zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 00:06:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

modules first release

Browse Source
This commit is contained in:
Vinay Aggarwal
2021-06-08 12:27:05 -07:00
parent 5b9899995b
commit b251950b8a
29 changed files with 16158 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Amazon/cloudformation-modules/JFrog-Artifactory-EC2Instance-MODULE/.rpdk-config Normal file
View File

@@ -0,0 +1,5 @@
{
"artifact_type": "MODULE",
"typeName": "JFrog::Artifactory::EC2Instance::MODULE",
"settings": {}
}

462
Amazon/cloudformation-modules/JFrog-Artifactory-EC2Instance-MODULE/fragments/jfrog-artifactory-ec2-instance.template.yaml Normal file
View File

@@ -0,0 +1,462 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)"
Parameters:
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: ''
Type: String
LogicalId :
Description : Logical Id of the MODULE
Type: String
PrivateSubnet2Id:
Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
PrivateSubnet1Id:
Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
HostRole:
Type: String
ArtifactoryProduct:
Description: JFrog Artifactory product you want to install into an AMI.
AllowedValues:
- JFrog-Artifactory-Pro
- JFrog-Artifactory-Enterprise
- JFrog-Container-Registry
Default: JFrog-Artifactory-Enterprise
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
ArtifactoryLicensesSecretName:
Type: String
ArtifactoryServerName:
Type: String
ArtifactoryS3Bucket:
Type: String
DatabaseUrl:
Type: String
DatabaseDriver:
Type: String
DatabasePluginUrl:
Type: String
DatabasePlugin:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
ArtifactoryPrimary:
Type: String
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
ArtifactoryVersion:
Type: String
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
TargetGroupARN:
Type: String
SSLTargetGroupARN:
Type: String
InternalTargetGroupARN:
Type: String
HostProfile:
Type: String
SecurityGroups:
Type: String
InstanceType:
Type: String
PrimaryVolume:
Type: String
VolumeSize:
Type: Number
UserDataDirectory:
Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume
Type: String
Default: '/artifactory-user-data'
# To populate additional mappings use the following with the desired --region
# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId'
Mappings:
AWSAMIRegionMap:
ap-northeast-1:
CentOS7HVM: "ami-00a5245b4816c38e6"
ap-northeast-2:
CentOS7HVM: "ami-00dc207f8ba6dc919"
ap-south-1:
CentOS7HVM: "ami-0ad42f4f66f6c1cc9"
ap-southeast-1:
CentOS7HVM: "ami-05b3bcf7f311194b3"
ap-southeast-2:
CentOS7HVM: "ami-02fd0b06f06d93dfc"
ca-central-1:
CentOS7HVM: "ami-07423fb63ea0a0930"
eu-central-1:
CentOS7HVM: "ami-0cfbf4f6db41068ac"
eu-west-1:
CentOS7HVM: "ami-08935252a36e25f85"
sa-east-1:
CentOS7HVM: "ami-05145e0b28ad8e0b2"
us-east-1:
CentOS7HVM: "ami-0affd4508a5d2481b"
us-east-2:
CentOS7HVM: "ami-01e36b7901e884a10"
us-west-1:
CentOS7HVM: "ami-098f55b4287a885ba"
us-west-2:
CentOS7HVM: "ami-0bc06212a56393ee1"
ArtifactoryProductMap:
JFrog-Container-Registry:
"7153": "Jcr7153"
flavor: "jcr"
haEabled: false
product: "jcr"
JFrog-Artifactory-Enterprise:
"7153": "Artifactory7153"
flavor: "pro"
haEabled: true
product: "artifactory"
JFrog-Artifactory-Pro:
"7153": "Artifactory7153"
flavor: "pro"
haEabled: false
product: "artifactory"
Conditions:
IsSecondary: !Equals [!Ref ArtifactoryPrimary, 'false']
SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']]
Resources:
ArtifactoryScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration
VPCZoneIdentifier:
- !Ref PrivateSubnet1Id
- !Ref PrivateSubnet2Id
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
TargetGroupARNs:
- !Ref TargetGroupARN
- !Ref SSLTargetGroupARN
- !Ref InternalTargetGroupARN
HealthCheckType: ELB
HealthCheckGracePeriod: 1800
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
- Key: ArtifactoryVersion
Value: !Ref ArtifactoryVersion
PropagateAtLaunch: true
TerminationPolicies:
- OldestInstance
- Default
CreationPolicy:
ResourceSignal:
Count: !Ref MinScalingNodes
Timeout: PT60M
ArtifactoryLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref HostRole # !Ref ArtifactoryHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init:
configSets:
jfrog_ami_setup:
- "config-cloudwatch"
- "config-ansible-art-ami"
- "config-artifactory-primary"
- "secure-cert"
- "secure-artifactory"
artifactory_install:
- "config-cloudwatch"
- "config-artifactory-primary"
- "secure-cert"
- "secure-artifactory"
config-cloudwatch:
files:
/root/cloudwatch.conf:
content: |
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/messages/
datetime_format = %b %d %H:%M:%S
[/var/log/jfrog-ami-setup.log]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/jfrog-ami-setup.log
datetime_format = %b %d %H:%M:%S
[/var/log/jfrog-ami-artifactory.log]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/jfrog-ami-artifactory.log
datetime_format = %b %d %H:%M:%S
mode: "0400"
config-ansible-art-ami:
files:
/root/.jfrog_ami/jfrog-ami-setup.yml:
content: !Sub |
# Base install for JFrogAMIInstance
- import_playbook: artifactory-ami.yml
vars:
ami_creation: false
artifactory_flavour: "pro"
artifactory_ha_enabled: false
artifactory_tar: "https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/${ArtifactoryVersion}/jfrog-artifactory-pro-${ArtifactoryVersion}-linux.tar.gz"
artifactory_version: ${ArtifactoryVersion}
db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar"
db_type: "postgresql"
db_driver: "org.postgresql.Driver"
mode: "0400"
config-artifactory-primary:
files:
/root/attach_volume.sh:
content: !Sub |
#!/usr/bin/env bash
IS_PRIMARY="${ArtifactoryPrimary}"
if [[ $IS_PRIMARY != "true" ]]; then
echo 'Not primary node. Skipping EBS volume attachment.'
lsblk # debug
exit 0
fi
echo "Using primary volume ID ${PrimaryVolume}"
VOLUME_ID="${PrimaryVolume}"
echo "VOLUME_ID: $VOLUME_ID"
if [[ -z "$VOLUME_ID" ]]; then
echo 'Invalid $VOLUME_ID'
exit 1
fi
# Get instance id from AWS
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
# Attach the volume created by another CFT
# the device name should become /dev/nvme1n1
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
echo "Attaching volume $VOLUME_ID to instance $INSTANCE_ID"
/var/awslogs/bin/aws ec2 attach-volume --volume-id $VOLUME_ID --instance-id $INSTANCE_ID --device /dev/xvdf --region ${AWS::Region}
echo "Wait for volume $VOLUME_ID to attach"
sleep 30 # Give volume time to attach
lsblk # debug
mode: "0770"
/root/.jfrog_ami/artifactory.yml:
content: !Sub
- |
# Base install for Artifactory
- import_playbook: site-artifactory.yml
vars:
artifactory_product: ${product}
artifactory_flavour: ${flavor}
artifactory_ha_enabled: ${ha_enabled}
artifactory_is_primary: ${ArtifactoryPrimary}
artifactory_server_name: ${ArtifactoryServerName}
server_name: ${ArtifactoryServerName}.fill_me_domain
use_custom_data_directory: true
custom_data_directory: "${UserDataDirectory}"
s3_region: ${AWS::Region}
s3_bucket: ${ArtifactoryS3Bucket}
certificate: fill_me_certificate
certificate_key: fill_me_key
certificate_domain: fill_me_domain
enable_ssl: ${EnableSSL}
ssl_dir: /etc/pki/tls/certs
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_url: ${DatabaseUrl}
db_user: ${DatabaseUser}
db_password: ${DatabasePassword}
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
artifactory_version: ${ArtifactoryVersion}
artifactory_keystore:
path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts
default_password: changeit
new_keystore_pass: ${DatabasePassword}
artifactory_java_db_drivers:
- name: ${DatabasePlugin}
url: ${DatabasePluginUrl}
owner: artifactory
group: artifactory
product_id: 'CloudFormation_QS_EC2/1.0.0'
- flavor: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, flavor]
ha_enabled: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, haEabled]
product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product]
# Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', '']
# CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', '']
# CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', '']
EnableSSL: !If [SmCertNameExists, true, false]
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${DatabasePassword}
mode: "0400"
/root/.secureit.sh:
content:
ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt
mode: "0770"
/root/.securecert.sh:
content: !Sub
- |
sm=$(aws secretsmanager get-secret-value --secret-id ${SMCertName} --region ${AWS::Region} | jq -r '(.SecretString | fromjson)')
domain=$(echo $sm | jq -r '(.CertificateDomain)')
certificate=$(echo $sm | jq -r '(.Certificate)')
key=$(echo $sm | jq -r '(.CertificateKey)')
sed -i "s/fill_me_domain/$domain/g" /root/.jfrog_ami/artifactory.yml
sed -i "s~fill_me_certificate~$certificate~g" /root/.jfrog_ami/artifactory.yml
sed -i "s~fill_me_key~$key~g" /root/.jfrog_ami/artifactory.yml
- SMCertName : !If [SmCertNameExists, !Ref SmCertName , '']
mode: "0770"
secure-cert:
commands:
securing-certificates:
command: '/root/.securecert.sh'
ignoreErrors: 'true'
secure-artifactory:
commands:
secure-ansible-playbook:
command: '/root/.secureit.sh'
ignoreErrors: 'false'
Properties:
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref HostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref AWS::Region
- 'CentOS7HVM'
SecurityGroups:
- !Ref SecurityGroups
BlockDeviceMappings:
!If
- IsSecondary
- - DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
Encrypted: true
- !Ref AWS::NoValue
InstanceType: !Ref InstanceType
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ${LogicalId}ArtifactoryScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ${LogicalId}ArtifactoryScalingGroup
exit 0
}
S3URI=${QsS3Uri}
# Update OS
yum update -y
# Install git
yum install -y epel-release git policycoreutils-python
yum update --security -y 2>&1 | tee /var/log/userdata.yum_security_update.log
yum install -y jq python3 libselinux-python3
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
# Create virtual env and activate
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate
pip install --upgrade pip
pip install wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli 2>&1 | tee /var/log/userdata.awscli_install.log
pip install ansible 2>&1 | tee /var/log/userdata.ansible_install.log
mkdir ~/.jfrog_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.jfrog_ami/ || cfn_fail
setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
cfn-init -v --stack ${AWS::StackName} --resource ${LogicalId}ArtifactoryLaunchConfiguration --configsets jfrog_ami_setup --region ${AWS::Region} || cfn_fail
# Setup CloudWatch Agent
curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf 2>&1 | tee /var/log/userdata.cloudwatch_agent_install.log
/root/attach_volume.sh || cfn_fail
ansible-galaxy collection install community.general ansible.posix
aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail
ansible-playbook /root/.jfrog_ami/jfrog-ami-setup.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-setup.log || cfn_fail
ansible-playbook /root/.jfrog_ami/artifactory.yml -e "@~/.jfrog_ami/licenses.json" --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-artifactory.log || cfn_fail
rm -rf /root/.secureit.sh
cfn_success &> /var/log/cfn_success.log
cfn_success || cfn_fail

468
Amazon/cloudformation-modules/JFrog-Artifactory-EC2Instance-MODULE/schema.json Normal file
View File

@@ -0,0 +1,468 @@
{
"typeName": "JFrog::Artifactory::EC2Instance::MODULE",
"description": "Schema for Module Fragment of type JFrog::Artifactory::EC2Instance::MODULE",
"properties": {
"Parameters": {
"type": "object",
"properties": {
"SmCertName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key."
},
"LogicalId": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Logical Id of the MODULE"
},
"PrivateSubnet2Id": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-z0376dab)."
},
"PrivateSubnet1Id": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab)."
},
"MinScalingNodes": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"MaxScalingNodes": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DeploymentTag": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"HostRole": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryProduct": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "JFrog Artifactory product you want to install into an AMI."
},
"QsS3BucketName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"QsS3KeyPrefix": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"QsS3Uri": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryLicensesSecretName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryServerName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryS3Bucket": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseUrl": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseDriver": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabasePluginUrl": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabasePlugin": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseUser": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabasePassword": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryPrimary": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"MasterKey": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ExtraJavaOptions": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryVersion": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"KeyPairName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"TargetGroupARN": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"SSLTargetGroupARN": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"InternalTargetGroupARN": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"HostProfile": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"SecurityGroups": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"InstanceType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"PrimaryVolume": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"VolumeSize": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"UserDataDirectory": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume"
}
}
},
"Resources": {
"properties": {
"ArtifactoryScalingGroup": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::AutoScaling::AutoScalingGroup"
},
"Properties": {
"type": "object"
}
}
},
"ArtifactoryLaunchConfiguration": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::AutoScaling::LaunchConfiguration"
},
"Properties": {
"type": "object"
}
}
}
},
"type": "object",
"additionalProperties": false
}
},
"additionalProperties": true
}

5
Amazon/cloudformation-modules/JFrog-Xray-EC2Instance-MODULE/.rpdk-config Normal file
View File

@@ -0,0 +1,5 @@
{
"artifact_type": "MODULE",
"typeName": "JFrog::Xray::EC2Instance::MODULE",
"settings": {}
}

333
Amazon/cloudformation-modules/JFrog-Xray-EC2Instance-MODULE/fragments/jfrog-xray-ec2-instance.template.yaml Normal file
View File

@@ -0,0 +1,333 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray"
Parameters:
LogicalId :
Description : Logical Id of the MODULE
Type: String
PrivateSubnet2Id:
Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
PrivateSubnet1Id:
Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
ArtifactoryProduct:
Description: JFrog Artifactory product you want to install into an AMI.
AllowedValues:
- JFrog-Artifactory-Pro
- JFrog-Artifactory-Enterprise
- JFrog-Container-Registry
Default: JFrog-Artifactory-Enterprise
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
DatabaseDriver:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
SecurityGroups:
Type: String
XrayHostProfile:
Type: String
XrayHostRole:
Type: String
XrayInstanceType:
Type: String
JfrogInternalUrl:
Type: String
VolumeSize:
Type: Number
XrayDatabaseUser:
Type: String
XrayDatabasePassword:
Type: String
NoEcho: 'true'
XrayMasterDatabaseUrl:
Type: String
XrayDatabaseUrl:
Type: String
XrayVersion:
Type: String
UserDataDirectory:
Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume
Type: String
Default: '/xray-user-data'
# To populate additional mappings use the following with the desired --region
# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId'
Mappings:
AWSAMIRegionMap:
ap-northeast-1:
CentOS7HVM: "ami-00a5245b4816c38e6"
ap-northeast-2:
CentOS7HVM: "ami-00dc207f8ba6dc919"
ap-south-1:
CentOS7HVM: "ami-0ad42f4f66f6c1cc9"
ap-southeast-1:
CentOS7HVM: "ami-05b3bcf7f311194b3"
ap-southeast-2:
CentOS7HVM: "ami-02fd0b06f06d93dfc"
ca-central-1:
CentOS7HVM: "ami-07423fb63ea0a0930"
eu-central-1:
CentOS7HVM: "ami-0cfbf4f6db41068ac"
eu-west-1:
CentOS7HVM: "ami-08935252a36e25f85"
sa-east-1:
CentOS7HVM: "ami-05145e0b28ad8e0b2"
us-east-1:
CentOS7HVM: "ami-0affd4508a5d2481b"
us-east-2:
CentOS7HVM: "ami-01e36b7901e884a10"
us-west-1:
CentOS7HVM: "ami-098f55b4287a885ba"
us-west-2:
CentOS7HVM: "ami-0bc06212a56393ee1"
Conditions:
IsArtifactoryPro: !Equals [!Ref ArtifactoryProduct, 'JFrog-Artifactory-Pro']
Resources:
XrayScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
LaunchConfigurationName: !Ref XrayLaunchConfiguration
VPCZoneIdentifier:
- !Ref PrivateSubnet1Id
- !Ref PrivateSubnet2Id
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
HealthCheckType: EC2
HealthCheckGracePeriod: 1800
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
- Key: XrayVersion
Value: !Ref XrayVersion
PropagateAtLaunch: true
TerminationPolicies:
- OldestInstance
- Default
CreationPolicy:
ResourceSignal:
Count: !Ref MinScalingNodes
Timeout: PT60M
XrayLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref XrayHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init:
configSets:
xray_ami_setup:
- "config-cloudwatch"
- "config-ansible-xray-ami"
xray_install:
- "config-cloudwatch"
- "config-ansible-xray-ami"
- "config-xray"
- "secure-xray"
config-cloudwatch:
files:
/root/cloudwatch.conf:
content: |
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/messages/
datetime_format = %b %d %H:%M:%S
[/var/log/xray-ami-setup.log]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/xray-ami-setup.log
datetime_format = %b %d %H:%M:%S
[/var/log/xray.log]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/xray.log
datetime_format = %b %d %H:%M:%S
mode: "0400"
config-ansible-xray-ami:
files:
/root/.xray_ami/xray-ami-setup.yml:
content: !Sub |
# Base install for Xray
- import_playbook: xray-ami.yml
vars:
ami_creation: false
db_type: postgresql
db_driver: org.postgresql.Driver
xray_version: ${XrayVersion}
xray_ha_enabled: false
mode: "0400"
config-xray:
files:
/root/.xray_ami/xray.yml:
content: !Sub |
# Base install for Xray
- import_playbook: site-xray.yml
vars:
jfrog_url: ${JfrogInternalUrl}
use_custom_data_directory: true
custom_data_directory: "${UserDataDirectory}"
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_master_url: postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl}
db_url: postgres://${XrayDatabaseUrl}
db_master_user: ${DatabaseUser}
db_user: ${XrayDatabaseUser}
db_password: ${XrayDatabasePassword}
xray_version: ${XrayVersion}
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${DatabasePassword}
mode: "0400"
/root/.secureit.sh:
content:
ansible-vault encrypt /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt
mode: "0770"
secure-xray:
commands:
'secure ansible playbook':
command: '/root/.secureit.sh'
ignoreErrors: 'false'
Properties:
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref XrayHostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref AWS::Region
- 'CentOS7HVM'
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref XrayInstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
Encrypted: true
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ${LogicalId}XrayScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ${LogicalId}XrayScalingGroup
exit 0
}
S3URI=${QsS3Uri}
yum update --security -y &> /var/log/userdata.yum_security_update.log
yum install -y git python3 libselinux-python3
yum install -y postgresql-server postgresql-devel
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
# Create virtual env and activate
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate
pip install --upgrade pip
pip install wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli &> /var/log/userdata.awscli_install.log
pip install ansible &> /var/log/userdata.ansible_install.log
mkdir ~/.xray_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ami/
setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
cfn-init -v --stack ${AWS::StackName} --resource ${LogicalId}XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail
# Setup CloudWatch Agent
curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf
lsblk # debug
ansible-galaxy collection install community.general ansible.posix
ansible-playbook /root/.xray_ami/xray-ami-setup.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray-ami.log || cfn_fail
ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail
rm -rf /root/.secureit.sh
cfn_success &> /var/log/cfn_success.log
cfn_success || cfn_fail

386
Amazon/cloudformation-modules/JFrog-Xray-EC2Instance-MODULE/schema.json Normal file
View File

@@ -0,0 +1,386 @@
{
"typeName": "JFrog::Xray::EC2Instance::MODULE",
"description": "Schema for Module Fragment of type JFrog::Xray::EC2Instance::MODULE",
"properties": {
"Parameters": {
"type": "object",
"properties": {
"LogicalId": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Logical Id of the MODULE"
},
"PrivateSubnet2Id": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-z0376dab)."
},
"PrivateSubnet1Id": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab)."
},
"KeyPairName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"MinScalingNodes": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"MaxScalingNodes": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DeploymentTag": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryProduct": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "JFrog Artifactory product you want to install into an AMI."
},
"QsS3BucketName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"QsS3KeyPrefix": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"QsS3Uri": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseDriver": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseUser": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabasePassword": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"MasterKey": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ExtraJavaOptions": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"SecurityGroups": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"XrayHostProfile": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"XrayHostRole": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"XrayInstanceType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"JfrogInternalUrl": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"VolumeSize": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"XrayDatabaseUser": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"XrayDatabasePassword": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"XrayMasterDatabaseUrl": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"XrayDatabaseUrl": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"XrayVersion": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"UserDataDirectory": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume"
}
}
},
"Resources": {
"properties": {
"XrayScalingGroup": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::AutoScaling::AutoScalingGroup"
},
"Properties": {
"type": "object"
}
}
},
"XrayLaunchConfiguration": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::AutoScaling::LaunchConfiguration"
},
"Properties": {
"type": "object"
}
}
}
},
"type": "object",
"additionalProperties": false
}
},
"additionalProperties": true
}

5
Amazon/cloudformation-modules/JFrog__Artifactory__Core__MODULE/.rpdk-config Normal file
View File

@@ -0,0 +1,5 @@
{
"artifact_type": "MODULE",
"typeName": "JFrog::Artifactory::Core::MODULE",
"settings": {}
}

433
Amazon/cloudformation-modules/JFrog__Artifactory__Core__MODULE/fragments/jfrog-artifactory-core-infrastructure.template.yaml Normal file
View File

@@ -0,0 +1,433 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)'
Parameters:
AvailabilityZone1:
Description: Availability Zone 1 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
AvailabilityZone2:
Description: Availability Zone 2 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
VpcId:
Type: String
VpcCidr:
Description: CIDR block for the VPC
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PrivateSubnet1Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PrivateSubnet3Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.64.0/19
Type: String
PrivateSubnet1Id:
Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
PrivateSubnet2Id:
Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
DatabaseAllocatedStorage:
Type: Number
DatabasePreferredAz:
Type: String
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Type: String
DatabaseEngine:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
NoEcho: 'true'
Type: String
DatabaseInstance:
Type: String
DatabaseName:
Type: String
ArtifactoryProduct:
Default: JFrog-Artifactory-Pro
Type: String
ReleaseStage:
Default: GA
Type: String
InstanceType:
Default: m5.xlarge
Type: String
ArtifactoryHostRole:
Type: String
VolumeSize:
Type: String
Mappings:
DatabaseMap:
Postgres:
Name: postgresql
DatabaseVersion: 11.5
Driver: "org.postgresql.Driver"
Plugin: postgresql-42.2.9.jar
PluginURL: https://jdbc.postgresql.org/download/
port: "5432"
extraDatabaseOps: ""
ReleaseStageMap:
BETA:
ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro"
JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr"
NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro"
GA:
ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro"
JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr"
NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro"
ProductMap:
JFrog-Container-Registry:
RepoName: JcrDockerRepo
JFrog-Artifactory-Pro:
RepoName: ProDockerRepo
JavaOptionstoInstance:
c5.2xlarge:
Min: 8
Max: 12
DeploymentSize: Small
c5.4xlarge:
Min: 16
Max: 24
DeploymentSize: Large
m5.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5.metal:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5d.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5d.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5d.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5d.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5d.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5d.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5d.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5d.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5d.metal:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5a.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5a.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5a.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5a.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5a.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5a.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5a.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5a.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5ad.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5ad.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5ad.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5ad.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5ad.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5ad.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
Conditions:
IsMultiAzDatabase: !Equals [!Ref MultiAzDatabase, 'true']
Resources:
ArtifactoryDatabaseSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s)
SubnetIds:
- !Ref PrivateSubnet1Id
- !Ref PrivateSubnet2Id
ArtifactoryDatabase:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: !Ref DatabaseAllocatedStorage
AvailabilityZone: !If [IsMultiAzDatabase, !Ref "AWS::NoValue", !Ref DatabasePreferredAz]
BackupRetentionPeriod: 30
DBInstanceClass: !Ref DatabaseInstance
DBName: !Ref DatabaseName
DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup
Engine: !Ref DatabaseEngine
EngineVersion: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- DatabaseVersion
MasterUsername: !Ref DatabaseUser
MasterUserPassword: !Ref DatabasePassword
MultiAZ: !Ref MultiAzDatabase
StorageEncrypted: true
VPCSecurityGroups:
- !Ref ArtifactoryDatabaseSG
ArtifactoryDatabaseSG:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: artifactory-rds-sg
GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers.
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref VpcCidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet1Cidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet2Cidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet3Cidr
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
ArtifactoryS3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
ArtifactoryS3IAMPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: S3BucketPermissions
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: S3BucketPermissions
Effect: Allow
Action:
- s3:*
Resource:
- Fn::Join:
- ''
- - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket
- Fn::Join:
- ''
- - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket
- "/*"
Roles:
- !Ref ArtifactoryHostRole
ArtifactoryEbsVolume:
Type: AWS::EC2::Volume
Properties:
AvailabilityZone:
!If
- IsMultiAzDatabase
- !Ref AvailabilityZone1
- !Ref DatabasePreferredAz
Encrypted: false
Size: !Ref VolumeSize
Tags:
- Key: Name
Value: !Sub "Artifactory-${AWS::StackName}"
VolumeType: gp2
DeletionPolicy: Snapshot
UpdateReplacePolicy: Snapshot
Outputs:
S3Bucket:
Value: !Ref ArtifactoryS3Bucket
Description: Actual S3 bucket created for Artifactory
DatabaseDriver:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver]
DatabasePlugin:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin]
DatabasePluginUrl:
Value: !Sub
- "${MainURL}${PluginVersion}"
- {
MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL],
PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin]
}
DatabaseType:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name]
DatabaseUrl:
Value: !Sub
- "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}"
- {
DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name],
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps],
}
XrayMasterDatabaseUrl:
Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable"
- {
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
}
XrayDatabaseUrl:
Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable"
- {
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
}
ProDockerRepo:
Value: !FindInMap
- ReleaseStageMap
- !Ref ReleaseStage
- !FindInMap
- ProductMap
- !Ref ArtifactoryProduct
- RepoName
NginxDockerRepo:
Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo]
JavaOpts:
Value: !Sub
- "-Xms${min}g -Xmx${max}g"
- {
min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min],
max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max]
}
DeploymentSize:
Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize]
ArtifactoryEbsVolume:
Value: !Ref ArtifactoryEbsVolume

362
Amazon/cloudformation-modules/JFrog__Artifactory__Core__MODULE/schema.json Normal file
View File

@@ -0,0 +1,362 @@
{
"typeName": "JFrog::Artifactory::Core::MODULE",
"description": "Schema for Module Fragment of type JFrog::Artifactory::Core::MODULE",
"properties": {
"Parameters": {
"type": "object",
"properties": {
"AvailabilityZone1": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Availability Zone 1 to use for the subnets in the VPC. Two Availability Zones are used for this deployment."
},
"AvailabilityZone2": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Availability Zone 2 to use for the subnets in the VPC. Two Availability Zones are used for this deployment."
},
"VpcId": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"VpcCidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for the VPC"
},
"PrivateSubnet1Cidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"PrivateSubnet2Cidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"PrivateSubnet3Cidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"PrivateSubnet1Id": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab)."
},
"PrivateSubnet2Id": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab)."
},
"DatabaseAllocatedStorage": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabasePreferredAz": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"MultiAzDatabase": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Choose false to create an Amazon RDS instance in a single Availability Zone."
},
"DatabaseEngine": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseUser": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabasePassword": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseInstance": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"DatabaseName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryProduct": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ReleaseStage": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"InstanceType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"ArtifactoryHostRole": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
},
"VolumeSize": {
"type": "object",
"properties": {
"Type": {
"type": "string"
}
},
"required": [
"Type"
]
}
}
},
"Resources": {
"properties": {
"ArtifactoryDatabaseSubnetGroup": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::RDS::DBSubnetGroup"
},
"Properties": {
"type": "object"
}
}
},
"ArtifactoryDatabase": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::RDS::DBInstance"
},
"Properties": {
"type": "object"
}
}
},
"ArtifactoryDatabaseSG": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::SecurityGroup"
},
"Properties": {
"type": "object"
}
}
},
"ArtifactoryS3Bucket": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::S3::Bucket"
},
"Properties": {
"type": "object"
}
}
},
"ArtifactoryS3IAMPolicy": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::IAM::Policy"
},
"Properties": {
"type": "object"
}
}
},
"ArtifactoryEbsVolume": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::Volume"
},
"Properties": {
"type": "object"
}
}
}
},
"type": "object",
"additionalProperties": false
}
},
"additionalProperties": true
}

5
Amazon/cloudformation-modules/JFrog__Artifactory__ExistingVpc__MODULE/.rpdk-config Normal file
View File

@@ -0,0 +1,5 @@
{
"artifact_type": "MODULE",
"typeName": "JFrog::Artifactory::ExistingVpc::MODULE",
"settings": {}
}

1094
Amazon/cloudformation-modules/JFrog__Artifactory__ExistingVpc__MODULE/fragments/jfrog-artifactory-ec2-existing-vpc.template.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1034
Amazon/cloudformation-modules/JFrog__Artifactory__ExistingVpc__MODULE/schema.json Normal file
View File

File diff suppressed because it is too large Load Diff

5
Amazon/cloudformation-modules/JFrog__Artifactory__NewVpc__MODULE/.rpdk-config Normal file
View File

@@ -0,0 +1,5 @@
{
"artifact_type": "MODULE",
"typeName": "JFrog::Artifactory::NewVpc::MODULE",
"settings": {}
}

436
Amazon/cloudformation-modules/JFrog__Artifactory__NewVpc__MODULE/fragments/jfrog-artifactory-ec2-master.template.yaml Normal file
View File

@@ -0,0 +1,436 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)'
Parameters:
LogicalId :
Description : Logical Id of the MODULE
Type: String
EnableBastion:
Description: If set to true, a bastion host will be created.
Default: "true"
Type: String
AllowedValues:
- "true"
- "false"
VpcCidr:
Description: CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
AvailabilityZone1:
Description: Availability Zone 1 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
AvailabilityZone2:
Description: Availability Zone 2 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
KeyPairName:
Description: Name of an existing key pair,
which allows you to connect securely to your instance after it launches.
This is the key pair you created in your preferred Region.
Type: AWS::EC2::KeyPair::KeyName
PrivateSubnet1Cidr:
Description: CIDR block for private subnet 1 located in Availability Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
Description: CIDR block for private subnet 2 located in Availability Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PublicSubnet1Cidr:
Description: CIDR block for the public (DMZ) subnet 1 located in Availability
Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Type: String
PublicSubnet2Cidr:
Description: CIDR block for the public (DMZ) subnet 2 located in Availability
Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Type: String
AccessCidr:
Description: CIDR IP range permitted to access Artifactory.
It is recommended that you set this value to a trusted IP range.
For example, you may want to limit software access to your corporate network.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
It is recommended that you set this value to a trusted IP range.
For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
BastionInstanceType:
Description: Size of the bastion instances.
AllowedValues:
- t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
Default: "t3.micro"
Type: String
BastionRootVolumeSize:
Description: Size of the root volume in the bastion instances.
Default: 10
Type: Number
BastionEnableTcpForwarding:
Description: Choose whether to enable TCP forwarding via bootstrapping of the bastion
instance.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via bootstrapping of the bastion host.
Setting this value to true enables X Windows over SSH.
X11 forwarding can be useful, but it is also a security risk, so it's recommended
that you keep the default (false) setting.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOs:
Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux2-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-20.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux2-HVM"
Type: String
NumBastionHosts:
Description: Number of bastion instances to create.
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Type: String
VolumeSize:
Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 200
Type: Number
InstanceType:
Description: EC2 instance type for the Artifactory instances.
AllowedValues:
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
ConstraintDescription: Must contain valid instance type.
Default: m5.xlarge
Type: String
NumberOfSecondary:
Description: Number of secondary Artifactory servers to complete your
HA deployment. To align with Artifactory best practices, the minimum number
is two, and the maximum is seven. Do not select more instances than you
have licenses for.
AllowedValues:
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryProduct:
Description: JFrog Artifactory product you want to install into an AMI.
AllowedValues:
- JFrog-Artifactory-Pro
- JFrog-Artifactory-Enterprise
- JFrog-Container-Registry
Default: JFrog-Artifactory-Enterprise
Type: String
ArtifactoryVersion:
Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes.
Default: 7.17.5
Type: String
SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: ''
Type: String
ArtifactoryServerName:
Description: Name of your Artifactory server. Ensure that this matches your certificate.
Type: String
MasterKey:
Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
ExtraJavaOptions:
Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory
system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware.
Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings.
Default: -Xss256k -XX:+UseG1GC
Type: String
DefaultJavaMemSettings:
Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM.
If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
DatabaseName:
Description: Name of your database instance. The name must be unique across all instances
owned by your AWS account in the current Region. The database instance identifier is case-insensitive,
but it's stored in lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseEngine:
Description: Database engine that you want to run.
AllowedValues:
- Postgres
Default: Postgres
Type: String
DatabaseUser:
Description: Login ID for the master user of your database instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter.
Default: artifactory
Type: String
DatabasePassword:
Description: Password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: Size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.10xlarge
- db.m5.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m5.large
Type: String
DatabaseAllocatedStorage:
Description: Size in gigabytes of available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
DatabasePreferredAz:
Description: Preferred availability zone for Amazon RDS primary instance
Type: String
Default: ''
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
QsS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: aws-quickstart
Type: String
QsS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Type: String
QsS3BucketRegion:
Default: 'us-east-1'
Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.
Type: String
InstallXray:
Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start.
Default: 3.22.1
Type: String
XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your
HA deployment. The minimum number is one; the maximum is seven.
Do not select more than instances than you have licenses for.
MinValue: 1
MaxValue: 7
Default: 1
Type: Number
XrayInstanceType:
Description: The EC2 instance type for the Xray instances.
AllowedValues:
- c5.2xlarge
- c5.4xlarge
ConstraintDescription: Must contain valid instance type.
Default: c5.2xlarge
Type: String
XrayDatabaseUser:
Description: The login ID for the Xray database user.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter.
Default: xray
Type: String
XrayDatabasePassword:
Description: The password for the Xray database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
Resources:
ArtifactoryVpcStack:
Type: JFrog::Vpc::MultiAz::MODULE
Metadata: {
PublisherId: "06ff50c2e47f57b381f874871d9fac41796c9522",
SupportedMajorVersions: [1]
}
Properties:
AvailabilityZone1: !Ref AvailabilityZone1
AvailabilityZone2: !Ref AvailabilityZone2
NumberOfAZs: '2'
PrivateSubnet1ACIDR: !Ref PrivateSubnet1Cidr
PrivateSubnet2ACIDR: !Ref PrivateSubnet2Cidr
PublicSubnet1CIDR: !Ref PublicSubnet1Cidr
PublicSubnet2CIDR: !Ref PublicSubnet2Cidr
VPCCIDR: !Ref VpcCidr
ArtifactoryExistingVpcStack:
Type: JFrog::Artifactory::ExistingVpc::MODULE
Metadata: {
PublisherId: "06ff50c2e47f57b381f874871d9fac41796c9522",
SupportedMajorVersions: [1]
}
Properties:
LogicalId : !Sub ${LogicalId}ArtifactoryExistingVpcStack
AvailabilityZone1: !Ref AvailabilityZone1
AvailabilityZone2: !Ref AvailabilityZone2
KeyPairName: !Ref KeyPairName
VpcId: !Ref ArtifactoryVpcStack.VPC
VpcCidr: !Ref VpcCidr
PublicSubnet1Id: !Ref ArtifactoryVpcStack.PublicSubnet1
PublicSubnet2Id: !Ref ArtifactoryVpcStack.PublicSubnet2
#PublicSubnet2Id: !Ref PublicSubnet2Id
PrivateSubnet1Id: !Ref ArtifactoryVpcStack.PrivateSubnet1A
PrivateSubnet2Id: !Ref ArtifactoryVpcStack.PrivateSubnet2A
PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr
PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr
AccessCidr: !Ref AccessCidr
RemoteAccessCidr: !Ref RemoteAccessCidr
EnableBastion: !Ref EnableBastion
BastionInstanceType: !Ref BastionInstanceType
BastionRootVolumeSize: !Ref BastionRootVolumeSize
BastionEnableTcpForwarding: !Ref BastionEnableTcpForwarding
BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding
BastionOs: !Ref BastionOs
NumBastionHosts: !Ref NumBastionHosts
VolumeSize: !Ref VolumeSize
InstanceType: !Ref InstanceType
NumberOfSecondary: !Ref NumberOfSecondary
ArtifactoryProduct: !Ref ArtifactoryProduct
ArtifactoryVersion: !Ref ArtifactoryVersion
SmLicenseName: !Ref SmLicenseName
SmCertName: !Ref SmCertName
ArtifactoryServerName: !Ref ArtifactoryServerName
MasterKey: !Ref MasterKey
ExtraJavaOptions: !Ref ExtraJavaOptions
DefaultJavaMemSettings: !Ref DefaultJavaMemSettings
DatabaseName: !Ref DatabaseName
DatabaseEngine: !Ref DatabaseEngine
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
DatabasePreferredAz: !Ref DatabasePreferredAz
MultiAzDatabase: !Ref MultiAzDatabase
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3BucketRegion: !Ref QsS3BucketRegion
InstallXray: !Ref InstallXray
XrayVersion: !Ref XrayVersion
XrayNumberOfInstances: !Ref XrayNumberOfInstances
XrayInstanceType: !Ref XrayInstanceType
XrayDatabaseUser: !Ref XrayDatabaseUser
XrayDatabasePassword: !Ref XrayDatabasePassword

778
Amazon/cloudformation-modules/JFrog__Artifactory__NewVpc__MODULE/schema.json Normal file
View File

@@ -0,0 +1,778 @@
{
"typeName": "JFrog::Artifactory::NewVpc::MODULE",
"description": "Schema for Module Fragment of type JFrog::Artifactory::NewVpc::MODULE",
"properties": {
"Parameters": {
"type": "object",
"properties": {
"LogicalId": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Logical Id of the MODULE"
},
"EnableBastion": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "If set to true, a bastion host will be created."
},
"VpcCidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for the VPC."
},
"AvailabilityZone1": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Availability Zone 1 to use for the subnets in the VPC. Two Availability Zones are used for this deployment."
},
"AvailabilityZone2": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Availability Zone 2 to use for the subnets in the VPC. Two Availability Zones are used for this deployment."
},
"KeyPairName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Name of an existing key pair, which allows you to connect securely to your instance after it launches. This is the key pair you created in your preferred Region."
},
"PrivateSubnet1Cidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for private subnet 1 located in Availability Zone 1."
},
"PrivateSubnet2Cidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for private subnet 2 located in Availability Zone 2."
},
"PublicSubnet1Cidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for the public (DMZ) subnet 1 located in Availability Zone 1."
},
"PublicSubnet2Cidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for the public (DMZ) subnet 2 located in Availability Zone 2."
},
"AccessCidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR IP range permitted to access Artifactory. It is recommended that you set this value to a trusted IP range. For example, you may want to limit software access to your corporate network."
},
"RemoteAccessCidr": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Remote CIDR range that allows you to connect to the bastion instance by using SSH. It is recommended that you set this value to a trusted IP range. For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol."
},
"BastionInstanceType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Size of the bastion instances."
},
"BastionRootVolumeSize": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Size of the root volume in the bastion instances."
},
"BastionEnableTcpForwarding": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Choose whether to enable TCP forwarding via bootstrapping of the bastion instance."
},
"BastionEnableX11Forwarding": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Choose true to enable X11 via bootstrapping of the bastion host. Setting this value to true enables X Windows over SSH. X11 forwarding can be useful, but it is also a security risk, so it's recommended that you keep the default (false) setting."
},
"BastionOs": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances."
},
"NumBastionHosts": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Number of bastion instances to create."
},
"VolumeSize": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Size in gigabytes of available storage (min 10GB). The Quick Start creates an Amazon Elastic Block Store (Amazon EBS) volumes of this size."
},
"InstanceType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "EC2 instance type for the Artifactory instances."
},
"NumberOfSecondary": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Number of secondary Artifactory servers to complete your HA deployment. To align with Artifactory best practices, the minimum number is two, and the maximum is seven. Do not select more instances than you have licenses for."
},
"ArtifactoryProduct": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "JFrog Artifactory product you want to install into an AMI."
},
"ArtifactoryVersion": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Version of Artifactory that you want to deploy into the Quick Start. To select the correct version, see the release notes at https://www.jfrog.com/confluence/display/RTF/Release+Notes."
},
"SmLicenseName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Secret name created in AWS Secrets Manager, which contains the Artifactory licenses."
},
"SmCertName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key."
},
"ArtifactoryServerName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Name of your Artifactory server. Ensure that this matches your certificate."
},
"MasterKey": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'."
},
"ExtraJavaOptions": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings."
},
"DefaultJavaMemSettings": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing."
},
"DatabaseName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Name of your database instance. The name must be unique across all instances owned by your AWS account in the current Region. The database instance identifier is case-insensitive, but it's stored in lowercase (as in \"mydbinstance\")."
},
"DatabaseEngine": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Database engine that you want to run."
},
"DatabaseUser": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Login ID for the master user of your database instance."
},
"DatabasePassword": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Password for the Artifactory database user."
},
"DatabaseInstance": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Size of the database to be deployed as part of the Quick Start."
},
"DatabaseAllocatedStorage": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Size in gigabytes of available storage for the database instance."
},
"DatabasePreferredAz": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Preferred availability zone for Amazon RDS primary instance"
},
"MultiAzDatabase": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Choose false to create an Amazon RDS instance in a single Availability Zone."
},
"QsS3BucketName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, and hyphens (-). It cannot start or end with a hyphen (-)."
},
"QsS3KeyPrefix": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/)."
},
"QsS3BucketRegion": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value."
},
"InstallXray": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Choose true to install JFrog Xray instance(s)."
},
"XrayVersion": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The version of Xray that you want to deploy into the Quick Start."
},
"XrayNumberOfInstances": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The number of Xray instances servers to complete your HA deployment. The minimum number is one; the maximum is seven. Do not select more than instances than you have licenses for."
},
"XrayInstanceType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The EC2 instance type for the Xray instances."
},
"XrayDatabaseUser": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The login ID for the Xray database user."
},
"XrayDatabasePassword": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The password for the Xray database user."
}
}
},
"Resources": {
"properties": {
"ArtifactoryVpcStack": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "JFrog::Vpc::MultiAz::MODULE"
},
"Properties": {
"type": "object"
}
}
},
"ArtifactoryExistingVpcStack": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "JFrog::Artifactory::ExistingVpc::MODULE"
},
"Properties": {
"type": "object"
}
}
}
},
"type": "object",
"additionalProperties": false
}
},
"additionalProperties": true
}

5
Amazon/cloudformation-modules/aws-vpc-module/.rpdk-config Normal file
View File

@@ -0,0 +1,5 @@
{
"artifact_type": "MODULE",
"typeName": "JFrog::Vpc::MultiAz::MODULE",
"settings": {}
}

545
Amazon/cloudformation-modules/aws-vpc-module/fragments/aws-vpc.template.yaml Normal file
View File

@@ -0,0 +1,545 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: >-
This template creates a Multi-AZ, multi-subnet VPC infrastructure with managed NAT
gateways in the public subnet for each Availability Zone. You can also create additional
private subnets with dedicated custom network access control lists (ACLs). If you
deploy the Quick Start in a region that doesn't support NAT gateways, NAT instances
are deployed instead. **WARNING** This template creates AWS resources. You will
be billed for the AWS resources used if you create a stack from this template. (qs-1qnnspaap)
Parameters:
AvailabilityZone1:
Description: Availability Zone 1 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
AvailabilityZone2:
Description: Availability Zone 2 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
CreateNATGateways:
AllowedValues:
- 'true'
- 'false'
Default: 'true'
Description: Set to false when creating only private subnets. If True, both CreatePublicSubnets and CreatePrivateSubnets must also be true.
Type: String
CreatePublicSubnets:
AllowedValues:
- 'true'
- 'false'
Default: 'true'
Description: Set to false to create only private subnets. If false, CreatePrivateSubnets must be True and the CIDR parameters for ALL public subnets will be ignored
Type: String
CreatePrivateSubnets:
AllowedValues:
- 'true'
- 'false'
Default: 'true'
Description: Set to false to create only public subnets. If false, the CIDR parameters
for ALL private subnets will be ignored.
Type: String
PrivateSubnet1ACIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Description: CIDR block for private subnet 1A located in Availability Zone 1
Type: String
PrivateSubnet2ACIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Description: CIDR block for private subnet 2A located in Availability Zone 2
Type: String
PrivateSubnetATag1:
AllowedPattern: ^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"'\[\]\{\}]*)?$
ConstraintDescription: tags must be in format "Key=Value" keys can only contain
[a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}]
Default: Network=Private
Description: tag to add to private subnets A, in format Key=Value (Optional)
Type: String
PrivateSubnetATag2:
AllowedPattern: ^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"'\[\]\{\}]*)?$
ConstraintDescription: tags must be in format "Key=Value" keys can only contain
[a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}]
Default: ''
Description: tag to add to private subnets A, in format Key=Value (Optional)
Type: String
PublicSubnet1CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Description: CIDR block for the public DMZ subnet 1 located in Availability Zone
1
Type: String
PublicSubnet2CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Description: CIDR block for the public DMZ subnet 2 located in Availability Zone
2
Type: String
PublicSubnetTag1:
AllowedPattern: ^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"'\[\]\{\}]*)?$
ConstraintDescription: tags must be in format "Key=Value" keys can only contain
[a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}]
Default: Network=Public
Description: tag to add to public subnets, in format Key=Value (Optional)
Type: String
PublicSubnetTag2:
AllowedPattern: ^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"'\[\]\{\}]*)?$
ConstraintDescription: tags must be in format "Key=Value" keys can only contain
[a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}]
Default: ''
Description: tag to add to public subnets, in format Key=Value (Optional)
Type: String
VPCCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Description: CIDR block for the VPC
Type: String
VPCTenancy:
AllowedValues:
- default
- dedicated
Default: default
Description: The allowed tenancy of instances launched into the VPC
Type: String
Rules:
NAT:
RuleCondition: !Equals [!Ref CreateNATGateways, 'true']
Assertions:
- Assert: !And
- !Equals [!Ref CreatePrivateSubnets, 'true']
- !Equals [!Ref CreatePublicSubnets, 'true']
AssertDescription: To enable NAT gateways you must have both CreatePrivateSubnets and CreatePublicSubnets set to 'true'
Subnets:
Assertions:
- Assert: !Or
- !Equals [!Ref CreatePrivateSubnets, 'true']
- !Equals [!Ref CreatePublicSubnets, 'true']
AssertDescription: At least one of CreatePublicSubnets or CreatePrivateSubnets must be set to 'true'
Conditions:
PrivateSubnetNatRoute: !And
- !Condition PrivateSubnetsCondition
- !Condition NATGatewaysCondition
NATGatewaysCondition: !Equals
- !Ref 'CreateNATGateways'
- 'true'
NVirginiaRegionCondition: !Equals
- !Ref 'AWS::Region'
- us-east-1
PrivateSubnetsCondition: !Equals
- !Ref 'CreatePrivateSubnets'
- 'true'
PublicSubnetsCondition: !Equals
- !Ref 'CreatePublicSubnets'
- 'true'
PrivateSubnetATag1Condition: !Not
- !Equals
- !Ref 'PrivateSubnetATag1'
- ''
PrivateSubnetATag2Condition: !Not
- !Equals
- !Ref 'PrivateSubnetATag2'
- ''
PublicSubnetTag1Condition: !Not
- !Equals
- !Ref 'PublicSubnetTag1'
- ''
PublicSubnetTag2Condition: !Not
- !Equals
- !Ref 'PublicSubnetTag2'
- ''
Resources:
DHCPOptions:
Type: AWS::EC2::DHCPOptions
Properties:
DomainName: !If
- NVirginiaRegionCondition
- ec2.internal
- !Sub '${AWS::Region}.compute.internal'
DomainNameServers:
- AmazonProvidedDNS
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref 'VPCCIDR'
InstanceTenancy: !Ref 'VPCTenancy'
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Ref 'AWS::StackName'
VPCDHCPOptionsAssociation:
Type: AWS::EC2::VPCDHCPOptionsAssociation
Properties:
VpcId: !Ref 'VPC'
DhcpOptionsId: !Ref 'DHCPOptions'
InternetGateway:
Condition: PublicSubnetsCondition
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Ref 'AWS::StackName'
VPCGatewayAttachment:
Condition: PublicSubnetsCondition
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref 'VPC'
InternetGatewayId: !Ref 'InternetGateway'
PrivateSubnet1A:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref 'VPC'
CidrBlock: !Ref 'PrivateSubnet1ACIDR'
AvailabilityZone: !Ref 'AvailabilityZone1'
Tags:
- Key: Name
Value: Private subnet 1A
- !If
- PrivateSubnetATag1Condition
- Key: !Select
- '0'
- !Split
- '='
- !Ref 'PrivateSubnetATag1'
Value: !Select
- '1'
- !Split
- '='
- !Ref 'PrivateSubnetATag1'
- !Ref 'AWS::NoValue'
- !If
- PrivateSubnetATag2Condition
- Key: !Select
- '0'
- !Split
- '='
- !Ref 'PrivateSubnetATag2'
Value: !Select
- '1'
- !Split
- '='
- !Ref 'PrivateSubnetATag2'
- !Ref 'AWS::NoValue'
PrivateSubnet2A:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref 'VPC'
CidrBlock: !Ref 'PrivateSubnet2ACIDR'
AvailabilityZone: !Ref 'AvailabilityZone2'
Tags:
- Key: Name
Value: Private subnet 2A
- !If
- PrivateSubnetATag1Condition
- Key: !Select
- '0'
- !Split
- '='
- !Ref 'PrivateSubnetATag1'
Value: !Select
- '1'
- !Split
- '='
- !Ref 'PrivateSubnetATag1'
- !Ref 'AWS::NoValue'
- !If
- PrivateSubnetATag2Condition
- Key: !Select
- '0'
- !Split
- '='
- !Ref 'PrivateSubnetATag2'
Value: !Select
- '1'
- !Split
- '='
- !Ref 'PrivateSubnetATag2'
- !Ref 'AWS::NoValue'
PublicSubnet1:
Condition: PublicSubnetsCondition
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref 'VPC'
CidrBlock: !Ref 'PublicSubnet1CIDR'
AvailabilityZone: !Ref 'AvailabilityZone1'
Tags:
- Key: Name
Value: Public subnet 1
- !If
- PublicSubnetTag1Condition
- Key: !Select
- '0'
- !Split
- '='
- !Ref 'PublicSubnetTag1'
Value: !Select
- '1'
- !Split
- '='
- !Ref 'PublicSubnetTag1'
- !Ref 'AWS::NoValue'
- !If
- PublicSubnetTag2Condition
- Key: !Select
- '0'
- !Split
- '='
- !Ref 'PublicSubnetTag2'
Value: !Select
- '1'
- !Split
- '='
- !Ref 'PublicSubnetTag2'
- !Ref 'AWS::NoValue'
MapPublicIpOnLaunch: true
PublicSubnet2:
Condition: PublicSubnetsCondition
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref 'VPC'
CidrBlock: !Ref 'PublicSubnet2CIDR'
AvailabilityZone: !Ref 'AvailabilityZone2'
Tags:
- Key: Name
Value: Public subnet 2
- !If
- PublicSubnetTag1Condition
- Key: !Select
- '0'
- !Split
- '='
- !Ref 'PublicSubnetTag1'
Value: !Select
- '1'
- !Split
- '='
- !Ref 'PublicSubnetTag1'
- !Ref 'AWS::NoValue'
- !If
- PublicSubnetTag2Condition
- Key: !Select
- '0'
- !Split
- '='
- !Ref 'PublicSubnetTag2'
Value: !Select
- '1'
- !Split
- '='
- !Ref 'PublicSubnetTag2'
- !Ref 'AWS::NoValue'
MapPublicIpOnLaunch: true
PrivateSubnet1ARouteTable:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'VPC'
Tags:
- Key: Name
Value: Private subnet 1A
- Key: Network
Value: Private
PrivateSubnet1ARoute:
Condition: PrivateSubnetNatRoute
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref 'PrivateSubnet1ARouteTable'
DestinationCidrBlock: '0.0.0.0/0'
NatGatewayId: !Ref 'NATGateway1'
PrivateSubnet1ARouteTableAssociation:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref 'PrivateSubnet1A'
RouteTableId: !Ref 'PrivateSubnet1ARouteTable'
PrivateSubnet2ARouteTable:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'VPC'
Tags:
- Key: Name
Value: Private subnet 2A
- Key: Network
Value: Private
PrivateSubnet2ARoute:
Condition: PrivateSubnetNatRoute
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref 'PrivateSubnet2ARouteTable'
DestinationCidrBlock: '0.0.0.0/0'
NatGatewayId: !Ref 'NATGateway2'
PrivateSubnet2ARouteTableAssociation:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref 'PrivateSubnet2A'
RouteTableId: !Ref 'PrivateSubnet2ARouteTable'
PublicSubnetRouteTable:
Condition: PublicSubnetsCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'VPC'
Tags:
- Key: Name
Value: Public Subnets
- Key: Network
Value: Public
PublicSubnetRoute:
Condition: PublicSubnetsCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref 'PublicSubnetRouteTable'
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref 'InternetGateway'
PublicSubnet1RouteTableAssociation:
Condition: PublicSubnetsCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref 'PublicSubnet1'
RouteTableId: !Ref 'PublicSubnetRouteTable'
PublicSubnet2RouteTableAssociation:
Condition: PublicSubnetsCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref 'PublicSubnet2'
RouteTableId: !Ref 'PublicSubnetRouteTable'
NAT1EIP:
Condition: NATGatewaysCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
NAT2EIP:
Condition: NATGatewaysCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
NATGateway1:
Condition: NATGatewaysCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt 'NAT1EIP.AllocationId'
SubnetId: !Ref 'PublicSubnet1'
NATGateway2:
Condition: NATGatewaysCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt 'NAT2EIP.AllocationId'
SubnetId: !Ref 'PublicSubnet2'
S3VPCEndpoint:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action: '*'
Effect: Allow
Resource: '*'
Principal: '*'
RouteTableIds:
- !Ref 'PrivateSubnet1ARouteTable'
- !Ref 'PrivateSubnet2ARouteTable'
ServiceName: !Sub 'com.amazonaws.${AWS::Region}.s3'
VpcId: !Ref 'VPC'
Outputs:
NAT1EIP:
Condition: NATGatewaysCondition
Description: NAT 1 IP address
Value: !Ref 'NAT1EIP'
NAT2EIP:
Condition: NATGatewaysCondition
Description: NAT 2 IP address
Value: !Ref 'NAT2EIP'
PrivateSubnet1ACIDR:
Condition: PrivateSubnetsCondition
Description: Private subnet 1A CIDR in Availability Zone 1
Value: !Ref 'PrivateSubnet1ACIDR'
PrivateSubnet1AID:
Condition: PrivateSubnetsCondition
Description: Private subnet 1A ID in Availability Zone 1
Value: !Ref 'PrivateSubnet1A'
PrivateSubnet2ACIDR:
Condition: PrivateSubnetsCondition
Description: Private subnet 2A CIDR in Availability Zone 2
Value: !Ref 'PrivateSubnet2ACIDR'
PrivateSubnet2AID:
Condition: PrivateSubnetsCondition
Description: Private subnet 2A ID in Availability Zone 2
Value: !Ref 'PrivateSubnet2A'
PublicSubnet1CIDR:
Condition: PublicSubnetsCondition
Description: Public subnet 1 CIDR in Availability Zone 1
Value: !Ref 'PublicSubnet1CIDR'
PublicSubnet1ID:
Condition: PublicSubnetsCondition
Description: Public subnet 1 ID in Availability Zone 1
Value: !Ref 'PublicSubnet1'
PublicSubnet2CIDR:
Condition: PublicSubnetsCondition
Description: Public subnet 2 CIDR in Availability Zone 2
Value: !Ref 'PublicSubnet2CIDR'
PublicSubnet2ID:
Condition: PublicSubnetsCondition
Description: Public subnet 2 ID in Availability Zone 2
Value: !Ref 'PublicSubnet2'
S3VPCEndpoint:
Condition: PrivateSubnetsCondition
Description: S3 VPC Endpoint
Value: !Ref 'S3VPCEndpoint'
PrivateSubnet1ARouteTable:
Condition: PrivateSubnetsCondition
Value: !Ref 'PrivateSubnet1ARouteTable'
Description: Private subnet 1A route table
PrivateSubnet2ARouteTable:
Condition: PrivateSubnetsCondition
Value: !Ref 'PrivateSubnet2ARouteTable'
Description: Private subnet 2A route table
PublicSubnetRouteTable:
Condition: PublicSubnetsCondition
Value: !Ref 'PublicSubnetRouteTable'
Description: Public subnet route table
VPCCIDR:
Value: !Ref 'VPCCIDR'
Description: VPC CIDR
VPCID:
Value: !Ref 'VPC'
Description: VPC ID

546
Amazon/cloudformation-modules/aws-vpc-module/schema.json Normal file
View File

@@ -0,0 +1,546 @@
{
"typeName": "JFrog::Vpc::MultiAz::MODULE",
"description": "Schema for Module Fragment of type JFrog::Vpc::MultiAz::MODULE",
"properties": {
"Parameters": {
"type": "object",
"properties": {
"AvailabilityZone1": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Availability Zone 1 to use for the subnets in the VPC. Two Availability Zones are used for this deployment."
},
"AvailabilityZone2": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Availability Zone 2 to use for the subnets in the VPC. Two Availability Zones are used for this deployment."
},
"CreateNATGateways": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Set to false when creating only private subnets. If True, both CreatePublicSubnets and CreatePrivateSubnets must also be true."
},
"CreatePublicSubnets": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Set to false to create only private subnets. If false, CreatePrivateSubnets must be True and the CIDR parameters for ALL public subnets will be ignored"
},
"CreatePrivateSubnets": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Set to false to create only public subnets. If false, the CIDR parameters for ALL private subnets will be ignored."
},
"PrivateSubnet1ACIDR": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for private subnet 1A located in Availability Zone 1"
},
"PrivateSubnet2ACIDR": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for private subnet 2A located in Availability Zone 2"
},
"PrivateSubnetATag1": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "tag to add to private subnets A, in format Key=Value (Optional)"
},
"PrivateSubnetATag2": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "tag to add to private subnets A, in format Key=Value (Optional)"
},
"PublicSubnet1CIDR": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for the public DMZ subnet 1 located in Availability Zone 1"
},
"PublicSubnet2CIDR": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for the public DMZ subnet 2 located in Availability Zone 2"
},
"PublicSubnetTag1": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "tag to add to public subnets, in format Key=Value (Optional)"
},
"PublicSubnetTag2": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "tag to add to public subnets, in format Key=Value (Optional)"
},
"VPCCIDR": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "CIDR block for the VPC"
},
"VPCTenancy": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The allowed tenancy of instances launched into the VPC"
}
}
},
"Resources": {
"properties": {
"DHCPOptions": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::DHCPOptions"
},
"Properties": {
"type": "object"
}
}
},
"VPC": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::VPC"
},
"Properties": {
"type": "object"
}
}
},
"VPCDHCPOptionsAssociation": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::VPCDHCPOptionsAssociation"
},
"Properties": {
"type": "object"
}
}
},
"InternetGateway": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::InternetGateway"
},
"Properties": {
"type": "object"
}
}
},
"VPCGatewayAttachment": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::VPCGatewayAttachment"
},
"Properties": {
"type": "object"
}
}
},
"PrivateSubnet1A": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::Subnet"
},
"Properties": {
"type": "object"
}
}
},
"PrivateSubnet2A": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::Subnet"
},
"Properties": {
"type": "object"
}
}
},
"PublicSubnet1": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::Subnet"
},
"Properties": {
"type": "object"
}
}
},
"PublicSubnet2": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::Subnet"
},
"Properties": {
"type": "object"
}
}
},
"PrivateSubnet1ARouteTable": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::RouteTable"
},
"Properties": {
"type": "object"
}
}
},
"PrivateSubnet1ARoute": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::Route"
},
"Properties": {
"type": "object"
}
}
},
"PrivateSubnet1ARouteTableAssociation": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::SubnetRouteTableAssociation"
},
"Properties": {
"type": "object"
}
}
},
"PrivateSubnet2ARouteTable": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::RouteTable"
},
"Properties": {
"type": "object"
}
}
},
"PrivateSubnet2ARoute": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::Route"
},
"Properties": {
"type": "object"
}
}
},
"PrivateSubnet2ARouteTableAssociation": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::SubnetRouteTableAssociation"
},
"Properties": {
"type": "object"
}
}
},
"PublicSubnetRouteTable": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::RouteTable"
},
"Properties": {
"type": "object"
}
}
},
"PublicSubnetRoute": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::Route"
},
"Properties": {
"type": "object"
}
}
},
"PublicSubnet1RouteTableAssociation": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::SubnetRouteTableAssociation"
},
"Properties": {
"type": "object"
}
}
},
"PublicSubnet2RouteTableAssociation": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::SubnetRouteTableAssociation"
},
"Properties": {
"type": "object"
}
}
},
"NAT1EIP": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::EIP"
},
"Properties": {
"type": "object"
}
}
},
"NAT2EIP": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::EIP"
},
"Properties": {
"type": "object"
}
}
},
"NATGateway1": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::NatGateway"
},
"Properties": {
"type": "object"
}
}
},
"NATGateway2": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::NatGateway"
},
"Properties": {
"type": "object"
}
}
},
"S3VPCEndpoint": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::VPCEndpoint"
},
"Properties": {
"type": "object"
}
}
}
},
"type": "object",
"additionalProperties": false
}
},
"additionalProperties": true
}

5
Amazon/cloudformation-modules/linux-bastion-module/.rpdk-config Normal file
View File

@@ -0,0 +1,5 @@
{
"artifact_type": "MODULE",
"typeName": "JFrog::Linux::Bastion::MODULE",
"settings": {}
}

602
Amazon/cloudformation-modules/linux-bastion-module/fragments/linux-bastion.template.yaml Normal file
View File

@@ -0,0 +1,602 @@
AWSTemplateFormatVersion: 2010-09-09
Description: LinuxBastion+VPC Jul,30,2020 (qs-1qup6ra99) (Please do not remove)
Parameters:
LogicalId :
Description : Logical Id of the MODULE
Type: String
BastionAMIOS:
AllowedValues:
- Amazon-Linux2-HVM
- CentOS-7-HVM
- Ubuntu-Server-20.04-LTS-HVM
- SUSE-SLES-15-HVM
Default: Amazon-Linux2-HVM
Description: The Linux distribution for the AMI to be used for the bastion instances.
Type: String
BastionHostName:
Default: 'LinuxBastion'
Description: The value used for the name tag of the bastion host
Type: String
BastionBanner:
Default: ""
Description: Banner text to display upon login.
Type: String
BastionTenancy:
Description: 'VPC tenancy to launch the bastion in. Options: ''dedicated'' or ''default'''
Type: String
Default: default
AllowedValues:
- dedicated
- default
BastionInstanceType:
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- t3.micro
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- t3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
Default: t2.micro
Description: Amazon EC2 instance type for the bastion instances.
Type: String
EnableBanner:
AllowedValues:
- 'true'
- 'false'
Default: 'false'
Description: To include a banner to be displayed when connecting via SSH to the
bastion, choose true.
Type: String
EnableTCPForwarding:
Type: String
Description: To enable TCP forwarding, choose true.
Default: 'false'
AllowedValues:
- 'true'
- 'false'
EnableX11Forwarding:
Type: String
Description: To enable X11 forwarding, choose true.
Default: 'false'
AllowedValues:
- 'true'
- 'false'
KeyPairName:
Description: Name of an existing public/private key pair. If you do not have one in this AWS Region,
please create it before continuing.
Type: 'AWS::EC2::KeyPair::KeyName'
NumBastionHosts:
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Description: The number of bastion hosts to create. The maximum number is four.
Type: String
PublicSubnet1Id:
Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
PublicSubnet2Id:
Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
QSS3BucketName:
AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$'
ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: aws-quickstart
Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can
include numbers, lowercase letters, uppercase letters, and hyphens (-). It
cannot start or end with a hyphen (-).
Type: String
QSS3BucketRegion:
Default: 'us-east-1'
Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.
Type: String
QSS3KeyPrefix:
AllowedPattern: '^([0-9a-zA-Z-.]+/)*$'
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase
letters, hyphens (-), dots (.) and forward slash (/). The prefix should
end with a forward slash (/).
Default: quickstart-linux-bastion/
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can
include numbers, lowercase letters, uppercase letters, hyphens (-), dots
(.) and forward slash (/) and it should end with a forward slash (/).
Type: String
RemoteAccessCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Description: Allowed CIDR block for external SSH access to the bastions.
Type: String
VPCID:
Description: 'ID of the VPC (e.g., vpc-0343606e).'
Type: 'AWS::EC2::VPC::Id'
AlternativeInitializationScript:
AllowedPattern: ^http.*|^$
ConstraintDescription: URL must begin with http
Description: An alternative initialization script to run during setup.
Default: ''
Type: String
OSImageOverride:
Description: The Region-specific image to use for the instance.
Type: String
Default: ''
EnvironmentVariables:
Description: A comma-separated list of environment variables for use in
bootstrapping. Variables must be in the format KEY=VALUE. VALUE cannot
contain commas.
Type: String
Default: ''
RootVolumeSize:
Description: The size in GB for the root EBS volume.
Type: Number
Default: '10'
Rules:
SubnetsInVPC:
Assertions:
- Assert:
'Fn::EachMemberIn':
- 'Fn::ValueOfAll':
- 'AWS::EC2::Subnet::Id'
- VpcId
- 'Fn::RefAll': 'AWS::EC2::VPC::Id'
AssertDescription: All subnets must exist in the VPC
Mappings:
AWSAMIRegionMap:
ap-northeast-1:
AMZNLINUX2: ami-0cc75a8978fbbc969
US2004HVM: ami-0461b11e2fad8c14a
CENTOS7HVM: ami-06a46da680048c8ae
SLES15HVM: ami-056ac8ad44e6a7e1f
ap-northeast-2:
AMZNLINUX2: ami-0bd7691bf6470fe9c
US2004HVM: ami-0dbad3c7f731477cb
CENTOS7HVM: ami-06e83aceba2cb0907
SLES15HVM: ami-0f81fff879bafe6b8
ap-south-1:
AMZNLINUX2: ami-0ebc1ac48dfd14136
US2004HVM: ami-0ebd654017556e025
CENTOS7HVM: ami-026f33d38b6410e30
SLES15HVM: ami-01be89269d32f2a16
ap-southeast-1:
AMZNLINUX2: ami-0cd31be676780afa7
US2004HVM: ami-0ba1d1f3433cd4c68
CENTOS7HVM: ami-07f65177cb990d65b
SLES15HVM: ami-070356c21596ddc67
ap-southeast-2:
AMZNLINUX2: ami-0ded330691a314693
US2004HVM: ami-02be36619a83e9a16
CENTOS7HVM: ami-0b2045146eb00b617
SLES15HVM: ami-0c4245381c67efb39
ca-central-1:
AMZNLINUX2: ami-013d1df4bcea6ba95
US2004HVM: ami-071c33c681c9d4a00
CENTOS7HVM: ami-04a25c39dc7a8aebb
SLES15HVM: ami-0c97d9b588207dad6
eu-central-1:
AMZNLINUX2: ami-0c115dbd34c69a004
US2004HVM: ami-0c2b1c303a2e4cb49
CENTOS7HVM: ami-0e8286b71b81c3cc1
SLES15HVM: ami-05dfd265ea534a3e9
me-south-1:
AMZNLINUX2: ami-01f41d49c363da2ad
US2004HVM: ami-07f9fe3f7a8c82448
CENTOS7HVM: ami-011c71a894b10f35b
SLES15HVM: ami-0252c6d3a59c7473b
ap-east-1:
AMZNLINUX2: ami-47317236
US2004HVM: ami-545b1825
CENTOS7HVM: ami-0e5c29e6c87a9644f
SLES15HVM: ami-0ad6e15bcbb2dbe38
eu-north-1:
AMZNLINUX2: ami-039609244d2810a6b
US2004HVM: ami-08baf9e3c347b7092
CENTOS7HVM: ami-05788af9005ef9a93
SLES15HVM: ami-0741fa1a008af40ad
eu-west-1:
AMZNLINUX2: ami-07d9160fa81ccffb5
US2004HVM: ami-0f1d11c92a9467c07
CENTOS7HVM: ami-0b850cf02cc00fdc8
SLES15HVM: ami-0a58a1b152ba55f1d
eu-west-2:
AMZNLINUX2: ami-0a13d44dccf1f5cf6
US2004HVM: ami-082335b69bcfdb15b
CENTOS7HVM: ami-09e5afc68eed60ef4
SLES15HVM: ami-01497522185aaa4ee
eu-west-3:
AMZNLINUX2: ami-093fa4c538885becf
US2004HVM: ami-00f6fb16625871821
CENTOS7HVM: ami-0cb72d2e599cffbf9
SLES15HVM: ami-0f238bd4c6fdbefb0
sa-east-1:
AMZNLINUX2: ami-018ccfb6b4745882a
US2004HVM: ami-083aa2af86ff2bd11
CENTOS7HVM: ami-0b30f38d939dd4b54
SLES15HVM: ami-0772af912976aa692
us-east-1:
AMZNLINUX2: ami-02354e95b39ca8dec
US2004HVM: ami-0758470213bdd23b1
CENTOS7HVM: ami-0affd4508a5d2481b
SLES15HVM: ami-0b1764f3d7d2e2316
us-gov-west-1:
AMZNLINUX2: ami-74c4f215
SLES15HVM: ami-57c0ba36
us-gov-east-1:
AMZNLINUX2: ami-30e00c41
SLES15HVM: ami-05e4bedfad53425e9
us-east-2:
AMZNLINUX2: ami-07c8bc5c1ce9598c3
US2004HVM: ami-07fb7bd53bacdfc16
CENTOS7HVM: ami-01e36b7901e884a10
SLES15HVM: ami-05ea824317ffc0c20
us-west-1:
AMZNLINUX2: ami-05655c267c89566dd
US2004HVM: ami-0cd230f950c3de5d8
CENTOS7HVM: ami-098f55b4287a885ba
SLES15HVM: ami-00e34a7624e5a7107
us-west-2:
AMZNLINUX2: ami-0873b46c45c11058d
US2004HVM: ami-056cb9ae6e2df09e8
CENTOS7HVM: ami-0bc06212a56393ee1
SLES15HVM: ami-0f1e3b3fb0fec0361
cn-north-1:
AMZNLINUX2: ami-010e92a33d9d1fc40
CENTOS7HVM: ami-0e02aaefeb74c3373
SLES15HVM: ami-021392849b6221a81
cn-northwest-1:
AMZNLINUX2: ami-0959f8e18a2aac0fb
CENTOS7HVM: ami-07183a7702633260b
SLES15HVM: ami-00e1de3ee6d0d28ea
LinuxAMINameMap:
Amazon-Linux2-HVM:
Code: AMZNLINUX2
OS: Amazon
CentOS-7-HVM:
Code: CENTOS7HVM
OS: CentOS
Ubuntu-Server-18.04-LTS-HVM:
Code: US1804HVM
OS: Ubuntu
Ubuntu-Server-20.04-LTS-HVM:
Code: US2004HVM
OS: Ubuntu
SUSE-SLES-15-HVM:
Code: SLES15HVM
OS: SLES
Conditions:
2BastionCondition: !Or
- !Equals
- !Ref NumBastionHosts
- '2'
- !Condition 3BastionCondition
- !Condition 4BastionCondition
3BastionCondition: !Or
- !Equals
- !Ref NumBastionHosts
- '3'
- !Condition 4BastionCondition
4BastionCondition: !Equals
- !Ref NumBastionHosts
- '4'
UseAlternativeInitialization: !Not
- !Equals
- !Ref AlternativeInitializationScript
- ''
UseOSImageOverride: !Not
- !Equals
- !Ref OSImageOverride
- ''
UsingDefaultBucket: !Equals
- !Ref QSS3BucketName
- 'aws-quickstart'
DefaultBanner: !Equals [!Ref BastionBanner, ""]
Resources:
BastionMainLogGroup:
Type: 'AWS::Logs::LogGroup'
SSHMetricFilter:
Type: 'AWS::Logs::MetricFilter'
Properties:
LogGroupName: !Ref BastionMainLogGroup
FilterPattern: ON FROM USER PWD
MetricTransformations:
- MetricName: SSHCommandCount
MetricValue: '1'
MetricNamespace: !Sub "AWSQuickStart/${AWS::StackName}"
BastionHostRole:
Type: 'AWS::IAM::Role'
Properties:
Path: /
AssumeRolePolicyDocument:
Statement:
- Action:
- 'sts:AssumeRole'
Principal:
Service:
- !Sub 'ec2.${AWS::URLSuffix}'
Effect: Allow
Version: 2012-10-17
ManagedPolicyArns:
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore'
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy'
BastionHostPolicy:
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: BastionPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 's3:GetObject'
Resource: !Sub
- arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}*
- S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Effect: Allow
- Action:
- 'logs:CreateLogStream'
- 'logs:GetLogEvents'
- 'logs:PutLogEvents'
- 'logs:DescribeLogGroups'
- 'logs:DescribeLogStreams'
- 'logs:PutRetentionPolicy'
- 'logs:PutMetricFilter'
- 'logs:CreateLogGroup'
Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${BastionMainLogGroup}:*"
Effect: Allow
- Action:
- 'ec2:AssociateAddress'
- 'ec2:DescribeAddresses'
Resource: '*'
Effect: Allow
Roles:
- !Ref BastionHostRole
BastionHostProfile:
DependsOn: BastionHostPolicy
Type: 'AWS::IAM::InstanceProfile'
Properties:
Roles:
- !Ref BastionHostRole
Path: /
EIP1:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
EIP2:
Type: 'AWS::EC2::EIP'
Condition: 2BastionCondition
Properties:
Domain: vpc
EIP3:
Type: 'AWS::EC2::EIP'
Condition: 3BastionCondition
Properties:
Domain: vpc
EIP4:
Type: 'AWS::EC2::EIP'
Condition: 4BastionCondition
Properties:
Domain: vpc
BastionAutoScalingGroup:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
LaunchConfigurationName: !Ref BastionLaunchConfiguration
VPCZoneIdentifier:
- !Ref PublicSubnet1Id
- !Ref PublicSubnet2Id
MinSize: !Ref NumBastionHosts
MaxSize: !Ref NumBastionHosts
Cooldown: '900'
DesiredCapacity: !Ref NumBastionHosts
Tags:
- Key: Name
Value: !Ref BastionHostName
PropagateAtLaunch: true
CreationPolicy:
ResourceSignal:
Count: !Ref NumBastionHosts
Timeout: PT60M
AutoScalingCreationPolicy:
MinSuccessfulInstancesPercent: 100
UpdatePolicy:
AutoScalingReplacingUpdate:
WillReplace: true
BastionLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
'AWS::CloudFormation::Authentication':
S3AccessCreds:
type: S3
roleName: !Ref BastionHostRole
buckets:
- !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
'AWS::CloudFormation::Init':
config:
files:
/tmp/auditd.rules:
mode: '000550'
owner: root
group: root
content: |
-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve
/tmp/auditing_configure.sh:
source: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/auditing_configure.sh
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QSS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QSS3BucketRegion'
mode: '000550'
owner: root
group: root
authentication: S3AccessCreds
/tmp/bastion_bootstrap.sh:
source: !If
- UseAlternativeInitialization
- !Ref AlternativeInitializationScript
- !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/bastion_bootstrap.sh
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QSS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QSS3BucketRegion'
mode: '000550'
owner: root
group: root
authentication: S3AccessCreds
commands:
a-add_auditd_rules:
cwd: '/tmp/'
env:
BASTION_OS: !FindInMap [LinuxAMINameMap, !Ref BastionAMIOS, OS]
command: "./auditing_configure.sh"
# command:
# - !If [ ]
# - "cat /tmp/auditd.rules >> /etc/audit/rules.d/audit.rules && service auditd restart"
b-bootstrap:
cwd: '/tmp/'
env:
REGION: !Sub ${AWS::Region}
URL_SUFFIX: !Sub ${AWS::URLSuffix}
BANNER_REGION: !If [ UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QSS3BucketRegion' ]
command: !Sub
- "./bastion_bootstrap.sh --banner ${BannerUrl} --enable ${EnableBanner} --tcp-forwarding ${EnableTCPForwarding} --x11-forwarding ${EnableX11Forwarding}"
- BannerUrl: !If
- DefaultBanner
- !Sub
- s3://${S3Bucket}/${QSS3KeyPrefix}scripts/banner_message.txt
- S3Bucket: !If [ UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref 'QSS3BucketName' ]
- !Ref BastionBanner
Properties:
AssociatePublicIpAddress: true
PlacementTenancy: !Ref BastionTenancy
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref BastionHostProfile
ImageId: !If
- UseOSImageOverride
- !Ref OSImageOverride
- !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !FindInMap
- LinuxAMINameMap
- !Ref BastionAMIOS
- Code
SecurityGroups:
- !Ref BastionSecurityGroup
InstanceType: !Ref BastionInstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref RootVolumeSize
VolumeType: gp2
Encrypted: true
DeleteOnTermination: true
UserData:
Fn::Base64: !Sub
- |
#!/bin/bash
set -x
for e in $(echo "${EnvironmentVariables}" | tr ',' ' '); do
export $e
done
export PATH=$PATH:/usr/local/bin
#cfn signaling functions
yum install git -y || apt-get install -y git || zypper -n install git
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ${LogicalId}BastionAutoScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ${LogicalId}BastionAutoScalingGroup
exit 0
}
until git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git ; do echo "Retrying"; done
cd /quickstart-linux-utilities;
source quickstart-cfn-tools.source;
qs_update-os || qs_err;
qs_bootstrap_pip || qs_err " pip bootstrap failed ";
qs_aws-cfn-bootstrap || qs_err " cfn bootstrap failed ";
EIP_LIST="${EIP1},${EIP2},${EIP3},${EIP4}"
CLOUDWATCHGROUP=${BastionMainLogGroup}
cfn-init -v --stack '${AWS::StackName}' --resource ${LogicalId}BastionLaunchConfiguration --region ${AWS::Region} || cfn_fail
[ $(qs_status) == 0 ] && cfn_success || cfn_fail
- EIP2:
!If
- 2BastionCondition
- !Ref EIP2
- 'Null'
EIP3:
!If
- 3BastionCondition
- !Ref EIP3
- 'Null'
EIP4:
!If
- 4BastionCondition
- !Ref EIP4
- 'Null'
BastionSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enables SSH Access to Bastion Hosts
VpcId: !Ref VPCID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref RemoteAccessCIDR
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: !Ref RemoteAccessCIDR
Outputs:
BastionAutoScalingGroup:
Description: Auto Scaling Group Reference ID
Value: !Ref BastionAutoScalingGroup
EIP1:
Description: Elastic IP 1 for Bastion
Value: !Ref EIP1
EIP2:
Condition: 2BastionCondition
Description: Elastic IP 2 for Bastion
Value: !Ref EIP2
EIP3:
Condition: 3BastionCondition
Description: Elastic IP 3 for Bastion
Value: !Ref EIP3
EIP4:
Condition: 4BastionCondition
Description: Elastic IP 4 for Bastion
Value: !Ref EIP4
CloudWatchLogs:
Description: CloudWatch Logs GroupName. Your SSH logs will be stored here.
Value: !Ref BastionMainLogGroup
BastionSecurityGroupID:
Description: Bastion Security Group ID
Value: !Ref BastionSecurityGroup
BastionHostRole:
Description: Bastion IAM Role name
Value: !Ref BastionHostRole

514
Amazon/cloudformation-modules/linux-bastion-module/schema.json Normal file
View File

@@ -0,0 +1,514 @@
{
"typeName": "JFrog::Linux::Bastion::MODULE",
"description": "Schema for Module Fragment of type JFrog::Linux::Bastion::MODULE",
"properties": {
"Parameters": {
"type": "object",
"properties": {
"LogicalId": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Logical Id of the MODULE"
},
"BastionAMIOS": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The Linux distribution for the AMI to be used for the bastion instances."
},
"BastionHostName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The value used for the name tag of the bastion host"
},
"BastionBanner": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Banner text to display upon login."
},
"BastionTenancy": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "VPC tenancy to launch the bastion in. Options: 'dedicated' or 'default'"
},
"BastionInstanceType": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Amazon EC2 instance type for the bastion instances."
},
"EnableBanner": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "To include a banner to be displayed when connecting via SSH to the bastion, choose true."
},
"EnableTCPForwarding": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "To enable TCP forwarding, choose true."
},
"EnableX11Forwarding": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "To enable X11 forwarding, choose true."
},
"KeyPairName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Name of an existing public/private key pair. If you do not have one in this AWS Region, please create it before continuing."
},
"NumBastionHosts": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The number of bastion hosts to create. The maximum number is four."
},
"PublicSubnet1Id": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab)."
},
"PublicSubnet2Id": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab)."
},
"QSS3BucketName": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)."
},
"QSS3BucketRegion": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value."
},
"QSS3KeyPrefix": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), dots (.) and forward slash (/) and it should end with a forward slash (/)."
},
"RemoteAccessCIDR": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "Allowed CIDR block for external SSH access to the bastions."
},
"VPCID": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "ID of the VPC (e.g., vpc-0343606e)."
},
"AlternativeInitializationScript": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "An alternative initialization script to run during setup."
},
"OSImageOverride": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The Region-specific image to use for the instance."
},
"EnvironmentVariables": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "A comma-separated list of environment variables for use in bootstrapping. Variables must be in the format KEY=VALUE. VALUE cannot contain commas."
},
"RootVolumeSize": {
"type": "object",
"properties": {
"Type": {
"type": "string"
},
"Description": {
"type": "string"
}
},
"required": [
"Type",
"Description"
],
"description": "The size in GB for the root EBS volume."
}
}
},
"Resources": {
"properties": {
"BastionMainLogGroup": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::Logs::LogGroup"
},
"Properties": {
"type": "object"
}
}
},
"SSHMetricFilter": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::Logs::MetricFilter"
},
"Properties": {
"type": "object"
}
}
},
"BastionHostRole": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::IAM::Role"
},
"Properties": {
"type": "object"
}
}
},
"BastionHostPolicy": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::IAM::Policy"
},
"Properties": {
"type": "object"
}
}
},
"BastionHostProfile": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::IAM::InstanceProfile"
},
"Properties": {
"type": "object"
}
}
},
"EIP1": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::EIP"
},
"Properties": {
"type": "object"
}
}
},
"EIP2": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::EIP"
},
"Properties": {
"type": "object"
}
}
},
"EIP3": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::EIP"
},
"Properties": {
"type": "object"
}
}
},
"EIP4": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::EIP"
},
"Properties": {
"type": "object"
}
}
},
"BastionAutoScalingGroup": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::AutoScaling::AutoScalingGroup"
},
"Properties": {
"type": "object"
}
}
},
"BastionLaunchConfiguration": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::AutoScaling::LaunchConfiguration"
},
"Properties": {
"type": "object"
}
}
},
"BastionSecurityGroup": {
"type": "object",
"properties": {
"Type": {
"type": "string",
"const": "AWS::EC2::SecurityGroup"
},
"Properties": {
"type": "object"
}
}
}
},
"type": "object",
"additionalProperties": false
}
},
"additionalProperties": true
}

60
Amazon/cloudformation-modules/test-cfts/.taskcat.yml Normal file
View File

@@ -0,0 +1,60 @@
project:
name: quickstart-jfrog-artifactory
owner: quickstart-eng@amazon.com
s3_object_acl: private
s3_regional_buckets: true
shorten_stack_name: true
regions:
- us-west-2
parameters:
KeyPairName : "vinaykey1"
ArtifactoryVersion : 7.18.6
XrayVersion : 3.24.2
RemoteAccessCidr : "0.0.0.0/0"
AccessCidr : "0.0.0.0/0"
QsS3BucketName : "jfrog-aws"
QsS3KeyPrefix : "artifactory7/latest/"
QsS3BucketRegion : "us-east-1"
MasterKey : "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
SmLicenseName : "jfrog-artifactory"
SmCertName : "jfrog.tech-certificates"
tests:
new-vpc:
parameters:
AvailabilityZone1: "us-east-1a"
AvailabilityZone2: "us-east-1b"
DatabasePassword: "$[taskcat_genpass_8A]"
NumberOfSecondary: 2
ArtifactoryServerName: "artifactory"
InstallXray: "true"
XrayDatabasePassword: "$[taskcat_genpass_8A]"
XrayNumberOfInstances: 2
template: new-vpc.yaml
regions:
- us-east-1
existing-vpc:
parameters:
AvailabilityZone1: "us-west-2a"
AvailabilityZone2: "us-west-2b"
DatabasePassword: "$[taskcat_genpass_8A]"
NumberOfSecondary: "2"
ArtifactoryServerName: "artifactory"
InstallXray: "true"
XrayDatabasePassword: "$[taskcat_genpass_8A]"
XrayNumberOfInstances: 2
MultiAzDatabase: "true"
DatabaseInstance: "db.m5.large"
# us-east-1
VpcId : "vpc-0e577f295d10288d2"
PublicSubnet1Id: "subnet-02876fed3e23adca6"
PublicSubnet2Id: "subnet-00604281070fd1f32"
PrivateSubnet1Id: "subnet-088755aa140290fa8"
PrivateSubnet2Id: "subnet-05ef6759d603c8d32"
DatabasePreferredAz : us-west-2a
template: existing-vpc.yaml
regions:
- us-west-2

15
Amazon/cloudformation-modules/test-cfts/README.MD Normal file
View File

@@ -0,0 +1,15 @@
# Taskcat commands
```
taskcat test run -n -l -t existing-vpc
```
# CFN commands
```
cfn submit
```
```
aws cloudformation set-type-default-version --type-name JFrog::Artifactory::NewVpc::MODULE --version-id 00000010 --type MODULE
```

603
Amazon/cloudformation-modules/test-cfts/create-vpc.yaml Normal file
View File

@@ -0,0 +1,603 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)'
Metadata:
QuickStartDocumentation:
EntrypointName: "Launch into a new VPC"
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Security configuration
Parameters:
- KeyPairName
- AccessCidr
- RemoteAccessCidr
- Label:
default: Network configuration
Parameters:
- AvailabilityZones
- VpcCidr
- PrivateSubnet1Cidr
- PrivateSubnet2Cidr
- PublicSubnet1Cidr
- PublicSubnet2Cidr
- Label:
default: Bastion configuration
Parameters:
- ProvisionBastionHost
- BastionInstanceType
- BastionOs
- BastionRootVolumeSize
- BastionEnableTcpForwarding
- NumBastionHosts
- BastionEnableX11Forwarding
- Label:
default: Amazon EC2 configuration
Parameters:
- VolumeSize
- InstanceType
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryProduct
- ArtifactoryVersion
- NumberOfSecondary
- SmLicenseName
- SmCertName
- ArtifactoryServerName
- MasterKey
- ExtraJavaOptions
- DefaultJavaMemSettings
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseName
- DatabaseEngine
- DatabaseUser
- DatabasePassword
- DatabaseInstance
- DatabaseAllocatedStorage
- DatabasePreferredAz
- MultiAzDatabase
- Label:
default: AWS Quick Start configuration
Parameters:
- QsS3BucketName
- QsS3KeyPrefix
- QsS3BucketRegion
- Label:
default: JFrog Xray Configuration
Parameters:
- InstallXray
- XrayVersion
- XrayNumberOfInstances
- XrayInstanceType
- XrayDatabaseUser
- XrayDatabasePassword
ParameterLabels:
AvailabilityZones:
default: Availability Zones
KeyPairName:
default: SSH key name
PrivateSubnet1Cidr:
default: Private subnet 1 CIDR
PrivateSubnet2Cidr:
default: Private subnet 2 CIDR
PublicSubnet1Cidr:
default: Public subnet 1 CIDR
PublicSubnet2Cidr:
default: Public subnet 2 CIDR
AccessCidr:
default: Permitted IP range
RemoteAccessCidr:
default: Remote access CIDR
VpcCidr:
default: VPC CIDR
ProvisionBastionHost:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTcpForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOs:
default: Bastion operating system
NumBastionHosts:
default: Number of bastion instances
VolumeSize:
default: EBS root volume size
InstanceType:
default: EC2 instance type
NumberOfSecondary:
default: Secondary instances
ArtifactoryProduct:
default: Artifactory product to install
ArtifactoryVersion:
default: Artifactory version
SmLicenseName:
default: Artifactory licenses secret name
SmCertName:
default: Artifactory certificate secret name
ArtifactoryServerName:
default: Artifactory server name
MasterKey:
default: Master server key
ExtraJavaOptions:
default: Extra Java options
DefaultJavaMemSettings:
default: Default Java memory settings
DatabaseName:
default: Database name
DatabaseEngine:
default: Database engine
DatabaseUser:
default: Database user
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DatabaseAllocatedStorage:
default: Database allocated storage
DatabasePreferredAz:
default: Database preferred Availability Zone
MultiAzDatabase:
default: High-availability database
QsS3BucketName:
default: Quick Start S3 bucket name
QsS3KeyPrefix:
default: Quick Start S3 key prefix
QsS3BucketRegion:
default: Quick Start S3 bucket region
InstallXray:
default: Install JFrog Xray
XrayVersion:
default: Version of Xray to install
XrayNumberOfInstances:
default: Number of JFrog XrayNumberOfInstances
XrayInstanceType:
default: Xray instance type
XrayDatabaseUser:
default: Xray Database user
XrayDatabasePassword:
default: Xray Database password
Parameters:
VpcCidr:
Description: CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
KeyPairName:
Description: Name of an existing key pair,
which allows you to connect securely to your instance after it launches.
This is the key pair you created in your preferred Region.
Type: AWS::EC2::KeyPair::KeyName
PrivateSubnet1Cidr:
Description: CIDR block for private subnet 1 located in Availability Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
Description: CIDR block for private subnet 2 located in Availability Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PublicSubnet1Cidr:
Description: CIDR block for the public (DMZ) subnet 1 located in Availability
Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Type: String
PublicSubnet2Cidr:
Description: CIDR block for the public (DMZ) subnet 2 located in Availability
Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Type: String
AccessCidr:
Description: CIDR IP range permitted to access Artifactory.
It is recommended that you set this value to a trusted IP range.
For example, you may want to limit software access to your corporate network.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
It is recommended that you set this value to a trusted IP range.
For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
ProvisionBastionHost:
Description: To skip creating a bastion instance, choose Disabled. Because Artifactory nodes are
created in private subnets, it's highly recommended to set this value to Enabled.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
BastionInstanceType:
Description: Size of the bastion instances.
AllowedValues:
- t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
Default: "t3.micro"
Type: String
BastionRootVolumeSize:
Description: Size of the root volume in the bastion instances.
Default: 10
Type: Number
BastionEnableTcpForwarding:
Description: Choose whether to enable TCP forwarding via bootstrapping of the bastion
instance.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via bootstrapping of the bastion host.
Setting this value to true enables X Windows over SSH.
X11 forwarding can be useful, but it is also a security risk, so it's recommended
that you keep the default (false) setting.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOs:
Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux2-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-20.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux2-HVM"
Type: String
NumBastionHosts:
Description: Number of bastion instances to create.
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Type: String
VolumeSize:
Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 200
Type: Number
InstanceType:
Description: EC2 instance type for the Artifactory instances.
AllowedValues:
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
ConstraintDescription: Must contain valid instance type.
Default: m5.xlarge
Type: String
NumberOfSecondary:
Description: Number of secondary Artifactory servers to complete your
HA deployment. To align with Artifactory best practices, the minimum number
is two, and the maximum is seven. Do not select more instances than you
have licenses for.
AllowedValues:
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryProduct:
Description: JFrog Artifactory product you want to install into an AMI.
AllowedValues:
- JFrog-Artifactory-Pro
- JFrog-Artifactory-Enterprise
- JFrog-Container-Registry
Default: JFrog-Artifactory-Enterprise
Type: String
ArtifactoryVersion:
Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes.
Default: 7.17.5
Type: String
SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: ''
Type: String
ArtifactoryServerName:
Description: Name of your Artifactory server. Ensure that this matches your certificate.
Type: String
MasterKey:
Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
ExtraJavaOptions:
Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory
system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware.
Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings.
Default: -Xss256k -XX:+UseG1GC
Type: String
DefaultJavaMemSettings:
Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM.
If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
DatabaseName:
Description: Name of your database instance. The name must be unique across all instances
owned by your AWS account in the current Region. The database instance identifier is case-insensitive,
but it's stored in lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseEngine:
Description: Database engine that you want to run.
AllowedValues:
- Postgres
Default: Postgres
Type: String
DatabaseUser:
Description: Login ID for the master user of your database instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter.
Default: artifactory
Type: String
DatabasePassword:
Description: Password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: Size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.10xlarge
- db.m5.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m5.large
Type: String
DatabaseAllocatedStorage:
Description: Size in gigabytes of available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
DatabasePreferredAz:
Description: Preferred availability zone for Amazon RDS primary instance
Type: String
Default: ''
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
QsS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: aws-quickstart
Type: String
QsS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Type: String
QsS3BucketRegion:
Default: 'us-east-1'
Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.
Type: String
InstallXray:
Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start.
Default: 3.22.1
Type: String
XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your
HA deployment. The minimum number is one; the maximum is seven.
Do not select more than instances than you have licenses for.
MinValue: 1
MaxValue: 7
Default: 1
Type: Number
XrayInstanceType:
Description: The EC2 instance type for the Xray instances.
AllowedValues:
- c5.2xlarge
- c5.4xlarge
ConstraintDescription: Must contain valid instance type.
Default: c5.2xlarge
Type: String
XrayDatabaseUser:
Description: The login ID for the Xray database user.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter.
Default: xray
Type: String
XrayDatabasePassword:
Description: The password for the Xray database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
# Conditions:
# UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart']
Resources:
ArtifactoryVpcStack:
Type: JFrog::Vpc::MultiAz::MODULE
Properties:
AvailabilityZones: "us-east-1a,us-east-1b"
KeyPairName: "vinaykey1"
NumberOfAZs: '2'
PrivateSubnet1ACIDR:
Ref: PrivateSubnet1Cidr
PrivateSubnet2ACIDR:
Ref: PrivateSubnet2Cidr
PublicSubnet1CIDR:
Ref: PublicSubnet1Cidr
PublicSubnet2CIDR:
Ref: PublicSubnet2Cidr
VPCCIDR:
Ref: VpcCidr
# ArtifactoryExistingVpcStack:
# Type: AWS::CloudFormation::Stack
# Properties:
# TemplateURL: !Sub
# - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-existing-vpc.template.yaml
# - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName']
# S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion']
# Parameters:
# AvailabilityZones:
# Fn::Join:
# - ','
# - Ref: AvailabilityZones
# KeyPairName: !Ref KeyPairName
# VpcId: !GetAtt ArtifactoryVpcStack.Outputs.VPCID
# VpcCidr: !Ref VpcCidr
# PublicSubnet1Id: !GetAtt ArtifactoryVpcStack.Outputs.PublicSubnet1ID
# PublicSubnet2Id: !GetAtt ArtifactoryVpcStack.Outputs.PublicSubnet2ID
# PrivateSubnet1Id: !GetAtt ArtifactoryVpcStack.Outputs.PrivateSubnet1AID
# PrivateSubnet2Id: !GetAtt ArtifactoryVpcStack.Outputs.PrivateSubnet2AID
# PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr
# PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr
# AccessCidr: !Ref AccessCidr
# RemoteAccessCidr: !Ref RemoteAccessCidr
# ProvisionBastionHost: !Ref ProvisionBastionHost
# BastionInstanceType: !Ref BastionInstanceType
# BastionRootVolumeSize: !Ref BastionRootVolumeSize
# BastionEnableTcpForwarding: !Ref BastionEnableTcpForwarding
# BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding
# BastionOs: !Ref BastionOs
# NumBastionHosts: !Ref NumBastionHosts
# VolumeSize: !Ref VolumeSize
# InstanceType: !Ref InstanceType
# NumberOfSecondary: !Ref NumberOfSecondary
# ArtifactoryProduct: !Ref ArtifactoryProduct
# ArtifactoryVersion: !Ref ArtifactoryVersion
# SmLicenseName: !Ref SmLicenseName
# SmCertName: !Ref SmCertName
# ArtifactoryServerName: !Ref ArtifactoryServerName
# MasterKey: !Ref MasterKey
# ExtraJavaOptions: !Ref ExtraJavaOptions
# DefaultJavaMemSettings: !Ref DefaultJavaMemSettings
# DatabaseName: !Ref DatabaseName
# DatabaseEngine: !Ref DatabaseEngine
# DatabaseUser: !Ref DatabaseUser
# DatabasePassword: !Ref DatabasePassword
# DatabaseInstance: !Ref DatabaseInstance
# DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
# DatabasePreferredAz: !Ref DatabasePreferredAz
# MultiAzDatabase: !Ref MultiAzDatabase
# QsS3BucketName: !Ref QsS3BucketName
# QsS3KeyPrefix: !Ref QsS3KeyPrefix
# QsS3BucketRegion: !Ref QsS3BucketRegion
# InstallXray: !Ref InstallXray
# XrayVersion: !Ref XrayVersion
# XrayNumberOfInstances: !Ref XrayNumberOfInstances
# XrayInstanceType: !Ref XrayInstanceType
# XrayDatabaseUser: !Ref XrayDatabaseUser
# XrayDatabasePassword: !Ref XrayDatabasePassword
# Outputs:
# ArtifactoryUrl:
# Description: URL of the ELB to access Artifactory
# Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl}
# BastionIp:
# Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.BastionIp}
# Description: Bastion host IP, for admin access via SSH

602
Amazon/cloudformation-modules/test-cfts/existing-vpc.yaml Normal file
View File

@@ -0,0 +1,602 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)'
Metadata:
QuickStartDocumentation:
EntrypointName: "Launch into a new VPC"
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Security configuration
Parameters:
- KeyPairName
- AccessCidr
- RemoteAccessCidr
- Label:
default: Network configuration
Parameters:
- AvailabilityZones
- VpcCidr
- PrivateSubnet1Cidr
- PrivateSubnet2Cidr
- PublicSubnet1Cidr
- PublicSubnet2Cidr
- VpcId
- PublicSubnetIds
- PrivateSubnetIds
- Label:
default: Bastion configuration
Parameters:
- EnableBastion
- BastionInstanceType
- BastionOs
- BastionRootVolumeSize
- BastionEnableTcpForwarding
- NumBastionHosts
- BastionEnableX11Forwarding
- Label:
default: Amazon EC2 configuration
Parameters:
- VolumeSize
- InstanceType
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryProduct
- ArtifactoryVersion
- NumberOfSecondary
- SmLicenseName
- SmCertName
- ArtifactoryServerName
- MasterKey
- ExtraJavaOptions
- DefaultJavaMemSettings
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseName
- DatabaseEngine
- DatabaseUser
- DatabasePassword
- DatabaseInstance
- DatabaseAllocatedStorage
- DatabasePreferredAz
- MultiAzDatabase
- Label:
default: AWS Quick Start configuration
Parameters:
- QsS3BucketName
- QsS3KeyPrefix
- QsS3BucketRegion
- Label:
default: JFrog Xray Configuration
Parameters:
- InstallXray
- XrayVersion
- XrayNumberOfInstances
- XrayInstanceType
- XrayDatabaseUser
- XrayDatabasePassword
ParameterLabels:
AvailabilityZones:
default: Availability Zones
KeyPairName:
default: SSH key name
PrivateSubnet1Cidr:
default: Private subnet 1 CIDR
PrivateSubnet2Cidr:
default: Private subnet 2 CIDR
PublicSubnet1Cidr:
default: Public subnet 1 CIDR
PublicSubnet2Cidr:
default: Public subnet 2 CIDR
VpcId:
default: VPC ID
PublicSubnetIds:
default: Public subnet 1 and subnet 2 ID
PrivateSubnetIds:
default: Private subnet 1 and subnet 2 ID
AccessCidr:
default: Permitted IP range
RemoteAccessCidr:
default: Remote access CIDR
VpcCidr:
default: VPC CIDR
EnableBastion:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTcpForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOs:
default: Bastion operating system
NumBastionHosts:
default: Number of bastion instances
VolumeSize:
default: EBS root volume size
InstanceType:
default: EC2 instance type
NumberOfSecondary:
default: Secondary instances
ArtifactoryProduct:
default: Artifactory product to install
ArtifactoryVersion:
default: Artifactory version
SmLicenseName:
default: Artifactory licenses secret name
SmCertName:
default: Artifactory certificate secret name
ArtifactoryServerName:
default: Artifactory server name
MasterKey:
default: Master server key
ExtraJavaOptions:
default: Extra Java options
DefaultJavaMemSettings:
default: Default Java memory settings
DatabaseName:
default: Database name
DatabaseEngine:
default: Database engine
DatabaseUser:
default: Database user
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DatabaseAllocatedStorage:
default: Database allocated storage
DatabasePreferredAz:
default: Database preferred Availability Zone
MultiAzDatabase:
default: High-availability database
QsS3BucketName:
default: Quick Start S3 bucket name
QsS3KeyPrefix:
default: Quick Start S3 key prefix
QsS3BucketRegion:
default: Quick Start S3 bucket region
InstallXray:
default: Install JFrog Xray
XrayVersion:
default: Version of Xray to install
XrayNumberOfInstances:
default: Number of JFrog XrayNumberOfInstances
XrayInstanceType:
default: Xray instance type
XrayDatabaseUser:
default: Xray Database user
XrayDatabasePassword:
default: Xray Database password
Parameters:
VpcCidr:
Description: CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
AvailabilityZone1:
Description: Availability Zone 1 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
AvailabilityZone2:
Description: Availability Zone 2 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
KeyPairName:
Description: Name of an existing key pair,
which allows you to connect securely to your instance after it launches.
This is the key pair you created in your preferred Region.
Type: AWS::EC2::KeyPair::KeyName
PrivateSubnet1Cidr:
Description: CIDR block for private subnet 1 located in Availability Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
Description: CIDR block for private subnet 2 located in Availability Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PublicSubnet1Cidr:
Description: CIDR block for the public (DMZ) subnet 1 located in Availability
Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Type: String
PublicSubnet2Cidr:
Description: CIDR block for the public (DMZ) subnet 2 located in Availability
Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Type: String
VpcId:
Description: ID of your existing VPC (e.g., vpc-0343606e).
Type: "AWS::EC2::VPC::Id"
PrivateSubnet2Id:
Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
PrivateSubnet1Id:
Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
PublicSubnet1Id:
Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
PublicSubnet2Id:
Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: AWS::EC2::Subnet::Id
AccessCidr:
Description: CIDR IP range permitted to access Artifactory.
It is recommended that you set this value to a trusted IP range.
For example, you may want to limit software access to your corporate network.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
It is recommended that you set this value to a trusted IP range.
For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
EnableBastion:
Description: If set to true, a bastion host will be created.
Default: "true"
Type: String
AllowedValues:
- "true"
- "false"
BastionInstanceType:
Description: Size of the bastion instances.
AllowedValues:
- t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
Default: "t3.micro"
Type: String
BastionRootVolumeSize:
Description: Size of the root volume in the bastion instances.
Default: 10
Type: Number
BastionEnableTcpForwarding:
Description: Choose whether to enable TCP forwarding via bootstrapping of the bastion
instance.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via bootstrapping of the bastion host.
Setting this value to true enables X Windows over SSH.
X11 forwarding can be useful, but it is also a security risk, so it's recommended
that you keep the default (false) setting.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOs:
Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux2-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-20.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux2-HVM"
Type: String
NumBastionHosts:
Description: Number of bastion instances to create.
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Type: String
VolumeSize:
Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 200
Type: Number
InstanceType:
Description: EC2 instance type for the Artifactory instances.
AllowedValues:
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
ConstraintDescription: Must contain valid instance type.
Default: m5.xlarge
Type: String
NumberOfSecondary:
Description: Number of secondary Artifactory servers to complete your
HA deployment. To align with Artifactory best practices, the minimum number
is two, and the maximum is seven. Do not select more instances than you
have licenses for.
AllowedValues:
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryProduct:
Description: JFrog Artifactory product you want to install into an AMI.
AllowedValues:
- JFrog-Artifactory-Pro
- JFrog-Artifactory-Enterprise
- JFrog-Container-Registry
Default: JFrog-Artifactory-Enterprise
Type: String
ArtifactoryVersion:
Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes.
Default: 7.17.5
Type: String
SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: ''
Type: String
ArtifactoryServerName:
Description: Name of your Artifactory server. Ensure that this matches your certificate.
Type: String
MasterKey:
Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
ExtraJavaOptions:
Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory
system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware.
Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings.
Default: -Xss256k -XX:+UseG1GC
Type: String
DefaultJavaMemSettings:
Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM.
If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
DatabaseName:
Description: Name of your database instance. The name must be unique across all instances
owned by your AWS account in the current Region. The database instance identifier is case-insensitive,
but it's stored in lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseEngine:
Description: Database engine that you want to run.
AllowedValues:
- Postgres
Default: Postgres
Type: String
DatabaseUser:
Description: Login ID for the master user of your database instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter.
Default: artifactory
Type: String
DatabasePassword:
Description: Password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: Size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.10xlarge
- db.m5.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m5.large
Type: String
DatabaseAllocatedStorage:
Description: Size in gigabytes of available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
DatabasePreferredAz:
Description: Preferred availability zone for Amazon RDS primary instance
Type: String
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
QsS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: aws-quickstart
Type: String
QsS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Type: String
QsS3BucketRegion:
Default: 'us-east-1'
Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.
Type: String
InstallXray:
Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start.
Default: 3.22.1
Type: String
XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your
HA deployment. The minimum number is one; the maximum is seven.
Do not select more than instances than you have licenses for.
MinValue: 1
MaxValue: 7
Default: 1
Type: Number
XrayInstanceType:
Description: The EC2 instance type for the Xray instances.
AllowedValues:
- c5.2xlarge
- c5.4xlarge
ConstraintDescription: Must contain valid instance type.
Default: c5.2xlarge
Type: String
XrayDatabaseUser:
Description: The login ID for the Xray database user.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter.
Default: xray
Type: String
XrayDatabasePassword:
Description: The password for the Xray database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
Conditions:
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart']
Resources:
ArtifactoryExistingVpcStack:
Type: JFrog::Artifactory::ExistingVpc::MODULE
Properties:
LogicalId : "ArtifactoryExistingVpcStack"
AvailabilityZone1: !Ref AvailabilityZone1
AvailabilityZone2: !Ref AvailabilityZone2
KeyPairName: !Ref KeyPairName
VpcId: !Ref VpcId
VpcCidr: !Ref VpcCidr
PublicSubnet1Id: !Ref PublicSubnet1Id
PublicSubnet2Id: !Ref PublicSubnet2Id
#PublicSubnet2Id: !Ref PublicSubnet2Id
PrivateSubnet1Id: !Ref PrivateSubnet1Id
PrivateSubnet2Id: !Ref PrivateSubnet2Id
#PrivateSubnet2Id: !Ref PrivateSubnet2Id
PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr
PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr
AccessCidr: !Ref AccessCidr
RemoteAccessCidr: !Ref RemoteAccessCidr
EnableBastion: !Ref EnableBastion
BastionInstanceType: !Ref BastionInstanceType
BastionRootVolumeSize: !Ref BastionRootVolumeSize
BastionEnableTcpForwarding: !Ref BastionEnableTcpForwarding
BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding
BastionOs: !Ref BastionOs
NumBastionHosts: !Ref NumBastionHosts
VolumeSize: !Ref VolumeSize
InstanceType: !Ref InstanceType
NumberOfSecondary: !Ref NumberOfSecondary
ArtifactoryProduct: !Ref ArtifactoryProduct
ArtifactoryVersion: !Ref ArtifactoryVersion
SmLicenseName: !Ref SmLicenseName
SmCertName: !Ref SmCertName
ArtifactoryServerName: !Ref ArtifactoryServerName
MasterKey: !Ref MasterKey
ExtraJavaOptions: !Ref ExtraJavaOptions
DefaultJavaMemSettings: !Ref DefaultJavaMemSettings
DatabaseName: !Ref DatabaseName
DatabaseEngine: !Ref DatabaseEngine
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
DatabasePreferredAz: !Ref DatabasePreferredAz
MultiAzDatabase: !Ref MultiAzDatabase
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3BucketRegion: !Ref QsS3BucketRegion
InstallXray: !Ref InstallXray
XrayVersion: !Ref XrayVersion
XrayNumberOfInstances: !Ref XrayNumberOfInstances
XrayInstanceType: !Ref XrayInstanceType
XrayDatabaseUser: !Ref XrayDatabaseUser
XrayDatabasePassword: !Ref XrayDatabasePassword

347
Amazon/cloudformation-modules/test-cfts/new-vpc.yaml Normal file
View File

@@ -0,0 +1,347 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)'
Metadata:
QuickStartDocumentation:
EntrypointName: "Launch into an existing VPC"
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Essential configuration
Parameters:
- KeyPairName
- DatabasePassword
- Label:
default: Network configuration
Parameters:
- AvailabilityZones
- Label:
default: Security configuration
Parameters:
- AccessCidr
- RemoteAccessCidr
- Label:
default: Amazon EC2 configuration
Parameters:
- VolumeSize
- InstanceType
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryVersion
- NumberOfSecondary
- SmLicenseName
- SmCertName
- ArtifactoryServerName
- MasterKey
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseInstance
- DatabaseAllocatedStorage
- Label:
default: JFrog Xray Configuration
Parameters:
- InstallXray
- XrayVersion
- XrayInstanceType
ParameterLabels:
KeyPairName:
default: SSH key name
AccessCidr:
default: Permitted IP range
RemoteAccessCidr:
default: Remote access CIDR
AvailabilityZones:
default: Availability Zones
VolumeSize:
default: EBS root volume size
InstanceType:
default: EC2 instance type
ArtifactoryVersion:
default: Artifactory version
NumberOfSecondary:
default: Secondary instances
SmLicenseName:
default: Artifactory licenses secret name
SmCertName:
default: Artifactory certificate secret name
ArtifactoryServerName:
default: Artifactory server name
MasterKey:
default: Master server key
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DatabaseAllocatedStorage:
default: Database allocated storage
InstallXray:
default: Install JFrog Xray
XrayVersion:
default: Version of Xray to install
XrayInstanceType:
default: Xray instance type
Parameters:
BastionRootVolumeSize:
Description: Size of the root volume in the bastion instances.
Default: 10
Type: Number
QsS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: aws-quickstart
Type: String
QsS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Type: String
QsS3BucketRegion:
Default: 'us-east-1'
Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.
Type: String
EnableBastion:
Description: If set to true, a bastion host will be created.
Default: "true"
Type: String
AllowedValues:
- "true"
- "false"
KeyPairName:
Description: Name of an existing key pair,
which allows you to connect securely to your instance after it launches.
This is the key pair you created in your preferred Region.
Type: AWS::EC2::KeyPair::KeyName
AccessCidr:
Description: CIDR IP range that is permitted to access Artifactory.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Default: 0.0.0.0/0
Type: String
RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
It is recommended that you set this value to a trusted IP range.
For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
AvailabilityZone1:
Description: Availability Zone 1 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
AvailabilityZone2:
Description: Availability Zone 2 to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: AWS::EC2::AvailabilityZone::Name
VolumeSize:
Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 100
Type: Number
InstanceType:
Description: EC2 type for the Artifactory instances.
AllowedValues:
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
ConstraintDescription: Must contain valid instance type.
Default: m5.xlarge
Type: String
ArtifactoryVersion:
Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes.
Default: 7.17.5
Type: String
NumberOfSecondary:
Description: Number of secondary Artifactory servers to complete your
HA deployment. To align with Artifactory best practices, the minimum number
is two, and the maximum is seven. Do not select more instances than you
have licenses for.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: ''
Type: String
ArtifactoryServerName:
Description: Name of your Artifactory server. Ensure that this matches your certificate.
Default: 'artifactory'
Type: String
MasterKey:
Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Default: 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF'
Type: String
DatabasePassword:
Description: Password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: Size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.10xlarge
- db.m5.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m5.large
Type: String
DatabaseAllocatedStorage:
Description: Size in gigabytes of the available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
InstallXray:
Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start.
Default: 3.22.1
Type: String
XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your
HA deployment. The minimum number is one; the maximum is seven.
Do not select more than instances than you have licenses for.
MinValue: 1
MaxValue: 7
Default: 1
Type: Number
XrayInstanceType:
Description: The EC2 instance type for the Xray instances.
AllowedValues:
- c5.2xlarge
- c5.4xlarge
ConstraintDescription: Must contain valid instance type.
Default: c5.2xlarge
Type: String
XrayDatabaseUser:
Description: The login ID for the Xray database user.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter.
Default: xray
Type: String
XrayDatabasePassword:
Description: The password for the Xray database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
ArtifactoryProduct:
Description: JFrog Artifactory product you want to install into an AMI.
AllowedValues:
- JFrog-Artifactory-Pro
- JFrog-Artifactory-Enterprise
- JFrog-Container-Registry
Default: JFrog-Artifactory-Enterprise
Type: String
Conditions:
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart']
Resources:
ArtifactoryNewVpcStack:
Type: JFrog::Artifactory::NewVpc::MODULE
Properties:
LogicalId : "ArtifactoryNewVpcStack"
EnableBastion: !Ref EnableBastion
BastionRootVolumeSize: !Ref BastionRootVolumeSize
KeyPairName: !Ref KeyPairName
ProvisionBastionHost: "Enabled"
AccessCidr: !Ref AccessCidr
RemoteAccessCidr: !Ref RemoteAccessCidr
ArtifactoryProduct: !Ref ArtifactoryProduct
ArtifactoryVersion: !Ref ArtifactoryVersion
VolumeSize: !Ref VolumeSize
InstanceType: !Ref InstanceType
NumberOfSecondary: !Ref NumberOfSecondary
SmLicenseName: !Ref SmLicenseName
SmCertName: !Ref SmCertName
ArtifactoryServerName: !Ref ArtifactoryServerName
MasterKey: !Ref MasterKey
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
DatabasePreferredAz: !Ref 'AvailabilityZone1'
MultiAzDatabase: false
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3BucketRegion: !Ref QsS3BucketRegion
AvailabilityZone1: !Ref AvailabilityZone1
AvailabilityZone2: !Ref AvailabilityZone2
InstallXray: !Ref InstallXray
XrayVersion: !Ref XrayVersion
XrayNumberOfInstances: !Ref XrayNumberOfInstances
XrayInstanceType: !Ref XrayInstanceType
XrayDatabaseUser: !Ref XrayDatabaseUser
XrayDatabasePassword: !Ref XrayDatabasePassword

38
Amazon/cloudformation-modules/test-cfts/register.sh Normal file
View File

@@ -0,0 +1,38 @@
#!/bin/bash
set -ex
# keep track of the last executed command
#trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
# echo an error message before exiting
#trap 'echo "\"${last_command}\" command filed with exit code $?."' EXIT
# This file publicly publishes the modules
# following commands are needed only one time per account per region
# all_regions=( us-east-1 us-east-2 us-west-1 us-west-2 sa-east-1 ca-central-1 af-south-1 eu-central-1 eu-west-1 eu-west-2 eu-south-1 eu-west-3 eu-north-1 ap-northeast-3 ap-northeast-2 ap-northeast-1 ap-south-1 ap-southeast-1 ap-southeast-2 )
# fails in following regions -> af-south-1 eu-central-1 eu-south-1
regions=( eu-west-2 eu-south-1 eu-west-3 eu-north-1 ap-northeast-3 ap-northeast-2 ap-northeast-1 ap-south-1 ap-southeast-1 ap-southeast-2 )
PROFILE=seller
# 1) create appropriate profile in ~/.aws/credentials file
# 2) Download the beta service model definition to be plugged in to AWS CLI
aws --profile $PROFILE s3 cp s3://uno-beta-sdk/c2j-output-2021-01-11/cloudformation/2010-05-15/service-2.json .
for i in "${!regions[@]}"; do
export REGION="${regions[$i]}"
# 3) Add downloaded model to your AWS CLI
printf "3. add-model: %s\n" "$REGION"
echo aws --profile $PROFILE --region $REGION configure add-model --service-model "file://service-2.json" --service-name Uno
aws --profile $PROFILE --region $REGION configure add-model --service-model "file://service-2.json" --service-name Uno
# 4) Verify Model
# printf "4. verify model: %s:\n" "$REGION"
# echo aws --profile $PROFILE --region $REGION Uno help | grep register-publisher
# aws --profile $PROFILE --region $REGION Uno help | grep register-publisher
# 5) Register
printf "5. register: %s\n" "$REGION"
echo aws --profile $PROFILE --region $REGION Uno register-publisher --accept-terms-and-conditions
aws --profile $PROFILE --region $REGION Uno register-publisher --accept-terms-and-conditions
done

6415
Amazon/cloudformation-modules/test-cfts/service-2.json Normal file
View File

File diff suppressed because it is too large Load Diff

50
Amazon/cloudformation-modules/test-cfts/submit.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
set -e
# keep track of the last executed command
trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
# echo an error message before exiting
trap 'echo "\"${last_command}\" command filed with exit code $?."' EXIT
# list of regions, folder names and corresponding module names
# 4 regions are not included ap-east-1 (Hong Kong) and me-south-1 (Bahrain), us-gov-east-1, us-gov-west-1
# 3 regions are supposedly included but since I am not able to register as publisher, modules were not published either af-south-1 eu-south-1 ap-east-1 me-south-1
# all_regions=( us-east-1 us-east-2 us-west-1 us-west-2 sa-east-1 ca-central-1 eu-central-1 eu-west-1 eu-west-2 eu-west-3 eu-north-1 ap-northeast-3 ap-northeast-2 ap-northeast-1 ap-south-1 ap-southeast-1 ap-southeast-2 )
regions=( eu-central-1 eu-west-2 eu-west-3 eu-north-1 ap-northeast-3 ap-northeast-2 ap-northeast-1 ap-south-1 ap-southeast-1 ap-southeast-2 )
folders=( JFrog-Artifactory-EC2Instance-MODULE JFrog-Xray-EC2Instance-MODULE JFrog__Artifactory__Core__MODULE aws-vpc-module linux-bastion-module JFrog__Artifactory__ExistingVpc__MODULE JFrog__Artifactory__NewVpc__MODULE )
modules=( JFrog::Artifactory::EC2Instance::MODULE JFrog::Xray::EC2Instance::MODULE JFrog::Artifactory::Core::MODULE JFrog::Vpc::MultiAz::MODULE JFrog::Linux::Bastion::MODULE JFrog::Artifactory::ExistingVpc::MODULE JFrog::Artifactory::NewVpc::MODULE )
PROFILE=seller
for i in "${!regions[@]}"; do
export REGION="${regions[$i]}"
for j in "${!folders[@]}"; do
export FOLDER="${folders[$j]}"
export MODULE="${modules[$j]}"
export VERSION=$( aws cloudformation list-type-versions --profile $PROFILE --type MODULE --type-name $MODULE --region $REGION | jq .TypeVersionSummaries[-1].VersionId | tr -d "\"")
printf "1. start : %s:%s:%s\n" "$REGION" "$MODULE" "$VERSION"
cd /mnt/c/ddrive/projects/jfrog-modules/$FOLDER
printf "2. submitting : %s:%s:%s\n" "$REGION" "$MODULE" "$VERSION"
cfn submit --set-default --region $REGION
export VERSION=$( aws cloudformation list-type-versions --profile $PROFILE --type MODULE --type-name $MODULE --region $REGION | jq .TypeVersionSummaries[-1].VersionId | tr -d "\"")
printf "3. submit done : %s:%s:%s\n" "$REGION" "$MODULE" "$VERSION"
ARN=$(echo arn:aws:cloudformation:$REGION:595206835686:type/module/$MODULE | sed 's/::/-/g')
printf "4. starting test: %s:%s:%s:%s\n" "$REGION" "$MODULE" "$VERSION" "$ARN"
aws Uno test-type --profile $PROFILE --region $REGION --type MODULE --arn $ARN # --public-version-number OPTIONAL_READ_NOTE_ABOVE
typeTestStatus=""
while [ "$typeTestStatus" != "\"PASSED\"" ]
do
# aws Uno describe-type --profile $PROFILE --region $REGION --type MODULE --arn $ARN/$VERSION
typeTestStatus=$(aws Uno describe-type --profile $PROFILE --type MODULE --region $REGION --arn $ARN/$VERSION | jq .TypeTestsStatus)
echo "typeTestStatus : $typeTestStatus"
sleep 5
done
printf "5. publishing : %s:%s:%s\n" "$REGION" "$MODULE" "$VERSION"
aws Uno publish-type --profile $PROFILE --region $REGION --type MODULE --arn $ARN # --public-version-number OPTIONAL_READ_NOTE_ABOVE
printf "6. published : %s:%s:%s\n" "$REGION" "$MODULE" "$VERSION"
done
done