From 159e793e070155b61ebfdc1df1451b89b4c7187b Mon Sep 17 00:00:00 2001 From: Alex Hung Date: Thu, 7 Jan 2021 09:22:53 -0800 Subject: [PATCH 1/6] Update AWS CFTs for 7.12.15 --- ...ifactory-core-infrastructure.template.yaml | 378 ++++++ ...artifactory-ec2-existing-vpc.template.yaml | 1024 +++++++++++++++++ ...rog-artifactory-ec2-instance.template.yaml | 345 ++++++ ...ctory-ec2-marketplace-master.template.yaml | 456 ++++++++ .../jfrog-xray-ec2-instance.template.yaml | 259 +++++ 5 files changed, 2462 insertions(+) create mode 100644 Amazon/Marketplace/v7125/templates/jfrog-artifactory-core-infrastructure.template.yaml create mode 100644 Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml create mode 100644 Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml create mode 100644 Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml create mode 100644 Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-core-infrastructure.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-core-infrastructure.template.yaml new file mode 100644 index 0000000..2362bba --- /dev/null +++ b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-core-infrastructure.template.yaml @@ -0,0 +1,378 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' +Parameters: + VpcId: + Type: AWS::EC2::VPC::Id + VpcCidr: + Description: CIDR block for the VPC + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PrivateSubnet1Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + PrivateSubnet3Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.64.0/19 + Type: String + SubnetIds: + Type: List + DatabaseAllocatedStorage: + Type: Number + MultiAzDatabase: + Type: String + DatabaseEngine: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + NoEcho: 'true' + Type: String + DatabaseInstance: + Type: String + DatabaseName: + Type: String + ArtifactoryS3IAMUser: + NoEcho: 'true' + Type: String + ArtifactoryProduct: + Default: JFrog-Artifactory-Pro + Type: String + ReleaseStage: + Default: GA + Type: String + InstanceType: + Default: m5.xlarge + Type: String + +Mappings: + DatabaseMap: + Postgres: + Name: postgresql + DatabaseVersion: 11.5 + Driver: "org.postgresql.Driver" + Plugin: postgresql-42.2.9.jar + PluginURL: https://jdbc.postgresql.org/download/ + port: "5432" + extraDatabaseOps: "" + ReleaseStageMap: + BETA: + ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro" + JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr" + NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro" + GA: + ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro" + JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr" + NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro" + ProductMap: + JFrog-Container-Registry: + RepoName: JcrDockerRepo + JFrog-Artifactory-Pro: + RepoName: ProDockerRepo + JavaOptionstoInstance: + m5.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5d.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5d.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5d.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5d.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5d.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5d.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5d.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5a.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5a.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5a.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5a.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5a.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5a.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5a.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5a.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5ad.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5ad.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5ad.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5ad.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5ad.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5ad.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge +Resources: + ArtifactoryDatabaseSubnetGroup: + Type: AWS::RDS::DBSubnetGroup + Properties: + DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s) + SubnetIds: !Ref SubnetIds + ArtifactoryDatabase: + Type: AWS::RDS::DBInstance + Properties: + AllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAZ: !Ref MultiAzDatabase + Engine: !Ref DatabaseEngine + EngineVersion: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - DatabaseVersion + MasterUsername: !Ref DatabaseUser + MasterUserPassword: !Ref DatabasePassword + DBInstanceClass: !Ref DatabaseInstance + DBName: !Ref DatabaseName + DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup + VPCSecurityGroups: + - !Ref ArtifactoryDatabaseSG + ArtifactoryDatabaseSG: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: artifactory-rds-sg + GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers. + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet1Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet2Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet3Cidr + SecurityGroupEgress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + ArtifactoryS3Bucket: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + ArtifactoryS3IAMPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: S3BucketPermissions + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: S3BucketPermissions + Effect: Allow + Action: + - s3:* + Resource: + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - "/*" + Users: + - !Ref ArtifactoryS3IAMUser +Outputs: + S3Bucket: + Value: !Ref ArtifactoryS3Bucket + Description: Actual S3 bucket created for Artifactory + DatabaseDriver: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver] + DatabasePlugin: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + DatabasePluginUrl: + Value: !Sub + - "${MainURL}${PluginVersion}" + - { + MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL], + PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + } + DatabaseType: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name] + DatabaseUrl: + Value: !Sub + - "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}" + - { + DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name], + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps], + } + XrayMasterDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + XrayDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + ProDockerRepo: + Value: !FindInMap + - ReleaseStageMap + - !Ref ReleaseStage + - !FindInMap + - ProductMap + - !Ref ArtifactoryProduct + - RepoName + NginxDockerRepo: + Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo] + JavaOpts: + Value: !Sub + - "-Xms${min}g -Xmx${max}g" + - { + min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min], + max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max] + } + DeploymentSize: + Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml new file mode 100644 index 0000000..ff0563d --- /dev/null +++ b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -0,0 +1,1024 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into an existing VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - ELBScheme + - Label: + default: Bastion configuration + Parameters: + - ProvisionBastionHost + - BastionInstanceType + - BastionOs + - BastionRootVolumeSize + - BastionEnableTcpForwarding + - NumBastionHosts + - BastionEnableX11Forwarding + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryProduct + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - KeystorePassword + - AnsibleVaultPass + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: AWS Quick Start configuration + Parameters: + - QsS3BucketName + - QsS3KeyPrefix + - QsS3BucketRegion + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + KeyPairName: + default: SSH key name + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + ELBScheme: + default: Elastic Load Balancing scheme + ProvisionBastionHost: + default: Bastion instance + BastionInstanceType: + default: Bastion instance type + BastionRootVolumeSize: + default: Bastion root volume size + BastionEnableTcpForwarding: + default: Bastion enable TCP forwarding + BastionEnableX11Forwarding: + default: Bastion enable X11 forwarding + BastionOs: + default: Bastion operating system + NumBastionHosts: + default: Number of bastion instances + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryProduct: + default: Artifactory product to install + ArtifactoryVersion: + default: Artifactory version + SmLicenseCertName: + default: Artifactory licenses and certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + KeystorePassword: + default: Java keystore password + AnsibleVaultPass: + default: Ansible Vault password + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + QsS3BucketName: + default: Quick Start S3 bucket name + QsS3KeyPrefix: + default: Quick Start S3 key prefix + QsS3BucketRegion: + default: Quick Start S3 bucket region + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog Xray instances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Cidr: + Description: CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant specific ranges inside your corporate network SSH access. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + ELBScheme: + Description: Choose whether this is internet facing or internal. + AllowedValues: + - internal + - internet-facing + Default: internet-facing + Type: String + ProvisionBastionHost: + Description: Choose Disabled to skip creating a bastion instance. Due to the JFrog Container Registry nodes being + created in private subnets, the default setting of Enabled this is highly recommended. + AllowedValues: + - "Enabled" + - "Disabled" + Default: "Enabled" + Type: String + BastionInstanceType: + Description: Size of the bastion instances. + AllowedValues: + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + Default: "t3.micro" + Type: String + BastionRootVolumeSize: + Description: Size of the root volume on the bastion instances. + Default: 10 + Type: Number + BastionEnableTcpForwarding: + Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance + or not. + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + BastionEnableX11Forwarding: + Description: Choose true to enable X11 via the bootstrapping of the bastion host. + Setting this value to true will enable X Windows over SSH. + X11 forwarding can be useful, but it is also a security risk, so it's recommended + that you keep the default (false) setting. + AllowedValues: + - "true" + - "false" + Default: "false" + Type: String + BastionOs: + Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. + AllowedValues: + - "Amazon-Linux2-HVM" + - "CentOS-7-HVM" + - "Ubuntu-Server-20.04-LTS-HVM" + - "SUSE-SLES-15-HVM" + Default: "Amazon-Linux2-HVM" + Type: String + NumBastionHosts: + Description: Number of bastion instances to create. + AllowedValues: + - '1' + - '2' + - '3' + - '4' + Default: '1' + Type: String + VolumeSize: + Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryProduct: + Description: JFrog Artifactory product you want to install into an AMI. + AllowedValues: + - JFrog-Artifactory-Pro + - JFrog-Container-Registry + Default: JFrog-Artifactory-Pro + Type: String + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + See the release notes to select the version you want to deploy at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases + Default: 7.12.5 + Type: String + SmLicenseCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate, certificate key, and Artifactory licenses. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + KeystorePassword: + Description: Java keystore password. For better security, the password that you specify will + replace the default Java key store password. + NoEcho: 'true' + Type: String + AnsibleVaultPass: + Description: Ansible Vault password to protect the Artifactory YAML configuration file + generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes + and secured with this password. + NoEcho: 'true' + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run, which is currently locked to MySQL. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + QsS3BucketName: + Description: S3 bucket name for the Quick Start assets. This string can include + numbers, lowercase letters, and hyphens (-). It cannot start + or end with a hyphen (-). + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: aws-quickstart + Type: String + QsS3KeyPrefix: + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: quickstart-jfrog-artifactory/ + Type: String + QsS3BucketRegion: + Default: 'us-east-1' + Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.12.1 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Conditions: + EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled'] + IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] + HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] + DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] + UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] + EnableXray: !Equals [!Ref InstallXray, 'true'] + SmLicenseCertNameExists: !Not [!Equals [!Ref 'SmLicenseCertName', '']] +Resources: + BastionRole: + Condition: EnableBastion + Type: "AWS::IAM::Role" + Properties: + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: ec2.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: QSBucketAccess + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: s3:GetObject + Resource: !Sub "arn:${AWS::Partition}:s3:::${QsS3BucketName}/*" + - Effect: Allow + Action: + - logs:CreateLogStream + - logs:GetLogEvents + - logs:PutLogEvents + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:PutRetentionPolicy + - logs:PutMetricFilter + - logs:CreateLogGroup + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + - Effect: Allow + Action: + - ec2:AssociateAddress + - ec2:DescribeAddresses + Resource: "*" + BastionStack: + Condition: EnableBastion + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://aws-quickstart.s3.amazonaws.com/quickstart-jfrog-artifactory/submodules/quickstart-linux-bastion/templates/linux-bastion.template + Parameters: + VPCID: !Ref VpcId + PublicSubnet1ID: !Ref PublicSubnet1Id + PublicSubnet2ID: !Ref PublicSubnet2Id + KeyPairName: !Ref KeyPairName + QSS3BucketName: !Ref QsS3BucketName + QSS3KeyPrefix: !Sub '${QsS3KeyPrefix}submodules/quickstart-linux-bastion/' + QSS3BucketRegion: !Ref QsS3BucketRegion + RemoteAccessCIDR: !Ref RemoteAccessCidr + BastionInstanceType: !Ref BastionInstanceType + RootVolumeSize: !Ref BastionRootVolumeSize + BastionAMIOS: !Ref BastionOs + EnableTCPForwarding: !Ref BastionEnableTcpForwarding + EnableX11Forwarding: !Ref BastionEnableX11Forwarding + AlternativeIAMRole: !Ref BastionRole + NumBastionHosts: !Ref NumBastionHosts + ArtifactoryS3IAMUser: + Type: AWS::IAM::User + ArtifactoryIamAcessKey: + Type: AWS::IAM::AccessKey + Properties: + UserName: !Ref ArtifactoryS3IAMUser + ArtifactoryCoreInfraStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-core-infrastructure.template + Parameters: + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + PrivateSubnet3Cidr: !Ref PrivateSubnet2Cidr # This should end up in no new rule but required for EKS + SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseName: !Ref DatabaseName + ArtifactoryS3IAMUser: !Ref ArtifactoryS3IAMUser + InstanceType: !Ref InstanceType + ArtifactoryElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Name: !Sub ${ArtifactoryProduct}-EC2-ELB + Scheme: !Ref ELBScheme + Subnets: + - !Ref PublicSubnet1Id + - !Ref PublicSubnet2Id + Type: network + ArtifactorySslTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 443 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactorySslElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactorySslTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 443 + Protocol: TCP + ArtifactoryElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 80 + Protocol: TCP + ArtifactoryInternalElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Name: ArtifactoryInternal-ELB + Scheme: internal + Subnets: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + Type: network + ArtifactoryInternalTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Name: artifactory-internal-http + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryInternalElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryInternalTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryInternalElb + Port: 80 + Protocol: TCP + ArtifactoryEc2Sg: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: !Sub ${ArtifactoryProduct}-ec2-instances-sg + GroupDescription: SG for EC2 instances (also permits access using SSH from the bastion host) + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8081 + ToPort: 8082 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8046 + ToPort: 8046 + CidrIp: !Ref VpcCidr + SecurityGroupEgress: + - IpProtocol: "-1" + CidrIp: 0.0.0.0/0 + ArtifactoryHostRole: + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + ArtifactoryHostProfile: + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref ArtifactoryHostRole + Path: / + ArtifactoryMaster: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-ec2-instance.template + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + MinScalingNodes: '1' # Always have 1 MasterNode + MaxScalingNodes: '1' # Always have 1 MasterNode + DeploymentTag: !If [IsArtifactory, "ArtifactoryMaster", "JcrMaster"] + HostRole: !Ref ArtifactoryHostRole + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] + ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] + ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] + ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] + ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] + ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] + Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey + SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: 'true' + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + KeystorePassword: !Ref KeystorePassword + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + AnsibleVaultPass: !Ref AnsibleVaultPass + ArtifactorySecondary: + Condition: HasSecondaryNodes + DependsOn: ArtifactoryMaster + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-ec2-instance.template + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + MinScalingNodes: !Ref NumberOfSecondary + MaxScalingNodes: !Ref NumberOfSecondary + DeploymentTag: ArtifactorySecondary + HostRole: !Ref ArtifactoryHostRole + AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] + ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] + ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] + ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] + ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] + ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] + Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey + SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: 'false' + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + KeystorePassword: !Ref KeystorePassword + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + AnsibleVaultPass: !Ref AnsibleVaultPass + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + XrayHostRole: + Condition: EnableXray + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + XrayHostProfile: + Condition: EnableXray + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref XrayHostRole + Path: / + XrayExistingVpcStack: + Condition: EnableXray + DependsOn: ArtifactorySecondary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-xray-ec2-instance.template + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + KeyPairName: !Ref KeyPairName + MinScalingNodes: !Ref XrayNumberOfInstances + MaxScalingNodes: !Ref XrayNumberOfInstances + DeploymentTag: 'xray' + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + MasterKey: !Ref MasterKey + SecurityGroups: !Ref ArtifactoryEc2Sg + VolumeSize: !Ref VolumeSize + XrayInstanceType: !Ref XrayInstanceType + JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" + AnsibleVaultPass: !Ref AnsibleVaultPass + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword + XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + XrayFirstNode: 'true' + XrayVersion: !Ref XrayVersion + XrayAmiId: !Join ['', !Split [".", !Ref XrayVersion]] + XrayHostRole: !Ref XrayHostRole + XrayHostProfile: !Ref XrayHostProfile +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !If [SmLicenseCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryUrl' + ArtifactoryInternalUrl: + Description: URL of the internal ELB to access Artifactory + Value: !Sub "http://${ArtifactoryInternalElb.DNSName}" + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryInternalUrl' + DatabaseType: + Description: Type of database + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + Export: + Name: !Sub '${AWS::StackName}-DatabaseType' + DatabaseDriver: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + Export: + Name: !Sub '${AWS::StackName}-DatabaseDriver' + DatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-DatabaseUrl' + ArtifactoryTargetGroup: + Description: Artifactory target group + Value: !Ref ArtifactoryTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryTargetGroup' + ArtifactorySslTargetGroup: + Description: Artifactory SSL target group + Value: !Ref ArtifactorySslTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactorySslTargetGroup' + ArtifactoryEc2Sg: + Description: Artifactory EC2 sercurity group + Value: !Ref ArtifactoryEc2Sg + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryEc2Sg' + BastionIp: + Value: !If + - EnableBastion + - !GetAtt BastionStack.Outputs.EIP1 + - "" + XrayMasterDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayMasterDatabaseUrl' + XrayDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayDatabaseUrl' diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml new file mode 100644 index 0000000..91f8775 --- /dev/null +++ b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -0,0 +1,345 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + HostRole: + Type: String + AmiId: + Type: String + ArtifactoryProduct: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + ArtifactoryLicense1: + Type: String + ArtifactoryLicense2: + Type: String + ArtifactoryLicense3: + Type: String + ArtifactoryLicense4: + Type: String + ArtifactoryLicense5: + Type: String + ArtifactoryLicense6: + Type: String + ArtifactoryServerName: + Type: String + Certificate: + Type: String + CertificateKey: + Type: String + NoEcho: 'true' + CertificateDomain: + Type: String + EnableSSL: + Type: String + ArtifactoryIamAcessKey: + Type: String + NoEcho: 'true' + SecretAccessKey: + Type: String + NoEcho: 'true' + ArtifactoryS3Bucket: + Type: String + DatabaseUrl: + Type: String + DatabaseDriver: + Type: String + DatabasePluginUrl: + Type: String + DatabasePlugin: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + ArtifactoryPrimary: + Type: String + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + ArtifactoryVersion: + Type: String + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + TargetGroupARN: + Type: String + SSLTargetGroupARN: + Type: String + InternalTargetGroupARN: + Type: String + HostProfile: + Type: String + SecurityGroups: + Type: String + InstanceType: + Type: String + VolumeSize: + Type: Number + KeystorePassword: + Description: Default Keystore from Java in which we upgrade. + Type: String + NoEcho: 'true' + AnsibleVaultPass: + Description: Ansiblevault Password to secure the artifactory.yml + Type: String + NoEcho: 'true' +Mappings: + AWSAMIRegionMap: + us-east-1: + "Artifactory7112": ami-0ea7d62825c941e92 + us-east-2: + "Artifactory7112": ami-0a282b74eef1c84b5 + us-west-1: + "Artifactory7112": ami-02fa6dd21f023b9e3 + us-west-2: + "Artifactory7112": ami-0ea26f5ddc490f184 + ca-central-1: + "Artifactory7112": ami-0f422f5980aeba60f + eu-central-1: + "Artifactory7112": ami-05df4fbab56afe702 + eu-west-1: + "Artifactory7112": ami-05386b580a110a49a + eu-west-2: + "Artifactory7112": ami-094b79d303c9e1e0d + eu-west-3: + "Artifactory7112": ami-0ed4d6971439caf27 + ap-southeast-1: + "Artifactory7112": ami-01ec4e8b4ffbf7dc1 + ap-southeast-2: + "Artifactory7112": ami-0ccb1a939c83d8062 + ap-south-1: + "Artifactory7112": ami-078c43a083b6500be + ap-northeast-1: + "Artifactory7112": ami-0695fd32ca193cccd + ap-northeast-2: + "Artifactory7112": ami-0a03d23e6dc213b5e + sa-east-1: + "Artifactory7112": ami-0b831f8403d6979d4 + us-gov-west-1: + "Artifactory7112": ami-0842d7e7becc59c39 + ArtifactoryProductMap: + JFrog-Container-Registry: + "7112": "Jcr7112" + product: "jcr" + JFrog-Artifactory-Pro: + "7112": "Artifactory7112" + product: "artifactory" +Resources: + ArtifactoryScalingGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + TargetGroupARNs: + - !Ref TargetGroupARN + - !Ref SSLTargetGroupARN + - !Ref InternalTargetGroupARN + HealthCheckType: ELB + HealthCheckGracePeriod: 900 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: PT30M + + ArtifactoryLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: + - !Ref HostRole # !Ref ArtifactoryHostRole + buckets: + - !Ref QsS3BucketName + 'AWS::CloudFormation::Init': + configSets: + artifactory_install: + - "config-artifactory-master" + - "secure-artifactory" + config-artifactory-master: + files: + /root/.jfrog_ami/artifactory.yml: + content: !Sub + - | + # Base install for Artifactory + - import_playbook: site-artifactory.yml + vars: + artifactory_license1: ${ArtifactoryLicense1} + artifactory_license2: ${ArtifactoryLicense2} + artifactory_license3: ${ArtifactoryLicense3} + artifactory_license4: ${ArtifactoryLicense4} + artifactory_license5: ${ArtifactoryLicense5} + artifactory_license6: ${ArtifactoryLicense6} + artifactory_product: ${product} + artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}" + artifactory_server_name: ${ArtifactoryServerName} + server_name: ${ArtifactoryServerName}.${CertificateDomain} + s3_region: ${AWS::Region} + s3_access_key: ${ArtifactoryIamAcessKey} + s3_access_secret_key: ${SecretAccessKey} + s3_bucket: ${ArtifactoryS3Bucket} + certificate: ${Certificate} + certificate_key: ${CertificateKey} + certificate_domain: ${CertificateDomain} + enable_ssl: ${EnableSSL} + ssl_dir: /etc/pki/tls/certs + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: ${DatabaseUrl} + db_user: ${DatabaseUser} + db_password: ${DatabasePassword} + # db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar + art_primary: ${ArtifactoryPrimary} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + artifactory_version: ${ArtifactoryVersion} + artifactory_keystore: + path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts + default_password: changeit + new_keystore_pass: ${KeystorePassword} + artifactory_java_db_drivers: + - name: ${DatabasePlugin} + url: ${DatabasePluginUrl} + owner: artifactory + group: artifactory + - { + product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product] + } + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${AnsibleVaultPass} + mode: "0400" + /root/.secureit.sh: + content: + ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-artifactory: + commands: + 'secure ansible playbook': + command: '/root/.secureit.sh' + ignoreErrors: 'false' + Properties: + AssociatePublicIpAddress: false + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref HostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !FindInMap + - ArtifactoryProductMap + - !Ref ArtifactoryProduct + - !Ref AmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref InstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + UserData: + 'Fn::Base64': + !Sub | + #!/bin/bash -x + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # yum install -y git + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + echo \'[Cloning: Load QuickStart Common Utils]\' + + # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git + + source /quickstart-linux-utilities/quickstart-cfn-tools.source + + echo \'[Loaded: Load QuickStart Common Utils]\' + + echo \'[Update Operating System]\' + + qs_update-os || qs_err + + qs_bootstrap_pip || qs_err + + qs_aws-cfn-bootstrap || qs_err + + source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + # mkdir ~/.artifactory_ansible + + # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.artifactory_ansible/ + + cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail + + export ANSIBLE_VAULT_PASSWORD_FILE="/root/.vault_pass.txt" + + setsebool httpd_can_network_connect 1 -P + + ansible-playbook /root/.jfrog_ami/artifactory.yml || qs_err " ansible execution failed " + + rm -rf /root/.secureit.sh + + [ $(qs_status) == 0 ] && cfn_success || cfn_fail diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml new file mode 100644 index 0000000..8b26b6d --- /dev/null +++ b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml @@ -0,0 +1,456 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into a new VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - KeystorePassword + - AnsibleVaultPass + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + KeyPairName: + default: SSH key name + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryVersion: + default: Artifactory version + SmLicenseCertName: + default: Artifactory licenses and certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + KeystorePassword: + default: Java key store password + AnsibleVaultPass: + default: Ansible Vault password + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog XrayNumberOfInstances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + PrivateSubnet1Cidr: + Description: CIDR block for private subnet 1, located in Availability Zone 1. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR block for private subnet 2, located in Availability Zone 2. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range permitted to access Artifactory. + It is recommended that you set this value to a trusted IP range. + For example, you may want to limit software access to your corporate network. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + It is recommended that you set this value to a trusted IP range. + For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + VolumeSize: + Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two, and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + To select the correct version, see the release notes at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases. + Default: 7.12.5 + Type: String + SmLicenseCertName: + Description: Secret name created in AWS Secrets Manager that contains the SSL certificate, certificate key, and Artifactory licenses. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + KeystorePassword: + Description: Java key store password. For better security, the password that you specify will + replace the default Java key store password. + NoEcho: 'true' + Type: String + AnsibleVaultPass: + Description: Ansible Vault password to protect the Artifactory YAML configuration file + generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes + and secured with this password. + NoEcho: 'true' + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.12.1 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Resources: + ArtifactoryExistingVpcStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-ec2-existing-vpc.template + Parameters: + KeyPairName: !Ref KeyPairName + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PublicSubnet1Id: !Ref PublicSubnet1Id + PublicSubnet2Id: !Ref PublicSubnet2Id + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + AccessCidr: !Ref AccessCidr + RemoteAccessCidr: !Ref RemoteAccessCidr + ProvisionBastionHost: "Disabled" + BastionInstanceType: "t3.micro" + BastionRootVolumeSize: 10 + BastionEnableTcpForwarding: "true" + BastionEnableX11Forwarding: "false" + BastionOs: "Amazon-Linux2-HVM" + NumBastionHosts: "1" + VolumeSize: !Ref VolumeSize + InstanceType: !Ref InstanceType + NumberOfSecondary: !Ref NumberOfSecondary + ArtifactoryProduct: "JFrog-Artifactory-Pro" + ArtifactoryVersion: !Ref ArtifactoryVersion + SmLicenseCertName: !Ref SmLicenseCertName + ArtifactoryServerName: !Ref ArtifactoryServerName + MasterKey: !Ref MasterKey + ExtraJavaOptions: !Ref ExtraJavaOptions + DefaultJavaMemSettings: !Ref DefaultJavaMemSettings + KeystorePassword: !Ref KeystorePassword + AnsibleVaultPass: !Ref AnsibleVaultPass + DatabaseName: !Ref DatabaseName + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + QsS3BucketName: "jfrog-aws-test" + QsS3KeyPrefix: "artifactory7/v7112/" + QsS3BucketRegion: "us-east-1" + InstallXray: !Ref InstallXray + XrayVersion: !Ref XrayVersion + XrayNumberOfInstances: !Ref XrayNumberOfInstances + XrayInstanceType: !Ref XrayInstanceType + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl} + BastionIp: + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.BastionIp} + Description: Bastion host IP, for admin access via SSH diff --git a/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml new file mode 100644 index 0000000..2561e86 --- /dev/null +++ b/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml @@ -0,0 +1,259 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + DatabaseDriver: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + MasterKey: + Type: String + NoEcho: 'true' + SecurityGroups: + Type: String + VolumeSize: + Type: Number + XrayHostProfile: + Type: String + XrayHostRole: + Type: String + XrayInstanceType: + Type: String + JfrogInternalUrl: + Type: String + AnsibleVaultPass: + Description: Ansiblevault Password to secure the artifactory.yml + Type: String + NoEcho: 'true' + XrayDatabaseUser: + Type: String + XrayDatabasePassword: + Type: String + NoEcho: 'true' + XrayMasterDatabaseUrl: + Type: String + XrayDatabaseUrl: + Type: String + XrayFirstNode: + Description: Runs database scripts if this is the first node + Type: String + XrayVersion: + Type: String + XrayAmiId: + Type: String +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + us-east-1: + "3112": ami-04954176e0e714377 + us-east-2: + "3112": ami-0dde651cd599d64e8 + us-west-1: + "3112": ami-0926fb027c339d991 + us-west-2: + "3112": ami-0e48dd6310c205c33 + ca-central-1: + "3112": ami-056bafb407aa8e445 + eu-central-1: + "3112": ami-05ab6de966f830b8a + eu-west-1: + "3112": ami-055507b35a350806d + eu-west-2: + "3112": ami-007c8adf17c3bee79 + eu-west-3: + "3112": ami-033e74f7f2e7b43ae + ap-southeast-1: + "3112": ami-0114ff3241c5a86a8 + ap-southeast-2: + "3112": ami-0c753f85c64c4169d + ap-south-1: + "3112": ami-09f40817a8786b93c + ap-northeast-1: + "3112": ami-00f6ec6314c6ddd27 + ap-northeast-2: + "3112": ami-05a10d14c3289f2b3 + sa-east-1: + "3112": ami-0c2acb2f23c3e6743 + us-gov-west-1: + "3112": ami-0f0208b759ab47734 + +Resources: + XrayScalingGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + LaunchConfigurationName: !Ref XrayLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + HealthCheckType: EC2 + HealthCheckGracePeriod: 900 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: PT60M + XrayLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: + - !Ref XrayHostRole + buckets: + - !Ref QsS3BucketName + 'AWS::CloudFormation::Init': + configSets: + xray_install: + - "config-xray" + config-xray: + files: + /root/.xray_ami/xray.yml: + content: !Sub + - | + # Base install for Xray + - import_playbook: site-xray.yml + vars: + jfrog_url: ${JfrogInternalUrl} + master_key: ${MasterKey} + join_key: ${MasterKey} + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: postgres://${XrayDatabaseUrl} + db_user: ${XrayDatabaseUser} + db_password: ${XrayDatabasePassword} + xray_version: ${XrayVersion} + - { + product: Xray + } + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${AnsibleVaultPass} + mode: "0400" + Properties: + AssociatePublicIpAddress: false + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref XrayHostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !Ref XrayAmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref XrayInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + UserData: + 'Fn::Base64': + !Sub | + #!/bin/bash -x + exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # yum install -y git + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + echo \'[Cloning: Load QuickStart Common Utils]\' + + # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git + + source /quickstart-linux-utilities/quickstart-cfn-tools.source + + echo \'[Loaded: Load QuickStart Common Utils]\' + + echo \'[Update Operating System]\' + + qs_update-os || qs_err + + qs_bootstrap_pip || qs_err + + qs_aws-cfn-bootstrap || qs_err + + source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " + + # mkdir ~/.xray_ansible + + # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ansible/ + + cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + if "true" == "${XrayFirstNode}" + then + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE USER ${XrayDatabaseUser} WITH PASSWORD '${XrayDatabasePassword}'" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "grant ${XrayDatabaseUser} to ${DatabaseUser}" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE DATABASE xraydb WITH OWNER=${XrayDatabaseUser} ENCODING='UTF8'" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO ${XrayDatabaseUser}" &>> /var/log/userdata.xray_database.log; + fi + + ansible-playbook /root/.xray_ami/xray.yml || qs_err " ansible execution failed " + + $(qs_status) &> /var/log/qs_status.log + cfn_success &> /var/log/cfn_success.log + [ $(qs_status) == 0 ] && cfn_success || cfn_fail From a206ae33ff7b466f5cd72c037e205748a3bd588a Mon Sep 17 00:00:00 2001 From: Alex Hung Date: Thu, 7 Jan 2021 09:49:39 -0800 Subject: [PATCH 2/6] Update product map versions and ami ids --- ...rog-artifactory-ec2-instance.template.yaml | 36 +++++++++---------- .../jfrog-xray-ec2-instance.template.yaml | 32 ++++++++--------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml index 91f8775..a4dca4e 100644 --- a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml +++ b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -105,43 +105,43 @@ Parameters: Mappings: AWSAMIRegionMap: us-east-1: - "Artifactory7112": ami-0ea7d62825c941e92 + "Artifactory7125": ami-02dc25a6b0c7c20f9 us-east-2: - "Artifactory7112": ami-0a282b74eef1c84b5 + "Artifactory7125": ami-0a282b74eef1c84b5 us-west-1: - "Artifactory7112": ami-02fa6dd21f023b9e3 + "Artifactory7125": ami-0e426b68e4ce468ff us-west-2: - "Artifactory7112": ami-0ea26f5ddc490f184 + "Artifactory7125": ami-0ea26f5ddc490f184 ca-central-1: - "Artifactory7112": ami-0f422f5980aeba60f + "Artifactory7125": ami-0f422f5980aeba60f eu-central-1: - "Artifactory7112": ami-05df4fbab56afe702 + "Artifactory7125": ami-05df4fbab56afe702 eu-west-1: - "Artifactory7112": ami-05386b580a110a49a + "Artifactory7125": ami-05386b580a110a49a eu-west-2: - "Artifactory7112": ami-094b79d303c9e1e0d + "Artifactory7125": ami-094b79d303c9e1e0d eu-west-3: - "Artifactory7112": ami-0ed4d6971439caf27 + "Artifactory7125": ami-0ed4d6971439caf27 ap-southeast-1: - "Artifactory7112": ami-01ec4e8b4ffbf7dc1 + "Artifactory7125": ami-01ec4e8b4ffbf7dc1 ap-southeast-2: - "Artifactory7112": ami-0ccb1a939c83d8062 + "Artifactory7125": ami-0ccb1a939c83d8062 ap-south-1: - "Artifactory7112": ami-078c43a083b6500be + "Artifactory7125": ami-078c43a083b6500be ap-northeast-1: - "Artifactory7112": ami-0695fd32ca193cccd + "Artifactory7125": ami-0695fd32ca193cccd ap-northeast-2: - "Artifactory7112": ami-0a03d23e6dc213b5e + "Artifactory7125": ami-0a03d23e6dc213b5e sa-east-1: - "Artifactory7112": ami-0b831f8403d6979d4 + "Artifactory7125": ami-0b831f8403d6979d4 us-gov-west-1: - "Artifactory7112": ami-0842d7e7becc59c39 + "Artifactory7125": ami-0a626a31c3b8854d6 ArtifactoryProductMap: JFrog-Container-Registry: - "7112": "Jcr7112" + "7125": "Jcr7125" product: "jcr" JFrog-Artifactory-Pro: - "7112": "Artifactory7112" + "7125": "Artifactory7125" product: "artifactory" Resources: ArtifactoryScalingGroup: diff --git a/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml index 2561e86..db5390c 100644 --- a/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml +++ b/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml @@ -68,37 +68,37 @@ Parameters: Mappings: AWSAMIRegionMap: us-east-1: - "3112": ami-04954176e0e714377 + "3151": ami-0569c7c79a4dcf3e8 us-east-2: - "3112": ami-0dde651cd599d64e8 + "3151": ami-0dde651cd599d64e8 us-west-1: - "3112": ami-0926fb027c339d991 + "3151": ami-03fdb28548522d872 us-west-2: - "3112": ami-0e48dd6310c205c33 + "3151": ami-0e48dd6310c205c33 ca-central-1: - "3112": ami-056bafb407aa8e445 + "3151": ami-056bafb407aa8e445 eu-central-1: - "3112": ami-05ab6de966f830b8a + "3151": ami-05ab6de966f830b8a eu-west-1: - "3112": ami-055507b35a350806d + "3151": ami-055507b35a350806d eu-west-2: - "3112": ami-007c8adf17c3bee79 + "3151": ami-007c8adf17c3bee79 eu-west-3: - "3112": ami-033e74f7f2e7b43ae + "3151": ami-033e74f7f2e7b43ae ap-southeast-1: - "3112": ami-0114ff3241c5a86a8 + "3151": ami-0114ff3241c5a86a8 ap-southeast-2: - "3112": ami-0c753f85c64c4169d + "3151": ami-0c753f85c64c4169d ap-south-1: - "3112": ami-09f40817a8786b93c + "3151": ami-09f40817a8786b93c ap-northeast-1: - "3112": ami-00f6ec6314c6ddd27 + "3151": ami-00f6ec6314c6ddd27 ap-northeast-2: - "3112": ami-05a10d14c3289f2b3 + "3151": ami-05a10d14c3289f2b3 sa-east-1: - "3112": ami-0c2acb2f23c3e6743 + "3151": ami-0c2acb2f23c3e6743 us-gov-west-1: - "3112": ami-0f0208b759ab47734 + "3151": ami-019ab5372c3e3c7ea Resources: XrayScalingGroup: From fe08f1896f2db4f164d3fe072c3f579d4c4b02d5 Mon Sep 17 00:00:00 2001 From: Alex Hung Date: Thu, 7 Jan 2021 13:46:20 -0800 Subject: [PATCH 3/6] Replace hardcoded template URLs --- .../jfrog-artifactory-ec2-existing-vpc.template.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml index ff0563d..7b51d68 100644 --- a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml +++ b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -609,7 +609,7 @@ Resources: ArtifactoryCoreInfraStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-core-infrastructure.template + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml Parameters: VpcId: !Ref VpcId VpcCidr: !Ref VpcCidr @@ -780,7 +780,7 @@ Resources: ArtifactoryMaster: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-ec2-instance.template + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml Parameters: PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnet2Id: !Ref PrivateSubnet2Id @@ -842,7 +842,7 @@ Resources: DependsOn: ArtifactoryMaster Type: AWS::CloudFormation::Stack Properties: - TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-ec2-instance.template + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml Parameters: PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnet2Id: !Ref PrivateSubnet2Id @@ -927,7 +927,7 @@ Resources: DependsOn: ArtifactorySecondary Type: AWS::CloudFormation::Stack Properties: - TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-xray-ec2-instance.template + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-xray-ec2-instance.template.yaml Parameters: PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnet2Id: !Ref PrivateSubnet2Id From d46a74b247cce18b289ebf5023050c66c95edc49 Mon Sep 17 00:00:00 2001 From: Alex Hung Date: Fri, 19 Feb 2021 12:13:54 -0800 Subject: [PATCH 4/6] Add new templates for RT 7.15.3 and Xray 3.17.4 --- ...rog-artifactory-ec2-instance.template.yaml | 345 --------------- .../jfrog-xray-ec2-instance.template.yaml | 259 ----------- ...ifactory-core-infrastructure.template.yaml | 40 +- ...artifactory-ec2-existing-vpc.template.yaml | 253 ++++++----- ...rog-artifactory-ec2-instance.template.yaml | 408 ++++++++++++++++++ ...ctory-ec2-marketplace-master.template.yaml | 81 ++-- .../jfrog-xray-ec2-instance.template.yaml | 292 +++++++++++++ 7 files changed, 913 insertions(+), 765 deletions(-) delete mode 100644 Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml delete mode 100644 Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml rename Amazon/Marketplace/{v7125 => v7153}/templates/jfrog-artifactory-core-infrastructure.template.yaml (91%) rename Amazon/Marketplace/{v7125 => v7153}/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml (82%) create mode 100644 Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml rename Amazon/Marketplace/{v7125 => v7153}/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml (90%) create mode 100644 Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml deleted file mode 100644 index a4dca4e..0000000 --- a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml +++ /dev/null @@ -1,345 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" -Parameters: - PrivateSubnet1Id: - Type: 'AWS::EC2::Subnet::Id' - PrivateSubnet2Id: - Type: 'AWS::EC2::Subnet::Id' - MinScalingNodes: - Type: Number - MaxScalingNodes: - Type: Number - DeploymentTag: - Type: String - HostRole: - Type: String - AmiId: - Type: String - ArtifactoryProduct: - Type: String - QsS3BucketName: - Type: String - QsS3KeyPrefix: - Type: String - QsS3Uri: - Type: String - ArtifactoryLicense1: - Type: String - ArtifactoryLicense2: - Type: String - ArtifactoryLicense3: - Type: String - ArtifactoryLicense4: - Type: String - ArtifactoryLicense5: - Type: String - ArtifactoryLicense6: - Type: String - ArtifactoryServerName: - Type: String - Certificate: - Type: String - CertificateKey: - Type: String - NoEcho: 'true' - CertificateDomain: - Type: String - EnableSSL: - Type: String - ArtifactoryIamAcessKey: - Type: String - NoEcho: 'true' - SecretAccessKey: - Type: String - NoEcho: 'true' - ArtifactoryS3Bucket: - Type: String - DatabaseUrl: - Type: String - DatabaseDriver: - Type: String - DatabasePluginUrl: - Type: String - DatabasePlugin: - Type: String - DatabaseType: - Type: String - DatabaseUser: - Type: String - DatabasePassword: - Type: String - NoEcho: 'true' - ArtifactoryPrimary: - Type: String - MasterKey: - Type: String - NoEcho: 'true' - ExtraJavaOptions: - Type: String - ArtifactoryVersion: - Type: String - KeyPairName: - Type: AWS::EC2::KeyPair::KeyName - TargetGroupARN: - Type: String - SSLTargetGroupARN: - Type: String - InternalTargetGroupARN: - Type: String - HostProfile: - Type: String - SecurityGroups: - Type: String - InstanceType: - Type: String - VolumeSize: - Type: Number - KeystorePassword: - Description: Default Keystore from Java in which we upgrade. - Type: String - NoEcho: 'true' - AnsibleVaultPass: - Description: Ansiblevault Password to secure the artifactory.yml - Type: String - NoEcho: 'true' -Mappings: - AWSAMIRegionMap: - us-east-1: - "Artifactory7125": ami-02dc25a6b0c7c20f9 - us-east-2: - "Artifactory7125": ami-0a282b74eef1c84b5 - us-west-1: - "Artifactory7125": ami-0e426b68e4ce468ff - us-west-2: - "Artifactory7125": ami-0ea26f5ddc490f184 - ca-central-1: - "Artifactory7125": ami-0f422f5980aeba60f - eu-central-1: - "Artifactory7125": ami-05df4fbab56afe702 - eu-west-1: - "Artifactory7125": ami-05386b580a110a49a - eu-west-2: - "Artifactory7125": ami-094b79d303c9e1e0d - eu-west-3: - "Artifactory7125": ami-0ed4d6971439caf27 - ap-southeast-1: - "Artifactory7125": ami-01ec4e8b4ffbf7dc1 - ap-southeast-2: - "Artifactory7125": ami-0ccb1a939c83d8062 - ap-south-1: - "Artifactory7125": ami-078c43a083b6500be - ap-northeast-1: - "Artifactory7125": ami-0695fd32ca193cccd - ap-northeast-2: - "Artifactory7125": ami-0a03d23e6dc213b5e - sa-east-1: - "Artifactory7125": ami-0b831f8403d6979d4 - us-gov-west-1: - "Artifactory7125": ami-0a626a31c3b8854d6 - ArtifactoryProductMap: - JFrog-Container-Registry: - "7125": "Jcr7125" - product: "jcr" - JFrog-Artifactory-Pro: - "7125": "Artifactory7125" - product: "artifactory" -Resources: - ArtifactoryScalingGroup: - Type: 'AWS::AutoScaling::AutoScalingGroup' - Properties: - LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration - VPCZoneIdentifier: - - !Ref PrivateSubnet1Id - - !Ref PrivateSubnet2Id - MinSize: !Ref MinScalingNodes - MaxSize: !Ref MaxScalingNodes - Cooldown: '300' - DesiredCapacity: !Ref MinScalingNodes - TargetGroupARNs: - - !Ref TargetGroupARN - - !Ref SSLTargetGroupARN - - !Ref InternalTargetGroupARN - HealthCheckType: ELB - HealthCheckGracePeriod: 900 - Tags: - - Key: Name - Value: !Ref DeploymentTag - PropagateAtLaunch: true - CreationPolicy: - ResourceSignal: - Count: 1 - Timeout: PT30M - - ArtifactoryLaunchConfiguration: - Type: 'AWS::AutoScaling::LaunchConfiguration' - Metadata: - 'AWS::CloudFormation::Authentication': - S3AccessCreds: - type: S3 - roleName: - - !Ref HostRole # !Ref ArtifactoryHostRole - buckets: - - !Ref QsS3BucketName - 'AWS::CloudFormation::Init': - configSets: - artifactory_install: - - "config-artifactory-master" - - "secure-artifactory" - config-artifactory-master: - files: - /root/.jfrog_ami/artifactory.yml: - content: !Sub - - | - # Base install for Artifactory - - import_playbook: site-artifactory.yml - vars: - artifactory_license1: ${ArtifactoryLicense1} - artifactory_license2: ${ArtifactoryLicense2} - artifactory_license3: ${ArtifactoryLicense3} - artifactory_license4: ${ArtifactoryLicense4} - artifactory_license5: ${ArtifactoryLicense5} - artifactory_license6: ${ArtifactoryLicense6} - artifactory_product: ${product} - artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}" - artifactory_server_name: ${ArtifactoryServerName} - server_name: ${ArtifactoryServerName}.${CertificateDomain} - s3_region: ${AWS::Region} - s3_access_key: ${ArtifactoryIamAcessKey} - s3_access_secret_key: ${SecretAccessKey} - s3_bucket: ${ArtifactoryS3Bucket} - certificate: ${Certificate} - certificate_key: ${CertificateKey} - certificate_domain: ${CertificateDomain} - enable_ssl: ${EnableSSL} - ssl_dir: /etc/pki/tls/certs - db_type: ${DatabaseType} - db_driver: ${DatabaseDriver} - db_url: ${DatabaseUrl} - db_user: ${DatabaseUser} - db_password: ${DatabasePassword} - # db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar - art_primary: ${ArtifactoryPrimary} - master_key: ${MasterKey} - join_key: ${MasterKey} - extra_java_opts: ${ExtraJavaOptions} - artifactory_version: ${ArtifactoryVersion} - artifactory_keystore: - path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts - default_password: changeit - new_keystore_pass: ${KeystorePassword} - artifactory_java_db_drivers: - - name: ${DatabasePlugin} - url: ${DatabasePluginUrl} - owner: artifactory - group: artifactory - - { - product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product] - } - mode: "0400" - /root/.vault_pass.txt: - content: !Sub | - ${AnsibleVaultPass} - mode: "0400" - /root/.secureit.sh: - content: - ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt - mode: "0770" - secure-artifactory: - commands: - 'secure ansible playbook': - command: '/root/.secureit.sh' - ignoreErrors: 'false' - Properties: - AssociatePublicIpAddress: false - KeyName: !Ref KeyPairName - IamInstanceProfile: !Ref HostProfile - ImageId: !FindInMap - - AWSAMIRegionMap - - !Ref 'AWS::Region' - - !FindInMap - - ArtifactoryProductMap - - !Ref ArtifactoryProduct - - !Ref AmiId - SecurityGroups: - - !Ref SecurityGroups - InstanceType: !Ref InstanceType - BlockDeviceMappings: - - DeviceName: /dev/xvda - Ebs: - VolumeSize: !Ref VolumeSize - VolumeType: gp2 - DeleteOnTermination: true - UserData: - 'Fn::Base64': - !Sub | - #!/bin/bash -x - - #CFN Functions - - function cfn_fail - - { - - cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup - - exit 1 - - } - - function cfn_success - - { - - cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup - - exit 0 - - } - - S3URI=${QsS3Uri} - - # yum install -y git - - echo $PATH - - PATH=/opt/aws/bin:$PATH - - echo $PATH - echo \'[Cloning: Load QuickStart Common Utils]\' - - # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git - - source /quickstart-linux-utilities/quickstart-cfn-tools.source - - echo \'[Loaded: Load QuickStart Common Utils]\' - - echo \'[Update Operating System]\' - - qs_update-os || qs_err - - qs_bootstrap_pip || qs_err - - qs_aws-cfn-bootstrap || qs_err - - source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " - - # CentOS cloned virtual machines do not create a new machine id - # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ - rm -f /etc/machine-id - systemd-machine-id-setup - - # mkdir ~/.artifactory_ansible - - # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.artifactory_ansible/ - - cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail - - export ANSIBLE_VAULT_PASSWORD_FILE="/root/.vault_pass.txt" - - setsebool httpd_can_network_connect 1 -P - - ansible-playbook /root/.jfrog_ami/artifactory.yml || qs_err " ansible execution failed " - - rm -rf /root/.secureit.sh - - [ $(qs_status) == 0 ] && cfn_success || cfn_fail diff --git a/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml deleted file mode 100644 index db5390c..0000000 --- a/Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml +++ /dev/null @@ -1,259 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" -Parameters: - PrivateSubnet1Id: - Type: 'AWS::EC2::Subnet::Id' - PrivateSubnet2Id: - Type: 'AWS::EC2::Subnet::Id' - KeyPairName: - Type: AWS::EC2::KeyPair::KeyName - MinScalingNodes: - Type: Number - MaxScalingNodes: - Type: Number - DeploymentTag: - Type: String - QsS3BucketName: - Type: String - QsS3KeyPrefix: - Type: String - QsS3Uri: - Type: String - DatabaseDriver: - Type: String - DatabaseType: - Type: String - DatabaseUser: - Type: String - DatabasePassword: - Type: String - NoEcho: 'true' - MasterKey: - Type: String - NoEcho: 'true' - SecurityGroups: - Type: String - VolumeSize: - Type: Number - XrayHostProfile: - Type: String - XrayHostRole: - Type: String - XrayInstanceType: - Type: String - JfrogInternalUrl: - Type: String - AnsibleVaultPass: - Description: Ansiblevault Password to secure the artifactory.yml - Type: String - NoEcho: 'true' - XrayDatabaseUser: - Type: String - XrayDatabasePassword: - Type: String - NoEcho: 'true' - XrayMasterDatabaseUrl: - Type: String - XrayDatabaseUrl: - Type: String - XrayFirstNode: - Description: Runs database scripts if this is the first node - Type: String - XrayVersion: - Type: String - XrayAmiId: - Type: String -# To populate additional mappings use the following with the desired --region -# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' -Mappings: - AWSAMIRegionMap: - us-east-1: - "3151": ami-0569c7c79a4dcf3e8 - us-east-2: - "3151": ami-0dde651cd599d64e8 - us-west-1: - "3151": ami-03fdb28548522d872 - us-west-2: - "3151": ami-0e48dd6310c205c33 - ca-central-1: - "3151": ami-056bafb407aa8e445 - eu-central-1: - "3151": ami-05ab6de966f830b8a - eu-west-1: - "3151": ami-055507b35a350806d - eu-west-2: - "3151": ami-007c8adf17c3bee79 - eu-west-3: - "3151": ami-033e74f7f2e7b43ae - ap-southeast-1: - "3151": ami-0114ff3241c5a86a8 - ap-southeast-2: - "3151": ami-0c753f85c64c4169d - ap-south-1: - "3151": ami-09f40817a8786b93c - ap-northeast-1: - "3151": ami-00f6ec6314c6ddd27 - ap-northeast-2: - "3151": ami-05a10d14c3289f2b3 - sa-east-1: - "3151": ami-0c2acb2f23c3e6743 - us-gov-west-1: - "3151": ami-019ab5372c3e3c7ea - -Resources: - XrayScalingGroup: - Type: 'AWS::AutoScaling::AutoScalingGroup' - Properties: - LaunchConfigurationName: !Ref XrayLaunchConfiguration - VPCZoneIdentifier: - - !Ref PrivateSubnet1Id - - !Ref PrivateSubnet2Id - MinSize: !Ref MinScalingNodes - MaxSize: !Ref MaxScalingNodes - Cooldown: '300' - DesiredCapacity: !Ref MinScalingNodes - HealthCheckType: EC2 - HealthCheckGracePeriod: 900 - Tags: - - Key: Name - Value: !Ref DeploymentTag - PropagateAtLaunch: true - CreationPolicy: - ResourceSignal: - Count: 1 - Timeout: PT60M - XrayLaunchConfiguration: - Type: 'AWS::AutoScaling::LaunchConfiguration' - Metadata: - 'AWS::CloudFormation::Authentication': - S3AccessCreds: - type: S3 - roleName: - - !Ref XrayHostRole - buckets: - - !Ref QsS3BucketName - 'AWS::CloudFormation::Init': - configSets: - xray_install: - - "config-xray" - config-xray: - files: - /root/.xray_ami/xray.yml: - content: !Sub - - | - # Base install for Xray - - import_playbook: site-xray.yml - vars: - jfrog_url: ${JfrogInternalUrl} - master_key: ${MasterKey} - join_key: ${MasterKey} - db_type: ${DatabaseType} - db_driver: ${DatabaseDriver} - db_url: postgres://${XrayDatabaseUrl} - db_user: ${XrayDatabaseUser} - db_password: ${XrayDatabasePassword} - xray_version: ${XrayVersion} - - { - product: Xray - } - mode: "0400" - /root/.vault_pass.txt: - content: !Sub | - ${AnsibleVaultPass} - mode: "0400" - Properties: - AssociatePublicIpAddress: false - KeyName: !Ref KeyPairName - IamInstanceProfile: !Ref XrayHostProfile - ImageId: !FindInMap - - AWSAMIRegionMap - - !Ref 'AWS::Region' - - !Ref XrayAmiId - SecurityGroups: - - !Ref SecurityGroups - InstanceType: !Ref XrayInstanceType - BlockDeviceMappings: - - DeviceName: /dev/xvda - Ebs: - VolumeSize: !Ref VolumeSize - VolumeType: gp2 - DeleteOnTermination: true - UserData: - 'Fn::Base64': - !Sub | - #!/bin/bash -x - exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 - - #CFN Functions - - function cfn_fail - - { - - cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup - - exit 1 - - } - - function cfn_success - - { - - cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup - - exit 0 - - } - - S3URI=${QsS3Uri} - - # yum install -y git - - echo $PATH - - PATH=/opt/aws/bin:$PATH - - echo $PATH - echo \'[Cloning: Load QuickStart Common Utils]\' - - # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git - - source /quickstart-linux-utilities/quickstart-cfn-tools.source - - echo \'[Loaded: Load QuickStart Common Utils]\' - - echo \'[Update Operating System]\' - - qs_update-os || qs_err - - qs_bootstrap_pip || qs_err - - qs_aws-cfn-bootstrap || qs_err - - source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " - - # mkdir ~/.xray_ansible - - # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ansible/ - - cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail - - # CentOS cloned virtual machines do not create a new machine id - # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ - rm -f /etc/machine-id - systemd-machine-id-setup - - if "true" == "${XrayFirstNode}" - then - psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE USER ${XrayDatabaseUser} WITH PASSWORD '${XrayDatabasePassword}'" &>> /var/log/userdata.xray_database.log; - psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "grant ${XrayDatabaseUser} to ${DatabaseUser}" &>> /var/log/userdata.xray_database.log; - psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE DATABASE xraydb WITH OWNER=${XrayDatabaseUser} ENCODING='UTF8'" &>> /var/log/userdata.xray_database.log; - psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO ${XrayDatabaseUser}" &>> /var/log/userdata.xray_database.log; - fi - - ansible-playbook /root/.xray_ami/xray.yml || qs_err " ansible execution failed " - - $(qs_status) &> /var/log/qs_status.log - cfn_success &> /var/log/cfn_success.log - [ $(qs_status) == 0 ] && cfn_success || cfn_fail diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-core-infrastructure.template.yaml b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-core-infrastructure.template.yaml similarity index 91% rename from Amazon/Marketplace/v7125/templates/jfrog-artifactory-core-infrastructure.template.yaml rename to Amazon/Marketplace/v7153/templates/jfrog-artifactory-core-infrastructure.template.yaml index 2362bba..6f907c0 100644 --- a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-core-infrastructure.template.yaml +++ b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-core-infrastructure.template.yaml @@ -1,6 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' Parameters: + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List VpcId: Type: AWS::EC2::VPC::Id VpcCidr: @@ -29,6 +33,11 @@ Parameters: DatabaseAllocatedStorage: Type: Number MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" Type: String DatabaseEngine: Type: String @@ -41,9 +50,6 @@ Parameters: Type: String DatabaseName: Type: String - ArtifactoryS3IAMUser: - NoEcho: 'true' - Type: String ArtifactoryProduct: Default: JFrog-Artifactory-Pro Type: String @@ -53,6 +59,10 @@ Parameters: InstanceType: Default: m5.xlarge Type: String + ArtifactoryHostRole: + Type: String + VolumeSize: + Type: Number Mappings: DatabaseMap: @@ -207,6 +217,7 @@ Mappings: Min: 192 Max: 288 DeploymentSize: xxxLarge + Resources: ArtifactoryDatabaseSubnetGroup: Type: AWS::RDS::DBSubnetGroup @@ -228,6 +239,7 @@ Resources: DBInstanceClass: !Ref DatabaseInstance DBName: !Ref DatabaseName DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup + StorageEncrypted: true VPCSecurityGroups: - !Ref ArtifactoryDatabaseSG ArtifactoryDatabaseSG: @@ -315,8 +327,24 @@ Resources: - - !Sub "arn:${AWS::Partition}:s3:::" - !Ref ArtifactoryS3Bucket - "/*" - Users: - - !Ref ArtifactoryS3IAMUser + Roles: + - !Ref ArtifactoryHostRole + ArtifactoryEbsVolume: + Type: AWS::EC2::Volume + Properties: + AvailabilityZone: + !Select + - '0' + - !Ref AvailabilityZones + Encrypted: false + Size: !Ref VolumeSize + Tags: + - Key: Name + Value: !Sub "Artifactory-${AWS::StackName}" + VolumeType: gp2 + DeletionPolicy: Snapshot + UpdateReplacePolicy: Snapshot + Outputs: S3Bucket: Value: !Ref ArtifactoryS3Bucket @@ -376,3 +404,5 @@ Outputs: } DeploymentSize: Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] + ArtifactoryEbsVolume: + Value: !Ref ArtifactoryEbsVolume diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml similarity index 82% rename from Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml rename to Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml index 7b51d68..bf67044 100644 --- a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml +++ b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -14,6 +14,7 @@ Metadata: - Label: default: Network configuration Parameters: + - AvailabilityZones - VpcId - VpcCidr - PublicSubnet1Id @@ -44,13 +45,12 @@ Metadata: - ArtifactoryProduct - ArtifactoryVersion - NumberOfSecondary - - SmLicenseCertName + - SmLicenseName + - SmCertName - ArtifactoryServerName - MasterKey - ExtraJavaOptions - DefaultJavaMemSettings - - KeystorePassword - - AnsibleVaultPass - Label: default: Amazon RDS configuration Parameters: @@ -66,7 +66,6 @@ Metadata: Parameters: - QsS3BucketName - QsS3KeyPrefix - - QsS3BucketRegion - Label: default: JFrog Xray Configuration Parameters: @@ -77,6 +76,8 @@ Metadata: - XrayDatabaseUser - XrayDatabasePassword ParameterLabels: + AvailabilityZones: + default: Availability Zones KeyPairName: default: SSH key name VpcId: @@ -125,8 +126,10 @@ Metadata: default: Artifactory product to install ArtifactoryVersion: default: Artifactory version - SmLicenseCertName: - default: Artifactory licenses and certificate secret name + SmLicenseName: + default: Artifactory licenses secret name + SmCertName: + default: Artifactory certificate secret name ArtifactoryServerName: default: Artifactory server name MasterKey: @@ -135,10 +138,6 @@ Metadata: default: Extra Java options DefaultJavaMemSettings: default: Default Java memory settings - KeystorePassword: - default: Java keystore password - AnsibleVaultPass: - default: Ansible Vault password DatabaseName: default: Database name DatabaseEngine: @@ -172,6 +171,10 @@ Metadata: XrayDatabasePassword: default: Xray Database password Parameters: + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List KeyPairName: Description: Name of an existing key pair, which allows you to connect securely to your instance after it launches. @@ -357,10 +360,14 @@ Parameters: https://www.jfrog.com/confluence/display/RTF/Release+Notes. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Artifactory releases - Default: 7.12.5 + Default: 7.15.3 Type: String - SmLicenseCertName: - Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate, certificate key, and Artifactory licenses. + SmLicenseName: + Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. + Default: '' + Type: String + SmCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. Default: '' Type: String ArtifactoryServerName: @@ -389,17 +396,6 @@ Parameters: - "false" Default: "true" Type: String - KeystorePassword: - Description: Java keystore password. For better security, the password that you specify will - replace the default Java key store password. - NoEcho: 'true' - Type: String - AnsibleVaultPass: - Description: Ansible Vault password to protect the Artifactory YAML configuration file - generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes - and secured with this password. - NoEcho: 'true' - Type: String DatabaseName: Description: Name of your database instance. The name must be unique across all instances owned by your AWS account in the current Region. The database instance identifier is case-insensitive, @@ -499,7 +495,7 @@ Parameters: Description: The version of Xray that you want to deploy into the Quick Start. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Xray releases. - Default: 3.12.1 + Default: 3.17.4 Type: String XrayNumberOfInstances: Description: The number of Xray instances servers to complete your @@ -535,14 +531,15 @@ Parameters: symbols. NoEcho: 'true' Type: String + Conditions: EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled'] IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] - UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] EnableXray: !Equals [!Ref InstallXray, 'true'] - SmLicenseCertNameExists: !Not [!Equals [!Ref 'SmLicenseCertName', '']] + SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']] + Resources: BastionRole: Condition: EnableBastion @@ -600,17 +597,16 @@ Resources: EnableX11Forwarding: !Ref BastionEnableX11Forwarding AlternativeIAMRole: !Ref BastionRole NumBastionHosts: !Ref NumBastionHosts - ArtifactoryS3IAMUser: - Type: AWS::IAM::User - ArtifactoryIamAcessKey: - Type: AWS::IAM::AccessKey - Properties: - UserName: !Ref ArtifactoryS3IAMUser + ArtifactoryCoreInfraStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-core-infrastructure.template.yaml Parameters: + AvailabilityZones: + Fn::Join: + - ',' + - Ref: AvailabilityZones VpcId: !Ref VpcId VpcCidr: !Ref VpcCidr PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr @@ -624,13 +620,13 @@ Resources: DatabasePassword: !Ref DatabasePassword DatabaseInstance: !Ref DatabaseInstance DatabaseName: !Ref DatabaseName - ArtifactoryS3IAMUser: !Ref ArtifactoryS3IAMUser InstanceType: !Ref InstanceType + ArtifactoryHostRole: !Ref ArtifactoryHostRole + VolumeSize: !Ref VolumeSize ArtifactoryElb: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: IpAddressType: ipv4 - Name: !Sub ${ArtifactoryProduct}-EC2-ELB Scheme: !Ref ELBScheme Subnets: - !Ref PublicSubnet1Id @@ -686,7 +682,6 @@ Resources: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: IpAddressType: ipv4 - Name: ArtifactoryInternal-ELB Scheme: internal Subnets: - !Ref PrivateSubnet1Id @@ -701,7 +696,6 @@ Resources: HealthCheckTimeoutSeconds: 10 HealthyThresholdCount: 3 HealthCheckPort: "8082" - Name: artifactory-internal-http Port: 80 Protocol: TCP TargetType: instance @@ -771,50 +765,76 @@ Resources: Version: 2012-10-17 ManagedPolicyArns: - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + Policies: + - PolicyName: "JFrogAMI-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: "ec2:Describe*" + Resource: "*" + - Effect: "Allow" + Action: "ec2:AttachVolume" + Resource: "*" + - Effect: "Allow" + Action: "ec2:DetachVolume" + Resource: "*" + - Effect: "Allow" + Action: + - "s3:GetObject" + - "s3:ListObject" + - "s3:ListBucket" + Resource: "*" + - PolicyName: 'CloudWatch-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:DescribeLogStreams" + Resource: "arn:aws:logs:*:*:*" + - Effect: "Allow" + Action: + - "s3:GetObject" + Resource: "*" + - PolicyName: 'SecretsMaanger-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "secretsmanager:GetSecretValue" + Resource: "arn:aws:secretsmanager:*:*:secret:*" ArtifactoryHostProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Roles: - !Ref ArtifactoryHostRole Path: / - ArtifactoryMaster: + ArtifactoryPrimary: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-instance.template.yaml Parameters: - PrivateSubnet1Id: !Ref PrivateSubnet1Id - PrivateSubnet2Id: !Ref PrivateSubnet2Id + PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id]] MinScalingNodes: '1' # Always have 1 MasterNode MaxScalingNodes: '1' # Always have 1 MasterNode - DeploymentTag: !If [IsArtifactory, "ArtifactoryMaster", "JcrMaster"] + DeploymentTag: !If [IsArtifactory, "ArtifactoryPrimary", "JcrPrimary"] HostRole: !Ref ArtifactoryHostRole QsS3BucketName: !Ref QsS3BucketName QsS3KeyPrefix: !Ref QsS3KeyPrefix - QsS3Uri: !Sub - - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} - - S3Bucket: !If - - UsingDefaultBucket - - !Sub 'aws-quickstart-${AWS::Region}' - - !Ref 'QsS3BucketName' - S3Region: !If - - UsingDefaultBucket - - !Ref 'AWS::Region' - - !Ref 'QsS3BucketRegion' + QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix} AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] ArtifactoryProduct: !Ref ArtifactoryProduct - ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] - ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] - ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] - ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] - ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] - ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryLicensesSecretName: !Ref SmLicenseName ArtifactoryServerName: !Ref ArtifactoryServerName - EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] - Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] - CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] - CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] - ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey - SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + EnableSSL: !If [SmCertNameExists, true, false] + Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', ''] ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver @@ -823,48 +843,40 @@ Resources: DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType DatabaseUser: !Ref DatabaseUser DatabasePassword: !Ref DatabasePassword - ArtifactoryPrimary: 'true' + ArtifactoryPrimary: true MasterKey: !Ref MasterKey ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] - KeystorePassword: !Ref KeystorePassword ArtifactoryVersion: !Ref ArtifactoryVersion KeyPairName: !Ref KeyPairName HostProfile: !Ref ArtifactoryHostProfile SecurityGroups: !Ref ArtifactoryEc2Sg InstanceType: !Ref InstanceType + PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume VolumeSize: !Ref VolumeSize TargetGroupARN: !Ref ArtifactoryTargetGroup SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup - AnsibleVaultPass: !Ref AnsibleVaultPass + ArtifactorySecondary: Condition: HasSecondaryNodes - DependsOn: ArtifactoryMaster + DependsOn: ArtifactoryPrimary Type: AWS::CloudFormation::Stack Properties: - TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-instance.template.yaml Parameters: - PrivateSubnet1Id: !Ref PrivateSubnet1Id - PrivateSubnet2Id: !Ref PrivateSubnet2Id + PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] MinScalingNodes: !Ref NumberOfSecondary MaxScalingNodes: !Ref NumberOfSecondary DeploymentTag: ArtifactorySecondary HostRole: !Ref ArtifactoryHostRole AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] ArtifactoryProduct: !Ref ArtifactoryProduct - ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] - ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] - ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] - ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] - ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] - ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryLicensesSecretName: !Ref SmLicenseName ArtifactoryServerName: !Ref ArtifactoryServerName - EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] - Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] - CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] - CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] - ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey - SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + EnableSSL: !If [SmCertNameExists, true, false] + Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', ''] ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver @@ -873,35 +885,25 @@ Resources: DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType DatabaseUser: !Ref DatabaseUser DatabasePassword: !Ref DatabasePassword - ArtifactoryPrimary: 'false' + ArtifactoryPrimary: false MasterKey: !Ref MasterKey ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] - KeystorePassword: !Ref KeystorePassword ArtifactoryVersion: !Ref ArtifactoryVersion KeyPairName: !Ref KeyPairName HostProfile: !Ref ArtifactoryHostProfile SecurityGroups: !Ref ArtifactoryEc2Sg InstanceType: !Ref InstanceType + PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume VolumeSize: !Ref VolumeSize TargetGroupARN: !Ref ArtifactoryTargetGroup SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup - AnsibleVaultPass: !Ref AnsibleVaultPass QsS3BucketName: !Ref QsS3BucketName QsS3KeyPrefix: !Ref QsS3KeyPrefix - QsS3Uri: !Sub - - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} - - S3Bucket: !If - - UsingDefaultBucket - - !Sub 'aws-quickstart-${AWS::Region}' - - !Ref 'QsS3BucketName' - S3Region: !If - - UsingDefaultBucket - - !Ref 'AWS::Region' - - !Ref 'QsS3BucketRegion' + QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix} XrayHostRole: Condition: EnableXray - Type: 'AWS::IAM::Role' + Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: @@ -915,6 +917,41 @@ Resources: Version: 2012-10-17 ManagedPolicyArns: - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + Policies: + - PolicyName: "JFrogAMI-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: "ec2:Describe*" + Resource: "*" + - Effect: "Allow" + Action: "ec2:AttachVolume" + Resource: "*" + - Effect: "Allow" + Action: "ec2:DetachVolume" + Resource: "*" + - Effect: "Allow" + Action: + - "s3:GetObject" + - "s3:ListObject" + - "s3:ListBucket" + Resource: "*" + - PolicyName: 'CloudWatch-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:DescribeLogStreams" + Resource: "arn:aws:logs:*:*:*" + - Effect: "Allow" + Action: + - "s3:GetObject" + Resource: "*" XrayHostProfile: Condition: EnableXray Type: 'AWS::IAM::InstanceProfile' @@ -924,10 +961,10 @@ Resources: Path: / XrayExistingVpcStack: Condition: EnableXray - DependsOn: ArtifactorySecondary + DependsOn: ArtifactoryPrimary Type: AWS::CloudFormation::Stack Properties: - TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-xray-ec2-instance.template.yaml + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-xray-ec2-instance.template.yaml Parameters: PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnet2Id: !Ref PrivateSubnet2Id @@ -937,16 +974,7 @@ Resources: DeploymentTag: 'xray' QsS3BucketName: !Ref QsS3BucketName QsS3KeyPrefix: !Ref QsS3KeyPrefix - QsS3Uri: !Sub - - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} - - S3Bucket: !If - - UsingDefaultBucket - - !Sub 'aws-quickstart-${AWS::Region}' - - !Ref 'QsS3BucketName' - S3Region: !If - - UsingDefaultBucket - - !Ref 'AWS::Region' - - !Ref 'QsS3BucketRegion' + QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix} DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType DatabaseUser: !Ref DatabaseUser @@ -954,14 +982,13 @@ Resources: MasterKey: !Ref MasterKey SecurityGroups: !Ref ArtifactoryEc2Sg VolumeSize: !Ref VolumeSize + ExtraJavaOptions: !GetAtt ArtifactoryCoreInfraStack.Outputs.JavaOpts XrayInstanceType: !Ref XrayInstanceType JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" - AnsibleVaultPass: !Ref AnsibleVaultPass XrayDatabaseUser: !Ref XrayDatabaseUser XrayDatabasePassword: !Ref XrayDatabasePassword XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl - XrayFirstNode: 'true' XrayVersion: !Ref XrayVersion XrayAmiId: !Join ['', !Split [".", !Ref XrayVersion]] XrayHostRole: !Ref XrayHostRole @@ -969,7 +996,7 @@ Resources: Outputs: ArtifactoryUrl: Description: URL of the ELB to access Artifactory - Value: !If [SmLicenseCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] + Value: !If [SmCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] Export: Name: !Sub '${AWS::StackName}-ArtifactoryUrl' ArtifactoryInternalUrl: diff --git a/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml new file mode 100644 index 0000000..7a360cc --- /dev/null +++ b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -0,0 +1,408 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" +Parameters: + PrivateSubnetIds: + Type: List + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + HostRole: + Type: String + AmiId: + Type: String + ArtifactoryProduct: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + ArtifactoryLicensesSecretName: + Type: String + ArtifactoryServerName: + Type: String + Certificate: + Type: String + CertificateKey: + Type: String + NoEcho: 'true' + CertificateDomain: + Type: String + EnableSSL: + Type: String + ArtifactoryS3Bucket: + Type: String + DatabaseUrl: + Type: String + DatabaseDriver: + Type: String + DatabasePluginUrl: + Type: String + DatabasePlugin: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + ArtifactoryPrimary: + Type: String + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + ArtifactoryVersion: + Type: String + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + TargetGroupARN: + Type: String + SSLTargetGroupARN: + Type: String + InternalTargetGroupARN: + Type: String + HostProfile: + Type: String + SecurityGroups: + Type: String + InstanceType: + Type: String + PrimaryVolume: + Type: String + VolumeSize: + Type: Number + UserDataDirectory: + Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume + Type: String + Default: '/artifactory-user-data' + +Mappings: + AWSAMIRegionMap: + us-east-1: + "Artifactory7153": ami-03ebf7aac08335c84 + us-east-2: + "Artifactory7153": ami-055521cc288bb4106 + us-west-1: + "Artifactory7153": ami-00ecacc68cf47a87a + us-west-2: + "Artifactory7153": ami-09274621c30cae078 + ca-central-1: + "Artifactory7153": ami-0f422f5980aeba60f + eu-central-1: + "Artifactory7153": ami-05df4fbab56afe702 + eu-west-1: + "Artifactory7153": ami-05386b580a110a49a + eu-west-2: + "Artifactory7153": ami-094b79d303c9e1e0d + eu-west-3: + "Artifactory7153": ami-0ed4d6971439caf27 + ap-southeast-1: + "Artifactory7153": ami-01ec4e8b4ffbf7dc1 + ap-southeast-2: + "Artifactory7153": ami-0ccb1a939c83d8062 + ap-south-1: + "Artifactory7153": ami-078c43a083b6500be + ap-northeast-1: + "Artifactory7153": ami-0695fd32ca193cccd + ap-northeast-2: + "Artifactory7153": ami-0a03d23e6dc213b5e + sa-east-1: + "Artifactory7153": ami-0b831f8403d6979d4 + us-gov-east-1: + "Artifactory7153": ami-0ec712ae031edcb34 + us-gov-west-1: + "Artifactory7153": ami-0b6229d13d677cd16 + ArtifactoryProductMap: + JFrog-Container-Registry: + "7153": "Jcr7153" + product: "jcr" + JFrog-Artifactory-Pro: + "7153": "Artifactory7153" + product: "artifactory" + +Conditions: + IsSecondary: !Equals [!Ref ArtifactoryPrimary, 'false'] + +Resources: + ArtifactoryScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + Properties: + LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration + VPCZoneIdentifier: !Ref PrivateSubnetIds + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + TargetGroupARNs: + - !Ref TargetGroupARN + - !Ref SSLTargetGroupARN + - !Ref InternalTargetGroupARN + HealthCheckType: ELB + HealthCheckGracePeriod: 1800 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + - Key: ArtifactoryVersion + Value: !Ref ArtifactoryVersion + PropagateAtLaunch: true + TerminationPolicies: + - OldestInstance + - Default + CreationPolicy: + ResourceSignal: + Count: !Ref MinScalingNodes + Timeout: PT60M + + ArtifactoryLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + AWS::CloudFormation::Authentication: + S3AccessCreds: + type: S3 + roleName: + - !Ref HostRole # !Ref ArtifactoryHostRole + buckets: + - !Ref QsS3BucketName + AWS::CloudFormation::Init: + configSets: + artifactory_install: + - "config-cloudwatch" + - "config-artifactory-primary" + - "secure-artifactory" + config-cloudwatch: + files: + /root/cloudwatch.conf: + content: | + [general] + state_file = /var/awslogs/state/agent-state + + [/var/log/messages] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/messages/ + datetime_format = %b %d %H:%M:%S + + [/var/log/jfrog-ami-setup.log] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/jfrog-ami-setup.log + datetime_format = %b %d %H:%M:%S + + [/var/log/jfrog-ami-artifactory.log] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/jfrog-ami-artifactory.log + datetime_format = %b %d %H:%M:%S + mode: "0400" + config-artifactory-primary: + files: + /root/attach_volume.sh: + content: !Sub | + #!/usr/bin/env bash + IS_PRIMARY="${ArtifactoryPrimary}" + + if [[ $IS_PRIMARY != "true" ]]; then + echo 'Not primary node. Skipping EBS volume attachment.' + lsblk # debug + exit 0 + fi + + echo "Using primary volume ID ${PrimaryVolume}" + VOLUME_ID="${PrimaryVolume}" + echo "VOLUME_ID: $VOLUME_ID" + if [[ -z "$VOLUME_ID" ]]; then + echo 'Invalid $VOLUME_ID' + exit 1 + fi + + # Get instance id from AWS + INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) + + # Attach the volume created by another CFT + # the device name should become /dev/nvme1n1 + # See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html + echo "Attaching volume $VOLUME_ID to instance $INSTANCE_ID" + /var/awslogs/bin/aws ec2 attach-volume --volume-id $VOLUME_ID --instance-id $INSTANCE_ID --device /dev/xvdf --region ${AWS::Region} + + echo "Wait for volume $VOLUME_ID to attach" + sleep 30 # Give volume time to attach + lsblk # debug + mode: "0770" + /root/.jfrog_ami/artifactory.yml: + content: !Sub + - | + # Base install for Artifactory + - import_playbook: site-artifactory.yml + vars: + artifactory_product: ${product} + artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}" + artifactory_ha_enabled: true + artifactory_is_primary: ${ArtifactoryPrimary} + artifactory_server_name: ${ArtifactoryServerName} + server_name: ${ArtifactoryServerName}.${CertificateDomain} + use_custom_data_directory: true + custom_data_directory: "${UserDataDirectory}" + s3_region: ${AWS::Region} + s3_bucket: ${ArtifactoryS3Bucket} + certificate: ${Certificate} + certificate_key: ${CertificateKey} + certificate_domain: ${CertificateDomain} + enable_ssl: ${EnableSSL} + ssl_dir: /etc/pki/tls/certs + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: ${DatabaseUrl} + db_user: ${DatabaseUser} + db_password: ${DatabasePassword} + # db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar + art_primary: ${ArtifactoryPrimary} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + artifactory_version: ${ArtifactoryVersion} + artifactory_keystore: + path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts + default_password: changeit + new_keystore_pass: ${DatabasePassword} + artifactory_java_db_drivers: + - name: ${DatabasePlugin} + url: ${DatabasePluginUrl} + owner: artifactory + group: artifactory + - product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product] + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${DatabasePassword} + mode: "0400" + /root/.secureit.sh: + content: + ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-artifactory: + commands: + 'secure ansible playbook': + command: '/root/.secureit.sh' + ignoreErrors: 'false' + Properties: + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref HostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !FindInMap + - ArtifactoryProductMap + - !Ref ArtifactoryProduct + - !Ref AmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref InstanceType + BlockDeviceMappings: + !If + - IsSecondary + - - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + Encrypted: true + - !Ref AWS::NoValue + UserData: + Fn::Base64: + !Sub | + #!/bin/bash -x + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # Update OS + yum update -y + + # Install git + yum install -y epel-release git policycoreutils-python + + yum update --security -y 2>&1 | tee /var/log/userdata.yum_security_update.log + + yum install -y jq python3 libselinux-python3 + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + + # Create virtual env and activate + python3 -m venv ~/venv --system-site-packages + source ~/venv/bin/activate + + pip install --upgrade pip + pip install jmespath wheel + + # Install Cloudformation helper scripts + pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log + + pip install awscli 2>&1 | tee /var/log/userdata.awscli_install.log + + pip install ansible 2>&1 | tee /var/log/userdata.ansible_install.log + + mkdir ~/.jfrog_ami + + aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.jfrog_ami/ || cfn_fail + + setsebool httpd_can_network_connect 1 -P + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail + + # Setup CloudWatch Agent + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O + chmod +x ./awslogs-agent-setup.py + ./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf 2>&1 | tee /var/log/userdata.cloudwatch_agent_install.log + + /root/attach_volume.sh || cfn_fail + + ansible-galaxy collection install community.general ansible.posix + + setsebool httpd_can_network_connect 1 -P + + aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail + + ansible-playbook /root/.jfrog_ami/artifactory.yml -e "@~/.jfrog_ami/licenses.json" --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-artifactory.log || cfn_fail + + rm -rf /root/.secureit.sh + + cfn_success &> /var/log/cfn_success.log + cfn_success || cfn_fail diff --git a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml similarity index 90% rename from Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml rename to Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml index 8b26b6d..d596b60 100644 --- a/Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml +++ b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml @@ -14,14 +14,15 @@ Metadata: - Label: default: Network configuration Parameters: - - PrivateSubnet1Cidr - - PrivateSubnet2Cidr - VpcId - VpcCidr + - AvailabilityZones - PublicSubnet1Id - PublicSubnet2Id - PrivateSubnet1Id + - PrivateSubnet1Cidr - PrivateSubnet2Id + - PrivateSubnet2Cidr - Label: default: Amazon EC2 configuration Parameters: @@ -32,13 +33,12 @@ Metadata: Parameters: - ArtifactoryVersion - NumberOfSecondary - - SmLicenseCertName + - SmLicenseName + - SmCertName - ArtifactoryServerName - MasterKey - ExtraJavaOptions - DefaultJavaMemSettings - - KeystorePassword - - AnsibleVaultPass - Label: default: Amazon RDS configuration Parameters: @@ -48,7 +48,6 @@ Metadata: - DatabasePassword - DatabaseInstance - DatabaseAllocatedStorage - - MultiAzDatabase - Label: default: JFrog Xray Configuration Parameters: @@ -59,6 +58,8 @@ Metadata: - XrayDatabaseUser - XrayDatabasePassword ParameterLabels: + AvailabilityZones: + default: Availability Zones KeyPairName: default: SSH key name PrivateSubnet1Cidr: @@ -89,8 +90,10 @@ Metadata: default: Secondary instances ArtifactoryVersion: default: Artifactory version - SmLicenseCertName: - default: Artifactory licenses and certificate secret name + SmLicenseName: + default: Artifactory licenses secret name + SmCertName: + default: Artifactory certificate secret name ArtifactoryServerName: default: Artifactory server name MasterKey: @@ -99,10 +102,6 @@ Metadata: default: Extra Java options DefaultJavaMemSettings: default: Default Java memory settings - KeystorePassword: - default: Java key store password - AnsibleVaultPass: - default: Ansible Vault password DatabaseName: default: Database name DatabaseEngine: @@ -115,8 +114,6 @@ Metadata: default: Database instance type DatabaseAllocatedStorage: default: Database allocated storage - MultiAzDatabase: - default: High-availability database InstallXray: default: Install JFrog Xray XrayVersion: @@ -130,6 +127,10 @@ Metadata: XrayDatabasePassword: default: Xray Database password Parameters: + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List VpcId: Description: ID of your existing VPC (e.g., vpc-0343606e). Type: "AWS::EC2::VPC::Id" @@ -173,6 +174,7 @@ Parameters: It is recommended that you set this value to a trusted IP range. For example, you may want to limit software access to your corporate network. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Default: 0.0.0.0/0 Type: String RemoteAccessCidr: Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. @@ -239,10 +241,17 @@ Parameters: https://www.jfrog.com/confluence/display/RTF/Release+Notes. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Artifactory releases. - Default: 7.12.5 + AllowedValues: + - 7.2.1 + - 7.15.3 + Default: 7.15.3 Type: String - SmLicenseCertName: - Description: Secret name created in AWS Secrets Manager that contains the SSL certificate, certificate key, and Artifactory licenses. + SmLicenseName: + Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. + Default: '' + Type: String + SmCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. Default: '' Type: String ArtifactoryServerName: @@ -271,17 +280,6 @@ Parameters: - "false" Default: "true" Type: String - KeystorePassword: - Description: Java key store password. For better security, the password that you specify will - replace the default Java key store password. - NoEcho: 'true' - Type: String - AnsibleVaultPass: - Description: Ansible Vault password to protect the Artifactory YAML configuration file - generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes - and secured with this password. - NoEcho: 'true' - Type: String DatabaseName: Description: Name of your database instance. The name must be unique across all instances owned by your AWS account in the current Region. The database instance identifier is case-insensitive, @@ -339,14 +337,6 @@ Parameters: MaxValue: 1024 Default: 10 Type: Number - MultiAzDatabase: - Description: Choose false to create an Amazon RDS instance in a single Availability Zone. - ConstraintDescription: True or False - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String InstallXray: Description: Choose true to install JFrog Xray instance(s). ConstraintDescription: True or False @@ -359,7 +349,9 @@ Parameters: Description: The version of Xray that you want to deploy into the Quick Start. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Xray releases. - Default: 3.12.1 + AllowedValues: + - 3.17.4 + Default: 3.17.4 Type: String XrayNumberOfInstances: Description: The number of Xray instances servers to complete your @@ -399,8 +391,12 @@ Resources: ArtifactoryExistingVpcStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-ec2-existing-vpc.template + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml Parameters: + AvailabilityZones: + Fn::Join: + - ',' + - Ref: AvailabilityZones KeyPairName: !Ref KeyPairName VpcId: !Ref VpcId VpcCidr: !Ref VpcCidr @@ -424,22 +420,21 @@ Resources: NumberOfSecondary: !Ref NumberOfSecondary ArtifactoryProduct: "JFrog-Artifactory-Pro" ArtifactoryVersion: !Ref ArtifactoryVersion - SmLicenseCertName: !Ref SmLicenseCertName + SmLicenseName: !Ref SmLicenseName + SmCertName: !Ref SmCertName ArtifactoryServerName: !Ref ArtifactoryServerName MasterKey: !Ref MasterKey ExtraJavaOptions: !Ref ExtraJavaOptions DefaultJavaMemSettings: !Ref DefaultJavaMemSettings - KeystorePassword: !Ref KeystorePassword - AnsibleVaultPass: !Ref AnsibleVaultPass DatabaseName: !Ref DatabaseName DatabaseEngine: !Ref DatabaseEngine DatabaseUser: !Ref DatabaseUser DatabasePassword: !Ref DatabasePassword DatabaseInstance: !Ref DatabaseInstance DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage - MultiAzDatabase: !Ref MultiAzDatabase + MultiAzDatabase: "true" QsS3BucketName: "jfrog-aws-test" - QsS3KeyPrefix: "artifactory7/v7112/" + QsS3KeyPrefix: "artifactory7/pro/v7153/" QsS3BucketRegion: "us-east-1" InstallXray: !Ref InstallXray XrayVersion: !Ref XrayVersion diff --git a/Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml new file mode 100644 index 0000000..7e84f1a --- /dev/null +++ b/Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml @@ -0,0 +1,292 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" +Parameters: + PrivateSubnet1Id: + Type: AWS::EC2::Subnet::Id + PrivateSubnet2Id: + Type: AWS::EC2::Subnet::Id + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + DatabaseDriver: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + SecurityGroups: + Type: String + VolumeSize: + Type: Number + XrayHostProfile: + Type: String + XrayHostRole: + Type: String + XrayInstanceType: + Type: String + JfrogInternalUrl: + Type: String + XrayDatabaseUser: + Type: String + XrayDatabasePassword: + Type: String + NoEcho: 'true' + XrayMasterDatabaseUrl: + Type: String + XrayDatabaseUrl: + Type: String + XrayVersion: + Type: String + XrayAmiId: + Type: String + +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + us-east-1: + "3174": ami-023ca6575274f7100 + us-east-2: + "3174": ami-0592fa8e68995ea08 + us-west-1: + "3174": ami-00d52c51cbf22a2fc + us-west-2: + "3174": ami-0d67b78b4f09fa9a7 + ca-central-1: + "3174": ami-056bafb407aa8e445 + eu-central-1: + "3174": ami-05ab6de966f830b8a + eu-west-1: + "3174": ami-055507b35a350806d + eu-west-2: + "3174": ami-007c8adf17c3bee79 + eu-west-3: + "3174": ami-033e74f7f2e7b43ae + ap-southeast-1: + "3174": ami-0114ff3241c5a86a8 + ap-southeast-2: + "3174": ami-0c753f85c64c4169d + ap-south-1: + "3174": ami-09f40817a8786b93c + ap-northeast-1: + "3174": ami-00f6ec6314c6ddd27 + ap-northeast-2: + "3174": ami-05a10d14c3289f2b3 + sa-east-1: + "3174": ami-0c2acb2f23c3e6743 + us-gov-east-1: + "3174": ami-0349215efccd0d9f6 + us-gov-west-1: + "3174": ami-0b52a6d3379d2c20c + +Resources: + XrayScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + Properties: + LaunchConfigurationName: !Ref XrayLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + HealthCheckType: EC2 + HealthCheckGracePeriod: 1800 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + - Key: XrayVersion + Value: !Ref XrayVersion + PropagateAtLaunch: true + TerminationPolicies: + - OldestInstance + - Default + CreationPolicy: + ResourceSignal: + Count: !Ref MinScalingNodes + Timeout: PT60M + XrayLaunchConfiguration: + Type: AWS::AutoScaling::LaunchConfiguration + Metadata: + AWS::CloudFormation::Authentication: + S3AccessCreds: + type: S3 + roleName: + - !Ref XrayHostRole + buckets: + - !Ref QsS3BucketName + AWS::CloudFormation::Init: + configSets: + xray_install: + - "config-cloudwatch" + - "config-xray" + config-cloudwatch: + files: + /root/cloudwatch.conf: + content: | + [general] + state_file = /var/awslogs/state/agent-state + + [/var/log/messages] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/messages/ + datetime_format = %b %d %H:%M:%S + + [/var/log/xray-ami-setup.log] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/xray-ami-setup.log + datetime_format = %b %d %H:%M:%S + + [/var/log/xray.log] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/xray.log + datetime_format = %b %d %H:%M:%S + mode: "0400" + config-xray: + files: + /root/.xray_ami/xray.yml: + content: !Sub | + # Base install for Xray + - import_playbook: site-xray.yml + vars: + jfrog_url: ${JfrogInternalUrl} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_master_url: postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} + db_url: postgres://${XrayDatabaseUrl} + db_master_user: ${DatabaseUser} + db_user: ${XrayDatabaseUser} + db_password: ${XrayDatabasePassword} + xray_version: ${XrayVersion} + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${DatabasePassword} + mode: "0400" + Properties: + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref XrayHostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !Ref XrayAmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref XrayInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + Encrypted: true + UserData: + Fn::Base64: + !Sub | + #!/bin/bash -x + exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + yum update --security -y &> /var/log/userdata.yum_security_update.log + + yum install -y git python3 libselinux-python3 + yum install -y postgresql-server postgresql-devel + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + + # Create virtual env and activate + python3 -m venv ~/venv --system-site-packages + source ~/venv/bin/activate + + pip install --upgrade pip + pip install wheel + + # Install Cloudformation helper scripts + pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log + + pip install awscli &> /var/log/userdata.awscli_install.log + + pip install ansible &> /var/log/userdata.ansible_install.log + + mkdir ~/.xray_ami + + aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ami/ + + setsebool httpd_can_network_connect 1 -P + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail + + # Setup CloudWatch Agent + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O + chmod +x ./awslogs-agent-setup.py + ./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf + + lsblk # debug + + ansible-galaxy collection install community.general ansible.posix + + ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail + + rm -rf /root/.secureit.sh + + cfn_success &> /var/log/cfn_success.log + cfn_success || cfn_fail From 5dc12bd78210b501428968eeae2928413b147b87 Mon Sep 17 00:00:00 2001 From: Alex Hung Date: Fri, 19 Feb 2021 12:27:15 -0800 Subject: [PATCH 5/6] Update AMI IDs --- .../templates/jfrog-artifactory-ec2-instance.template.yaml | 6 +++--- .../v7153/templates/jfrog-xray-ec2-instance.template.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml index 7a360cc..569d471 100644 --- a/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml +++ b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -86,11 +86,11 @@ Parameters: Mappings: AWSAMIRegionMap: us-east-1: - "Artifactory7153": ami-03ebf7aac08335c84 + "Artifactory7153": ami-07a437a0be21eb6c8 us-east-2: - "Artifactory7153": ami-055521cc288bb4106 + "Artifactory7153": ami-08f834139a150fb62 us-west-1: - "Artifactory7153": ami-00ecacc68cf47a87a + "Artifactory7153": ami-0afdf2d63fc2c0895 us-west-2: "Artifactory7153": ami-09274621c30cae078 ca-central-1: diff --git a/Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml index 7e84f1a..31f6a74 100644 --- a/Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml +++ b/Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml @@ -64,11 +64,11 @@ Parameters: Mappings: AWSAMIRegionMap: us-east-1: - "3174": ami-023ca6575274f7100 + "3174": ami-028555fa3b9469dc3 us-east-2: - "3174": ami-0592fa8e68995ea08 + "3174": ami-0f4980801d180776a us-west-1: - "3174": ami-00d52c51cbf22a2fc + "3174": ami-006041db0f601e438 us-west-2: "3174": ami-0d67b78b4f09fa9a7 ca-central-1: From 40cf0c4cb059ff1a83addb3372f5ee971e6e3278 Mon Sep 17 00:00:00 2001 From: Vinay Aggarwal Date: Fri, 19 Feb 2021 12:35:18 -0800 Subject: [PATCH 6/6] Delete jfrog-artifactory-ec2-marketplace-master.template.yaml MP team said only launch in existing VPC, so deleting this file. --- ...ctory-ec2-marketplace-master.template.yaml | 451 ------------------ 1 file changed, 451 deletions(-) delete mode 100644 Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml diff --git a/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml b/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml deleted file mode 100644 index d596b60..0000000 --- a/Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml +++ /dev/null @@ -1,451 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)' -Metadata: - QuickStartDocumentation: - EntrypointName: "Launch into a new VPC" - AWS::CloudFormation::Interface: - ParameterGroups: - - Label: - default: Security configuration - Parameters: - - KeyPairName - - AccessCidr - - RemoteAccessCidr - - Label: - default: Network configuration - Parameters: - - VpcId - - VpcCidr - - AvailabilityZones - - PublicSubnet1Id - - PublicSubnet2Id - - PrivateSubnet1Id - - PrivateSubnet1Cidr - - PrivateSubnet2Id - - PrivateSubnet2Cidr - - Label: - default: Amazon EC2 configuration - Parameters: - - VolumeSize - - InstanceType - - Label: - default: JFrog Artifactory configuration - Parameters: - - ArtifactoryVersion - - NumberOfSecondary - - SmLicenseName - - SmCertName - - ArtifactoryServerName - - MasterKey - - ExtraJavaOptions - - DefaultJavaMemSettings - - Label: - default: Amazon RDS configuration - Parameters: - - DatabaseName - - DatabaseEngine - - DatabaseUser - - DatabasePassword - - DatabaseInstance - - DatabaseAllocatedStorage - - Label: - default: JFrog Xray Configuration - Parameters: - - InstallXray - - XrayVersion - - XrayNumberOfInstances - - XrayInstanceType - - XrayDatabaseUser - - XrayDatabasePassword - ParameterLabels: - AvailabilityZones: - default: Availability Zones - KeyPairName: - default: SSH key name - PrivateSubnet1Cidr: - default: Private subnet 1 CIDR - PrivateSubnet2Cidr: - default: Private subnet 2 CIDR - AccessCidr: - default: Permitted IP range - RemoteAccessCidr: - default: Remote access CIDR - VpcId: - default: VPC ID - VpcCidr: - default: VPC CIDR - PublicSubnet1Id: - default: Public subnet 1 ID - PublicSubnet2Id: - default: Public subnet 2 ID - PrivateSubnet1Id: - default: Private subnet 1 ID - PrivateSubnet2Id: - default: Private subnet 2 ID - VolumeSize: - default: EBS root volume size - InstanceType: - default: EC2 instance type - NumberOfSecondary: - default: Secondary instances - ArtifactoryVersion: - default: Artifactory version - SmLicenseName: - default: Artifactory licenses secret name - SmCertName: - default: Artifactory certificate secret name - ArtifactoryServerName: - default: Artifactory server name - MasterKey: - default: Master server key - ExtraJavaOptions: - default: Extra Java options - DefaultJavaMemSettings: - default: Default Java memory settings - DatabaseName: - default: Database name - DatabaseEngine: - default: Database engine - DatabaseUser: - default: Database user - DatabasePassword: - default: Database password - DatabaseInstance: - default: Database instance type - DatabaseAllocatedStorage: - default: Database allocated storage - InstallXray: - default: Install JFrog Xray - XrayVersion: - default: Version of Xray to install - XrayNumberOfInstances: - default: Number of JFrog XrayNumberOfInstances - XrayInstanceType: - default: Xray instance type - XrayDatabaseUser: - default: Xray Database user - XrayDatabasePassword: - default: Xray Database password -Parameters: - AvailabilityZones: - Description: List of Availability Zones to use for the subnets in the VPC. Two - Availability Zones are used for this deployment. - Type: List - VpcId: - Description: ID of your existing VPC (e.g., vpc-0343606e). - Type: "AWS::EC2::VPC::Id" - VpcCidr: - Description: CIDR block for the VPC. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/16 - Type: String - PublicSubnet1Id: - Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). - Type: "AWS::EC2::Subnet::Id" - PublicSubnet2Id: - Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet1Id: - Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet2Id: - Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). - Type: "AWS::EC2::Subnet::Id" - KeyPairName: - Description: Name of an existing key pair, - which allows you to connect securely to your instance after it launches. - This is the key pair you created in your preferred Region. - Type: AWS::EC2::KeyPair::KeyName - PrivateSubnet1Cidr: - Description: CIDR block for private subnet 1, located in Availability Zone 1. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/19 - Type: String - PrivateSubnet2Cidr: - Description: CIDR block for private subnet 2, located in Availability Zone 2. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.32.0/19 - Type: String - AccessCidr: - Description: CIDR IP range permitted to access Artifactory. - It is recommended that you set this value to a trusted IP range. - For example, you may want to limit software access to your corporate network. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - Default: 0.0.0.0/0 - Type: String - RemoteAccessCidr: - Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. - It is recommended that you set this value to a trusted IP range. - For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - Type: String - VolumeSize: - Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an - Amazon Elastic Block Store (Amazon EBS) volumes of this size. - Default: 200 - Type: Number - InstanceType: - Description: EC2 type for the Artifactory instances. - AllowedValues: - - m5.large - - m5.xlarge - - m5.2xlarge - - m5.4xlarge - - m5.8xlarge - - m5.12xlarge - - m5.16xlarge - - m5.24xlarge - - m5.metal - - m5d.large - - m5d.xlarge - - m5d.2xlarge - - m5d.4xlarge - - m5d.8xlarge - - m5d.12xlarge - - m5d.16xlarge - - m5d.24xlarge - - m5d.metal - - m5a.large - - m5a.xlarge - - m5a.2xlarge - - m5a.4xlarge - - m5a.8xlarge - - m5a.12xlarge - - m5a.16xlarge - - m5a.24xlarge - ConstraintDescription: Must contain valid instance type. - Default: m5.xlarge - Type: String - NumberOfSecondary: - Description: Number of secondary Artifactory servers to complete your - HA deployment. To align with Artifactory best practices, the minimum number - is two, and the maximum is seven. Do not select more instances than you - have licenses for. - AllowedValues: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - Default: 2 - Type: Number - ArtifactoryVersion: - Description: Version of Artifactory that you want to deploy into the Quick Start. - To select the correct version, see the release notes at - https://www.jfrog.com/confluence/display/RTF/Release+Notes. - AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ - ConstraintDescription: A version that matches X.X.X per Artifactory releases. - AllowedValues: - - 7.2.1 - - 7.15.3 - Default: 7.15.3 - Type: String - SmLicenseName: - Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. - Default: '' - Type: String - SmCertName: - Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. - Default: '' - Type: String - ArtifactoryServerName: - Description: Name of your Artifactory server. Ensure that this matches your certificate. - Type: String - MasterKey: - Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. - AllowedPattern: ^[a-zA-Z0-9]+$ - MinLength: '1' - MaxLength: '64' - ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. - NoEcho: 'true' - Type: String - ExtraJavaOptions: - Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory - system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. - Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. - Default: -Xss256k -XX:+UseG1GC - Type: String - DefaultJavaMemSettings: - Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. - If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. - ConstraintDescription: True or False - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - DatabaseName: - Description: Name of your database instance. The name must be unique across all instances - owned by your AWS account in the current Region. The database instance identifier is case-insensitive, - but it's stored in lowercase (as in "mydbinstance"). - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - MinLength: '1' - MaxLength: '60' - ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. - Default: artdb - Type: String - DatabaseEngine: - Description: Database engine that you want to run. - AllowedValues: - - Postgres - Default: Postgres - Type: String - DatabaseUser: - Description: Login ID for the master user of your database instance. - MinLength: '1' - MaxLength: '16' - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter. - Default: artifactory - Type: String - DatabasePassword: - Description: Password for the Artifactory database user. - AllowedPattern: ^[^ \\']+$ - MinLength: '8' - MaxLength: '12' - ConstraintDescription: Must be at least 8 and no more than - 12 characters containing letters and (minimum 1 capital letter), numbers and - symbols. - NoEcho: 'true' - Type: String - DatabaseInstance: - Description: Size of the database to be deployed as part of the Quick Start. - AllowedValues: - - db.m5.large - - db.m5.xlarge - - db.m5.2xlarge - - db.m5.10xlarge - - db.m5.16xlarge - - db.m5.large - - db.m5.xlarge - - db.m5.2xlarge - - db.m5.4xlarge - - db.m5.12xlarge - - db.m5.24xlarge - ConstraintDescription: Must be a valid database Instance Type. - Default: db.m5.large - Type: String - DatabaseAllocatedStorage: - Description: Size in gigabytes of available storage for the database instance. - MinValue: 5 - MaxValue: 1024 - Default: 10 - Type: Number - InstallXray: - Description: Choose true to install JFrog Xray instance(s). - ConstraintDescription: True or False - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - XrayVersion: - Description: The version of Xray that you want to deploy into the Quick Start. - AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ - ConstraintDescription: A version that matches X.X.X per Xray releases. - AllowedValues: - - 3.17.4 - Default: 3.17.4 - Type: String - XrayNumberOfInstances: - Description: The number of Xray instances servers to complete your - HA deployment. The minimum number is one; the maximum is seven. - Do not select more than instances than you have licenses for. - MinValue: 1 - MaxValue: 7 - Default: 1 - Type: Number - XrayInstanceType: - Description: The EC2 instance type for the Xray instances. - AllowedValues: - - c5.2xlarge - - c5.4xlarge - ConstraintDescription: Must contain valid instance type. - Default: c5.2xlarge - Type: String - XrayDatabaseUser: - Description: The login ID for the Xray database user. - MinLength: '1' - MaxLength: '16' - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. - Default: xray - Type: String - XrayDatabasePassword: - Description: The password for the Xray database user. - AllowedPattern: ^[^ \\']+$ - MinLength: '8' - MaxLength: '12' - ConstraintDescription: Must be at least 8 and no more than - 12 characters containing letters and (minimum 1 capital letter), numbers and - symbols. - NoEcho: 'true' - Type: String -Resources: - ArtifactoryExistingVpcStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml - Parameters: - AvailabilityZones: - Fn::Join: - - ',' - - Ref: AvailabilityZones - KeyPairName: !Ref KeyPairName - VpcId: !Ref VpcId - VpcCidr: !Ref VpcCidr - PublicSubnet1Id: !Ref PublicSubnet1Id - PublicSubnet2Id: !Ref PublicSubnet2Id - PrivateSubnet1Id: !Ref PrivateSubnet1Id - PrivateSubnet2Id: !Ref PrivateSubnet2Id - PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr - PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr - AccessCidr: !Ref AccessCidr - RemoteAccessCidr: !Ref RemoteAccessCidr - ProvisionBastionHost: "Disabled" - BastionInstanceType: "t3.micro" - BastionRootVolumeSize: 10 - BastionEnableTcpForwarding: "true" - BastionEnableX11Forwarding: "false" - BastionOs: "Amazon-Linux2-HVM" - NumBastionHosts: "1" - VolumeSize: !Ref VolumeSize - InstanceType: !Ref InstanceType - NumberOfSecondary: !Ref NumberOfSecondary - ArtifactoryProduct: "JFrog-Artifactory-Pro" - ArtifactoryVersion: !Ref ArtifactoryVersion - SmLicenseName: !Ref SmLicenseName - SmCertName: !Ref SmCertName - ArtifactoryServerName: !Ref ArtifactoryServerName - MasterKey: !Ref MasterKey - ExtraJavaOptions: !Ref ExtraJavaOptions - DefaultJavaMemSettings: !Ref DefaultJavaMemSettings - DatabaseName: !Ref DatabaseName - DatabaseEngine: !Ref DatabaseEngine - DatabaseUser: !Ref DatabaseUser - DatabasePassword: !Ref DatabasePassword - DatabaseInstance: !Ref DatabaseInstance - DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage - MultiAzDatabase: "true" - QsS3BucketName: "jfrog-aws-test" - QsS3KeyPrefix: "artifactory7/pro/v7153/" - QsS3BucketRegion: "us-east-1" - InstallXray: !Ref InstallXray - XrayVersion: !Ref XrayVersion - XrayNumberOfInstances: !Ref XrayNumberOfInstances - XrayInstanceType: !Ref XrayInstanceType - XrayDatabaseUser: !Ref XrayDatabaseUser - XrayDatabasePassword: !Ref XrayDatabasePassword -Outputs: - ArtifactoryUrl: - Description: URL of the ELB to access Artifactory - Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl} - BastionIp: - Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.BastionIp} - Description: Bastion host IP, for admin access via SSH