputs: RDPconnect: Description: Fleet Manager Remote Desktop Value: !Sub - "https://${AWS::Region}.${url}/systems-manager/fleet-manager/remote-desktop?region=${AWS::Region}&nodeIds=${ec2Instance}&authType=USER_CREDENTIALS" - url: !FindInMap [ ConsoleUrl, !Ref "AWS::Partition", url, DefaultValue: "console.aws.amazon.com", ] EC2console: Description: EC2 console Value: !Sub - "https://${AWS::Region}.${url}/ec2/home?region=${AWS::Region}#InstanceDetails:instanceId=${ec2Instance}" - url: !FindInMap [ ConsoleUrl, !Ref "AWS::Partition", url, DefaultValue: "console.aws.amazon.com", ] EC2iamRole: Description: EC2 IAM role Value: !Sub - "https://${url}/iam/home#/roles/details/${role}" - { role: !Select [1, !Split ["/", !GetAtt instanceIamRole.Arn]], url: !FindInMap [ ConsoleUrl, !Ref "AWS::Partition", url, DefaultValue: "console.aws.amazon.com", ], } SSMsessionManager: Description: SSM Session Manager (" net user administrator changeStr@ongPass0rd " to change password) Value: !Sub - "https://${AWS::Region}.${url}/systems-manager/session-manager/${ec2Instance}" - url: !FindInMap [ ConsoleUrl, !Ref "AWS::Partition", url, DefaultValue: "console.aws.amazon.com", ] DCVUrl: Description: DCV URL (login as administrator) Value: !Sub - "https://${IpAddress}:${listenPort}/?username=administrator ( dcv://administrator:@${IpAddress}:${listenPort} )" - IpAddress: !If [ displayPublicIP, !GetAtt ec2Instance.PublicIp, !GetAtt ec2Instance.PrivateIp, ] ReverseProxyURL: Condition: installReverseProxy Description: Reverse Proxy URL (login as administrator) Value: !Sub - "https://${IpAddress}/?username=administrator ( dcv://administrator:@${IpAddress}:443 )" - IpAddress: !If [ displayPublicIP, !GetAtt ec2Instance.PublicIp, !GetAtt ec2Instance.PrivateIp, ] DCVUrlAGA: Condition: createAGA Description: DCV web browser client through AGA (login as administrator) Value: !Sub "https://${aga.DnsName}:${listenPort}/?username=administrator ( dcv://administrator:@${aga.DnsName}:${listenPort} )" SecurityGroup: Description: Security Group Value: !Ref sgEC2Instance Export: Name: !Sub ${AWS::StackName}-SecurityGroup EC2instanceID: Description: Instance ID Value: !Ref ec2Instance Export: Name: !Sub ${AWS::StackName}-InstanceID IAMRole: Description: IAM Role Value: !Ref instanceIamRole Export: Name: !Sub ${AWS::StackName}-IAMRole AGAconsole: Condition: createAGA Description: Global Accelerator console Value: !Sub - https://${url}/globalaccelerator/home#AcceleratorDetails:AcceleratorArn=${aga} - url: !FindInMap [ ConsoleUrl, !Ref "AWS::Partition", url, DefaultValue: "console.aws.amazon.com", ] AGAipv4Addresses: Condition: createAGA Description: Global Accelerator IPv4 addresses Value: !Join [", ", !GetAtt aga.Ipv4Addresses] CloudFrontConsole: Condition: createCloudFront Description: CloudFront console Value: !Sub - "https://${url}/cloudfront/home#/distributions/${cfDistribution.Id}?region=${AWS::Region}" - url: !FindInMap [ ConsoleUrl, !Ref "AWS::Partition", url, DefaultValue: "console.aws.amazon.com", ] CloudFrontUrl: Condition: createCloudFront Description: CloudFront distribution URL Value: !Sub "https://${cfDistribution.DomainName}"