Skip to content
Permalink
main
Switch branches/tags
Go to file
@tlindsay42
Latest commit 1f5829f Jun 20, 2022 History
11 contributors

Users who have contributed to this file

@jaymccon @troy-ameigh @autodidacticon @kolomied @tlindsay42 @schottsfired @gargana @davmayd @ThisIsQasim @vsnyc @DelfinGala
AWSTemplateFormatVersion: "2010-09-09"
Description: Deploys an EKS cluster into an existing VPC (qs-1p7nknoht)
Metadata:
QuickStartDocumentation:
EntrypointName: "Launch into an existing VPC"
Order: Index b
LintSpellExclude:
- Resource Name
- Kubernetes
- ARNs
- Resource Names
- autoscaler
- IOPS
- EfsStorageClass
- dcd
- vpc-0343606e
- Lambda
- maxIO
- Snyk
- New Relic
- Enabled
- Disabled
- Snyk
- '"No"'
- Windows
- Grafana
- Prometheus
- namespaces
- namespace
- Fargate
- '"Config '
- '(Optional)'
- Node
- Unmanaged
- Partner
- Auto Scaling
- Vault
- Consul
- HashiCorp
- Hosted
- Domain Name
- DomainName
- CalicoIntegration
- RafaySysIntegration
- RafaySysProject
- RafaySysBootstrapBucket
- RafaySysBootstrapKey
- RafaySysApiKey
- RafaySysApiSecret
- RafaySysFirstName
- RafaySysLastName
- RafaySysOrganizationName
- RafaySysEmail
- Rafay Systems
- Rafay
- Rancher
- yaml
- rafay
- Domain name
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Basic configuration
Parameters:
- VPCID
- PrivateSubnet1ID
- PrivateSubnet2ID
- PrivateSubnet3ID
- PublicSubnet1ID
- PublicSubnet2ID
- PublicSubnet3ID
- RemoteAccessCIDR
- KeyPairName
- ConfigSetName
- PerAccountSharedResources
- PerRegionSharedResources
- Label:
default: Network configuration
Parameters:
- HttpProxy
- Label:
default: Amazon EC2 configuration
Parameters:
- ProvisionBastionHost
- Label:
default: Amazon EKS configuration
Parameters:
- EKSClusterName
- EKSPublicAccessEndpoint
- AdditionalEKSAdminUserArn
- AdditionalEKSAdminRoleArn
- FargateNamespaces
- FargateLabels
- Label:
default: Default EKS node group configuration
Parameters:
- NodeInstanceType
- NumberOfNodes
- MaxNumberOfNodes
- NodeInstanceFamily
- NodeGroupType
- NodeGroupOS
- Label:
default: Snyk monitor (AWS Partner security)
Parameters:
- SnykIntegration
- SnykIntegrationId
- Label:
default: New Relic infrastructure (AWS Partner monitoring)
Parameters:
- NewRelicIntegration
- NewRelicLicenseKey
- Label:
default: Calico policy [APN security partner]
Parameters:
- CalicoIntegration
- Label:
default: Rafay Systems [APN software & internet partner]
Parameters:
- RafaySysIntegration
- RafaySysProject
- RafaySysBootstrapBucket
- RafaySysBootstrapKey
- RafaySysApiKey
- RafaySysApiSecret
- RafaySysFirstName
- RafaySysLastName
- RafaySysOrganizationName
- RafaySysEmail
- Label:
default: HashiCorp Vault (AWS Partner security)
Parameters:
- VaultIntegration
- VaultUIACMSSLCertificateArn
- VaultUIHostedZoneID
- VaultUIDomainName
- Label:
default: HashiCorp Consul (AWS Partner containers)
Parameters:
- ConsulIntegration
- ConsulUIACMSSLCertificateArn
- ConsulUIHostedZoneID
- ConsulUIDomainName
- Label:
default: Rancher management (AWS Partner management)
Parameters:
- RancherIntegration
- RancherDomainName
- Label:
default: Kubernetes add-ins
Parameters:
- ALBIngressController
- ClusterAutoScaler
- EfsStorageClass
- PrometheusIntegration
- GrafanaIntegration
- MonitoringStack
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
- QSS3BucketRegion
ParameterLabels:
KeyPairName:
default: SSH key name
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
QSS3BucketRegion:
default: Quick Start S3 bucket Region
RemoteAccessCIDR:
default: Allowed external access CIDR
NodeInstanceType:
default: Instance type
NumberOfNodes:
default: Number of nodes
PublicSubnet1ID:
default: Public subnet 1 ID
PublicSubnet2ID:
default: Public subnet 2 ID
PublicSubnet3ID:
default: Public subnet 3 ID
PrivateSubnet1ID:
default: Private subnet 1 ID
PrivateSubnet2ID:
default: Private subnet 2 ID
PrivateSubnet3ID:
default: Private subnet 3 ID
VPCID:
default: VPC ID
AdditionalEKSAdminUserArn:
default: Additional EKS admin ARN (IAM user)
AdditionalEKSAdminRoleArn:
default: Additional EKS admin ARN (IAM role)
ClusterAutoScaler:
default: Cluster autoscaler
EfsStorageClass:
default: EFS storage class
ProvisionBastionHost:
default: Provision bastion host
ALBIngressController:
default: AWS load balancer controller
EKSClusterName:
default: EKS cluster name
SnykIntegrationId:
default: Integration ID
SnykIntegration:
default: Snyk integration
NewRelicIntegration:
default: New Relic integration
NewRelicLicenseKey:
default: License key
CalicoIntegration:
default: Calico policy integration
RafaySysIntegration:
default: Rafay Systems integration
RafaySysProject:
default: Rafay project
RafaySysFirstName:
default: First name
RafaySysLastName:
default: Last name
RafaySysOrganizationName:
default: Organization name
RafaySysEmail:
default: Email
RafaySysApiKey:
default: API key
RafaySysApiSecret:
default: API secret
RafaySysBootstrapBucket:
default: Bootstrap S3 bucket
RafaySysBootstrapKey:
default: Bootstrap S3 key
EKSPublicAccessEndpoint:
default: EKS public access endpoint
HttpProxy:
default: HTTP proxy
ConfigSetName:
default: Config set name
PerAccountSharedResources:
default: Per-account shared resources
PerRegionSharedResources:
default: Per-Region shared resources
MonitoringStack:
default: Monitoring stack
MaxNumberOfNodes:
default: Maximum number of nodes
FargateNamespaces:
default: Fargate namespaces
FargateLabels:
default: Fargate labels
NodeInstanceFamily:
default: Instance family
NodeGroupType:
default: Node group type
NodeGroupOS:
default: Node group operating system
VaultIntegration:
default: HashiCorp Vault integration
VaultUIACMSSLCertificateArn:
default: Vault UI ACM SSL certificate ARN
VaultUIHostedZoneID:
default: Route 53 hosted zone id
VaultUIDomainName:
default: Vault UI load balancer DNS name
ConsulIntegration:
default: HashiCorp Consul integration
ConsulUIACMSSLCertificateArn:
default: ACM SSL certificate ARN
ConsulUIHostedZoneID:
default: Route 53 hosted zone id
ConsulUIDomainName:
default: Consul UI load balancer DNS name
RancherIntegration:
default: Rancher management integration
RancherDomainName:
default: Rancher management domain name
PrometheusIntegration:
default: Prometheus integration
GrafanaIntegration:
default: Grafana integration
Parameters:
KeyPairName:
Description: Name of an existing key pair, which allows you
to securely connect to your instance after it launches.
Type: "AWS::EC2::KeyPair::KeyName"
QSS3BucketName:
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
(-).
Default: aws-quickstart
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
Type: String
QSS3KeyPrefix:
AllowedPattern: ^[0-9a-zA-Z-/.]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), periods (.) and forward slash (/).
Default: quickstart-amazon-eks/
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), periods (.) and
forward slash (/).
Type: String
QSS3BucketRegion:
Default: 'us-east-1'
Description: Region where the Quick Start S3 bucket (QSS3BucketName) is
hosted. When using your own bucket, you must specify this value.
Type: String
RemoteAccessCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Description: CIDR IP range that is permitted to access the instances. We recommend that you set this value to a trusted IP range.
Type: String
EKSPublicAccessEndpoint:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: Configure access to the Kubernetes API server endpoint from outside of your VPC.
AdditionalEKSAdminUserArn:
Default: ""
AllowedPattern: '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:.*|^$'
Description: "(Optional) IAM user Amazon Resource Name (ARN) to be granted administrative access to the EKS cluster."
Type: String
AdditionalEKSAdminRoleArn:
Default: ""
AllowedPattern: '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:.*|^$'
Description: "(Optional) IAM role Amazon Resource Name (ARN) to be granted administrative access to the EKS cluster."
Type: String
NodeInstanceType:
Default: t3.medium
AllowedValues:
- a1.medium
- a1.large
- a1.xlarge
- a1.2xlarge
- a1.4xlarge
- a1.metal
- c1.medium
- c1.xlarge
- c3.large
- c3.xlarge
- c3.2xlarge
- c3.4xlarge
- c3.8xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5.metal
- c5a.large
- c5a.xlarge
- c5a.2xlarge
- c5a.4xlarge
- c5a.8xlarge
- c5a.12xlarge
- c5a.16xlarge
- c5a.24xlarge
- c5ad.large
- c5ad.xlarge
- c5ad.2xlarge
- c5ad.4xlarge
- c5ad.8xlarge
- c5ad.12xlarge
- c5ad.16xlarge
- c5ad.24xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- c5d.metal
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5n.metal
- c6a.large
- c6a.xlarge
- c6a.2xlarge
- c6a.4xlarge
- c6a.8xlarge
- c6a.12xlarge
- c6a.16xlarge
- c6a.24xlarge
- c6a.32xlarge
- c6a.48xlarge
- c6a.metal
- c6g.medium
- c6g.large
- c6g.xlarge
- c6g.2xlarge
- c6g.4xlarge
- c6g.8xlarge
- c6g.12xlarge
- c6g.16xlarge
- c6g.metal
- c6gd.medium
- c6gd.large
- c6gd.xlarge
- c6gd.2xlarge
- c6gd.4xlarge
- c6gd.8xlarge
- c6gd.12xlarge
- c6gd.16xlarge
- c6gd.metal
- c6gn.medium
- c6gn.large
- c6gn.xlarge
- c6gn.2xlarge
- c6gn.4xlarge
- c6gn.8xlarge
- c6gn.12xlarge
- c6gn.16xlarge
- c6gn.metal
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6i.metal
- c6id.medium
- c6id.large
- c6id.xlarge
- c6id.2xlarge
- c6id.4xlarge
- c6id.8xlarge
- c6id.12xlarge
- c6id.16xlarge
- c6id.24xlarge
- c6id.32xlarge
- c6id.metal
- c7g.medium
- c7g.large
- c7g.xlarge
- c7g.2xlarge
- c7g.4xlarge
- c7g.8xlarge
- c7g.12xlarge
- c7g.16xlarge
- cc2.8xlarge
- d2.xlarge
- d2.2xlarge
- d2.4xlarge
- d2.8xlarge
- d3.xlarge
- d3.2xlarge
- d3.4xlarge
- d3.8xlarge
- d3en.xlarge
- d3en.2xlarge
- d3en.4xlarge
- d3en.6xlarge
- d3en.8xlarge
- d3en.12xlarge
- f1.2xlarge
- f1.4xlarge
- f1.16xlarge
- g2.2xlarge
- g2.8xlarge
- g3.4xlarge
- g3.8xlarge
- g3.16xlarge
- g3s.xlarge
- g4ad.xlarge
- g4ad.2xlarge
- g4ad.4xlarge
- g4ad.8xlarge
- g4ad.12xlarge
- g4ad.16xlarge
- g4ad.metal
- g4dn.xlarge
- g4dn.2xlarge
- g4dn.4xlarge
- g4dn.8xlarge
- g4dn.12xlarge
- g4dn.16xlarge
- g4dn.metal
- g5.xlarge
- g5.2xlarge
- g5.4xlarge
- g5.8xlarge
- g5.12xlarge
- g5.16xlarge
- g5.24xlarge
- g5.48xlarge
- g5g.xlarge
- g5g.2xlarge
- g5g.4xlarge
- g5g.8xlarge
- g5g.16xlarge
- g5g.metal
- h1.2xlarge
- h1.4xlarge
- h1.8xlarge
- h1.16xlarge
- i2.xlarge
- i2.2xlarge
- i2.4xlarge
- i2.8xlarge
- i3.large
- i3.xlarge
- i3.2xlarge
- i3.4xlarge
- i3.8xlarge
- i3.16xlarge
- i3.metal
- i3en.large
- i3en.xlarge
- i3en.2xlarge
- i3en.3xlarge
- i3en.6xlarge
- i3en.12xlarge
- i3en.24xlarge
- i3en.metal
- i4i.large
- i4i.xlarge
- i4i.2xlarge
- i4i.4xlarge
- i4i.8xlarge
- i4i.16xlarge
- i4i.32xlarge
- i4i.metal
- im4gn.large
- im4gn.xlarge
- im4gn.2xlarge
- im4gn.4xlarge
- im4gn.8xlarge
- im4gn.16xlarge
- inf1.xlarge
- inf1.2xlarge
- inf1.6xlarge
- inf1.24xlarge
- is4gen.medium
- is4gen.large
- is4gen.xlarge
- is4gen.2xlarge
- is4gen.4xlarge
- is4gen.8xlarge
- m1.small
- m1.medium
- m1.large
- m1.xlarge
- m2.xlarge
- m2.2xlarge
- m2.4xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- m4.16xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
- m5ad.large
- m5ad.xlarge
- m5ad.2xlarge
- m5ad.4xlarge
- m5ad.8xlarge
- m5ad.12xlarge
- m5ad.16xlarge
- m5ad.24xlarge
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5dn.large
- m5dn.xlarge
- m5dn.2xlarge
- m5dn.4xlarge
- m5dn.8xlarge
- m5dn.12xlarge
- m5dn.16xlarge
- m5dn.24xlarge
- m5dn.metal
- m5n.large
- m5n.xlarge
- m5n.2xlarge
- m5n.4xlarge
- m5n.8xlarge
- m5n.12xlarge
- m5n.16xlarge
- m5n.24xlarge
- m5n.metal
- m5zn.large
- m5zn.xlarge
- m5zn.2xlarge
- m5zn.4xlarge
- m5zn.8xlarge
- m5zn.12xlarge
- m5zn.16xlarge
- m5zn.24xlarge
- m5zn.metal
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge
- m6a.32xlarge
- m6a.48xlarge
- m6a.metal
- m6g.medium
- m6g.large
- m6g.xlarge
- m6g.2xlarge
- m6g.4xlarge
- m6g.8xlarge
- m6g.12xlarge
- m6g.16xlarge
- m6g.metal
- m6gd.medium
- m6gd.large
- m6gd.xlarge
- m6gd.2xlarge
- m6gd.4xlarge
- m6gd.8xlarge
- m6gd.12xlarge
- m6gd.16xlarge
- m6gd.metal
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- m6i.metal
- m6id.large
- m6id.xlarge
- m6id.2xlarge
- m6id.4xlarge
- m6id.8xlarge
- m6id.12xlarge
- m6id.16xlarge
- m6id.24xlarge
- m6id.32xlarge
- m6id.metal
- p2.xlarge
- p2.8xlarge
- p2.16xlarge
- p3.2xlarge
- p3.8xlarge
- p3.16xlarge
- p3dn.24xlarge
- p4d.24xlarge
- r3.large
- r3.xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- r4.large
- r4.xlarge
- r4.2xlarge
- r4.4xlarge
- r4.8xlarge
- r4.16xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5.metal
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5ad.large
- r5ad.xlarge
- r5ad.2xlarge
- r5ad.4xlarge
- r5ad.8xlarge
- r5ad.12xlarge
- r5ad.16xlarge
- r5ad.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5b.metal
- r5d.large
- r5d.xlarge
- r5d.2xlarge
- r5d.4xlarge
- r5d.8xlarge
- r5d.12xlarge
- r5d.16xlarge
- r5d.24xlarge
- r5d.metal
- r5dn.large
- r5dn.xlarge
- r5dn.2xlarge
- r5dn.4xlarge
- r5dn.8xlarge
- r5dn.12xlarge
- r5dn.16xlarge
- r5dn.24xlarge
- r5dn.metal
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r5n.metal
- r6g.medium
- r6g.large
- r6g.xlarge
- r6g.2xlarge
- r6g.4xlarge
- r6g.8xlarge
- r6g.12xlarge
- r6g.16xlarge
- r6g.metal
- r6gd.medium
- r6gd.large
- r6gd.xlarge
- r6gd.2xlarge
- r6gd.4xlarge
- r6gd.8xlarge
- r6gd.12xlarge
- r6gd.16xlarge
- r6gd.metal
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- r6i.metal
- r6id.large
- r6id.xlarge
- r6id.2xlarge
- r6id.4xlarge
- r6id.8xlarge
- r6id.12xlarge
- r6id.16xlarge
- r6id.24xlarge
- r6id.32xlarge
- r6id.metal
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- t2.xlarge
- t2.2xlarge
- t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- t3.2xlarge
- t3a.nano
- t3a.micro
- t3a.small
- t3a.medium
- t3a.large
- t3a.xlarge
- t3a.2xlarge
- t4g.nano
- t4g.micro
- t4g.small
- t4g.medium
- t4g.large
- t4g.xlarge
- t4g.2xlarge
- x1.16xlarge
- x1.32xlarge
- x1e.xlarge
- x1e.2xlarge
- x1e.4xlarge
- x1e.8xlarge
- x1e.16xlarge
- x1e.32xlarge
- x2gd.medium
- x2gd.large
- x2gd.xlarge
- x2gd.2xlarge
- x2gd.4xlarge
- x2gd.8xlarge
- x2gd.12xlarge
- x2gd.16xlarge
- x2gd.metal
- x2idn.16xlarge
- x2idn.24xlarge
- x2idn.32xlarge
- x2idn.metal
- x2iedn.xlarge
- x2iedn.2xlarge
- x2iedn.4xlarge
- x2iedn.8xlarge
- x2iedn.16xlarge
- x2iedn.24xlarge
- x2iedn.32xlarge
- x2iedn.metal
- x2iezn.2xlarge
- x2iezn.4xlarge
- x2iezn.6xlarge
- x2iezn.8xlarge
- x2iezn.12xlarge
- x2iezn.metal
- z1d.large
- z1d.xlarge
- z1d.2xlarge
- z1d.3xlarge
- z1d.6xlarge
- z1d.12xlarge
- z1d.metal
ConstraintDescription: Must be a valid EC2 instance type.
Description: EC2 instance type.
Type: String
NumberOfNodes:
Default: 3
MinValue: 0
MaxValue: 450
Description: Number of Amazon EKS node instances. The default is one for each of the three Availability Zones.
Type: Number
VPCID:
Type: "AWS::EC2::VPC::Id"
Description: ID of your existing VPC (e.g., vpc-0343606e).
PublicSubnet1ID:
Type: String
Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd).
Default: ""
PublicSubnet2ID:
Type: String
Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b1236eea).
Default: ""
PublicSubnet3ID:
Type: String
Description: ID of the public subnet in Availability Zone 3 of your existing VPC (e.g., subnet-c3456aba).
Default: ""
PrivateSubnet1ID:
Type: "AWS::EC2::Subnet::Id"
Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-fe9a8b32).
PrivateSubnet2ID:
Type: "AWS::EC2::Subnet::Id"
Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-be8b01ea).
PrivateSubnet3ID:
Type: String
Description: ID of the private subnet in Availability Zone 3 of your existing VPC (e.g., subnet-abd39039).
Default: ""
ClusterAutoScaler:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: Choose "Enabled" to enable Kubernetes cluster autoscaler.
EfsStorageClass:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: Choose "Enabled" to enable EFS storage class.
HttpProxy:
Type: String
Default: ""
Description: "(Optional) HTTP(S) proxy configuration. If provided, all worker nodes and pod egress traffic uses this proxy. Example: http://10.101.0.100:3128/."
ProvisionBastionHost:
Type: String
AllowedValues: [ "Enabled", "Disabled" ]
Default: "Enabled"
Description: Choose "Disabled" to skip creating a bastion host.
# This parameter name is inaccurate to preserve backward compatibility, and will be changed to ALBIngressController in the next release
ALBIngressController:
Type: String
AllowedValues: [ "Enabled", "Disabled" ]
Default: "Enabled"
Description: Choose "Enabled" to deploy the AWS load balancer controller.
EKSClusterName:
Type: String
Default: ""
Description: "(Optional) Name for the EKS cluster. If left blank, one is auto-generated. This must be unique within the Region."
SnykIntegrationId:
Type: String
AllowedPattern: '^[a-z0-9-]{36}$|^$'
Default: ""
Description: 'If Snyk is enabled, a value must be provided. For more information, see https://support.snyk.io/hc/en-us/articles/360003916158-Install-the-Snyk-controller-with-Helm.'
SnykIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-snyk/."
NewRelicLicenseKey:
Type: String
Default: ""
NoEcho: true
Description: 'If New Relic is enabled, this must be provided. For more information, see https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key.'
NewRelicIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-newrelic-infrastructure/."
ConfigSetName:
Type: String
Default: ""
Description: >-
(Optional) Name used to map advanced parameters to an EKS cluster. If you launched an advanced
configuration stack and would like to apply it's values to this cluster, this name must match the "Config set name"
parameter in that stack. If left blank, a new config set is created using default values.
CalicoIntegration:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: "For more information see https://www.projectcalico.org/ ."
RafaySysIntegration:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: "For more information see https://aws-quickstart.github.io/quickstart-eks-rafay-systems/ ."
RafaySysProject:
Type: String
Description: "This is the name you want to use for you Rafay deployment."
Default: "defaultproject"
RafaySysBootstrapBucket:
Type: String
Description: "(Optional) S3 bucket to place the the rafay bootstrap yaml file. If left blank the EKS Quick Start bucket will be used."
Default: ""
RafaySysBootstrapKey:
Type: String
Description: "(Optional) S3 key to place the the rafay bootstrap yaml file. If left blank the key will be rafay/<CLUSTER_NAME>/cluster-bootstrap.yaml."
Default: ""
RafaySysApiKey:
Type: String
Description: Required if using an existing Rafay account.
Default: ""
RafaySysApiSecret:
Type: String
Description: Required if using an existing Rafay account.
Default: ""
NoEcho: true
RafaySysFirstName:
Type: String
Description: Required if registering a new Rafay account.
Default: ""
RafaySysLastName:
Type: String
Description: Required if registering a new Rafay account.
Default: ""
RafaySysOrganizationName:
Type: String
Description: Required if registering a new Rafay account.
Default: ""
RafaySysEmail:
Type: String
Description: Required if registering a new Rafay account.
Default: ""
PerAccountSharedResources:
Type: String
AllowedValues: ['AutoDetect', 'Yes', 'No']
Default: 'AutoDetect'
Description: Choose "No" if you already deployed another EKS Quick Start stack in your AWS account.
PerRegionSharedResources:
Type: String
AllowedValues: ['AutoDetect', 'Yes', 'No']
Default: 'AutoDetect'
Description: Choose "No" if you already deployed another EKS Quick Start stack in your Region.
MonitoringStack:
Type: String
AllowedValues: [ "Prometheus + Grafana", "None" ]
Default: "None"
Description: 'Enable monitoring stack with "Prometheus+Grafana." Warning: this is a legacy parameter and will be dropped from the next version of this Quick Start. Please use the "Grafana integration" and "Prometheus integration" parameters instead.'
GrafanaIntegration:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: 'Grafana requires "Prometheus integration" to be enabled. For more information see https://www.grafana.com/ .'
PrometheusIntegration:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: 'For more information see https://prometheus.io/ .'
MaxNumberOfNodes:
Default: 3
MinValue: 0
MaxValue: 450
Description: Maximum number of Amazon EKS node instances. The default is three.
Type: Number
FargateNamespaces:
Type: String
Default: ""
Description: "(Optional) Comma-separated list of namespaces for which Fargate should be enabled."
FargateLabels:
Type: String
Default: ""
Description: >-
Requires at least one Fargate namespace to be specified. This is a comma-separated list of key-value pod labels.
For a pod to run on Fargate, all of the labels must match, and it must run in a namespace defined by
"Fargate namespaces".
NodeInstanceFamily:
AllowedValues: ['Standard', 'ARM', 'GPU']
Type: String
Description: Choose the instance family to match the value of "Node instance type."
Default: Standard
NodeGroupType:
Type: String
AllowedValues: [ Managed, Unmanaged ]
Default: Managed
Description: Choose "Unmanaged" to create an Auto Scaling group without using the EKS-managed node groups feature.
NodeGroupOS:
AllowedValues:
- 'Amazon Linux 2'
- 'Bottlerocket'
- 'Windows'
Default: 'Amazon Linux 2'
Description: Operating system to use for node instances. Note that if you choose "Windows," an additional
Amazon Linux node group is created.
Type: String
VaultIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-hashicorp-vault/."
VaultUIDomainName:
Type: String
Description: >-
Fully qualified DNS name for the vault-ui service load balancer.
If you don't provide a value for "ACM SSL certificate ARN", use the HostedZoneID.
MaxLength: 128
Default: ""
VaultUIHostedZoneID:
Type: String
Description: >-
Route 53 Hosted zone ID of the domain name. If you don't provide an ACMSSLCertificateArn value, the Quick Start
creates an ACM certificate for you using HostedZoneID in conjunction with DomainName.
Default: ""
VaultUIACMSSLCertificateArn:
Description: >-
ARN of the load balancer's ACM SSL certificate. If you don't provide values for "Domain name" and
"Hosted zone id", provide a value for "ACM SSL certificate ARN".
Type: String
AllowedPattern: '^arn:(aws|aws-cn|aws-us-gov):acm:.*:[0-9]{12}:certificate.*|^$'
Default: ""
ConsulIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-hashicorp-consul/."
ConsulUIDomainName:
Type: String
Description: >-
Fully qualified DNS name for the consul-ui service load balancer.
If you don't provide a value for "ACM SSL certificate ARN", use the HostedZoneID.
MaxLength: 128
Default: ""
ConsulUIHostedZoneID:
Type: String
Description: >-
Route 53-hosted zone ID of the domain name. If you don't provide an ACMSSLCertificateArn value, the Quick Start
creates an ACM certificate for you using HostedZoneID in conjunction with DomainName.
Default: ""
ConsulUIACMSSLCertificateArn:
Description: >-
ARN of the load balancer's ACM SSL certificate. If you don't provide values for "Domain name" and
"Hosted zone id", provide a value for "ACM SSL certificate ARN".
Type: String
AllowedPattern: '^arn:(aws|aws-cn|aws-us-gov):acm:.*:[0-9]{12}:certificate.*|^$'
Default: ""
RancherIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-rancher/."
RancherDomainName:
Description: DNS domain name that users can use to access the Rancher console.
Type: String
Default: aws.private
Mappings:
Config:
Prefix: { Value: 'eks-quickstart' }
Conditions:
DetectSharedStacks: !And
- !Equals [!Ref PerAccountSharedResources, 'AutoDetect']
- !Equals [!Ref PerRegionSharedResources, 'AutoDetect']
UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart']
CreateAdvancedConfigWithDefaults: !Equals [!Ref ConfigSetName, '']
CreatePerAccountSharedResources: !Equals [!Ref PerAccountSharedResources, 'Yes']
CreatePerRegionSharedResources: !Equals [!Ref PerRegionSharedResources, 'Yes']
WindowsNodes: !Equals [!Ref NodeGroupOS, 'Windows']
VaultEnabled: !Equals [!Ref VaultIntegration, 'Enabled']
EnablePrometheus: !Or
- !Equals [!Ref PrometheusIntegration, "Enabled"]
- !Equals [!Ref MonitoringStack, "Prometheus + Grafana"]
EnableGrafana: !Or
- !Equals [!Ref GrafanaIntegration, "Enabled"]
- !Equals [!Ref MonitoringStack, "Prometheus + Grafana"]
Resources:
AutoDetectSharedResources:
Type: AWS::CloudFormation::Stack
Condition: DetectSharedStacks
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-prerequisites.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
Version: "1.0.0"
AccountTemplateUri: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-per-account-resources.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
RegionalTemplateUri: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-per-region-resources.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
AccountSharedResources:
Type: AWS::CloudFormation::Stack
Condition: CreatePerAccountSharedResources
DeletionPolicy: Retain
Metadata: { cfn-lint: { config: { ignore_checks: [W3011] } } }
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-per-account-resources.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Tags: [{Key: !FindInMap [Config, Prefix, Value], Value: AccountSharedResources}]
RegionalSharedResources:
Type: AWS::CloudFormation::Stack
Condition: CreatePerRegionSharedResources
DeletionPolicy: Retain
Metadata:
cfn-lint: { config: { ignore_checks: [W3011, W9901] } }
DependsOn: !If [CreatePerAccountSharedResources, !Ref AccountSharedResources, !Ref 'AWS::NoValue']
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-per-region-resources.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Ref QSS3KeyPrefix
Tags: [{Key: !FindInMap [Config, Prefix, Value], Value: RegionalSharedResources}]
AdvancedConfigDefaultsStack:
Type: AWS::CloudFormation::Stack
Condition: CreateAdvancedConfigWithDefaults
Metadata: { cfn-lint: { config: { ignore_checks: [E9902, W9901] } } }
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-advanced-configuration.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
ConfigSetName: !Ref AWS::StackName
ConsulUIAccessCIDR: !Ref RemoteAccessCIDR
VaultUIAccessCIDR: !Ref RemoteAccessCIDR
NodeVolumeSize: !If [WindowsNodes, 50, !Ref 'AWS::NoValue']
KubernetesVersion: !If [VaultEnabled, '1.17', !Ref 'AWS::NoValue']
EKSStack:
Type: AWS::CloudFormation::Stack
Metadata:
cfn-lint: { config: { ignore_checks: [ W9901, E9902 ] } }
DependsOn:
- !If [CreatePerRegionSharedResources, !Ref RegionalSharedResources, !Ref 'AWS::NoValue']
- !If [CreatePerAccountSharedResources, !Ref AccountSharedResources, !Ref 'AWS::NoValue']
- !If [CreateAdvancedConfigWithDefaults, !Ref AdvancedConfigDefaultsStack, !Ref 'AWS::NoValue']
- !If [DetectSharedStacks, !Ref AutoDetectSharedResources, !Ref 'AWS::NoValue']
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
HttpProxy: !Ref HttpProxy
PublicSubnet1ID: !Ref PublicSubnet1ID
PublicSubnet2ID: !Ref PublicSubnet2ID
PublicSubnet3ID: !Ref PublicSubnet3ID
KeyPairName: !Ref KeyPairName
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Ref QSS3KeyPrefix
QSS3BucketRegion: !Ref QSS3BucketRegion
PrivateSubnet1ID: !Ref PrivateSubnet1ID
PrivateSubnet2ID: !Ref PrivateSubnet2ID
PrivateSubnet3ID: !Ref PrivateSubnet3ID
NumberOfNodes: !Ref NumberOfNodes
MaxNumberOfNodes: !Ref MaxNumberOfNodes
NodeInstanceType: !Ref NodeInstanceType
RemoteAccessCIDR: !Ref RemoteAccessCIDR
AdditionalEKSAdminUserArn: !Ref AdditionalEKSAdminUserArn
AdditionalEKSAdminRoleArn: !Ref AdditionalEKSAdminRoleArn
VPCID: !Ref VPCID
ProvisionClusterAutoScaler: !Ref ClusterAutoScaler
EfsStorageClass: !Ref EfsStorageClass
ProvisionBastionHost: !Ref ProvisionBastionHost
EKSPublicAccessEndpoint: !Ref EKSPublicAccessEndpoint
ProvisionALBIngressController: !Ref ALBIngressController
EKSClusterName: !Ref EKSClusterName
SnykIntegrationId: !Ref SnykIntegrationId
SnykIntegration: !Ref SnykIntegration
NewRelicLicenseKey: !Ref NewRelicLicenseKey
NewRelicIntegration: !Ref NewRelicIntegration
ConfigSetName: !If [CreateAdvancedConfigWithDefaults, !Ref 'AWS::StackName', !Ref ConfigSetName]
GrafanaIntegration: !If [EnableGrafana, 'Enabled', 'Disabled']
PrometheusIntegration: !If [EnablePrometheus, 'Enabled', 'Disabled']
FargateLabels: !Ref FargateLabels
FargateNamespaces: !Ref FargateNamespaces
NodeGroupOS: !Ref NodeGroupOS
NodeGroupType: !Ref NodeGroupType
NodeInstanceFamily: !Ref NodeInstanceFamily
VaultIntegration: !Ref VaultIntegration
VaultUIACMSSLCertificateArn: !Ref VaultUIACMSSLCertificateArn
VaultUIHostedZoneID: !Ref VaultUIHostedZoneID
VaultUIDomainName: !Ref VaultUIDomainName
ConsulIntegration: !Ref ConsulIntegration
ConsulUIACMSSLCertificateArn: !Ref ConsulUIACMSSLCertificateArn
ConsulUIHostedZoneID: !Ref ConsulUIHostedZoneID
ConsulUIDomainName: !Ref ConsulUIDomainName
CalicoIntegration: !Ref CalicoIntegration
RancherIntegration: !Ref RancherIntegration
RancherDomainName: !Ref RancherDomainName
RafaySysIntegration: !Ref RafaySysIntegration
RafaySysProject: !Ref RafaySysProject
RafaySysBootstrapBucket: !Ref RafaySysBootstrapBucket
RafaySysBootstrapKey: !Ref RafaySysBootstrapKey
RafaySysApiKey: !Ref RafaySysApiKey
RafaySysApiSecret: !Ref RafaySysApiSecret
RafaySysFirstName: !Ref RafaySysFirstName
RafaySysLastName: !Ref RafaySysLastName
RafaySysOrganizationName: !Ref RafaySysOrganizationName
RafaySysEmail: !Ref RafaySysEmail
Outputs:
EKSClusterName:
Value: !GetAtt EKSStack.Outputs.EKSClusterName
BastionIP:
Value: !GetAtt EKSStack.Outputs.BastionIP
BastionSecurityGroup:
Value: !GetAtt EKSStack.Outputs.BastionSecurityGroup
NodeGroupSecurityGroup:
Value: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup
ControlPlaneSecurityGroup:
Value: !GetAtt EKSStack.Outputs.ControlPlaneSecurityGroup
OIDCIssuerURL:
Value: !GetAtt EKSStack.Outputs.OIDCIssuerURL
Rules:
AutoDetectSharedParams:
RuleCondition: !Or
- !Equals [!Ref PerRegionSharedResources, 'AutoDetect']
- !Equals [!Ref PerAccountSharedResources, 'AutoDetect']
Assertions:
- Assert: !And
- !Equals [!Ref PerRegionSharedResources, 'AutoDetect']
- !Equals [!Ref PerAccountSharedResources, 'AutoDetect']
AssertDescription: "AutDetect must be set/unset for both PerRegionSharedResources and PerAccountSharedResources"
LablesNeedNamespaces:
RuleCondition: !Not
- !Equals [ !Ref FargateLabels, "" ]
Assertions:
- AssertDescription: You must specify at least one Fargate namespace to enable Fargate.
Assert: !Not
- !Equals [ !Ref FargateNamespaces, "" ]
WindowsUnmanaged:
Assertions:
- Assert: !Not [!Equals [NodeGroupOS, 'Windows']]
AssertDescription: "Managed nodegroups do not support Windows nodes."
RuleCondition: !Equals
- !Ref NodeGroupType
- Managed
# Vault
VaultUIDomainNamePresentWithHostedID:
RuleCondition: !And
- !Equals [!Ref VaultIntegration, 'Enabled']
- !Equals [ !Ref VaultUIHostedZoneID, '' ]
Assertions:
- Assert: !Not [!Equals [!Ref VaultUIDomainName, '']]
AssertDescription: "Vault: Please specify a 'Domain Name' if you specify 'Route 53 Hosted Zone ID'"
VaultUIHostedIDPresentWithDomainName:
RuleCondition: !And
- !Equals [!Ref VaultIntegration, 'Enabled']
- !Equals [ !Ref VaultUIDomainName, '' ]
Assertions:
- Assert: !Not [!Equals [!Ref VaultUIHostedZoneID, '']]
AssertDescription: "Vault: Please specify a 'Route 53 Hosted Zone ID' if you specify 'Domain Name'"
VaultUIGenerateOrProvideSSL:
RuleCondition: !And
- !Equals [!Ref VaultIntegration, 'Enabled']
- !Not [!Equals [!Ref VaultUIACMSSLCertificateArn, '']]
Assertions:
- Assert: !And
- !Equals [!Ref VaultUIHostedZoneID, '']
- !Equals [!Ref VaultUIDomainName, '']
AssertDescription: "Vault1: Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and Domain Name must be provided."
VaultUINoLoadBalancerInfoSupplied:
RuleCondition: !Equals [!Ref VaultIntegration, 'Enabled']
Assertions:
- Assert: !Or
- !Not [!Equals [!Ref VaultUIHostedZoneID, '']]
- !Not [!Equals [!Ref VaultUIACMSSLCertificateArn, '']]
- !Not [!Equals [!Ref VaultUIDomainName, '']]
AssertDescription: "Vault2: Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and Domain Name must be provided."
# Consul
ConsulUIDomainNamePresentWithHostedID:
RuleCondition: !And
- !Equals [!Ref ConsulIntegration, 'Enabled']
- !Equals [ !Ref ConsulUIHostedZoneID, '' ]
Assertions:
- Assert: !Not [!Equals [!Ref ConsulUIDomainName, '']]
AssertDescription: "Consul: Please specify a 'Domain Name' if you specify 'Route 53 Hosted Zone ID'"
ConsulUIHostedIDPresentWithDomainName:
RuleCondition: !And
- !Equals [!Ref ConsulIntegration, 'Enabled']
- !Equals [ !Ref ConsulUIDomainName, '' ]
Assertions:
- Assert: !Not [!Equals [!Ref ConsulUIHostedZoneID, '']]
AssertDescription: "Consul: Please specify a 'Route 53 Hosted Zone ID' if you specify 'Domain Name'"
ConsulUIGenerateOrProvideSSL:
RuleCondition: !And
- !Equals [!Ref ConsulIntegration, 'Enabled']
- !Not [!Equals [!Ref ConsulUIACMSSLCertificateArn, '']]
Assertions:
- Assert: !And
- !Equals [!Ref ConsulUIHostedZoneID, '']
- !Equals [!Ref ConsulUIDomainName, '']
AssertDescription: "Consul1: Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and Domain Name must be provided."
ConsulUINoLoadBalancerInfoSupplied:
RuleCondition: !Equals [!Ref ConsulIntegration, 'Enabled']
Assertions:
- Assert: !Or
- !Not [!Equals [!Ref ConsulUIHostedZoneID, '']]
- !Not [!Equals [!Ref ConsulUIACMSSLCertificateArn, '']]
- !Not [!Equals [!Ref ConsulUIDomainName, '']]
AssertDescription: "Consul2: Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and Domain Name must be provided."