From b8879f9ef2e5fabe0d873cdfac56248e15395930 Mon Sep 17 00:00:00 2001 From: Giridharan Ramasamy <46867712+giri-vsr@users.noreply.github.com> Date: Fri, 26 Nov 2021 16:46:58 +0530 Subject: [PATCH] Checking in code for rt 7.27.10 version --- ...ifactory-core-infrastructure.template.yaml | 360 ++++++++ ...artifactory-ec2-existing-vpc.template.yaml | 853 ++++++++++++++++++ ...rog-artifactory-ec2-instance.template.yaml | 369 ++++++++ .../jfrog-xray-ec2-instance.template.yaml | 254 ++++++ 4 files changed, 1836 insertions(+) create mode 100644 Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-core-infrastructure.template.yaml create mode 100644 Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml create mode 100644 Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-instance.template.yaml create mode 100644 Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-xray-ec2-instance.template.yaml diff --git a/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-core-infrastructure.template.yaml b/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-core-infrastructure.template.yaml new file mode 100644 index 0000000..90f0ea8 --- /dev/null +++ b/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-core-infrastructure.template.yaml @@ -0,0 +1,360 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' +Parameters: + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List + VpcId: + Type: AWS::EC2::VPC::Id + VpcCidr: + Description: CIDR block for the VPC + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PrivateSubnet1Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + PrivateSubnet3Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.64.0/19 + Type: String + SubnetIds: + Type: List + DatabaseAllocatedStorage: + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Type: String + DatabaseUser: + Type: String + DatabasePassword: + NoEcho: 'true' + Type: String + DatabaseInstance: + Type: String + DatabaseName: + Type: String + ArtifactoryProduct: + Default: JFrog-Artifactory-Pro + Type: String + ReleaseStage: + Default: GA + Type: String + InstanceType: + Default: m5.xlarge + Type: String + ArtifactoryHostRole: + Type: String + VolumeSize: + Type: Number + +Mappings: + ReleaseStageMap: + BETA: + ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro" + JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr" + NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro" + GA: + ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro" + JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr" + NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro" + ProductMap: + JFrog-Container-Registry: + RepoName: JcrDockerRepo + JFrog-Artifactory-Pro: + RepoName: ProDockerRepo + JavaOptionstoInstance: + m5.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5d.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5d.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5d.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5d.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5d.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5d.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5d.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5a.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5a.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5a.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5a.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5a.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5a.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5a.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5a.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5ad.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5ad.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5ad.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5ad.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5ad.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5ad.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + +Resources: + ArtifactoryDatabaseSubnetGroup: + Type: AWS::RDS::DBSubnetGroup + Properties: + DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s) + SubnetIds: !Ref SubnetIds + ArtifactoryDatabase: + Type: AWS::RDS::DBInstance + Properties: + AllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAZ: !Ref MultiAzDatabase + Engine: Postgres + EngineVersion: "11.5" + MasterUsername: !Ref DatabaseUser + MasterUserPassword: !Ref DatabasePassword + DBInstanceClass: !Ref DatabaseInstance + DBName: !Ref DatabaseName + DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup + StorageEncrypted: true + VPCSecurityGroups: + - !Ref ArtifactoryDatabaseSG + ArtifactoryDatabaseSG: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: artifactory-rds-sg + GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers. + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + CidrIp: !Ref PrivateSubnet1Cidr + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + CidrIp: !Ref PrivateSubnet2Cidr + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + CidrIp: !Ref PrivateSubnet3Cidr + SecurityGroupEgress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + ArtifactoryS3Bucket: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + ArtifactoryS3IAMPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: S3BucketPermissions + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: S3BucketPermissions + Effect: Allow + Action: + - s3:* + Resource: + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - "/*" + Roles: + - !Ref ArtifactoryHostRole + ArtifactoryEbsVolume: + Type: AWS::EC2::Volume + Properties: + AvailabilityZone: + !Select + - '0' + - !Ref AvailabilityZones + Encrypted: false + Size: !Ref VolumeSize + Tags: + - Key: Name + Value: !Sub "Artifactory-${AWS::StackName}" + VolumeType: gp2 + DeletionPolicy: Snapshot + UpdateReplacePolicy: Snapshot + +Outputs: + S3Bucket: + Value: !Ref ArtifactoryS3Bucket + Description: Actual S3 bucket created for Artifactory + DatabaseDriver: + Value: "org.postgresql.Driver" + DatabasePlugin: + Value: postgresql-42.2.9.jar + DatabasePluginUrl: + Value: https://jdbc.postgresql.org/download/postgresql-42.2.9.jar" + DatabaseType: + Value: postgresql + DatabaseUrl: + Value: !Sub + - "jdbc:postgresql://${ArtifactoryDatabaseEndpointAddress}:5432/${DatabaseName}" + - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address + XrayMasterDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:5432/${DatabaseName}?sslmode=disable" + - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address + XrayDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:5432/xraydb?sslmode=disable" + - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address + ProDockerRepo: + Value: !FindInMap + - ReleaseStageMap + - !Ref ReleaseStage + - !FindInMap + - ProductMap + - !Ref ArtifactoryProduct + - RepoName + NginxDockerRepo: + Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo] + JavaOpts: + Value: !Sub + - "-Xms${min}g -Xmx${max}g" + - { + min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min], + max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max] + } + DeploymentSize: + Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] + ArtifactoryEbsVolume: + Value: !Ref ArtifactoryEbsVolume diff --git a/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml new file mode 100644 index 0000000..452014b --- /dev/null +++ b/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -0,0 +1,853 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)" +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into an existing VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - Label: + default: Network configuration + Parameters: + - AvailabilityZones + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - ELBScheme + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - NumberOfSecondary + - SmLicenseName + - SmCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + AvailabilityZones: + default: Availability Zones + KeyPairName: + default: SSH key name + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + ELBScheme: + default: Elastic Load Balancing scheme + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + SmLicenseName: + default: Artifactory licenses secret name + SmCertName: + default: Artifactory certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + DatabaseName: + default: Database name + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + InstallXray: + default: Install JFrog Xray + XrayNumberOfInstances: + default: Number of JFrog Xray instances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + AvailabilityZones: + Description: + List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Cidr: + Description: CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + ELBScheme: + Description: Choose whether this is internet facing or internal. + AllowedValues: + - internal + - internet-facing + Default: internet-facing + Type: String + VolumeSize: + Description: + Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + SmLicenseName: + Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. + Default: "" + Type: String + SmCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. + Default: "" + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: "1" + MaxLength: "64" + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: "true" + Type: String + ExtraJavaOptions: + Description: + Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: + Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + DatabaseName: + Description: + Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: "1" + MaxLength: "60" + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: "1" + MaxLength: "16" + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: "8" + MaxLength: "12" + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: "true" + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: "1" + MaxLength: "16" + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: "8" + MaxLength: "12" + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: "true" + Type: String + +Conditions: + HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, "0"]] + DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] + EnableXray: !Equals [!Ref InstallXray, "true"] + SmCertNameExists: !Not [!Equals [!Ref "SmCertName", ""]] + +Resources: + ArtifactoryCoreInfraStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-core-infrastructure.template.yaml + Parameters: + AvailabilityZones: + Fn::Join: + - "," + - Ref: AvailabilityZones + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + PrivateSubnet3Cidr: !Ref PrivateSubnet2Cidr # This should end up in no new rule but required for EKS + SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseName: !Ref DatabaseName + InstanceType: !Ref InstanceType + ArtifactoryHostRole: !Ref ArtifactoryHostRole + VolumeSize: !Ref VolumeSize + ArtifactoryElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Scheme: !Ref ELBScheme + Subnets: + - !Ref PublicSubnet1Id + - !Ref PublicSubnet2Id + Type: network + ArtifactorySslTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 443 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactorySslElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactorySslTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 443 + Protocol: TCP + ArtifactoryElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 80 + Protocol: TCP + ArtifactoryInternalElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Scheme: internal + Subnets: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + Type: network + ArtifactoryInternalTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryInternalElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryInternalTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryInternalElb + Port: 80 + Protocol: TCP + ArtifactoryEc2Sg: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: "JFrog-Artifactory-Pro-ec2-instances-sg" + GroupDescription: SG for EC2 instances + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8081 + ToPort: 8082 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8046 + ToPort: 8046 + CidrIp: !Ref VpcCidr + SecurityGroupEgress: + - IpProtocol: "-1" + CidrIp: 0.0.0.0/0 + ArtifactoryHostRole: + Type: "AWS::IAM::Role" + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - "sts:AssumeRole" + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM" + Policies: + - PolicyName: "JFrogAMI-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: "ec2:Describe*" + Resource: "*" + - Effect: "Allow" + Action: "ec2:AttachVolume" + Resource: "*" + - Effect: "Allow" + Action: "ec2:DetachVolume" + Resource: "*" + - Effect: "Allow" + Action: + - "s3:GetObject" + - "s3:ListObject" + - "s3:ListBucket" + Resource: "*" + - PolicyName: "CloudWatch-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:DescribeLogStreams" + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + - PolicyName: "SecretsManager-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "secretsmanager:GetSecretValue" + Resource: !Sub "arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:*" + ArtifactoryHostProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Roles: + - !Ref ArtifactoryHostRole + Path: / + ArtifactoryPrimary: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnetIds: !Join [",", [!Ref PrivateSubnet1Id]] + MinScalingNodes: "1" # Always have 1 Primary Node + MaxScalingNodes: "1" # Always have 1 Primary Node + DeploymentTag: "ArtifactoryPrimary" + HostRole: !Ref ArtifactoryHostRole + ArtifactoryProduct: "JFrog-Artifactory-Pro" + ArtifactoryLicensesSecretName: !Ref SmLicenseName + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmCertNameExists, true, false] + Certificate: + !If [ + SmCertNameExists, + !Sub "{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}", + "", + ] + CertificateKey: + !If [ + SmCertNameExists, + !Sub "{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}", + "", + ] + CertificateDomain: + !If [ + SmCertNameExists, + !Sub "{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}", + "", + ] + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: true + MasterKey: !Ref MasterKey + ExtraJavaOptions: + !If [ + DefaultJava, + !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", + !Ref ExtraJavaOptions, + ] + AmiId: "72710" + ArtifactoryVersion: "7.27.10" + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + + ArtifactorySecondary: + Condition: HasSecondaryNodes + DependsOn: ArtifactoryPrimary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnetIds: + !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + MinScalingNodes: !Ref NumberOfSecondary + MaxScalingNodes: !Ref NumberOfSecondary + DeploymentTag: ArtifactorySecondary + HostRole: !Ref ArtifactoryHostRole + ArtifactoryProduct: "JFrog-Artifactory-Pro" + ArtifactoryLicensesSecretName: !Ref SmLicenseName + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmCertNameExists, true, false] + Certificate: + !If [ + SmCertNameExists, + !Sub "{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}", + "", + ] + CertificateKey: + !If [ + SmCertNameExists, + !Sub "{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}", + "", + ] + CertificateDomain: + !If [ + SmCertNameExists, + !Sub "{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}", + "", + ] + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: false + MasterKey: !Ref MasterKey + ExtraJavaOptions: + !If [ + DefaultJava, + !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", + !Ref ExtraJavaOptions, + ] + AmiId: "72710" + ArtifactoryVersion: "7.27.10" + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + XrayHostRole: + Condition: EnableXray + Type: AWS::IAM::Role + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - "sts:AssumeRole" + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM" + Policies: + - PolicyName: "JFrogAMI-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: "ec2:Describe*" + Resource: "*" + - Effect: "Allow" + Action: "ec2:AttachVolume" + Resource: "*" + - Effect: "Allow" + Action: "ec2:DetachVolume" + Resource: "*" + - Effect: "Allow" + Action: + - "s3:GetObject" + - "s3:ListObject" + - "s3:ListBucket" + Resource: "*" + - PolicyName: "CloudWatch-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:DescribeLogStreams" + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + XrayHostProfile: + Condition: EnableXray + Type: "AWS::IAM::InstanceProfile" + Properties: + Roles: + - !Ref XrayHostRole + Path: / + XrayExistingVpcStack: + Condition: EnableXray + DependsOn: ArtifactoryPrimary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v72710/templates/jfrog-xray-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + KeyPairName: !Ref KeyPairName + MinScalingNodes: !Ref XrayNumberOfInstances + MaxScalingNodes: !Ref XrayNumberOfInstances + DeploymentTag: "xray" + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + MasterKey: !Ref MasterKey + SecurityGroups: !Ref ArtifactoryEc2Sg + VolumeSize: !Ref VolumeSize + ExtraJavaOptions: !GetAtt ArtifactoryCoreInfraStack.Outputs.JavaOpts + XrayInstanceType: !Ref XrayInstanceType + JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword + XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + XrayVersion: "3.35.0" + XrayAmiId: "3350" + XrayHostRole: !Ref XrayHostRole + XrayHostProfile: !Ref XrayHostProfile +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: + !If [ + SmCertNameExists, + !Sub "https://${ArtifactoryElb.DNSName}", + !Sub "http://${ArtifactoryElb.DNSName}", + ] + Export: + Name: !Sub "${AWS::StackName}-ArtifactoryUrl" + ArtifactoryInternalUrl: + Description: URL of the internal ELB to access Artifactory + Value: !Sub "http://${ArtifactoryInternalElb.DNSName}" + Export: + Name: !Sub "${AWS::StackName}-ArtifactoryInternalUrl" + DatabaseType: + Description: Type of database + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + Export: + Name: !Sub "${AWS::StackName}-DatabaseType" + DatabaseDriver: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + Export: + Name: !Sub "${AWS::StackName}-DatabaseDriver" + DatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + Export: + Name: !Sub "${AWS::StackName}-DatabaseUrl" + ArtifactoryTargetGroup: + Description: Artifactory target group + Value: !Ref ArtifactoryTargetGroup + Export: + Name: !Sub "${AWS::StackName}-ArtifactoryTargetGroup" + ArtifactorySslTargetGroup: + Description: Artifactory SSL target group + Value: !Ref ArtifactorySslTargetGroup + Export: + Name: !Sub "${AWS::StackName}-ArtifactorySslTargetGroup" + ArtifactoryEc2Sg: + Description: Artifactory EC2 sercurity group + Value: !Ref ArtifactoryEc2Sg + Export: + Name: !Sub "${AWS::StackName}-ArtifactoryEc2Sg" + XrayMasterDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + Export: + Name: !Sub "${AWS::StackName}-XrayMasterDatabaseUrl" + XrayDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + Export: + Name: !Sub "${AWS::StackName}-XrayDatabaseUrl" diff --git a/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-instance.template.yaml new file mode 100644 index 0000000..2b82002 --- /dev/null +++ b/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -0,0 +1,369 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" +Parameters: + PrivateSubnetIds: + Type: List + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + HostRole: + Type: String + AmiId: + Type: String + ArtifactoryProduct: + Type: String + ArtifactoryLicensesSecretName: + Type: String + ArtifactoryServerName: + Type: String + Certificate: + Type: String + CertificateKey: + Type: String + NoEcho: "true" + CertificateDomain: + Type: String + EnableSSL: + Type: String + ArtifactoryS3Bucket: + Type: String + DatabaseUrl: + Type: String + DatabaseDriver: + Type: String + DatabasePluginUrl: + Type: String + DatabasePlugin: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: "true" + ArtifactoryPrimary: + Type: String + MasterKey: + Type: String + NoEcho: "true" + ExtraJavaOptions: + Type: String + ArtifactoryVersion: + Type: String + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + TargetGroupARN: + Type: String + SSLTargetGroupARN: + Type: String + InternalTargetGroupARN: + Type: String + HostProfile: + Type: String + SecurityGroups: + Type: String + InstanceType: + Type: String + PrimaryVolume: + Type: String + VolumeSize: + Type: Number + UserDataDirectory: + Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume + Type: String + Default: "/artifactory-user-data" + +Mappings: + AWSAMIRegionMap: + us-east-1: + "Artifactory72710": ami-0fd0badddbbf2abf4 + us-east-2: + "Artifactory72710": xxxxxxx + us-west-1: + "Artifactory72710": xxxxxxx + us-west-2: + "Artifactory72710": xxxxxxx + ca-central-1: + "Artifactory72710": xxxxxxx + eu-central-1: + "Artifactory72710": xxxxxxx + eu-west-1: + "Artifactory72710": xxxxxxx + eu-west-2: + "Artifactory72710": xxxxxxx + eu-west-3: + "Artifactory72710": xxxxxxx + ap-southeast-1: + "Artifactory72710": xxxxxxx + ap-southeast-2: + "Artifactory72710": xxxxxxx + ap-south-1: + "Artifactory72710": xxxxxxx + ap-northeast-1: + "Artifactory72710": xxxxxxx + ap-northeast-2: + "Artifactory72710": xxxxxxx + sa-east-1: + "Artifactory72710": xxxxxxx + us-gov-east-1: + "Artifactory72710": ami-059dc4c86946d7104 + us-gov-west-1: + "Artifactory72710": xxxxxxx + ArtifactoryProductMap: + JFrog-Artifactory-Pro: + "72710": "Artifactory72710" + product: "artifactory" + +Conditions: + IsSecondary: !Equals [!Ref ArtifactoryPrimary, "false"] + +Resources: + ArtifactoryScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + Properties: + LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration + VPCZoneIdentifier: !Ref PrivateSubnetIds + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: "300" + DesiredCapacity: !Ref MinScalingNodes + TargetGroupARNs: + - !Ref TargetGroupARN + - !Ref SSLTargetGroupARN + - !Ref InternalTargetGroupARN + HealthCheckType: ELB + HealthCheckGracePeriod: 1800 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + - Key: ArtifactoryVersion + Value: !Ref ArtifactoryVersion + PropagateAtLaunch: true + TerminationPolicies: + - OldestInstance + - Default + CreationPolicy: + ResourceSignal: + Count: !Ref MinScalingNodes + Timeout: PT60M + + ArtifactoryLaunchConfiguration: + Type: "AWS::AutoScaling::LaunchConfiguration" + Metadata: + AWS::CloudFormation::Init: + configSets: + artifactory_install: + - "config-cloudwatch" + - "config-artifactory-primary" + - "secure-artifactory" + config-cloudwatch: + files: + /root/cloudwatch.conf: + content: | + [general] + state_file = /var/awslogs/state/agent-state + + [/var/log/messages] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/messages/ + datetime_format = %b %d %H:%M:%S + + [/var/log/jfrog-ami-setup.log] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/jfrog-ami-setup.log + datetime_format = %b %d %H:%M:%S + + [/var/log/jfrog-ami-artifactory.log] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/jfrog-ami-artifactory.log + datetime_format = %b %d %H:%M:%S + mode: "0400" + config-artifactory-primary: + files: + /root/attach_volume.sh: + content: !Sub | + #!/usr/bin/env bash + IS_PRIMARY="${ArtifactoryPrimary}" + + if [[ $IS_PRIMARY != "true" ]]; then + echo 'Not primary node. Skipping EBS volume attachment.' + lsblk # debug + exit 0 + fi + + echo "Using primary volume ID ${PrimaryVolume}" + VOLUME_ID="${PrimaryVolume}" + echo "VOLUME_ID: $VOLUME_ID" + if [[ -z "$VOLUME_ID" ]]; then + echo 'Invalid $VOLUME_ID' + exit 1 + fi + + # Get instance id from AWS + INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) + + # Attach the volume created by another CFT + # the device name should become /dev/nvme1n1 + # See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html + echo "Attaching volume $VOLUME_ID to instance $INSTANCE_ID" + /var/awslogs/bin/aws ec2 attach-volume --volume-id $VOLUME_ID --instance-id $INSTANCE_ID --device /dev/xvdf --region ${AWS::Region} + + echo "Wait for volume $VOLUME_ID to attach" + sleep 30 # Give volume time to attach + lsblk # debug + mode: "0770" + /root/.jfrog_ami/artifactory.yml: + content: !Sub + - | + # Base install for Artifactory + - import_playbook: site-artifactory.yml + vars: + artifactory_product: ${product} + artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}" + artifactory_ha_enabled: true + artifactory_is_primary: ${ArtifactoryPrimary} + artifactory_server_name: ${ArtifactoryServerName} + server_name: ${ArtifactoryServerName}.${CertificateDomain} + use_custom_data_directory: true + custom_data_directory: "${UserDataDirectory}" + s3_region: ${AWS::Region} + s3_bucket: ${ArtifactoryS3Bucket} + certificate: ${Certificate} + certificate_key: ${CertificateKey} + certificate_domain: ${CertificateDomain} + enable_ssl: ${EnableSSL} + ssl_dir: /etc/pki/tls/certs + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: ${DatabaseUrl} + db_user: ${DatabaseUser} + db_password: ${DatabasePassword} + # db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar + art_primary: ${ArtifactoryPrimary} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + artifactory_version: ${ArtifactoryVersion} + artifactory_keystore: + path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts + default_password: changeit + new_keystore_pass: ${DatabasePassword} + artifactory_java_db_drivers: + - name: ${DatabasePlugin} + url: ${DatabasePluginUrl} + owner: artifactory + group: artifactory + - product: + !FindInMap [ + ArtifactoryProductMap, + !Ref ArtifactoryProduct, + product, + ] + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${DatabasePassword} + mode: "0400" + /root/.secureit.sh: + content: ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-artifactory: + commands: + "secure ansible playbook": + command: "/root/.secureit.sh" + ignoreErrors: "false" + Properties: + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref HostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref "AWS::Region" + - !FindInMap + - ArtifactoryProductMap + - !Ref ArtifactoryProduct + - !Ref AmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref InstanceType + BlockDeviceMappings: !If + - IsSecondary + - - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + Encrypted: true + - !Ref AWS::NoValue + UserData: + Fn::Base64: !Sub | + #!/bin/bash -x + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 0 + + } + + # Install jq + yum install -y epel-release + yum install -y jq + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + + # Activate virtual env + source ~/venv/bin/activate + + setsebool httpd_can_network_connect 1 -P + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail + + # Setup CloudWatch Agent + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O + chmod +x ./awslogs-agent-setup.py + ./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf 2>&1 | tee /var/log/userdata.cloudwatch_agent_install.log + + /root/attach_volume.sh || cfn_fail + + setsebool httpd_can_network_connect 1 -P + + aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail + + ansible-playbook /root/.jfrog_ami/artifactory.yml -e "@~/.jfrog_ami/licenses.json" --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-artifactory.log || cfn_fail + + rm -rf /root/.secureit.sh + + cfn_success &> /var/log/cfn_success.log + cfn_success || cfn_fail diff --git a/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-xray-ec2-instance.template.yaml new file mode 100644 index 0000000..284f1a4 --- /dev/null +++ b/Amazon/marketplace-jfrog-artifactory/v72710/templates/jfrog-xray-ec2-instance.template.yaml @@ -0,0 +1,254 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" +Parameters: + PrivateSubnet1Id: + Type: AWS::EC2::Subnet::Id + PrivateSubnet2Id: + Type: AWS::EC2::Subnet::Id + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + DatabaseDriver: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: "true" + MasterKey: + Type: String + NoEcho: "true" + ExtraJavaOptions: + Type: String + SecurityGroups: + Type: String + VolumeSize: + Type: Number + XrayHostProfile: + Type: String + XrayHostRole: + Type: String + XrayInstanceType: + Type: String + JfrogInternalUrl: + Type: String + XrayDatabaseUser: + Type: String + XrayDatabasePassword: + Type: String + NoEcho: "true" + XrayMasterDatabaseUrl: + Type: String + XrayDatabaseUrl: + Type: String + XrayVersion: + Type: String + XrayAmiId: + Type: String + +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + us-east-1: + "3350": ami-0814166382cb6e3de + us-east-2: + "3350": xxxxxxxxxx + us-west-1: + "3350": xxxxxxxxxx + us-west-2: + "3350": xxxxxxxxxx + ca-central-1: + "3350": xxxxxxxxxx + eu-central-1: + "3350": xxxxxxxxxx + eu-west-1: + "3350": xxxxxxxxxx + eu-west-2: + "3350": xxxxxxxxxx + eu-west-3: + "3350": xxxxxxxxxx + ap-southeast-1: + "3350": xxxxxxxxxx + ap-southeast-2: + "3350": xxxxxxxxxx + ap-south-1: + "3350": xxxxxxxxxx + ap-northeast-1: + "3350": xxxxxxxxxx + ap-northeast-2: + "3350": xxxxxxxxxx + sa-east-1: + "3350": xxxxxxxxxx + us-gov-east-1: + "3350": ami-04ed129656189d6b3 + us-gov-west-1: + "3350": xxxxxxxxxx + +Resources: + XrayScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + Properties: + LaunchConfigurationName: !Ref XrayLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: "300" + DesiredCapacity: !Ref MinScalingNodes + HealthCheckType: EC2 + HealthCheckGracePeriod: 1800 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + - Key: XrayVersion + Value: !Ref XrayVersion + PropagateAtLaunch: true + TerminationPolicies: + - OldestInstance + - Default + CreationPolicy: + ResourceSignal: + Count: !Ref MinScalingNodes + Timeout: PT60M + XrayLaunchConfiguration: + Type: AWS::AutoScaling::LaunchConfiguration + Metadata: + AWS::CloudFormation::Init: + configSets: + xray_install: + - "config-cloudwatch" + - "config-xray" + config-cloudwatch: + files: + /root/cloudwatch.conf: + content: | + [general] + state_file = /var/awslogs/state/agent-state + + [/var/log/messages] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/messages/ + datetime_format = %b %d %H:%M:%S + + [/var/log/xray-ami-setup.log] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/xray-ami-setup.log + datetime_format = %b %d %H:%M:%S + + [/var/log/xray.log] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/xray.log + datetime_format = %b %d %H:%M:%S + mode: "0400" + config-xray: + files: + /root/.xray_ami/xray.yml: + content: !Sub | + # Base install for Xray + - import_playbook: site-xray.yml + vars: + jfrog_url: ${JfrogInternalUrl} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_master_url: postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} + db_url: postgres://${XrayDatabaseUrl} + db_master_user: ${DatabaseUser} + db_user: ${XrayDatabaseUser} + db_password: ${XrayDatabasePassword} + xray_version: ${XrayVersion} + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${DatabasePassword} + mode: "0400" + Properties: + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref XrayHostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref AWS::Region + - !Ref XrayAmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref XrayInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + Encrypted: true + UserData: + Fn::Base64: !Sub | + #!/bin/bash -x + exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 0 + + } + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + + # Activate virtual env + source ~/venv/bin/activate + + setsebool httpd_can_network_connect 1 -P + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail + + # Setup CloudWatch Agent + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O + chmod +x ./awslogs-agent-setup.py + ./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf + + lsblk # debug + + ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail + + rm -rf /root/.secureit.sh + + cfn_success &> /var/log/cfn_success.log + cfn_success || cfn_fail