Skip to content
Permalink
main
Switch branches/tags

quickstart-amazon-eks/templates/amazon-eks-entrypoint-new-vpc.template.yaml

Go to file
@tlindsay42
tlindsay42 Fix is4gen sort
Latest commit 1f5829f Jun 20, 2022 History
10 contributors

Users who have contributed to this file

@jaymccon @troy-ameigh @kolomied @davmayd @tlindsay42 @gargana @ThisIsQasim @vsnyc @gregdek @DelfinGala
1466 lines (1466 sloc) 48.2 KB
Raw Blame
Open in GitHub Desktop
AWSTemplateFormatVersion: "2010-09-09"
Description: Deploys an EKS cluster in a new VPC (qs-1p7nknoht)
Metadata:
AutoInstance:
NodeInstanceType:
InstanceFilters:
- [['PV'], "!=", "SupportedVirtualizationTypes"]
QuickStartDocumentation:
EntrypointName: "Launch into a new VPC"
Order: Index a
LintSpellExclude:
- Kubernetes
- ARNs
- Resource Names
- autoscaler
- IOPS
- EfsStorageClass
- Lambda
- maxIO
- Resource Name
- Enabled
- Disabled
- Prometheus
- Encrypt
- Fargate
- namespace
- Snyk
- Security
- New Relic
- APN
- '"No"'
- Windows
- '"Config '
- '(Optional)'
- Unmanaged
- Node
- NewRelicIntegration
- Integration
- Auto Scaling
- Partner
- Vault
- Consul
- HashiCorp
- CalicoIntegration
- RafaySysIntegration
- RafaySysProject
- RafaySysBootstrapBucket
- RafaySysBootstrapKey
- RafaySysApiKey
- RafaySysApiSecret
- RafaySysFirstName
- RafaySysLastName
- RafaySysOrganizationName
- RafaySysEmail
- Rafay Systems
- Rafay
- Rancher
- yaml
- rafay
- DomainName
- Hosted
- Domain Name
- Domain name
- Grafana
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Basic configuration
Parameters:
- AvailabilityZones
- RemoteAccessCIDR
- KeyPairName
- ConfigSetName
- PerAccountSharedResources
- PerRegionSharedResources
- Label:
default: VPC network configuration
Parameters:
- NumberOfAZs
- VPCCIDR
- PrivateSubnet1CIDR
- PrivateSubnet2CIDR
- PrivateSubnet3CIDR
- PublicSubnet1CIDR
- PublicSubnet2CIDR
- PublicSubnet3CIDR
- Label:
default: Amazon EC2 configuration
Parameters:
- ProvisionBastionHost
- Label:
default: Amazon EKS configuration
Parameters:
- EKSClusterName
- EKSPublicAccessEndpoint
- AdditionalEKSAdminUserArn
- AdditionalEKSAdminRoleArn
- FargateNamespaces
- FargateLabels
- Label:
default: Default EKS node group configuration
Parameters:
- NodeInstanceType
- NumberOfNodes
- MaxNumberOfNodes
- NodeGroupOS
- NodeGroupType
- NodeInstanceFamily
- Label:
default: Snyk monitor (AWS Partner security)
Parameters:
- SnykIntegration
- SnykIntegrationId
- Label:
default: New Relic infrastructure (AWS Partner monitoring)
Parameters:
- NewRelicIntegration
- NewRelicLicenseKey
- Label:
default: Calico policy [APN security partner]
Parameters:
- CalicoIntegration
- Label:
default: Rafay Systems [APN software & internet partner]
Parameters:
- RafaySysIntegration
- RafaySysProject
- RafaySysBootstrapBucket
- RafaySysBootstrapKey
- RafaySysApiKey
- RafaySysApiSecret
- RafaySysFirstName
- RafaySysLastName
- RafaySysOrganizationName
- RafaySysEmail
- Label:
default: HashiCorp Vault (AWS Partner security)
Parameters:
- VaultIntegration
- VaultUIACMSSLCertificateArn
- VaultUIHostedZoneID
- VaultUIDomainName
- Label:
default: HashiCorp Consul (AWS Partner containers)
Parameters:
- ConsulIntegration
- ConsulUIACMSSLCertificateArn
- ConsulUIHostedZoneID
- ConsulUIDomainName
- Label:
default: Rancher management (AWS Partner management)
Parameters:
- RancherIntegration
- RancherDomainName
- Label:
default: Kubernetes add-ins
Parameters:
- ALBIngressController
- ClusterAutoScaler
- EfsStorageClass
- PrometheusIntegration
- GrafanaIntegration
- MonitoringStack
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
- QSS3BucketRegion
- TestSuite
ParameterLabels:
AvailabilityZones:
default: Availability Zones
KeyPairName:
default: SSH key name
PrivateSubnet1CIDR:
default: Private subnet 1 CIDR
PrivateSubnet2CIDR:
default: Private subnet 2 CIDR
PrivateSubnet3CIDR:
default: Private subnet 3 CIDR
PublicSubnet1CIDR:
default: Public subnet 1 CIDR
PublicSubnet2CIDR:
default: Public subnet 2 CIDR
PublicSubnet3CIDR:
default: Public subnet 3 CIDR
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
QSS3BucketRegion:
default: Quick Start S3 bucket Region
RemoteAccessCIDR:
default: Allowed external access CIDR
VPCCIDR:
default: VPC CIDR
NodeInstanceType:
default: Instance type
NumberOfNodes:
default: Number of nodes
MaxNumberOfNodes:
default: Maximum number of nodes
AdditionalEKSAdminUserArn:
default: Additional EKS admin ARN (IAM user)
AdditionalEKSAdminRoleArn:
default: Additional EKS admin ARN (IAM role)
ClusterAutoScaler:
default: Cluster autoscaler
EfsStorageClass:
default: EFS storage class
MonitoringStack:
default: Monitoring stack
NumberOfAZs:
default: Number of Availability Zones
ProvisionBastionHost:
default: Provision bastion host
EKSPublicAccessEndpoint:
default: EKS public access endpoint
ALBIngressController:
default: AWS load balancer controller
FargateNamespaces:
default: Fargate namespaces
FargateLabels:
default: Fargate labels
EKSClusterName:
default: EKS cluster name
SnykIntegrationId:
default: Integration ID
SnykIntegration:
default: Security monitoring integration
NewRelicIntegration:
default: Infrastructure monitoring integration
NewRelicLicenseKey:
default: License key
CalicoIntegration:
default: Calico policy integration
RafaySysIntegration:
default: Rafay Systems integration
RafaySysProject:
default: Rafay project
RafaySysFirstName:
default: First name
RafaySysLastName:
default: Last name
RafaySysOrganizationName:
default: Organization name
RafaySysEmail:
default: Email
RafaySysApiKey:
default: API key
RafaySysApiSecret:
default: API secret
RafaySysBootstrapBucket:
default: Bootstrap S3 bucket
RafaySysBootstrapKey:
default: Bootstrap S3 key
PerAccountSharedResources:
default: Per-account shared resources
PerRegionSharedResources:
default: Per-Region shared resources
ConfigSetName:
default: Config set name
TestSuite:
default: Test suite
NodeGroupType:
default: Node group type
NodeInstanceFamily:
default: Node instance family
NodeGroupOS:
default: Node group OS
VaultIntegration:
default: HashiCorp Vault integration
VaultUIACMSSLCertificateArn:
default: Vault UI ACM SSL certificate ARN
VaultUIHostedZoneID:
default: Route 53 hosted zone id
VaultUIDomainName:
default: Vault UI load balancer DNS name
ConsulIntegration:
default: HashiCorp Consul integration
ConsulUIACMSSLCertificateArn:
default: ACM SSL certificate ARN
ConsulUIHostedZoneID:
default: Route 53 hosted zone id
ConsulUIDomainName:
default: Consul UI load balancer DNS name
RancherIntegration:
default: Rancher management integration
RancherDomainName:
default: Rancher domain name
PrometheusIntegration:
default: Prometheus integration
GrafanaIntegration:
default: Grafana integration
Parameters:
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Three
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
KeyPairName:
Description: Name of an existing key pair, which allows you
to securely connect to your instance after it launches.
Type: String
Default: ""
PrivateSubnet1CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28
Default: 10.0.0.0/19
Description: CIDR block for private subnet 1, located in Availability Zone 1.
Type: String
PrivateSubnet2CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28
Default: 10.0.32.0/19
Description: CIDR block for private subnet 2, located in Availability Zone 2.
Type: String
PrivateSubnet3CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28
Default: 10.0.64.0/19
Description: CIDR block for private subnet 3, located in Availability Zone 3.
Type: String
PublicSubnet1CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28
Default: 10.0.128.0/20
Description: CIDR block for the public (DMZ) subnet 1, located in Availability
Zone 1.
Type: String
PublicSubnet2CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28
Default: 10.0.144.0/20
Description: CIDR block for the public (DMZ) subnet 2, located in Availability
Zone 2.
Type: String
PublicSubnet3CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28
Default: 10.0.160.0/20
Description: CIDR block for the public (DMZ) subnet 3, located in Availability
Zone 3.
Type: String
QSS3BucketName:
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
(-).
Default: aws-quickstart
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
Type: String
QSS3KeyPrefix:
AllowedPattern: ^[0-9a-zA-Z-/.]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), periods (.) and forward slash (/).
Default: quickstart-amazon-eks/
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), periods (.) and
forward slash (/).
Type: String
QSS3BucketRegion:
Default: 'us-east-1'
Description: Region where the Quick Start S3 bucket (QSS3BucketName) is
hosted. When using your own bucket, you must specify this value.
Type: String
RemoteAccessCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Description: CIDR IP range that is permitted to access the instances. We recommend
that you set this value to a trusted IP range.
Type: String
EKSPublicAccessEndpoint:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: Configure access to the Kubernetes API server endpoint from outside of your VPC.
VPCCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28
Default: 10.0.0.0/16
Description: CIDR block for the VPC.
Type: String
AdditionalEKSAdminUserArn:
Default: ""
AllowedPattern: '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:.*|^$'
Description: "(Optional) IAM user ARN to be granted administrative access to the EKS cluster."
Type: String
AdditionalEKSAdminRoleArn:
Default: ""
AllowedPattern: '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:.*|^$'
Description: "(Optional) IAM role ARN to be granted administrative access to the EKS cluster."
Type: String
NodeInstanceType:
Default: t3.medium
AllowedValues:
- a1.medium
- a1.large
- a1.xlarge
- a1.2xlarge
- a1.4xlarge
- a1.metal
- c1.medium
- c1.xlarge
- c3.large
- c3.xlarge
- c3.2xlarge
- c3.4xlarge
- c3.8xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5.metal
- c5a.large
- c5a.xlarge
- c5a.2xlarge
- c5a.4xlarge
- c5a.8xlarge
- c5a.12xlarge
- c5a.16xlarge
- c5a.24xlarge
- c5ad.large
- c5ad.xlarge
- c5ad.2xlarge
- c5ad.4xlarge
- c5ad.8xlarge
- c5ad.12xlarge
- c5ad.16xlarge
- c5ad.24xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- c5d.metal
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5n.metal
- c6a.large
- c6a.xlarge
- c6a.2xlarge
- c6a.4xlarge
- c6a.8xlarge
- c6a.12xlarge
- c6a.16xlarge
- c6a.24xlarge
- c6a.32xlarge
- c6a.48xlarge
- c6a.metal
- c6g.medium
- c6g.large
- c6g.xlarge
- c6g.2xlarge
- c6g.4xlarge
- c6g.8xlarge
- c6g.12xlarge
- c6g.16xlarge
- c6g.metal
- c6gd.medium
- c6gd.large
- c6gd.xlarge
- c6gd.2xlarge
- c6gd.4xlarge
- c6gd.8xlarge
- c6gd.12xlarge
- c6gd.16xlarge
- c6gd.metal
- c6gn.medium
- c6gn.large
- c6gn.xlarge
- c6gn.2xlarge
- c6gn.4xlarge
- c6gn.8xlarge
- c6gn.12xlarge
- c6gn.16xlarge
- c6gn.metal
- c7g.medium
- c7g.large
- c7g.xlarge
- c7g.2xlarge
- c7g.4xlarge
- c7g.8xlarge
- c7g.12xlarge
- c7g.16xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6i.metal
- c6id.medium
- c6id.large
- c6id.xlarge
- c6id.2xlarge
- c6id.4xlarge
- c6id.8xlarge
- c6id.12xlarge
- c6id.16xlarge
- c6id.24xlarge
- c6id.32xlarge
- c6id.metal
- cc2.8xlarge
- d2.xlarge
- d2.2xlarge
- d2.4xlarge
- d2.8xlarge
- d3.xlarge
- d3.2xlarge
- d3.4xlarge
- d3.8xlarge
- d3en.xlarge
- d3en.2xlarge
- d3en.4xlarge
- d3en.6xlarge
- d3en.8xlarge
- d3en.12xlarge
- f1.2xlarge
- f1.4xlarge
- f1.16xlarge
- g2.2xlarge
- g2.8xlarge
- g3.4xlarge
- g3.8xlarge
- g3.16xlarge
- g3s.xlarge
- g4ad.xlarge
- g4ad.2xlarge
- g4ad.4xlarge
- g4ad.8xlarge
- g4ad.12xlarge
- g4ad.16xlarge
- g4ad.metal
- g4dn.xlarge
- g4dn.2xlarge
- g4dn.4xlarge
- g4dn.8xlarge
- g4dn.12xlarge
- g4dn.16xlarge
- g4dn.metal
- g5.xlarge
- g5.2xlarge
- g5.4xlarge
- g5.8xlarge
- g5.12xlarge
- g5.16xlarge
- g5.24xlarge
- g5.48xlarge
- g5g.xlarge
- g5g.2xlarge
- g5g.4xlarge
- g5g.8xlarge
- g5g.16xlarge
- g5g.metal
- h1.2xlarge
- h1.4xlarge
- h1.8xlarge
- h1.16xlarge
- i2.xlarge
- i2.2xlarge
- i2.4xlarge
- i2.8xlarge
- i3.large
- i3.xlarge
- i3.2xlarge
- i3.4xlarge
- i3.8xlarge
- i3.16xlarge
- i3.metal
- i3en.large
- i3en.xlarge
- i3en.2xlarge
- i3en.3xlarge
- i3en.6xlarge
- i3en.12xlarge
- i3en.24xlarge
- i3en.metal
- i4i.large
- i4i.xlarge
- i4i.2xlarge
- i4i.4xlarge
- i4i.8xlarge
- i4i.16xlarge
- i4i.32xlarge
- i4i.metal
- im4gn.large
- im4gn.xlarge
- im4gn.2xlarge
- im4gn.4xlarge
- im4gn.8xlarge
- im4gn.16xlarge
- inf1.xlarge
- inf1.2xlarge
- inf1.6xlarge
- inf1.24xlarge
- is4gen.medium
- is4gen.large
- is4gen.xlarge
- is4gen.2xlarge
- is4gen.4xlarge
- is4gen.8xlarge
- m1.small
- m1.medium
- m1.large
- m1.xlarge
- m2.xlarge
- m2.2xlarge
- m2.4xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- m4.16xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
- m5ad.large
- m5ad.xlarge
- m5ad.2xlarge
- m5ad.4xlarge
- m5ad.8xlarge
- m5ad.12xlarge
- m5ad.16xlarge
- m5ad.24xlarge
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5dn.large
- m5dn.xlarge
- m5dn.2xlarge
- m5dn.4xlarge
- m5dn.8xlarge
- m5dn.12xlarge
- m5dn.16xlarge
- m5dn.24xlarge
- m5dn.metal
- m5n.large
- m5n.xlarge
- m5n.2xlarge
- m5n.4xlarge
- m5n.8xlarge
- m5n.12xlarge
- m5n.16xlarge
- m5n.24xlarge
- m5n.metal
- m5zn.large
- m5zn.xlarge
- m5zn.2xlarge
- m5zn.4xlarge
- m5zn.8xlarge
- m5zn.12xlarge
- m5zn.16xlarge
- m5zn.24xlarge
- m5zn.metal
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge
- m6a.32xlarge
- m6a.48xlarge
- m6a.metal
- m6g.medium
- m6g.large
- m6g.xlarge
- m6g.2xlarge
- m6g.4xlarge
- m6g.8xlarge
- m6g.12xlarge
- m6g.16xlarge
- m6g.metal
- m6gd.medium
- m6gd.large
- m6gd.xlarge
- m6gd.2xlarge
- m6gd.4xlarge
- m6gd.8xlarge
- m6gd.12xlarge
- m6gd.16xlarge
- m6gd.metal
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- m6i.metal
- m6id.large
- m6id.xlarge
- m6id.2xlarge
- m6id.4xlarge
- m6id.8xlarge
- m6id.12xlarge
- m6id.16xlarge
- m6id.24xlarge
- m6id.32xlarge
- m6id.metal
- p2.xlarge
- p2.8xlarge
- p2.16xlarge
- p3.2xlarge
- p3.8xlarge
- p3.16xlarge
- p3dn.24xlarge
- p4d.24xlarge
- r3.large
- r3.xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- r4.large
- r4.xlarge
- r4.2xlarge
- r4.4xlarge
- r4.8xlarge
- r4.16xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5.metal
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5ad.large
- r5ad.xlarge
- r5ad.2xlarge
- r5ad.4xlarge
- r5ad.8xlarge
- r5ad.12xlarge
- r5ad.16xlarge
- r5ad.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5b.metal
- r5d.large
- r5d.xlarge
- r5d.2xlarge
- r5d.4xlarge
- r5d.8xlarge
- r5d.12xlarge
- r5d.16xlarge
- r5d.24xlarge
- r5d.metal
- r5dn.large
- r5dn.xlarge
- r5dn.2xlarge
- r5dn.4xlarge
- r5dn.8xlarge
- r5dn.12xlarge
- r5dn.16xlarge
- r5dn.24xlarge
- r5dn.metal
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r5n.metal
- r6g.medium
- r6g.large
- r6g.xlarge
- r6g.2xlarge
- r6g.4xlarge
- r6g.8xlarge
- r6g.12xlarge
- r6g.16xlarge
- r6g.metal
- r6gd.medium
- r6gd.large
- r6gd.xlarge
- r6gd.2xlarge
- r6gd.4xlarge
- r6gd.8xlarge
- r6gd.12xlarge
- r6gd.16xlarge
- r6gd.metal
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- r6i.metal
- r6id.large
- r6id.xlarge
- r6id.2xlarge
- r6id.4xlarge
- r6id.8xlarge
- r6id.12xlarge
- r6id.16xlarge
- r6id.24xlarge
- r6id.32xlarge
- r6id.metal
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- t2.xlarge
- t2.2xlarge
- t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- t3.2xlarge
- t3a.nano
- t3a.micro
- t3a.small
- t3a.medium
- t3a.large
- t3a.xlarge
- t3a.2xlarge
- t4g.nano
- t4g.micro
- t4g.small
- t4g.medium
- t4g.large
- t4g.xlarge
- t4g.2xlarge
- x1.16xlarge
- x1.32xlarge
- x1e.xlarge
- x1e.2xlarge
- x1e.4xlarge
- x1e.8xlarge
- x1e.16xlarge
- x1e.32xlarge
- x2gd.medium
- x2gd.large
- x2gd.xlarge
- x2gd.2xlarge
- x2gd.4xlarge
- x2gd.8xlarge
- x2gd.12xlarge
- x2gd.16xlarge
- x2gd.metal
- x2idn.16xlarge
- x2idn.24xlarge
- x2idn.32xlarge
- x2idn.metal
- x2iedn.xlarge
- x2iedn.2xlarge
- x2iedn.4xlarge
- x2iedn.8xlarge
- x2iedn.16xlarge
- x2iedn.24xlarge
- x2iedn.32xlarge
- x2iedn.metal
- x2iezn.2xlarge
- x2iezn.4xlarge
- x2iezn.6xlarge
- x2iezn.8xlarge
- x2iezn.12xlarge
- x2iezn.metal
- z1d.large
- z1d.xlarge
- z1d.2xlarge
- z1d.3xlarge
- z1d.6xlarge
- z1d.12xlarge
- z1d.metal
ConstraintDescription: Must be a valid EC2 instance type
Description: EC2 instance type.
Type: String
NumberOfNodes:
Default: 3
MinValue: 0
MaxValue: 450
Description: Number of Amazon EKS node instances. The default is one for each of the three Availability Zones.
Type: Number
MaxNumberOfNodes:
Default: 3
MinValue: 0
MaxValue: 450
Description: Maximum number of Amazon EKS node instances. The default is three.
Type: Number
ClusterAutoScaler:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: 'Choose "Enabled" to enable Kubernetes cluster autoscaler.'
EfsStorageClass:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: 'Choose "Enabled" to enable EFS storage class.'
MonitoringStack:
Type: String
AllowedValues: [ "Prometheus + Grafana", "None" ]
Default: "None"
Description: 'Enable monitoring stack with "Prometheus+Grafana." Warning: this is a legacy parameter and will be dropped from the next version of this Quick Start. Please use the "Grafana integration" and "Prometheus integration" parameters instead.'
GrafanaIntegration:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: 'Grafana requires "Prometheus integration" to be enabled. For more information see https://www.grafana.com/ .'
PrometheusIntegration:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: 'For more information see https://prometheus.io/ .'
NumberOfAZs:
Type: String
AllowedValues: ["2", "3"]
Default: "3"
Description: Number of Availability Zones to use in the VPC. This must match the value entered for the AvailabilityZones parameter.
ProvisionBastionHost:
Type: String
AllowedValues: [ "Enabled", "Disabled" ]
Default: "Enabled"
Description: Skip creating a bastion host by choosing "Disabled."
# This parameter name is inaccurate to preserve backward compatibility, and will be changed to ALBIngressController in the next release
ALBIngressController:
Type: String
AllowedValues: [ "Enabled", "Disabled" ]
Default: "Enabled"
Description: Choose "Disabled" to skip deploying the AWS load balancer controller.
FargateNamespaces:
Type: String
Default: ""
Description: "(Optional) Comma-separated list of namespaces for which Fargate should be enabled."
FargateLabels:
Type: String
Default: ""
Description: >-
Requires at least one Fargate namespace to be specified. This is a comma-separated list of key-value pod labels.
For a pod to run on Fargate, all of the labels must match, and it must run in a namespace defined by
"Fargate namespaces."
EKSClusterName:
Type: String
Default: ""
Description: "(Optional) Name for the EKS cluster. If left blank, one is auto-generated. This must be unique within the Region."
SnykIntegrationId:
Type: String
AllowedPattern: '^[a-z0-9-]{36}$|^$'
Default: ""
Description: 'If the SnykIntegration parameter is set to "Enabled," a value must be provided. For more information, see https://support.snyk.io/hc/en-us/articles/360003916158-Install-the-Snyk-controller-with-Helm.'
SnykIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-snyk/."
NewRelicLicenseKey:
Type: String
Default: ""
NoEcho: true
Description: 'If the NewRelicIntegration parameter is set to "Enabled," a value must be provided. For more information see https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key/.'
NewRelicIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: For more information, see https://github.com/aws-quickstart/quickstart-eks-newrelic-infrastructure/."
CalicoIntegration:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: "For more information see https://www.projectcalico.org/ ."
RafaySysIntegration:
Type: String
AllowedValues: [ Enabled, Disabled ]
Default: Disabled
Description: "For more information see https://aws-quickstart.github.io/quickstart-eks-rafay-systems/ ."
RafaySysProject:
Type: String
Description: "This is the name you want to use for you Rafay deployment."
Default: "defaultproject"
RafaySysBootstrapBucket:
Type: String
Description: "(Optional) S3 bucket to place the the Rafay bootstrap yaml file. If left blank the EKS Quick Start bucket will be used."
Default: ""
RafaySysBootstrapKey:
Type: String
Description: "(Optional) S3 key to place the the Rafay bootstrap yaml file. If left blank the key will be rafay/<CLUSTER_NAME>/cluster-bootstrap.yaml."
Default: ""
RafaySysApiKey:
Type: String
Description: Required if using an existing Rafay account.
Default: ""
RafaySysApiSecret:
Type: String
Description: Required if using an existing Rafay account.
Default: ""
NoEcho: true
RafaySysFirstName:
Type: String
Description: Required if registering a new Rafay account.
Default: ""
RafaySysLastName:
Type: String
Description: Required if registering a new Rafay account.
Default: ""
RafaySysOrganizationName:
Type: String
Description: Required if registering a new Rafay account.
Default: ""
RafaySysEmail:
Type: String
Description: Required if registering a new Rafay account.
Default: ""
PerAccountSharedResources:
Type: String
AllowedValues: ['AutoDetect', 'Yes', 'No']
Default: 'AutoDetect'
Description: Choose "No" if you already deployed another EKS Quick Start stack in your AWS account.
PerRegionSharedResources:
Type: String
AllowedValues: ['AutoDetect', 'Yes', 'No']
Default: 'AutoDetect'
Description: Choose "No" if you already deployed another EKS Quick Start stack in your Region.
ConfigSetName:
Type: String
Default: ""
Description: >-
(Optional) Name used to map advanced parameters to an EKS cluster. If you launched an advanced
configuration stack and want to apply its values to this cluster, this name must match the ConfigSetName parameter
for the stack. If left blank, a new config set is created using default values.
TestSuite:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: Deploys a test stack that tests Quick Start components.
NodeInstanceFamily:
Default: Standard
AllowedValues: ['Standard', 'ARM', 'GPU']
Type: String
Description: Choose the instance family to match the value of "Node instance type."
NodeGroupType:
Type: String
AllowedValues: [ Managed, Unmanaged ]
Default: Managed
Description: Choose "Unmanaged" to create an Auto Scaling group without using the EKS-managed node groups feature.
NodeGroupOS:
AllowedValues:
- 'Amazon Linux 2'
- 'Bottlerocket'
- 'Windows'
Default: 'Amazon Linux 2'
Description: Operating system to use for node instances. Choose "Bottlerocket" for the Amazon purpose-built container OS
(unmanaged node groups only). Note that if you choose "Windows," an additional Amazon Linux node group is created.
Type: String
VaultIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-hashicorp-vault/."
VaultUIDomainName:
Type: String
Description: >-
Fully qualified DNS name for the vault-ui service load balancer.
If you don't provide a value for "ACM SSL certificate ARN", use the HostedZoneID.
MaxLength: 128
Default: ""
VaultUIHostedZoneID:
Type: String
Description: >-
Route 53-hosted zone ID of the domain name. If you don't provide an ACMSSLCertificateArn value, the Quick Start
creates an ACM certificate for you using HostedZoneID in conjunction with DomainName.
Default: ""
VaultUIACMSSLCertificateArn:
Description: >-
ARN of the load balancer's ACM SSL certificate. If you don't provide values for "Domain name" and
"Hosted zone id", provide a value for "ACM SSL certificate ARN".
Type: String
AllowedPattern: '^arn:(aws|aws-cn|aws-us-gov):acm:.*:[0-9]{12}:certificate.*|^$'
Default: ""
ConsulIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-hashicorp-consul/."
ConsulUIDomainName:
Type: String
Description: >-
Fully qualified DNS name for the consul-ui service load balancer.
If you don't provide a value for "ACM SSL certificate ARN", use the HostedZoneID.
MaxLength: 128
Default: ""
ConsulUIHostedZoneID:
Type: String
Description: >-
Route 53-hosted zone ID of the domain name. If you don't provide an ACMSSLCertificateArn value, the Quick Start
creates an ACM certificate for you using HostedZoneID in conjunction with DomainName.
Default: ""
ConsulUIACMSSLCertificateArn:
Description: >-
ARN of the load balancer's ACM SSL certificate. If you don't provide values for "Domain name" and
"Hosted zone id", provide a value for "ACM SSL certificate ARN".
Type: String
AllowedPattern: '^arn:(aws|aws-cn|aws-us-gov):acm:.*:[0-9]{12}:certificate.*|^$'
Default: ""
RancherIntegration:
Type: String
AllowedValues: [Enabled, Disabled]
Default: Disabled
Description: "For more information, see https://github.com/aws-quickstart/quickstart-eks-rancher/."
RancherDomainName:
Description: DNS domain name that users can use to access the Rancher console.
Type: String
Default: aws.private
Conditions:
EnablePrometheus: !Or
- !Equals [!Ref PrometheusIntegration, "Enabled"]
- !Equals [!Ref MonitoringStack, "Prometheus + Grafana"]
EnableGrafana: !Or
- !Equals [!Ref GrafanaIntegration, "Enabled"]
- !Equals [!Ref MonitoringStack, "Prometheus + Grafana"]
DetectSharedStacks: !And
- !Equals [!Ref PerAccountSharedResources, 'AutoDetect']
- !Equals [!Ref PerRegionSharedResources, 'AutoDetect']
CreateAdvancedConfigWithDefaults: !Equals [!Ref ConfigSetName, '']
CreatePerAccountSharedResources: !Equals [!Ref PerAccountSharedResources, 'Yes']
CreatePerRegionSharedResources: !Equals [!Ref PerRegionSharedResources, 'Yes']
3AZDeployment: !Equals [!Ref NumberOfAZs, "3"]
2AZDeployment: !Or
- !Equals [!Ref NumberOfAZs, "2"]
- !Equals [!Ref NumberOfAZs, "3"]
UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart']
WindowsNodes: !Equals [!Ref NodeGroupOS, 'Windows']
VaultEnabled: !Equals [!Ref VaultIntegration, 'Enabled']
Mappings:
Config:
Prefix: { Value: 'eks-quickstart' }
Resources:
AdvancedConfigDefaultsStack:
Type: AWS::CloudFormation::Stack
Condition: CreateAdvancedConfigWithDefaults
Metadata: { cfn-lint: { config: { ignore_checks: [E9902, W9901] } } }
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-advanced-configuration.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
ConfigSetName: !Ref AWS::StackName
NodeVolumeSize: !If [WindowsNodes, 50, !Ref 'AWS::NoValue']
# As of 08/03/2021 there are no eks optimized ami's for eks 1.21
# TODO: remove forcing windows clusters to 1.20 once ami's are available https://github.com/aws/containers-roadmap/issues/1461
KubernetesVersion: !If [VaultEnabled, '1.17', !If [WindowsNodes, '1.20', !Ref 'AWS::NoValue']]
ConsulUIAccessCIDR: !Ref RemoteAccessCIDR
VaultUIAccessCIDR: !Ref RemoteAccessCIDR
AutoDetectSharedResources:
Type: AWS::CloudFormation::Stack
Condition: DetectSharedStacks
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-prerequisites.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
Version: "1.0.0"
AccountTemplateUri: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-per-account-resources.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
RegionalTemplateUri: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-per-region-resources.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
AccountSharedResources:
Type: AWS::CloudFormation::Stack
Condition: CreatePerAccountSharedResources
DeletionPolicy: Retain
Metadata: { cfn-lint: { config: { ignore_checks: [W3011] } } }
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-per-account-resources.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Tags: [{Key: !FindInMap [Config, Prefix, Value], Value: AccountSharedResources}]
RegionalSharedResources:
Type: AWS::CloudFormation::Stack
Condition: CreatePerRegionSharedResources
DeletionPolicy: Retain
Metadata:
cfn-lint: { config: { ignore_checks: [W3011, W9901] } }
DependsOn: !If [CreatePerAccountSharedResources, !Ref AccountSharedResources, !Ref 'AWS::NoValue']
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-per-region-resources.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Ref QSS3KeyPrefix
Tags: [{Key: !FindInMap [Config, Prefix, Value], Value: RegionalSharedResources}]
VPCStack:
Type: AWS::CloudFormation::Stack
Metadata:
cfn-lint: { config: { ignore_checks: [ W9901 ] } }
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
AvailabilityZones: !Join [ ',', !Ref 'AvailabilityZones' ]
NumberOfAZs: !Ref 'NumberOfAZs'
PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR'
PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR'
PrivateSubnet3ACIDR: !Ref 'PrivateSubnet3CIDR'
PrivateSubnetATag2: "kubernetes.io/role/internal-elb="
PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR'
PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR'
PublicSubnet3CIDR: !Ref 'PublicSubnet3CIDR'
PublicSubnetTag2: "kubernetes.io/role/elb="
VPCCIDR: !Ref 'VPCCIDR'
EKSStack:
Type: AWS::CloudFormation::Stack
Metadata:
DependsOn:
- !If [CreatePerRegionSharedResources, !Ref RegionalSharedResources, !Ref 'AWS::NoValue']
- !If [CreatePerAccountSharedResources, !Ref AccountSharedResources, !Ref 'AWS::NoValue']
- !If [DetectSharedStacks, !Ref AutoDetectSharedResources, !Ref 'AWS::NoValue']
cfn-lint: { config: { ignore_checks: [ W9901, E9902 ] } }
Properties:
TemplateURL: !Sub
- 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks.template.yaml'
- S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Parameters:
PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID
PublicSubnet2ID: !If
- 2AZDeployment
- !GetAtt VPCStack.Outputs.PublicSubnet2ID
- !Ref AWS::NoValue
PublicSubnet3ID: !If
- 3AZDeployment
- !GetAtt VPCStack.Outputs.PublicSubnet3ID
- !Ref AWS::NoValue
KeyPairName: !Ref KeyPairName
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Ref QSS3KeyPrefix
QSS3BucketRegion: !Ref QSS3BucketRegion
PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID
PrivateSubnet2ID: !If
- 2AZDeployment
- !GetAtt VPCStack.Outputs.PrivateSubnet2AID
- !Ref AWS::NoValue
PrivateSubnet3ID: !If
- 3AZDeployment
- !GetAtt VPCStack.Outputs.PrivateSubnet3AID
- !Ref AWS::NoValue
NumberOfNodes: !Ref NumberOfNodes
MaxNumberOfNodes: !Ref MaxNumberOfNodes
NodeGroupOS: !Ref NodeGroupOS
NodeGroupType: !Ref NodeGroupType
NodeInstanceFamily: !Ref NodeInstanceFamily
NodeInstanceType: !Ref NodeInstanceType
RemoteAccessCIDR: !Ref RemoteAccessCIDR
AdditionalEKSAdminUserArn: !Ref AdditionalEKSAdminUserArn
AdditionalEKSAdminRoleArn: !Ref AdditionalEKSAdminRoleArn
VPCID: !GetAtt VPCStack.Outputs.VPCID
ProvisionClusterAutoScaler: !Ref ClusterAutoScaler
EfsStorageClass: !Ref EfsStorageClass
GrafanaIntegration: !If [EnableGrafana, 'Enabled', 'Disabled']
PrometheusIntegration: !If [EnablePrometheus, 'Enabled', 'Disabled']
ProvisionBastionHost: !Ref ProvisionBastionHost
EKSPublicAccessEndpoint: !Ref EKSPublicAccessEndpoint
ProvisionALBIngressController: !Ref ALBIngressController
FargateLabels: !Ref FargateLabels
FargateNamespaces: !Ref FargateNamespaces
EKSClusterName: !Ref EKSClusterName
SnykIntegrationId: !Ref SnykIntegrationId
SnykIntegration: !Ref SnykIntegration
NewRelicLicenseKey: !Ref NewRelicLicenseKey
NewRelicIntegration: !Ref NewRelicIntegration
VaultIntegration: !Ref VaultIntegration
VaultUIACMSSLCertificateArn: !Ref VaultUIACMSSLCertificateArn
VaultUIHostedZoneID: !Ref VaultUIHostedZoneID
VaultUIDomainName: !Ref VaultUIDomainName
ConsulIntegration: !Ref ConsulIntegration
RancherIntegration: !Ref RancherIntegration
RancherDomainName: !Ref RancherDomainName
ConsulUIACMSSLCertificateArn: !Ref ConsulUIACMSSLCertificateArn
ConsulUIHostedZoneID: !Ref ConsulUIHostedZoneID
ConsulUIDomainName: !Ref ConsulUIDomainName
ConfigSetName: !If [CreateAdvancedConfigWithDefaults, !Ref 'AWS::StackName', !Ref ConfigSetName]
TestSuite: !Ref TestSuite
CalicoIntegration: !Ref CalicoIntegration
RafaySysIntegration: !Ref RafaySysIntegration
RafaySysProject: !Ref RafaySysProject
RafaySysBootstrapBucket: !Ref RafaySysBootstrapBucket
RafaySysBootstrapKey: !Ref RafaySysBootstrapKey
RafaySysApiKey: !Ref RafaySysApiKey
RafaySysApiSecret: !Ref RafaySysApiSecret
RafaySysFirstName: !Ref RafaySysFirstName
RafaySysLastName: !Ref RafaySysLastName
RafaySysOrganizationName: !Ref RafaySysOrganizationName
RafaySysEmail: !Ref RafaySysEmail
Outputs:
EKSClusterName:
Value: !GetAtt EKSStack.Outputs.EKSClusterName
BastionIP:
Value: !GetAtt EKSStack.Outputs.BastionIP
BastionSecurityGroup:
Value: !GetAtt EKSStack.Outputs.BastionSecurityGroup
NodeGroupSecurityGroup:
Value: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup
OIDCIssuerURL:
Value: !GetAtt EKSStack.Outputs.OIDCIssuerURL
Rules:
AutoDetectSharedParams:
RuleCondition: !Or
- !Equals [!Ref PerRegionSharedResources, 'AutoDetect']
- !Equals [!Ref PerAccountSharedResources, 'AutoDetect']
Assertions:
- Assert: !And
- !Equals [!Ref PerRegionSharedResources, 'AutoDetect']
- !Equals [!Ref PerAccountSharedResources, 'AutoDetect']
AssertDescription: "AutDetect must be set/unset for both PerRegionSharedResources and PerAccountSharedResources"
WindowsUnmanaged:
Assertions:
- Assert: !Not [!Equals [NodeGroupOS, 'Windows']]
AssertDescription: "Managed nodegroups do not support Windows nodes."
RuleCondition: !Equals
- !Ref NodeGroupType
- Managed
LablesNeedNamespaces:
RuleCondition: !Not
- !Equals [ !Ref FargateLabels, "" ]
Assertions:
- AssertDescription: You must specify at least one Fargate namespace to enable Fargate.
Assert: !Not
- !Equals [ !Ref FargateNamespaces, "" ]
# Vault
VaultUIDomainNamePresentWithHostedID:
RuleCondition: !And
- !Equals [!Ref VaultIntegration, 'Enabled']
- !Equals [ !Ref VaultUIHostedZoneID, '' ]
Assertions:
- Assert: !Not [!Equals [!Ref VaultUIDomainName, '']]
AssertDescription: "Vault: Please specify a 'Domain Name' if you specify 'Route 53 Hosted Zone ID'"
VaultUIHostedIDPresentWithDomainName:
RuleCondition: !And
- !Equals [!Ref VaultIntegration, 'Enabled']
- !Equals [ !Ref VaultUIDomainName, '' ]
Assertions:
- Assert: !Not [!Equals [!Ref VaultUIHostedZoneID, '']]
AssertDescription: "Vault: Please specify a 'Route 53 Hosted Zone ID' if you specify 'Domain Name'"
VaultUIGenerateOrProvideSSL:
RuleCondition: !And
- !Equals [!Ref VaultIntegration, 'Enabled']
- !Not [!Equals [!Ref VaultUIACMSSLCertificateArn, '']]
Assertions:
- Assert: !And
- !Equals [!Ref VaultUIHostedZoneID, '']
- !Equals [!Ref VaultUIDomainName, '']
AssertDescription: "Vault1: Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and Domain Name must be provided."
VaultUINoLoadBalancerInfoSupplied:
RuleCondition: !Equals [!Ref VaultIntegration, 'Enabled']
Assertions:
- Assert: !Or
- !Not [!Equals [!Ref VaultUIHostedZoneID, '']]
- !Not [!Equals [!Ref VaultUIACMSSLCertificateArn, '']]
- !Not [!Equals [!Ref VaultUIDomainName, '']]
AssertDescription: "Vault2: Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and Domain Name must be provided."
# Consul
ConsulUIDomainNamePresentWithHostedID:
RuleCondition: !And
- !Equals [!Ref ConsulIntegration, 'Enabled']
- !Equals [ !Ref ConsulUIHostedZoneID, '' ]
Assertions:
- Assert: !Not [!Equals [!Ref ConsulUIDomainName, '']]
AssertDescription: "Consul: Please specify a 'Domain Name' if you specify 'Route 53 Hosted Zone ID'"
ConsulUIHostedIDPresentWithDomainName:
RuleCondition: !And
- !Equals [!Ref ConsulIntegration, 'Enabled']
- !Equals [ !Ref ConsulUIDomainName, '' ]
Assertions:
- Assert: !Not [!Equals [!Ref ConsulUIHostedZoneID, '']]
AssertDescription: "Consul: Please specify a 'Route 53 Hosted Zone ID' if you specify 'Domain Name'"
ConsulUIGenerateOrProvideSSL:
RuleCondition: !And
- !Equals [!Ref ConsulIntegration, 'Enabled']
- !Not [!Equals [!Ref ConsulUIACMSSLCertificateArn, '']]
Assertions:
- Assert: !And
- !Equals [!Ref ConsulUIHostedZoneID, '']
- !Equals [!Ref ConsulUIDomainName, '']
AssertDescription: "Consul1: Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and Domain Name must be provided."
ConsulUINoLoadBalancerInfoSupplied:
RuleCondition: !Equals [!Ref ConsulIntegration, 'Enabled']
Assertions:
- Assert: !Or
- !Not [!Equals [!Ref ConsulUIHostedZoneID, '']]
- !Not [!Equals [!Ref ConsulUIACMSSLCertificateArn, '']]
- !Not [!Equals [!Ref ConsulUIDomainName, '']]
AssertDescription: "Consul2: Using an SSL certificate is enforced. A CertificateArn or a HostedZoneID and Domain Name must be provided."