├── .github └── PULL_REQUEST_TEMPLATE.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── control-tower-account-factory ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── config-template.yml ├── configuration-examples │ ├── config - default and ou deployment.yml │ ├── config - default deployment.yml │ ├── update - multiple accounts and ou.yml │ └── update - singe account.yml ├── control-tower-account-factory-solution.yml ├── src │ ├── common.py │ ├── handler.py │ └── requirements.txt └── update-template.yml ├── demo ├── deploy.sh ├── service-catalog-demo-networks-cfn.yml └── service-catalog-demo-web-server-cfn.yml ├── deployment-lambda ├── README.md ├── deployment-lambda.zip └── handler.py ├── docs ├── Lab - Service Catalog Preventive Control.pdf └── service_catalog_solution.pdf ├── handler.py ├── init ├── cleanup.sh ├── deploy.sh ├── service-catalog-lambda-functions-cfn.yml ├── service-catalog-product-resources-cfn.yml └── service-catalog-s3-deployment-bucket-cfn.yml ├── product-selector-lambda ├── README.md ├── handler.py └── product-selector-lambda.zip ├── resource-compliance-lambda.zip ├── resource-compliance-lambda ├── README.md ├── handler.py └── resource-compliance-lambda.zip ├── resource-selector-lambda ├── README.md ├── handler.py └── resource-selector-lambda.zip ├── s3-upload-files ├── deployment-cfn │ └── sc-product-deployment.yml └── products │ ├── alb │ ├── sc-alb-listener.yml │ ├── sc-alb-products-role.yml │ ├── sc-alb-target.yml │ └── sc-alb.yml │ ├── asc │ ├── sc-asc-products-role.yml │ └── sc-asc.yml │ ├── dmsendpoint │ ├── sc-dmsendpoint-products-role.yml │ └── sc-dmsendpoint.yml │ ├── dmsinstance │ ├── sc-dmsinstance-products-role.yml │ └── sc-dmsinstance.yml │ ├── dynamodb │ ├── sc-dynamodb-products-role.yml │ └── sc-dynamodb.yml │ ├── ebs │ ├── sc-ebs-products-role.yml │ └── sc-ebs.yml │ ├── efs │ ├── sc-efs-products-role.yml │ └── sc-efs.yml │ ├── elasticache │ ├── sc-elasticache-products-role.yml │ └── sc-elasticache.yml │ ├── elasticsearch │ ├── sc-elasticsearch-products-role.yml │ └── sc-elasticsearch.yml │ ├── firehose │ ├── sc-firehose-products-role.yml │ └── sc-firehose.yml │ ├── fsx │ ├── sc-fsx-products-role.yml │ └── sc-fsx.yml │ ├── governance-lambda-roles │ ├── sc-governance-lambda-roles-products-role.yml │ └── sc-governance-lambda-roles.yml │ ├── governance-lambdas │ ├── sc-governance-lambdas-products-role.yml │ └── sc-governance-lambdas.yml │ ├── kinesis │ ├── sc-kinesis-products-role.yml │ └── sc-kinesis.yml │ ├── kms │ ├── sc-kms-products-role.yml │ └── sc-kms.yml │ ├── mq │ ├── sc-mq-products-role.yml │ └── sc-mq.yml │ ├── s3 │ ├── sc-s3-products-role.yml │ └── sc-s3.yml │ ├── sagemaker │ ├── sc-sagemaker-products-role.yml │ └── sc-sagemaker.yml │ ├── sns │ ├── sc-sns-products-role.yml │ └── sc-sns.yml │ ├── sqs │ ├── sc-sqs-products-role.yml │ └── sc-sqs.yml │ ├── subnet │ ├── sc-subnet-products-role.yml │ └── sc-subnet.yml │ └── vpc │ ├── sc-vpc-products-role.yml │ └── sc-vpc.yml └── templates ├── deny-policy.yml ├── deployment ├── sc-product-alb.deployer ├── sc-product-alblistener.deployer ├── sc-product-albtarget.deployer ├── sc-product-autoscaling.deployer ├── sc-product-dmsendpoint.deployer ├── sc-product-dmsinstance.deployer ├── sc-product-dynamodb.deployer ├── sc-product-ebs.deployer ├── sc-product-efs.deployer ├── sc-product-elasticache.deployer ├── sc-product-elasticsearch.deployer ├── sc-product-firehose.deployer ├── sc-product-fsx.deployer ├── sc-product-governance-lambda-roles.deployer ├── sc-product-governance-lambdas.deployer ├── sc-product-kinesis.deployer ├── sc-product-kms.deployer ├── sc-product-mq.deployer ├── sc-product-s3.deployer ├── sc-product-sagemaker.deployer ├── sc-product-sns.deployer ├── sc-product-sqs.deployer ├── sc-product-subnet.deployer └── sc-product-vpc.deployer ├── examples ├── configs │ ├── dms-endpoint.json │ ├── dms-replication.json │ ├── dynamodb.json │ ├── ebs.json │ ├── efs.json │ ├── elasticache.json │ ├── elasticsearch.json │ ├── fsx.json │ ├── kinesis.json │ ├── s3.json │ ├── sagemaker.json │ ├── sns.json │ └── sqs.json ├── lab │ ├── aws-kinesis-agent-latest.amzn1.noarch.rpm │ ├── bonus-elasticsearch-cfn.yml │ ├── cleanup.sh │ ├── deploy.sh │ ├── deployment-cfn.yml │ ├── fh-agent.json │ ├── httpd.conf │ ├── kinesis-deployment-cfn.yml │ ├── service-catalog-lambdas-cfn.yml │ ├── service-catalog-networks-cfn.yml │ ├── service-catalog-product-resources-cfn.yml │ ├── service-catalog-s3-deployment-bucket-cfn.yml │ ├── ssl.conf │ └── web-server-deployment-cfn.yml ├── launch-cfn.sh ├── sc-provision-dms-endpoint-cft.yml ├── sc-provision-dms-replication-instance-cft.yml ├── sc-provision-dynamodb-cft.yml ├── sc-provision-ebs-cft.yml ├── sc-provision-efs-cft.yml ├── sc-provision-elasticache-cft.yml ├── sc-provision-elasticsearch-cft.yml ├── sc-provision-fsx-cft.yml ├── sc-provision-kinesis-cft.yml ├── sc-provision-s3-cft.yml ├── sc-provision-sagemaker-cft.yml ├── sc-provision-sns-cft.yml ├── sc-provision-sqs-cft.yml ├── sc-test-resources-cfn.yml └── terminate-cfn.sh ├── sc-(product)-update.json └── updates ├── sc-alb-listener-update.json ├── sc-alb-target-update.json ├── sc-alb-update.json ├── sc-autoscaling-update.json ├── sc-dmsendpoint-update.json ├── sc-dmsinstance-update.json ├── sc-ebs-update.json ├── sc-efs-update.json ├── sc-elasticache-update.json ├── sc-elasticsearch-update.json ├── sc-fsx-update.json ├── sc-governance-lambda-roles-update.json ├── sc-governance-lambdas-update.json ├── sc-kinesis-update.json ├── sc-kms-update.json ├── sc-mq-update.json ├── sc-s3-update.json ├── sc-sagemaker-update.json ├── sc-sns-update.json ├── sc-sqs-update.json ├── sc-subnet-update.json ├── sc-vpc-firehose.json └── sc-vpc-update.json /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | *Issue #, if available:* 2 | 3 | *Description of changes:* 4 | 5 | 6 | By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. 7 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## AWS Service Catalog Preventive Control 2 | 3 | Large enterprises try to find a balance between controlling risk and empowering their developers in alignment with DevOps practices. Ideally developers are able to leverage AWS services and create optimized architectures for their applications. This solution addresses the risk and empowerment concerns by using AWS Service Catalog to exposed hardened AWS services to developers. By leveraging AWS Service Catalog products for each AWS Service; developers can create their own architectures with a self-service experience. This solution provides CloudFormation templates to make it easier for developers to automate the provisioning of the Service Catalog products. 4 | 5 | ## License Summary 6 | 7 | This sample code is made available under the MIT-0 license. See the LICENSE file. 8 | 9 | ## Content 10 | 11 | Below are the descriptions of the content in each solution folder: 12 | 13 | __deployment-lambda__ – source code of the AWS Lambda Function that handles the initial deployment of a Service Catalog product. 14 | 15 | __docs__ – documentation for this solution. 16 | 17 | __init__ – AWS CloudFormation templates to create the required foundational infrastructure for the solution such as; IAM policies and roles, the AWS Service Catalog portfolio and an Amazon S3 bucket. 18 | 19 | * deploy.sh – located in Init folder. Initial deployment shell script. 20 | * cleanup.sh – located in Init folder. This script deletes all resources created by the deployment script 21 | 22 | __products-config__ – (empty) – placeholder for product configuration files. The deployment script will copy the deployment templates from the templates\deployment folder to this folder and update it based on the configuration set in the deployment script. 23 | 24 | __product-selector-lambda__ – source code of the AWS Lambda Function to support provisioning products. 25 | 26 | __resource-compliance-lambda__ – source code of the AWS Lambda Function to validate parameters when provisioning products. 27 | 28 | __resource-selector-lambda__ – source code of the AWS Lambda Function to support deployment by easily finding AWS resource such as vpc, subnet, security group, and other using tags and filters. 29 | 30 | __s3-upload-files__ – contains the AWS CloudFormation products deployment template and the AWS CloudFormation products template. The entire content of this folder will be copied to the deployment Amazon S3 bucket during initial solution deployment. 31 | templates – various configuration and AWS CloudFormation templates: 32 | 33 | * Deployment – product deployment configuration templates. See products-config folder description above. 34 | * Examples – example of the AWS CloudFormation templates to provision each product from AWS Service Catalog. 35 | * Updates – product update configuration files. For more information about update go to Product Update CodePipeline. 36 | * sc-(product)-update.json – product update configuration template. 37 | * deny-policy.yml – the AWS CloudFormation template to create deny IAM policy. This policy can be attached to IAM users or roles to prevent users create AWS resources that are supported by AWS Service Catalog, from AWS Management Console, cli, api, etc. 38 | 39 | -------------------------------------------------------------------------------- /control-tower-account-factory/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /control-tower-account-factory/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | -------------------------------------------------------------------------------- /control-tower-account-factory/README.md: -------------------------------------------------------------------------------- 1 | ## Customizing the AWS Control Tower account factory with AWS Lambda and AWS Service Catalog 2 | 3 | This solution is a part of the blog post “Customizing the AWS Control Tower account factory with AWS Lambda and AWS Service Catalog” 4 | 5 | ## Content 6 | 7 | __control-tower-account-factory-solution.yml__ – AWS CloudFormation template to deploy solution. 8 | 9 | __src__ – AWS Lambda function code. 10 | 11 | __config-template.yml__ – Products deployment template for new accounts. 12 | 13 | __update-template.yml__ - Products update template. 14 | 15 | __configuration-examples__ - Configuration examples 16 | 17 | 18 | ## Security 19 | 20 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. 21 | 22 | ## License 23 | 24 | This library is licensed under the MIT-0 License. See the LICENSE file. 25 | 26 | -------------------------------------------------------------------------------- /control-tower-account-factory/config-template.yml: -------------------------------------------------------------------------------- 1 | # List of organization units 2 | organization_units: 3 | : # organization unit name where to deploy products 4 | # list of the AWS Service Catalog products 5 | products: 6 | - product_name: # name of the product 7 | product_version: <(optional) product version # optional value. If omitted the latest version of product will be deployed 8 | portfolio_name: # name of the portfolio 9 | provision_name: # name use by AWS Service Catalog to provision product 10 | dependson: # optional: list of the provision names that must to be deployed before product 11 | - 12 | parameters: # optional: list of parameters and values 13 | - Key: 14 | Value: 15 | regions: # list of AWS regions where to deploy product 16 | - 17 | # products listed under default OU will be deploy to every new account 18 | default: 19 | # list of the AWS Service Catalog products 20 | products: 21 | - product_name: # name of the product 22 | product_version: <(optional) product version # optional value. If omitted the latest version of product will be deployed 23 | portfolio_name: # name of the portfolio 24 | provision_name: # name use by AWS Service Catalog to provision product 25 | dependson: # optional: list of the provision names that have to be deploy before product 26 | - 27 | parameters: # optional: list of parameters and values 28 | - Key: 29 | Value: 30 | regions: # list of AWS regions where to deploy product 31 | - 32 | # optional: overwrite default value for maximum iteration 33 | max_iterations: 34 | -------------------------------------------------------------------------------- /control-tower-account-factory/configuration-examples/config - default and ou deployment.yml: -------------------------------------------------------------------------------- 1 | organization_units: 2 | Developers: 3 | products: 4 | - product_name: sc-kms-product 5 | portfolio_name: security-products 6 | provision_name: efs-kms-key 7 | parameters: 8 | - Key: KeyAlies 9 | Value: efs-kms-key 10 | regions: 11 | - us-east-1 12 | - us-east-2 13 | - product_name: sc-efs-product 14 | portfolio_name: security-products 15 | provision_name: sc-efs 16 | dependson: 17 | - efs-kms-key 18 | parameters: 19 | - Key: KMSId 20 | Value: 'alias/efs-kms-key' 21 | regions: 22 | - us-east-1 23 | - us-east-2 24 | default: 25 | products: 26 | - product_name: sc-governance-lambdas-product 27 | portfolio_name: security-products 28 | provision_name: sc-governance-lambdas-us-east-1 29 | dependson: 30 | - sc-governance-lambda-roles 31 | parameters: 32 | - Key: DeploymentBucketName 33 | Value: my-deployment-bucket-in-us-east-1 34 | regions: 35 | - us-east-1 36 | - product_name: sc-governance-lambdas-product 37 | portfolio_name: security-products 38 | provision_name: sc-governance-lambdas-us-east-2 39 | dependson: 40 | - sc-governance-lambda-roles 41 | parameters: 42 | - Key: DeploymentBucketName 43 | Value: my-deployment-bucket-in-us-east-2 44 | regions: 45 | - us-east-2 46 | - product_name: sc-governance-lambda-roles-product 47 | portfolio_name: security-products 48 | provision_name: sc-governance-lambda-roles 49 | regions: 50 | - us-east-1 51 | 52 | max_iterations: 40 53 | 54 | -------------------------------------------------------------------------------- /control-tower-account-factory/configuration-examples/config - default deployment.yml: -------------------------------------------------------------------------------- 1 | organization_units: 2 | default: 3 | products: 4 | - product_name: sc-governance-lambdas-product 5 | portfolio_name: security-products 6 | provision_name: sc-governance-lambdas-us-east-1 7 | dependson: 8 | - sc-governance-lambda-roles 9 | parameters: 10 | - Key: DeploymentBucketName 11 | Value: my-deployment-bucket-in-us-east-1 12 | regions: 13 | - us-east-1 14 | - product_name: sc-governance-lambdas-product 15 | portfolio_name: security-products 16 | provision_name: sc-governance-lambdas-us-east-2 17 | dependson: 18 | - sc-governance-lambda-roles 19 | parameters: 20 | - Key: DeploymentBucketName 21 | Value: my-deployment-bucket-in-us-east-2 22 | regions: 23 | - us-east-2 24 | - product_name: sc-governance-lambda-roles-product 25 | portfolio_name: security-products 26 | provision_name: sc-governance-lambda-roles 27 | regions: 28 | - us-east-1 29 | max_iterations: 40 30 | 31 | -------------------------------------------------------------------------------- /control-tower-account-factory/configuration-examples/update - multiple accounts and ou.yml: -------------------------------------------------------------------------------- 1 | products: 2 | - product_name: sc-governance-lambdas-product 3 | portfolio_name: security-products 4 | provision_name: sc-governance-lambdas-us-east-1 5 | dependson: 6 | - sc-governance-lambda-roles 7 | parameters: 8 | - Key: DeploymentBucketName 9 | Value: my-deployment-bucket-in-us-east-1 10 | regions: 11 | - us-east-1 12 | accounts: 13 | - 'my account id' 14 | - 'my account id' 15 | organization_units: 16 | - Developers 17 | - Sandboxes 18 | deployifnotexist: true 19 | - product_name: sc-governance-lambdas-product 20 | portfolio_name: security-products 21 | provision_name: sc-governance-lambdas-us-east-2 22 | dependson: 23 | - sc-governance-lambda-roles 24 | parameters: 25 | - Key: DeploymentBucketName 26 | Value: my-deployment-bucket-in-us-east-2 27 | regions: 28 | - us-east-2 29 | accounts: 30 | - 'my account id' 31 | - 'my account id' 32 | organization_units: 33 | - Developers 34 | - Sandboxes 35 | deployifnotexist: true 36 | 37 | max_iterations: 40 38 | 39 | -------------------------------------------------------------------------------- /control-tower-account-factory/configuration-examples/update - singe account.yml: -------------------------------------------------------------------------------- 1 | products: 2 | - product_name: sc-governance-lambdas-product 3 | portfolio_name: security-products 4 | provision_name: sc-governance-lambdas-us-east-1 5 | dependson: 6 | - sc-governance-lambda-roles 7 | parameters: 8 | - Key: DeploymentBucketName 9 | Value: my-deployment-bucket-in-us-east-1 10 | regions: 11 | - us-east-1 12 | accounts: 13 | - 'my account id' 14 | deployifnotexist: true 15 | - product_name: sc-governance-lambdas-product 16 | portfolio_name: security-products 17 | provision_name: sc-governance-lambdas-us-east-2 18 | dependson: 19 | - sc-governance-lambda-roles 20 | parameters: 21 | - Key: DeploymentBucketName 22 | Value: my-deployment-bucket-in-us-east-2 23 | regions: 24 | - us-east-2 25 | accounts: 26 | - 'my account id' 27 | deployifnotexist: true 28 | 29 | max_iterations: 40 30 | 31 | -------------------------------------------------------------------------------- /control-tower-account-factory/src/requirements.txt: -------------------------------------------------------------------------------- 1 | PyYAML -------------------------------------------------------------------------------- /control-tower-account-factory/update-template.yml: -------------------------------------------------------------------------------- 1 | products: 2 | - product_name: # name of the product 3 | product_version: <(optional) product version # optional value. If omitted the latest version of product will be deployed 4 | portfolio_name: # name of the portfolio 5 | provision_name: # name use by AWS Service Catalog to provision new product 6 | dependson: # optional: list of the provision names that must to be updated or deployed before product 7 | - 8 | parameters: # optional: list of parameters and values 9 | - Key: 10 | Value: 11 | regions: # list of AWS regions where to update or deploy product 12 | - 13 | accounts: # list of AWS account ids where update or deploy product 14 | - 15 | organization_units: # list of organization units where update or deploy product 16 | - 17 | deployifnotexist: true 18 | # optional: overwrite default value for maximum iteration 19 | max_iterations: 20 | 21 | -------------------------------------------------------------------------------- /demo/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # /* 4 | # * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. 5 | # * 6 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 7 | # * software and associated documentation files (the "Software"), to deal in the Software 8 | # * without restriction, including without limitation the rights to use, copy, modify, 9 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 10 | # * permit persons to whom the Software is furnished to do so. 11 | # * 12 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 14 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 15 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 16 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 17 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 18 | # */ 19 | 20 | # Domain Name of SSL Cert import to ACM 21 | domain_name="www.example.com" 22 | 23 | # optional AWS CLI profile. If not provided default profile will be used. 24 | aws_cli_profile="default" 25 | 26 | if [[ $1 != '' ]] 27 | then 28 | aws_cli_profile=$1 29 | fi 30 | 31 | printf "Deploying under AWS CLI Profile: $aws_cli_profile\n" 32 | 33 | printf "Creating Service Linked Role" 34 | aws iam create-service-linked-role --aws-service-name autoscaling.amazonaws.com --profile $aws_cli_profile 35 | aws iam create-service-linked-role --aws-service-name elasticloadbalancing.amazonaws.com --profile $aws_cli_profile 36 | 37 | printf "Generate and Import Self-Sign SSL Certificate to ACM\n" 38 | openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout certificate.key -out certificate.crt -subj "/C=US/ST=MA/L=Boston/O=Company/OU=IT/CN=$domain_name" 39 | certArn=$(aws acm import-certificate --certificate file://./certificate.crt --private-key file://./certificate.key --query 'CertificateArn' --region us-east-1 --profile $aws_cli_profile --output text) 40 | aws acm add-tags-to-certificate --certificate-arn $certArn --tags Key=Name,Value=sc-demo --region us-east-1 --profile $aws_cli_profile 41 | 42 | printf "\Certificate Imported to ACM\n" 43 | -------------------------------------------------------------------------------- /deployment-lambda/README.md: -------------------------------------------------------------------------------- 1 | # Product Deployment Lambda 2 | 3 | __`sc-product-deployment-lambda`__ is the AWS Lambda function responsible for adding new products to AWS Service Catalog as well as creating the product’s IAM Service Catalog role. 4 | 5 | To add a new product to AWS Service Catalog, you will need to upload a product configuration file to the Amazon S3 deployment bucket. 6 | The configuration file has to have the extension specified in the solution deployment script. 7 | The default extension is `.deployer`. 8 | 9 | ## Configuration File Format 10 | The configuration file’s content has to be in JSON readable format. Most editors have a json editing tool that can be used to validate json syntax. Below is an example of the configuration file. 11 | ```json 12 | { 13 | "Parameters": { 14 | "PorfolioStack": "", 15 | "ProductName": "", 16 | "ProductDescription": "", 17 | "ProductVersion": "", 18 | "ProductVersionDescription": "", 19 | "ProductTemplateUrl": "", 20 | "ProductRoleName": "", 21 | "ProductPolicyName": "", 23 | "TemplateRuleConstraint": "< (optional), Service Catalog template rule constraint>", 24 | "DeploymentBucket": "", 25 | "DeployUpdatePipeline": "< true/false>", 26 | "UpdateConfigFileName": "" 27 | } 28 | } 29 | ``` 30 | 31 | The values for the parameters: `PorfolioStack`, `ProductPolicyName` and `DeploymentBucket` should be the same values provided in the solution deployment script. 32 | 33 | Copies of the configuration files can be found in products-config folder after running the solution deployment script. 34 | This can be used to validate your current configuration. For example, the value of `TemplateRuleConstraint` can be found in the `products-config\sc-product-elasticsearch.deployer` file. 35 | 36 | ## Deployment 37 | 38 | We are organizing all of the product assets within the same S3 prefix. As an example, `/products/`. 39 | Each product will have its own prefix as well. For instance, `< s3-deployment-bucket>/products/sqs`. 40 | To deploy a new product, follow these steps: 41 | 42 | * Upload the IAM Role and product CFN templates to the Amazon S3 bucket () using the S3 prefix . 43 | * Create a configuration file pointing to the location where templates where uploaded 44 | * Upload the configuration file to /deployment-cfg folder 45 | 46 | The upload to S3 will trigger the sc-product-deployment-lambda function. 47 | This function will launch the product deployment CloudFormation template located at `/deployment-cfn/sc-product-deployment.yml`. 48 | 49 | AWS CloudFormation parameters value will be read from the configuration file. 50 | -------------------------------------------------------------------------------- /deployment-lambda/deployment-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-preventive-control/a5eeaa6528ed7c1b72be0d617af36831eb331f54/deployment-lambda/deployment-lambda.zip -------------------------------------------------------------------------------- /docs/Lab - Service Catalog Preventive Control.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-preventive-control/a5eeaa6528ed7c1b72be0d617af36831eb331f54/docs/Lab - Service Catalog Preventive Control.pdf -------------------------------------------------------------------------------- /docs/service_catalog_solution.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-preventive-control/a5eeaa6528ed7c1b72be0d617af36831eb331f54/docs/service_catalog_solution.pdf -------------------------------------------------------------------------------- /init/service-catalog-s3-deployment-bucket-cfn.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | AWSTemplateFormatVersion: '2010-09-09' 16 | Description: Create Service Catalog Deployment S3 Bucket 17 | Parameters: 18 | BucketName: 19 | Description: S3 Bucket Name 20 | Type: String 21 | 22 | BaselineFunctionRoleName: 23 | Description: Name of the role that will be use for Baseline Function 24 | Type: String 25 | Default: control-tower-baseline-lambda-role 26 | 27 | OrganizationId: 28 | Description: AWS OrganizationId 29 | Type: String 30 | Default: '' 31 | 32 | Conditions: 33 | AddBucketPolicy: !Not [!Equals [!Ref OrganizationId, '']] 34 | 35 | Resources: 36 | 37 | S3Bucket: 38 | Type: AWS::S3::Bucket 39 | Properties: 40 | BucketName: !Ref BucketName 41 | AccessControl: BucketOwnerFullControl 42 | VersioningConfiguration: 43 | Status: Enabled 44 | 45 | BucketPolicy: 46 | Type: AWS::S3::BucketPolicy 47 | Condition: AddBucketPolicy 48 | Properties: 49 | Bucket: 50 | Ref: S3Bucket 51 | PolicyDocument: 52 | Statement: 53 | - 54 | Action: 55 | - "s3:GetObject" 56 | Effect: "Allow" 57 | Resource: 58 | Fn::Join: 59 | - "" 60 | - 61 | - "arn:aws:s3:::" 62 | - 63 | Ref: S3Bucket 64 | - "/*" 65 | Principal: 66 | AWS: "*" 67 | Condition: 68 | StringLike: 69 | aws:PrincipalArn: 70 | - arn:aws:iam::*:role/AWSControlTowerExecution 71 | - !Sub 'arn:aws:iam::*:role/${BaselineFunctionRoleName}' 72 | StringEquals: 73 | aws:PrincipalOrgID: !Ref OrganizationId 74 | 75 | Outputs: 76 | BucketArn: 77 | Value: !GetAtt S3Bucket.Arn 78 | Export: 79 | Name: !Sub ${AWS::StackName}-BucketArn 80 | 81 | -------------------------------------------------------------------------------- /product-selector-lambda/README.md: -------------------------------------------------------------------------------- 1 | # Product Selector Lambda 2 | 3 | __`Product Selector`__ is an AWS Lambda function that was designed to be called from within an AWS CloudFormation as a [custom resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html). 4 | 5 | 6 | ## AWS Service Catalog Product Identification 7 | 8 | Return resource ids of product and artifact (version) required to launch an AWS Service Catalog product from AWS CloudFormation. 9 | This improves the end user experience because they do not need to remember specific resource identifiers. 10 | 11 | __Example Syntax from with CloudFormation:__ 12 | ```yaml 13 | ProductSelector: 14 | Type: "Custom::ProductSelector" 15 | Version: "1.0" 16 | Properties: 17 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 18 | ProductName: 19 | Version: 20 | ``` 21 | 22 | __Note__: Version parameter is optional. If not provided, latest version will be return. 23 | 24 | __Example Syntax of obtaining the Returned Values:__ 25 | 26 | Product Id: `!GetAtt ProductSelector.ProductId` 27 | 28 | Provisioning Artifact Id: `!GetAtt ProductSelector.ArtifactId` 29 | 30 | 31 | __Example of Usage:__ 32 | 33 | Please refer to the AWS CloudFormation product provision templates in the `templates\examples` folder. 34 | -------------------------------------------------------------------------------- /product-selector-lambda/product-selector-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-preventive-control/a5eeaa6528ed7c1b72be0d617af36831eb331f54/product-selector-lambda/product-selector-lambda.zip -------------------------------------------------------------------------------- /resource-compliance-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-preventive-control/a5eeaa6528ed7c1b72be0d617af36831eb331f54/resource-compliance-lambda.zip -------------------------------------------------------------------------------- /resource-compliance-lambda/resource-compliance-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-preventive-control/a5eeaa6528ed7c1b72be0d617af36831eb331f54/resource-compliance-lambda/resource-compliance-lambda.zip -------------------------------------------------------------------------------- /resource-selector-lambda/resource-selector-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-preventive-control/a5eeaa6528ed7c1b72be0d617af36831eb331f54/resource-selector-lambda/resource-selector-lambda.zip -------------------------------------------------------------------------------- /s3-upload-files/products/alb/sc-alb-listener.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog ALB Listener Product 18 | Parameters: 19 | CertificateArn: 20 | Description: ARN of ACM Certificate to apply to ALB 21 | Type: String 22 | Default: "" 23 | ALBTargetGroupArn: 24 | Description: ALB Target Group ARN 25 | Type: String 26 | ALBArn: 27 | Description: ALB ARN 28 | Type: String 29 | AppPort: 30 | Description: 'Application Port' 31 | Type: String 32 | Default: 443 33 | AllowedValues: 34 | - 443 35 | - 8443 36 | 37 | Resources: 38 | ALBListener: 39 | Type: 'AWS::ElasticLoadBalancingV2::Listener' 40 | Properties: 41 | Certificates: 42 | - CertificateArn: !Ref CertificateArn 43 | DefaultActions: 44 | - Type: forward 45 | TargetGroupArn: !Ref ALBTargetGroupArn 46 | LoadBalancerArn: !Ref ALBArn 47 | Port: !Ref AppPort 48 | Protocol: HTTPS 49 | 50 | Outputs: 51 | ALBListenerArn: 52 | Value: !Ref ALBListener 53 | Export: 54 | Name: !Sub ${AWS::StackName}-ALBListenerArn 55 | -------------------------------------------------------------------------------- /s3-upload-files/products/alb/sc-alb.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog ALB Product 18 | Parameters: 19 | ALBName: 20 | Description: ALB Name 21 | Type: String 22 | SecurityGroupIds: 23 | Description: VPC Security Groups Ids as comma separated list 24 | Type: CommaDelimitedList 25 | SubnetIds: 26 | Description: VPC Subnets Ids as comma separated list 27 | Type: CommaDelimitedList 28 | Tags: 29 | Description: The tags to be applied to the resource. 30 | Type: String 31 | Default: '' 32 | 33 | Conditions: 34 | HasTags: !Not [!Equals [!Ref Tags, '']] 35 | 36 | Resources: 37 | GetTags: 38 | Type: "Custom::ResourceCompliance" 39 | Condition : HasTags 40 | Version: "1.0" 41 | Properties: 42 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 43 | Action: 44 | Name: json 45 | Parameters: 46 | JSON: !Ref Tags 47 | Type: Tags 48 | ALB: 49 | Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' 50 | Properties: 51 | Scheme: internal 52 | Name: !Ref ALBName 53 | LoadBalancerAttributes: 54 | - Key: idle_timeout.timeout_seconds 55 | Value: '30' 56 | Subnets: !Ref SubnetIds 57 | SecurityGroups: !Ref SecurityGroupIds 58 | Tags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 59 | 60 | Outputs: 61 | ALBArn: 62 | Value: !Ref ALB 63 | Export: 64 | Name: !Sub ${AWS::StackName}-ALBArn 65 | ALBDNSName: 66 | Value: !GetAtt ALB.DNSName 67 | Export: 68 | Name: !Sub ${AWS::StackName}-ALBDNSName 69 | ALBName: 70 | Value: !GetAtt ALB.LoadBalancerName 71 | Export: 72 | Name: !Sub ${AWS::StackName}-ALBName 73 | ALBFullName: 74 | Value: !GetAtt ALB.LoadBalancerFullName 75 | Export: 76 | Name: !Sub ${AWS::StackName}-ALBFullName 77 | -------------------------------------------------------------------------------- /s3-upload-files/products/asc/sc-asc-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "ASC" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "iam:PassRole" 53 | - "autoscaling:*" 54 | - "kms:GenerateDataKey" 55 | Resource: "*" 56 | 57 | Outputs: 58 | ProductRoleArn: 59 | Value: !GetAtt ProductRole.Arn 60 | -------------------------------------------------------------------------------- /s3-upload-files/products/dmsendpoint/sc-dmsendpoint-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "DMS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "dms:ListTagsForResource" 53 | - "dms:DescribeReplicationInstances" 54 | - "dms:CreateEndpoint" 55 | - "dms:DescribeEndpointTypes" 56 | - "dms:RemoveTagsFromResource" 57 | - "dms:DescribeEndpoints" 58 | - "dms:ModifyReplicationInstance" 59 | - "dms:DeleteEndpoint" 60 | - "dms:DeleteReplicationInstance" 61 | - "dms:ModifyEndpoint" 62 | - "dms:AddTagsToResource" 63 | - "dms:CreateReplicationInstance" 64 | Resource: "*" 65 | 66 | Outputs: 67 | ProductRoleArn: 68 | Value: !GetAtt ProductRole.Arn 69 | -------------------------------------------------------------------------------- /s3-upload-files/products/dmsendpoint/sc-dmsendpoint.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog DMS Endpoint Product 18 | Parameters: 19 | EndpointIdentifier: 20 | Description: Endpoint Name 21 | Type: String 22 | EndpointType: 23 | Description: Endpoint Type 24 | Type: String 25 | Default: source 26 | AllowedValues: 27 | - source 28 | - target 29 | EngineName: 30 | Description: Engine Name 31 | Type: String 32 | DatabaseName: 33 | Description: Database Name 34 | Type: String 35 | ServerName: 36 | Description: Server Name 37 | Type: String 38 | Port: 39 | Description: Port 40 | Type: Number 41 | Default: 1521 42 | UserName: 43 | Description: User Name 44 | Type: String 45 | Password: 46 | Description: Password 47 | Type: String 48 | NoEcho: True 49 | KMSId: 50 | Description: KMS Encryption Key Id 51 | Type: String 52 | Tags: 53 | Description: The tags to be applied to the resource. 54 | Type: String 55 | Default: '' 56 | 57 | Conditions: 58 | HasTags: !Not [!Equals [!Ref Tags, '']] 59 | 60 | Resources: 61 | GetTags: 62 | Type: "Custom::ResourceCompliance" 63 | Condition : HasTags 64 | Version: "1.0" 65 | Properties: 66 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 67 | Action: 68 | Name: json 69 | Parameters: 70 | JSON: !Ref Tags 71 | Type: Tags 72 | Endpoint: 73 | Type: AWS::DMS::Endpoint 74 | Properties: 75 | DatabaseName: !Ref DatabaseName 76 | EndpointIdentifier: !Ref EndpointIdentifier 77 | EndpointType: !Ref EndpointType 78 | EngineName: !Ref EngineName 79 | KmsKeyId: !Ref KMSId 80 | Password: !Ref Password 81 | Username: !Ref UserName 82 | Port: !Ref Port 83 | ServerName: !Ref ServerName 84 | SslMode: none 85 | Tags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 86 | 87 | Outputs: 88 | Endpoint: 89 | Value: !Ref Endpoint 90 | Export: 91 | Name: !Sub ${AWS::StackName}-Endpoint 92 | -------------------------------------------------------------------------------- /s3-upload-files/products/dmsinstance/sc-dmsinstance-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "DMS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "dms:ListTagsForResource" 53 | - "dms:DescribeReplicationInstances" 54 | - "dms:CreateEndpoint" 55 | - "dms:DescribeEndpointTypes" 56 | - "dms:RemoveTagsFromResource" 57 | - "dms:DescribeEndpoints" 58 | - "dms:ModifyReplicationInstance" 59 | - "dms:DeleteEndpoint" 60 | - "dms:DeleteReplicationInstance" 61 | - "dms:ModifyEndpoint" 62 | - "dms:AddTagsToResource" 63 | - "dms:CreateReplicationInstance" 64 | Resource: "*" 65 | 66 | Outputs: 67 | ProductRoleArn: 68 | Value: !GetAtt ProductRole.Arn 69 | -------------------------------------------------------------------------------- /s3-upload-files/products/dmsinstance/sc-dmsinstance.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog DMS Replication Instance Product 18 | Parameters: 19 | ReplicationInstanceIdentifier: 20 | Description: Replication Instance Name 21 | Type: String 22 | ReplicationInstanceClass: 23 | Description: Replication Instance Type 24 | Type: String 25 | Storage: 26 | Type: Number 27 | MinValue: 50 28 | MaxValue: 500 29 | Default: 50 30 | Description: Allocate Storage in GB min 50 max 500 31 | KMSId: 32 | Description: KMS Encryption Key Id 33 | Type: String 34 | EngineVersion: 35 | Description: Engine Version 36 | Type: String 37 | ReplicationSubnetGroupIdentifier: 38 | Description: Replication Subnet Group Identifier 39 | Type: String 40 | SecurityGroupIds: 41 | Description: VPC Security Groups Ids 42 | Type: CommaDelimitedList 43 | Tags: 44 | Description: The tags to be applied to the resource. 45 | Type: String 46 | Default: '' 47 | 48 | Conditions: 49 | HasTags: !Not [!Equals [!Ref Tags, '']] 50 | 51 | Resources: 52 | GetTags: 53 | Type: "Custom::ResourceCompliance" 54 | Condition : HasTags 55 | Version: "1.0" 56 | Properties: 57 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 58 | Action: 59 | Name: json 60 | Parameters: 61 | JSON: !Ref Tags 62 | Type: Tags 63 | ReplicationInstance: 64 | Type: AWS::DMS::ReplicationInstance 65 | Properties: 66 | AllocatedStorage: !Ref Storage 67 | AutoMinorVersionUpgrade: False 68 | EngineVersion: !Ref EngineVersion 69 | KmsKeyId: !Ref KMSId 70 | MultiAZ: False 71 | PubliclyAccessible: False 72 | ReplicationInstanceClass: !Ref ReplicationInstanceClass 73 | ReplicationInstanceIdentifier: !Ref ReplicationInstanceIdentifier 74 | ReplicationSubnetGroupIdentifier: !Ref ReplicationSubnetGroupIdentifier 75 | Tags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 76 | VpcSecurityGroupIds: !Ref SecurityGroupIds 77 | 78 | Outputs: 79 | ReplicationInstance: 80 | Value: !Ref ReplicationInstance 81 | Export: 82 | Name: !Sub ${AWS::StackName}-ReplicationInstance 83 | -------------------------------------------------------------------------------- /s3-upload-files/products/dynamodb/sc-dynamodb-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "DynamoDB" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "dynamodb:CreateTable" 53 | - "dynamodb:TagResource" 54 | - "dynamodb:UntagResource" 55 | - "dynamodb:DescribeTable" 56 | - "dynamodb:ListTables" 57 | - "dynamodb:DeleteTable" 58 | Resource: "*" 59 | 60 | Outputs: 61 | ProductRoleArn: 62 | Value: !GetAtt ProductRole.Arn 63 | -------------------------------------------------------------------------------- /s3-upload-files/products/ebs/sc-ebs-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "EBS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "ec2:DeleteVolume" 53 | - "ec2:DeleteTags" 54 | - "ec2:DescribeSnapshotAttribute" 55 | - "ec2:CreateTags" 56 | - "ec2:DescribeSnapshots" 57 | - "ec2:CreateVolume" 58 | Resource: "*" 59 | 60 | Outputs: 61 | ProductRoleArn: 62 | Value: !GetAtt ProductRole.Arn 63 | -------------------------------------------------------------------------------- /s3-upload-files/products/ebs/sc-ebs.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog EBS Product 18 | Parameters: 19 | AutoEnableIO: 20 | Description: 'Indicates whether the volume is auto-enabled for I/O operations.' 21 | Type: String 22 | Default: false 23 | AllowedValues: 24 | - true 25 | - false 26 | AvailabilityZone: 27 | Description: 'The Availability Zone in which to create the new volume' 28 | Type: AWS::EC2::AvailabilityZone::Name 29 | KMSId: 30 | Description: KMS Encryption Key Id 31 | Type: String 32 | VolumeSize: 33 | Description: The size of the volume, in gibibytes (GiBs). 34 | Type: Number 35 | MinValue: 1 36 | MaxValue: 500 37 | Default: 10 38 | SnapshotId: 39 | Description: The snapshot from which to create the new volume. 40 | Type: String 41 | Default: '' 42 | Tags: 43 | Description: The tags to be applied to the resource. 44 | Type: String 45 | Default: '' 46 | 47 | Conditions: 48 | HasSnapshot: !Not [!Equals [!Ref SnapshotId, ""]] 49 | HasTags: !Not [!Equals [!Ref Tags, '']] 50 | 51 | Resources: 52 | GetTags: 53 | Type: "Custom::ResourceCompliance" 54 | Condition : HasTags 55 | Version: "1.0" 56 | Properties: 57 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 58 | Action: 59 | Name: json 60 | Parameters: 61 | JSON: !Ref Tags 62 | Type: Tags 63 | EBS: 64 | Type: AWS::EC2::Volume 65 | Properties: 66 | AutoEnableIO: !Ref AutoEnableIO 67 | AvailabilityZone: !Ref AvailabilityZone 68 | Encrypted: true 69 | KmsKeyId: !Ref KMSId 70 | Size: !Ref VolumeSize 71 | SnapshotId: !If [HasSnapshot , !Ref SnapshotId, !Ref "AWS::NoValue"] 72 | Tags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 73 | VolumeType: gp2 74 | 75 | Outputs: 76 | EBSId: 77 | Value: !Ref EBS 78 | Export: 79 | Name: !Sub ${AWS::StackName}-EBSId 80 | -------------------------------------------------------------------------------- /s3-upload-files/products/efs/sc-efs-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "EFS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "elasticfilesystem:DescribeTags" 53 | - "elasticfilesystem:CreateFileSystem" 54 | - "elasticfilesystem:DescribeFileSystems" 55 | - "elasticfilesystem:DeleteFileSystem" 56 | - "elasticfilesystem:CreateTags" 57 | - "elasticfilesystem:DeleteTags" 58 | Resource: "*" 59 | 60 | Outputs: 61 | ProductRoleArn: 62 | Value: !GetAtt ProductRole.Arn 63 | -------------------------------------------------------------------------------- /s3-upload-files/products/efs/sc-efs.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog EFS Product 18 | Parameters: 19 | KMSId: 20 | Description: KMS Encryption Key Id 21 | Type: String 22 | Tags: 23 | Description: The tags to be applied to the resource. 24 | Type: String 25 | Default: '' 26 | 27 | Conditions: 28 | HasTags: !Not [!Equals [!Ref Tags, '']] 29 | 30 | Resources: 31 | GetTags: 32 | Type: "Custom::ResourceCompliance" 33 | Condition : HasTags 34 | Version: "1.0" 35 | Properties: 36 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 37 | Action: 38 | Name: json 39 | Parameters: 40 | JSON: !Ref Tags 41 | Type: Tags 42 | EFS: 43 | Type: AWS::EFS::FileSystem 44 | Properties: 45 | Encrypted: True 46 | FileSystemTags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 47 | KmsKeyId: !Ref KMSId 48 | PerformanceMode: generalPurpose 49 | ThroughputMode: bursting 50 | 51 | Outputs: 52 | EFSId: 53 | Value: !Ref EFS 54 | Export: 55 | Name: !Sub ${AWS::StackName}-EFSId 56 | -------------------------------------------------------------------------------- /s3-upload-files/products/elasticache/sc-elasticache-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "EC" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "elasticache:DescribeReplicationGroups" 53 | - "elasticache:RemoveTagsFromResource" 54 | - "elasticache:DescribeCacheParameters" 55 | - "elasticache:DeleteCacheCluster" 56 | - "elasticache:CreateReplicationGroup" 57 | - "elasticache:AddTagsToResource" 58 | - "elasticache:DeleteReplicationGroup" 59 | - "elasticache:RebootCacheCluster" 60 | - "elasticache:DescribeCacheEngineVersions" 61 | - "elasticache:DescribeCacheSubnetGroups" 62 | - "elasticache:DescribeCacheParameterGroups" 63 | - "elasticache:ModifyReplicationGroup" 64 | - "elasticache:DescribeEngineDefaultParameters" 65 | - "elasticache:DescribeCacheClusters" 66 | - "elasticache:CreateCacheCluster" 67 | - "elasticache:DescribeCacheSecurityGroups" 68 | - "elasticache:ListTagsForResource" 69 | Resource: "*" 70 | 71 | Outputs: 72 | ProductRoleArn: 73 | Value: !GetAtt ProductRole.Arn 74 | -------------------------------------------------------------------------------- /s3-upload-files/products/elasticsearch/sc-elasticsearch-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "ES" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "kms:Describe*" 53 | - "kms:List*" 54 | - "es:CreateElasticsearchDomain" 55 | - "es:Describe*" 56 | - "es:List*" 57 | - "es:DeleteElasticsearchDomain" 58 | - "ec2:DescribeVpcs" 59 | - "kms:CreateGrant" 60 | - "es:AddTags" 61 | Resource: "*" 62 | 63 | Outputs: 64 | ProductRoleArn: 65 | Value: !GetAtt ProductRole.Arn 66 | -------------------------------------------------------------------------------- /s3-upload-files/products/firehose/sc-firehose-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "Kinesis" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "firehose:DescribeDeliveryStream" 53 | - "firehose:DeleteDeliveryStream" 54 | - "firehose:CreateDeliveryStream" 55 | - "firehose:ListTagsForDeliveryStream" 56 | - "firehose:TagDeliveryStream" 57 | - "firehose:UntagDeliveryStream" 58 | - "iam:PassRole" 59 | Resource: "*" 60 | 61 | Outputs: 62 | ProductRoleArn: 63 | Value: !GetAtt ProductRole.Arn 64 | -------------------------------------------------------------------------------- /s3-upload-files/products/firehose/sc-firehose.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog Firehose Product 18 | Parameters: 19 | Name: 20 | Description: Firehose Delivery Stream Name 21 | Type: String 22 | IntervalInSeconds: 23 | Description: The length of time, in seconds, for buffers incoming data before delivering it to the destination 24 | Type: Number 25 | MinValue: 60 26 | MaxValue: 900 27 | Default: 60 28 | SizeInMBs: 29 | Description: The size of the buffer, in MBs, for incoming data before delivering it to the destination 30 | Type: Number 31 | MinValue: 1 32 | MaxValue: 128 33 | Default: 2 34 | CompressionFormat: 35 | Description: The type of compression to compress the data that it delivers to the Amazon S3 bucket 36 | Type: String 37 | Default: GZIP 38 | AllowedValues: 39 | - GZIP 40 | - Snappy 41 | - UNCOMPRESSED 42 | - ZIP 43 | BucketArn: 44 | Description: Destination S3 Bucket Arn 45 | Type: String 46 | RoleArn: 47 | Description: Firehose Role Arn 48 | Type: String 49 | KMSArn: 50 | Description: KMS Encryption Key Arn 51 | Type: String 52 | 53 | Resources: 54 | 55 | Firehose: 56 | Type: AWS::KinesisFirehose::DeliveryStream 57 | Properties: 58 | DeliveryStreamName: !Ref Name 59 | DeliveryStreamType: DirectPut 60 | S3DestinationConfiguration: 61 | BucketARN: !Ref BucketArn 62 | RoleARN: !Ref RoleArn 63 | EncryptionConfiguration: 64 | KMSEncryptionConfig: 65 | AWSKMSKeyARN: !Ref KMSArn 66 | BufferingHints: 67 | IntervalInSeconds: !Ref IntervalInSeconds 68 | SizeInMBs: !Ref SizeInMBs 69 | CompressionFormat: !Ref CompressionFormat 70 | 71 | Outputs: 72 | FirehoseArn: 73 | Value: !GetAtt Firehose.Arn 74 | Export: 75 | Name: !Sub ${AWS::StackName}-FirehoseArn 76 | FirehoseId: 77 | Value: !Ref Firehose 78 | Export: 79 | Name: !Sub ${AWS::StackName}-FirehoseId 80 | -------------------------------------------------------------------------------- /s3-upload-files/products/fsx/sc-fsx-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "FSX" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "fsx:DescribeFileSystems" 53 | - "fsx:ListTagsForResource" 54 | - "fsx:CreateFileSystem" 55 | - "fsx:UntagResource" 56 | - "fsx:TagResource" 57 | - "fsx:UpdateFileSystem" 58 | - "fsx:DeleteFileSystem" 59 | Resource: "*" 60 | 61 | Outputs: 62 | ProductRoleArn: 63 | Value: !GetAtt ProductRole.Arn 64 | -------------------------------------------------------------------------------- /s3-upload-files/products/fsx/sc-fsx.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog FSx For Windows Product 18 | Parameters: 19 | KMSId: 20 | Description: KMS Encryption Key Id 21 | Type: String 22 | StorageCapacity: 23 | Description: The storage capacity of the file system 24 | Type: Number 25 | MinValue: 300 26 | MaxValue: 65536 27 | Default: 300 28 | SubnetIds: 29 | Description: VPC Subnets Ids as comma separated list 30 | Type: CommaDelimitedList 31 | SecurityGroupIds: 32 | Description: VPC Security Groups Ids as comma separated list 33 | Type: CommaDelimitedList 34 | ActiveDirectoryId: 35 | Description: The ID for an existing Microsoft Active Directory 36 | Type: String 37 | ThroughputCapacity: 38 | Description: The throughput of an Amazon FSx file system, measured in megabytes per second 39 | Type: Number 40 | MinValue: 8 41 | MaxValue: 2048 42 | Default: 8 43 | AutomaticBackupRetentionDays: 44 | Description: The number of days to retain automatic backups. Setting this to 0 disables automatic backups 45 | Type: Number 46 | MinValue: 0 47 | MaxValue: 35 48 | Default: 0 49 | Tags: 50 | Description: The tags to be applied to the resource. 51 | Type: String 52 | Default: '' 53 | 54 | Conditions: 55 | HasTags: !Not [!Equals [!Ref Tags, '']] 56 | 57 | Resources: 58 | GetTags: 59 | Type: "Custom::ResourceCompliance" 60 | Condition : HasTags 61 | Version: "1.0" 62 | Properties: 63 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 64 | Action: 65 | Name: json 66 | Parameters: 67 | JSON: !Ref Tags 68 | Type: Tags 69 | 70 | WindowsFileSystem: 71 | Type: "AWS::FSx::FileSystem" 72 | Properties: 73 | FileSystemType: "WINDOWS" 74 | StorageCapacity: !Ref StorageCapacity 75 | KmsKeyId: !Ref KMSId 76 | SubnetIds: !Ref SubnetIds 77 | SecurityGroupIds: !Ref SecurityGroupIds 78 | Tags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 79 | WindowsConfiguration: 80 | ActiveDirectoryId: !Ref ActiveDirectoryId 81 | ThroughputCapacity: !Ref ThroughputCapacity 82 | AutomaticBackupRetentionDays: !Ref AutomaticBackupRetentionDays 83 | CopyTagsToBackups: true 84 | 85 | Outputs: 86 | FSxId: 87 | Value: !Ref WindowsFileSystem 88 | Export: 89 | Name: !Sub ${AWS::StackName}-FSxId 90 | -------------------------------------------------------------------------------- /s3-upload-files/products/governance-lambda-roles/sc-governance-lambda-roles-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "S3" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "iam:GetRole" 53 | - "iam:ListRoleTags" 54 | - "iam:UntagRole" 55 | - "iam:TagRole" 56 | - "iam:UpdateRoleDescription" 57 | - "iam:ListRoles" 58 | - "iam:CreateRole" 59 | - "iam:DeleteRole" 60 | - "iam:AttachRolePolicy" 61 | - "iam:PutRolePolicy" 62 | - "iam:AddRoleToInstanceProfile" 63 | - "iam:DetachRolePolicy" 64 | - "iam:ListAttachedRolePolicies" 65 | - "iam:DeleteRolePolicy" 66 | - "iam:UpdateRole" 67 | - "iam:ListRolePolicies" 68 | - "iam:GetRolePolicy" 69 | Resource: "*" 70 | 71 | Outputs: 72 | ProductRoleArn: 73 | Value: !GetAtt ProductRole.Arn 74 | -------------------------------------------------------------------------------- /s3-upload-files/products/kinesis/sc-kinesis-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "Kinesis" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "kinesis:ListStreams" 53 | - "kinesis:DeleteStream" 54 | - "kinesis:DescribeStreamSummary" 55 | - "kinesis:AddTagsToStream" 56 | - "kinesis:CreateStream" 57 | - "kinesis:DescribeStream" 58 | - "kinesis:DescribeLimits" 59 | - "kinesis:ListTagsForStream" 60 | - "kinesis:StartStreamEncryption" 61 | Resource: "*" 62 | 63 | Outputs: 64 | ProductRoleArn: 65 | Value: !GetAtt ProductRole.Arn 66 | -------------------------------------------------------------------------------- /s3-upload-files/products/kinesis/sc-kinesis.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog Kinesis Product 18 | Parameters: 19 | Name: 20 | Description: Kinesis Name 21 | Type: String 22 | RetentionPeriodHours: 23 | Description: The number of hours for the data records that are stored in shards to remain accessible 24 | Type: Number 25 | MinValue: 24 26 | MaxValue: 168 27 | Default: 24 28 | ShardCount: 29 | Description: The number of shards that the stream uses 30 | Type: Number 31 | MinValue: 1 32 | MaxValue: 30 33 | Default: 1 34 | KMSId: 35 | Description: KMS Encryption Key Id 36 | Type: String 37 | Tags: 38 | Description: The tags to be applied to the resource. 39 | Type: String 40 | Default: '' 41 | 42 | Conditions: 43 | HasTags: !Not [!Equals [!Ref Tags, '']] 44 | 45 | Resources: 46 | GetTags: 47 | Type: "Custom::ResourceCompliance" 48 | Condition : HasTags 49 | Version: "1.0" 50 | Properties: 51 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 52 | Action: 53 | Name: json 54 | Parameters: 55 | JSON: !Ref Tags 56 | Type: Tags 57 | Kinesis: 58 | Type: AWS::Kinesis::Stream 59 | Properties: 60 | Name: !Ref Name 61 | RetentionPeriodHours: !Ref RetentionPeriodHours 62 | ShardCount: !Ref ShardCount 63 | StreamEncryption: 64 | EncryptionType: KMS 65 | KeyId: !Ref KMSId 66 | Tags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 67 | 68 | Outputs: 69 | KinesisArn: 70 | Value: !GetAtt Kinesis.Arn 71 | Export: 72 | Name: !Sub ${AWS::StackName}-KinesisArn 73 | KinesisId: 74 | Value: !Ref Kinesis 75 | Export: 76 | Name: !Sub ${AWS::StackName}-KinesisId 77 | -------------------------------------------------------------------------------- /s3-upload-files/products/kms/sc-kms-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "S3" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "kms:EnableKey" 53 | - "kms:ListKeyPolicies" 54 | - "kms:UntagResource" 55 | - "kms:UpdateKeyDescription" 56 | - "kms:ListResourceTags" 57 | - "kms:DisableKey" 58 | - "kms:UpdateAlias" 59 | - "kms:ListKeys" 60 | - "kms:TagResource" 61 | - "kms:ListAliases" 62 | - "kms:CreateAlias" 63 | - "kms:DescribeKey" 64 | - "kms:CreateKey" 65 | - "kms:DeleteAlias" 66 | Resource: "*" 67 | 68 | Outputs: 69 | ProductRoleArn: 70 | Value: !GetAtt ProductRole.Arn 71 | -------------------------------------------------------------------------------- /s3-upload-files/products/kms/sc-kms.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create KMS Key 18 | Parameters: 19 | KeyAlies: 20 | Description: 'KMS Key Alias' 21 | Type: String 22 | Default: '' 23 | Principals: 24 | Description: 'KMS AWS Comma Delimiter Principals' 25 | Type: String 26 | 27 | Conditions: 28 | CreateKeyAlias: !Not [!Equals [!Ref KeyAlies, '']] 29 | 30 | Resources: 31 | 32 | KMSPrincipals: 33 | Type: "Custom::ResourceCompliance" 34 | Version: "1.0" 35 | Properties: 36 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 37 | Action: 38 | Name: principal 39 | Parameters: 40 | Principal: !Ref Principals 41 | Account: !Ref AWS::AccountId 42 | Type: kms 43 | 44 | KMSKey: 45 | Type: AWS::KMS::Key 46 | Properties: 47 | Description: SC Lab KMS key 48 | Enabled: 'true' 49 | EnableKeyRotation: 'false' 50 | KeyPolicy: 51 | Version: 2012-10-17 52 | Id: key-default-1 53 | Statement: 54 | - Sid: Enable IAM User Permissions 55 | Effect: Allow 56 | Principal: 57 | AWS: !GetAtt KMSPrincipals.Principal 58 | Action: 'kms:*' 59 | Resource: '*' 60 | 61 | KMSAlias: 62 | Type: AWS::KMS::Alias 63 | Condition: CreateKeyAlias 64 | Properties: 65 | AliasName: !Sub 'alias/${KeyAlies}' 66 | TargetKeyId: !Ref KMSKey 67 | 68 | Outputs: 69 | KMSId: 70 | Value: !Ref KMSKey 71 | Export: 72 | Name: !Sub ${AWS::StackName}-KMSId 73 | KMSArn: 74 | Value: !GetAtt KMSKey.Arn 75 | Export: 76 | Name: !Sub ${AWS::StackName}-KMSArn 77 | KMSAlias: 78 | Condition: CreateKeyAlias 79 | Value: !Ref KMSAlias 80 | Export: 81 | Name: !Sub ${AWS::StackName}-KMSAlias 82 | 83 | 84 | -------------------------------------------------------------------------------- /s3-upload-files/products/mq/sc-mq-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "S3" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "ec2:CreateNetworkInterface" 53 | - "ec2:CreateNetworkInterfacePermission" 54 | - "ec2:DeleteNetworkInterface" 55 | - "ec2:DeleteNetworkInterfacePermission" 56 | - "ec2:DetachNetworkInterface" 57 | - "ec2:DescribeInternetGateways" 58 | - "ec2:DescribeNetworkInterfaces" 59 | - "ec2:DescribeNetworkInterfacePermissions" 60 | - "ec2:DescribeRouteTables" 61 | - "ec2:DescribeSecurityGroups" 62 | - "ec2:DescribeSubnets" 63 | - "ec2:DescribeVpcs" 64 | - "mq:DescribeConfiguration" 65 | - "mq:DeleteBroker" 66 | - "mq:ListBrokers" 67 | - "mq:DescribeBrokerEngineTypes" 68 | - "mq:DescribeBrokerInstanceOptions" 69 | - "mq:CreateConfiguration" 70 | - "mq:DescribeBroker" 71 | - "mq:UpdateConfiguration" 72 | - "mq:ListTags" 73 | - "mq:DescribeConfigurationRevision" 74 | - "mq:CreateTags" 75 | - "mq:DeleteTags" 76 | - "mq:UpdateBroker" 77 | - "mq:CreateBroker" 78 | 79 | Resource: "*" 80 | 81 | Outputs: 82 | ProductRoleArn: 83 | Value: !GetAtt ProductRole.Arn 84 | -------------------------------------------------------------------------------- /s3-upload-files/products/s3/sc-s3-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "S3" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "s3:GetLifecycleConfiguration" 53 | - "s3:GetInventoryConfiguration" 54 | - "s3:PutAnalyticsConfiguration" 55 | - "s3:PutAccelerateConfiguration" 56 | - "s3:ListBucketVersions" 57 | - "s3:GetBucketLogging" 58 | - "s3:CreateBucket" 59 | - "s3:GetAccelerateConfiguration" 60 | - "s3:PutEncryptionConfiguration" 61 | - "s3:GetEncryptionConfiguration" 62 | - "s3:PutLifecycleConfiguration" 63 | - "s3:GetMetricsConfiguration" 64 | - "s3:DeleteBucket" 65 | - "s3:PutBucketVersioning" 66 | - "s3:GetBucketPublicAccessBlock" 67 | - "s3:PutBucketPublicAccessBlock" 68 | - "s3:PutAccountPublicAccessBlock" 69 | - "s3:PutMetricsConfiguration" 70 | - "s3:GetBucketVersioning" 71 | - "s3:GetBucketNotification" 72 | - "s3:PutInventoryConfiguration" 73 | - "s3:PutBucketNotification" 74 | - "s3:GetAccountPublicAccessBlock" 75 | - "s3:PutBucketLogging" 76 | - "s3:GetAnalyticsConfiguration" 77 | Resource: "*" 78 | 79 | Outputs: 80 | ProductRoleArn: 81 | Value: !GetAtt ProductRole.Arn 82 | -------------------------------------------------------------------------------- /s3-upload-files/products/sagemaker/sc-sagemaker-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "FSX" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "sagemaker:DeleteTags" 53 | - "sagemaker:DeleteEndpointConfig" 54 | - "sagemaker:CreateEndpoint" 55 | - "sagemaker:DeleteNotebookInstance" 56 | - "sagemaker:DescribeNotebookInstance" 57 | - "sagemaker:CreateNotebookInstanceLifecycleConfig" 58 | - "sagemaker:ListNotebookInstanceLifecycleConfigs" 59 | - "sagemaker:CreateNotebookInstance" 60 | - "sagemaker:ListEndpointConfigs" 61 | - "sagemaker:DescribeNotebookInstanceLifecycleConfig" 62 | - "sagemaker:CreateEndpointConfig" 63 | - "sagemaker:DescribeEndpointConfig" 64 | - "sagemaker:CreatePresignedNotebookInstanceUrl" 65 | - "sagemaker:DeleteEndpoint" 66 | - "sagemaker:DeleteNotebookInstanceLifecycleConfig" 67 | - "sagemaker:DescribeEndpoint" 68 | - "sagemaker:AddTags" 69 | - "sagemaker:ListNotebookInstances" 70 | - "sagemaker:ListEndpoints" 71 | - "sagemaker:StopNotebookInstance" 72 | - "iam:PassRole" 73 | Resource: "*" 74 | 75 | Outputs: 76 | ProductRoleArn: 77 | Value: !GetAtt ProductRole.Arn 78 | -------------------------------------------------------------------------------- /s3-upload-files/products/sagemaker/sc-sagemaker.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog SageMaker Product 18 | Parameters: 19 | KMSId: 20 | Description: KMS Encryption Key Id 21 | Type: String 22 | InstanceType: 23 | Description: The type of ML compute instance to launch for the notebook instance 24 | Type: String 25 | NotebookInstanceName: 26 | Description: The name of the new notebook instance. 27 | Type: String 28 | RoleArn: 29 | Description: ARN of SageMaker IAM Role. 30 | Type: String 31 | SubnetId: 32 | Description: The ID of the subnet in a VPC to which you would like to have a connectivity from your ML compute instance 33 | Type: String 34 | SecurityGroupIds: 35 | Description: VPC Security Groups Ids as comma separated list 36 | Type: CommaDelimitedList 37 | VolumeSizeInGB: 38 | Description: The size, in GB, of the ML storage volume to attach to the notebook instance 39 | Type: Number 40 | MinValue: 5 41 | MaxValue: 16384 42 | Default: 5 43 | Tags: 44 | Description: The tags to be applied to the resource. 45 | Type: String 46 | Default: '' 47 | 48 | Conditions: 49 | HasTags: !Not [!Equals [!Ref Tags, '']] 50 | 51 | Resources: 52 | GetTags: 53 | Type: "Custom::ResourceCompliance" 54 | Condition : HasTags 55 | Version: "1.0" 56 | Properties: 57 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 58 | Action: 59 | Name: json 60 | Parameters: 61 | JSON: !Ref Tags 62 | Type: Tags 63 | NotebookInstance: 64 | Type: "AWS::SageMaker::NotebookInstance" 65 | Properties: 66 | DirectInternetAccess: Disabled 67 | InstanceType: !Ref InstanceType 68 | KmsKeyId: !Ref KMSId 69 | NotebookInstanceName: !Ref NotebookInstanceName 70 | RoleArn: !Ref RoleArn 71 | SecurityGroupIds: !Ref SecurityGroupIds 72 | SubnetId: !Ref SubnetId 73 | Tags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 74 | VolumeSizeInGB: !Ref VolumeSizeInGB 75 | 76 | Outputs: 77 | NotebookArn: 78 | Value: !Ref NotebookInstance 79 | Export: 80 | Name: !Sub ${AWS::StackName}-NotebookArn 81 | -------------------------------------------------------------------------------- /s3-upload-files/products/sns/sc-sns-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "SNS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "sns:DeleteTopic" 53 | - "sns:CreateTopic" 54 | - "sns:ListTopics" 55 | - "sns:AddPermission" 56 | - "sns:RemovePermission" 57 | Resource: "*" 58 | 59 | Outputs: 60 | ProductRoleArn: 61 | Value: !GetAtt ProductRole.Arn 62 | -------------------------------------------------------------------------------- /s3-upload-files/products/sns/sc-sns.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog SNS Product 18 | Parameters: 19 | TopicName: 20 | Description: SNS Topic Name 21 | Type: String 22 | KMSId: 23 | Description: KMS Encryption Key Id 24 | Type: String 25 | PolicyPrincipal: 26 | Description: SNS Policy Principals separated by comma 27 | Type: String 28 | Default: '' 29 | PolicyAction: 30 | Description: SNS Policy Actions separated by comma 31 | Type: String 32 | Default: '' 33 | 34 | Conditions: 35 | HasPolicy: !And 36 | - !Not [!Equals [!Ref PolicyPrincipal, ""]] 37 | - !Not [!Equals [!Ref PolicyAction, ""]] 38 | 39 | Resources: 40 | PolicyPrincipalAccess: 41 | Type: "Custom::ResourceCompliance" 42 | Condition : HasPolicy 43 | Version: "1.0" 44 | Properties: 45 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 46 | Action: 47 | Name: principal 48 | Parameters: 49 | Principal: !Ref PolicyPrincipal 50 | Account: !Ref AWS::AccountId 51 | SNS: 52 | Type: AWS::SNS::Topic 53 | Properties: 54 | DisplayName: !Ref TopicName 55 | TopicName: !Ref TopicName 56 | KmsMasterKeyId: !Ref KMSId 57 | Policy: 58 | Type: AWS::SNS::TopicPolicy 59 | Condition: HasPolicy 60 | DependsOn: SNS 61 | Properties: 62 | PolicyDocument: 63 | Version: "2008-10-17" 64 | Id: "CustomPolicyId" 65 | Statement: 66 | - 67 | Sid: "CustomPolicy" 68 | Effect: "Allow" 69 | Principal: 70 | AWS: !Split [',', !GetAtt PolicyPrincipalAccess.Principal] 71 | Action: !Split [ "," , !Ref PolicyAction ] 72 | Resource: !Ref SNS 73 | Topics: 74 | - !Ref SNS 75 | 76 | Outputs: 77 | SNSArn: 78 | Value: !Ref SNS 79 | Export: 80 | Name: !Sub ${AWS::StackName}-SNSArn 81 | -------------------------------------------------------------------------------- /s3-upload-files/products/sqs/sc-sqs-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "SQS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "sqs:ListQueues" 53 | - "sqs:GetQueueUrl" 54 | - "sqs:DeleteQueue" 55 | - "sqs:GetQueueAttributes" 56 | - "sqs:CreateQueue" 57 | Resource: "*" 58 | 59 | Outputs: 60 | ProductRoleArn: 61 | Value: !GetAtt ProductRole.Arn 62 | -------------------------------------------------------------------------------- /s3-upload-files/products/subnet/sc-subnet-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "Subnet" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "ec2:DeleteSubnet" 53 | - "ec2:DeleteTags" 54 | - "ec2:DescribeTags" 55 | - "ec2:CreateTags" 56 | - "ec2:AssociateSubnetCidrBlock" 57 | - "ec2:CreateSubnet" 58 | - "ec2:DescribeSubnets" 59 | Resource: "*" 60 | 61 | Outputs: 62 | ProductRoleArn: 63 | Value: !GetAtt ProductRole.Arn 64 | -------------------------------------------------------------------------------- /s3-upload-files/products/subnet/sc-subnet.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: '2010-09-09' 17 | Description: Service Catalog Subnet Product 18 | 19 | Parameters: 20 | Name: 21 | Description: Subnet Name 22 | Type: String 23 | Default: "sc-demo-subnet" 24 | SubnetCIDR: 25 | Description: Subnet CIDR Block 26 | Type: String 27 | Default: "172.16.1.0/16" 28 | SubnetAZ: 29 | Description: Subnet Availability Zone 30 | Type: String 31 | VPC: 32 | Description: VPC 33 | Type: String 34 | 35 | Resources: 36 | Subnet: 37 | Type: AWS::EC2::Subnet 38 | Properties: 39 | AvailabilityZone: !Ref SubnetAZ 40 | CidrBlock: !Ref SubnetCIDR 41 | VpcId: !Ref VPC 42 | Tags: 43 | - Key: Name 44 | Value: !Ref Name 45 | 46 | Outputs: 47 | SubnetId: 48 | Value: !Ref Subnet 49 | Export: 50 | Name: !Sub ${AWS::StackName}-SubnetId 51 | -------------------------------------------------------------------------------- /s3-upload-files/products/vpc/sc-vpc-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "VPC" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "ec2:DeleteTags" 53 | - "ec2:DescribeTags" 54 | - "ec2:DescribeVpcs" 55 | - "ec2:CreateTags" 56 | - "ec2:CreateVpc" 57 | - "ec2:DeleteVpc" 58 | Resource: "*" 59 | 60 | Outputs: 61 | ProductRoleArn: 62 | Value: !GetAtt ProductRole.Arn 63 | -------------------------------------------------------------------------------- /s3-upload-files/products/vpc/sc-vpc.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: '2010-09-09' 17 | Description: Service Catalog VPC Product 18 | 19 | Parameters: 20 | Name: 21 | Description: VPC Name 22 | Type: String 23 | Default: "sc-demo-vpc" 24 | VPCCIDR: 25 | Description: VPC CIDR Block 26 | Type: String 27 | Default: "172.16.0.0/16" 28 | 29 | Resources: 30 | VPC: 31 | Type: AWS::EC2::VPC 32 | Properties: 33 | CidrBlock: !Ref VPCCIDR 34 | EnableDnsSupport: 'true' 35 | EnableDnsHostnames: 'true' 36 | Tags: 37 | - Key: Name 38 | Value: !Ref Name 39 | 40 | Outputs: 41 | VPCId: 42 | Value: !Ref VPC 43 | Export: 44 | Name: !Sub ${AWS::StackName}-VPCId 45 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-alb.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "alb", 5 | "ProductDescription" : "Application Load Balancer", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/alb/sc-alb.yml", 9 | "ProductRoleName" : "sc-alb-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/alb/sc-alb-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-alb-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-alblistener.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "alblistener", 5 | "ProductDescription" : "Application Load Balancer Listener", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/alb/sc-alb-listener.yml", 9 | "ProductRoleName" : "sc-alb-listener-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/alb/sc-alb-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-alb-listener-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-albtarget.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "albtarget", 5 | "ProductDescription" : "Application Load Balancer Target Group", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/alb/sc-alb-target.yml", 9 | "ProductRoleName" : "sc-alb-target-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/alb/sc-alb-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-alb-target-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-autoscaling.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "autoscaling", 5 | "ProductDescription" : "AutoScaling", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/asc/sc-asc.yml", 9 | "ProductRoleName" : "sc-autoscaling-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/asc/sc-asc-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-autoscaling-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-dmsendpoint.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters": { 3 | "PorfolioStack": "var.portfolioCfn", 4 | "ProductName": "dmsendpoint", 5 | "ProductDescription": "DMS Endpoint", 6 | "ProductVersion": "1.0", 7 | "ProductVersionDescription": "Initial Version", 8 | "ProductTemplateUrl": "var.deploymentBucket/products/dmsendpoint/sc-dmsendpoint.yml", 9 | "ProductRoleName": "sc-dms-endpoint-product-role", 10 | "ProductPolicyName": "var.policy", 11 | "ProductRoleTemplateUrl": "var.deploymentBucket/products/dmsendpoint/sc-dmsendpoint-products-role.yml", 12 | "TemplateRuleConstraint": { 13 | "EngineName": { 14 | "Assertions": [ 15 | { 16 | "Assert": { 17 | "Fn::Contains": [ 18 | [ 19 | "oracle" 20 | ], 21 | { 22 | "Ref": "EngineName" 23 | } 24 | ] 25 | }, 26 | "AssertDescription": "Engine Name" 27 | } 28 | ] 29 | } 30 | }, 31 | "DeploymentBucket": "var.deploymentBucket", 32 | "DeployUpdatePipeline": "true", 33 | "UpdateConfigFileName": "sc-dmsendpoint-update" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-dmsinstance.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters": { 3 | "PorfolioStack": "var.portfolioCfn", 4 | "ProductName": "dmsinstance", 5 | "ProductDescription": "DMS Replication Instance", 6 | "ProductVersion": "1.0", 7 | "ProductVersionDescription": "Initial Version", 8 | "ProductTemplateUrl": "var.deploymentBucket/products/dmsinstance/sc-dmsinstance.yml", 9 | "ProductRoleName": "sc-dms-instance-product-role", 10 | "ProductPolicyName": "var.policy", 11 | "ProductRoleTemplateUrl": "var.deploymentBucket/products/dmsinstance/sc-dmsinstance-products-role.yml", 12 | "TemplateRuleConstraint": { 13 | "ReplicationInstanceClass": { 14 | "Assertions": [ 15 | { 16 | "Assert": { 17 | "Fn::Contains": [ 18 | [ 19 | "dms.t2.large", 20 | "dms.r4.large", 21 | "dms.r4.xlarge" 22 | ], 23 | { 24 | "Ref": "ReplicationInstanceClass" 25 | } 26 | ] 27 | }, 28 | "AssertDescription": "Replication Instance Type" 29 | } 30 | ] 31 | } 32 | }, 33 | "DeploymentBucket": "var.deploymentBucket", 34 | "DeployUpdatePipeline": "true", 35 | "UpdateConfigFileName": "sc-dmsinstance-update" 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-dynamodb.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "dynamodb", 5 | "ProductDescription" : "Amazon DynamoDB", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/dynamodb/sc-dynamodb.yml", 9 | "ProductRoleName" : "sc-dynamodb-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/dynamodb/sc-dynamodb-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-dynamodb-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-ebs.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "ebs", 5 | "ProductDescription" : "EBS", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/ebs/sc-ebs.yml", 9 | "ProductRoleName" : "sc-ebs-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/ebs/sc-ebs-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-ebs-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-efs.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "efs", 5 | "ProductDescription" : "Elastic File System", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/efs/sc-efs.yml", 9 | "ProductRoleName" : "sc-efs-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/efs/sc-efs-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-efs-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-elasticache.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters": { 3 | "PorfolioStack": "var.portfolioCfn", 4 | "ProductName": "elasticache", 5 | "ProductDescription": "ElastiCache", 6 | "ProductVersion": "1.0", 7 | "ProductVersionDescription": "Initial Version", 8 | "ProductTemplateUrl": "var.deploymentBucket/products/elasticache/sc-elasticache.yml", 9 | "ProductRoleName": "sc-elasticache-product-role", 10 | "ProductPolicyName": "var.policy", 11 | "ProductRoleTemplateUrl": "var.deploymentBucket/products/elasticache/sc-elasticache-products-role.yml", 12 | "TemplateRuleConstraint": { 13 | "NodeType": { 14 | "Assertions": [ 15 | { 16 | "Assert": { 17 | "Fn::Contains": [ 18 | [ 19 | "cache.t2.micro", 20 | "cache.t2.small", 21 | "cache.t2.medium", 22 | "cache.m4.large", 23 | "cache.m4.xlarge", 24 | "cache.r5.large", 25 | "cache.r5.xlarge" 26 | ], 27 | { 28 | "Ref": "NodeType" 29 | } 30 | ] 31 | }, 32 | "AssertDescription": "Elasticache Node Type" 33 | } 34 | ] 35 | } 36 | }, 37 | "DeploymentBucket": "var.deploymentBucket", 38 | "DeployUpdatePipeline": "true", 39 | "UpdateConfigFileName": "sc-elasticache-update" 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-elasticsearch.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters": { 3 | "PorfolioStack": "var.portfolioCfn", 4 | "ProductName": "elasticsearch", 5 | "ProductDescription": "ElasticSearch", 6 | "ProductVersion": "1.0", 7 | "ProductVersionDescription": "Initial Version", 8 | "ProductTemplateUrl": "var.deploymentBucket/products/elasticsearch/sc-elasticsearch.yml", 9 | "ProductRoleName": "sc-elasticsearch-product-role", 10 | "ProductPolicyName": "var.policy", 11 | "ProductRoleTemplateUrl": "var.deploymentBucket/products/elasticsearch/sc-elasticsearch-products-role.yml", 12 | "TemplateRuleConstraint": { 13 | "ZoneAwareness": { 14 | "Assertions": [ 15 | { 16 | "Assert": { 17 | "Fn::Or": [ 18 | { 19 | "Fn::Equals": [ 20 | { 21 | "Ref": "EnableZoneAwareness" 22 | }, 23 | "false" 24 | ] 25 | }, 26 | { 27 | "Fn::Contains": [ 28 | [ 29 | "2", 30 | "4" 31 | ], 32 | { 33 | "Ref": "InstanceCount" 34 | } 35 | ] 36 | } 37 | ] 38 | }, 39 | "AssertDescription": "When zone awareness enabled, the count of instance has to be 2 or 4" 40 | } 41 | ] 42 | }, 43 | "InstanceType": { 44 | "Assertions": [ 45 | { 46 | "Assert": { 47 | "Fn::Contains": [ 48 | [ 49 | "m4.large.elasticsearch", 50 | "m4.xlarge.elasticsearch", 51 | "r4.large.elasticsearch", 52 | "r4.xlarge.elasticsearch" 53 | ], 54 | { 55 | "Ref": "InstanceType" 56 | } 57 | ] 58 | }, 59 | "AssertDescription": "Elastic Search Instance Type" 60 | } 61 | ] 62 | }, 63 | "DedicatedMasterType": { 64 | "Assertions": [ 65 | { 66 | "Assert": { 67 | "Fn::Contains": [ 68 | [ 69 | "m4.large.elasticsearch", 70 | "m4.xlarge.elasticsearch", 71 | "r4.large.elasticsearch", 72 | "r4.xlarge.elasticsearch" 73 | ], 74 | { 75 | "Ref": "DedicatedMasterType" 76 | } 77 | ] 78 | }, 79 | "AssertDescription": "Elastic Search Master Instance Type" 80 | } 81 | ] 82 | } 83 | }, 84 | "DeploymentBucket": "var.deploymentBucket", 85 | "DeployUpdatePipeline": "true", 86 | "UpdateConfigFileName": "sc-elasticsearch-update" 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-firehose.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "firehose", 5 | "ProductDescription" : "Firehose", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/firehose/sc-firehose.yml", 9 | "ProductRoleName" : "sc-firehose-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/firehose/sc-firehose-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-firehose-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-fsx.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "fsx", 5 | "ProductDescription" : "FSx for Windows", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/fsx/sc-fsx.yml", 9 | "ProductRoleName" : "sc-fsx-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/fsx/sc-fsx-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-fsx-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-governance-lambda-roles.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "governance-lambda-roles", 5 | "ProductDescription" : "Governance Lambda Roles", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/governance-lambda-roles/sc-governance-lambda-roles.yml", 9 | "ProductRoleName" : "sc-governance-lambda-roles-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/governance-lambda-roles/sc-governance-lambda-roles-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-governance-lambda-roles-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-governance-lambdas.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "governance-lambdas", 5 | "ProductDescription" : "Governance Lambdas", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/governance-lambdas/sc-governance-lambdas.yml", 9 | "ProductRoleName" : "sc-governance-lambdas-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/governance-lambdas/sc-governance-lambdas-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-governance-lambdas-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-kinesis.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "kinesis", 5 | "ProductDescription" : "Kinesis", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/kinesis/sc-kinesis.yml", 9 | "ProductRoleName" : "sc-kinesis-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/kinesis/sc-kinesis-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-kinesis-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-kms.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "kms", 5 | "ProductDescription" : "KMS", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/kms/sc-kms.yml", 9 | "ProductRoleName" : "sc-kms-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/kms/sc-kms-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-kms-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-mq.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "mq", 5 | "ProductDescription" : "MQ", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/mq/sc-mq.yml", 9 | "ProductRoleName" : "sc-mq-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/mq/sc-mq-products-role.yml", 12 | "TemplateRuleConstraint" : { 13 | "DeploymentMode": { 14 | "RuleCondition": { 15 | "Fn::Equals": [ 16 | { 17 | "Ref":"DeploymentMode" 18 | }, 19 | "ACTIVE_STANDBY_MULTI_AZ" 20 | ] 21 | }, 22 | "Assertions": [ 23 | { 24 | "Assert": { 25 | "Fn::Contains": [ 26 | [ 27 | "EFS" 28 | ], 29 | { 30 | "Ref": "StorageType" 31 | } 32 | ] 33 | }, 34 | "AssertDescription": "Multi AZ Deployment supports only EFS storage" 35 | } 36 | ] 37 | }, 38 | "Broker Instance": { 39 | "RuleCondition": { 40 | "Fn::Equals": [ 41 | { 42 | "Ref":"HostInstanceType" 43 | }, 44 | "mq.t2.micro" 45 | ] 46 | }, 47 | "Assertions": [ 48 | { 49 | "Assert": { 50 | "Fn::Contains": [ 51 | [ 52 | "EFS" 53 | ], 54 | { 55 | "Ref": "StorageType" 56 | } 57 | ] 58 | }, 59 | "AssertDescription": "Storage type ebs does not support broker instance type mq.t2.micro" 60 | } 61 | ] 62 | }, 63 | "HostInstanceType": { 64 | "Assertions": [ 65 | { 66 | "Assert": { 67 | "Fn::Contains": [ 68 | [ 69 | "mq.t2.micro", 70 | "mq.m5.large", 71 | "mq.m5.xlarge", 72 | "mq.m5.2xlarge", 73 | "mq.m5.4xlarge" 74 | ], 75 | { 76 | "Ref": "HostInstanceType" 77 | } 78 | ] 79 | }, 80 | "AssertDescription": "MQ Host Instance Type" 81 | } 82 | ] 83 | } 84 | }, 85 | "DeploymentBucket" : "var.deploymentBucket", 86 | "DeployUpdatePipeline":"true", 87 | "UpdateConfigFileName": "sc-mq-update" 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-s3.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "s3", 5 | "ProductDescription" : "S3 Bucket", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/s3/sc-s3.yml", 9 | "ProductRoleName" : "sc-s3-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/s3/sc-s3-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-s3-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-sagemaker.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters": { 3 | "PorfolioStack": "var.portfolioCfn", 4 | "ProductName": "sagemaker", 5 | "ProductDescription": "Amazon SageMaker Notebook Instance", 6 | "ProductVersion": "1.0", 7 | "ProductVersionDescription": "Initial Version", 8 | "ProductTemplateUrl": "var.deploymentBucket/products/sagemaker/sc-sagemaker.yml", 9 | "ProductRoleName": "sc-sagemaker-product-role", 10 | "ProductPolicyName": "var.policy", 11 | "ProductRoleTemplateUrl": "var.deploymentBucket/products/sagemaker/sc-sagemaker-products-role.yml", 12 | "TemplateRuleConstraint": { 13 | "InstanceType": { 14 | "Assertions": [ 15 | { 16 | "Assert": { 17 | "Fn::Contains": [ 18 | [ 19 | "ml.c4.2xlarge", 20 | "ml.c4.4xlarge", 21 | "ml.c4.8xlarge", 22 | "ml.c4.xlarge", 23 | "ml.c5.18xlarge", 24 | "ml.c5.2xlarge", 25 | "ml.c5.4xlarge", 26 | "ml.c5.9xlarge", 27 | "ml.c5.xlarge", 28 | "ml.c5d.18xlarge", 29 | "ml.c5d.2xlarge", 30 | "ml.c5d.4xlarge", 31 | "ml.c5d.9xlarge", 32 | "ml.c5d.xlarge", 33 | "ml.m4.10xlarge", 34 | "ml.m4.16xlarge", 35 | "ml.m4.2xlarge", 36 | "ml.m4.4xlarge", 37 | "ml.m4.xlarge", 38 | "ml.m5.12xlarge", 39 | "ml.m5.24xlarge", 40 | "ml.m5.2xlarge", 41 | "ml.m5.4xlarge", 42 | "ml.m5.xlarge", 43 | "ml.p2.16xlarge", 44 | "ml.p2.8xlarge", 45 | "ml.p2.xlarge", 46 | "ml.p3.16xlarge", 47 | "ml.p3.2xlarge", 48 | "ml.p3.8xlarge", 49 | "ml.t2.2xlarge", 50 | "ml.t2.large", 51 | "ml.t2.medium", 52 | "ml.t2.xlarge", 53 | "ml.t3.2xlarge", 54 | "ml.t3.large", 55 | "ml.t3.medium", 56 | "ml.t3.xlarge" 57 | ], 58 | { 59 | "Ref": "InstanceType" 60 | } 61 | ] 62 | }, 63 | "AssertDescription": "SageMaker Instance Type" 64 | } 65 | ] 66 | } 67 | }, 68 | "DeploymentBucket": "var.deploymentBucket", 69 | "DeployUpdatePipeline": "true", 70 | "UpdateConfigFileName": "sc-sagemaker-update" 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-sns.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "sns", 5 | "ProductDescription" : "SNS", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/sns/sc-sns.yml", 9 | "ProductRoleName" : "sc-sns-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/sns/sc-sns-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-sns-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-sqs.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "sqs", 5 | "ProductDescription" : "SQS", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/sqs/sc-sqs.yml", 9 | "ProductRoleName" : "sc-sqs-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/sqs/sc-sqs-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-sqs-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-subnet.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "subnet", 5 | "ProductDescription" : "Subnet", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/subnet/sc-subnet.yml", 9 | "ProductRoleName" : "sc-subnet-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/subnet/sc-subnet-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-subnet-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/deployment/sc-product-vpc.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PorfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "vpc", 5 | "ProductDescription" : "VPC", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "var.deploymentBucket/products/vpc/sc-vpc.yml", 9 | "ProductRoleName" : "sc-vpc-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "var.deploymentBucket/products/vpc/sc-vpc-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-vpc-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /templates/examples/configs/dms-endpoint.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "EndpointIdentifier", 4 | "ParameterValue" : "mydmsendpoint" 5 | }, 6 | { 7 | "ParameterKey" : "EndpointType", 8 | "ParameterValue" : "source" 9 | }, 10 | { 11 | "ParameterKey" : "EngineName", 12 | "ParameterValue" : "oracle" 13 | }, 14 | { 15 | "ParameterKey" : "DatabaseName", 16 | "ParameterValue" : "mydb" 17 | }, 18 | { 19 | "ParameterKey" : "ServerName", 20 | "ParameterValue" : "dbserver" 21 | }, 22 | { 23 | "ParameterKey" : "Port", 24 | "ParameterValue" : "1521" 25 | }, 26 | { 27 | "ParameterKey" : "UserName", 28 | "ParameterValue" : "root" 29 | }, 30 | { 31 | "ParameterKey" : "Password", 32 | "ParameterValue" : "mypassword" 33 | }, 34 | { 35 | "ParameterKey" : "KMSId", 36 | "ParameterValue" : "var.kms" 37 | }, 38 | { 39 | "ParameterKey" : "ProvisionedApplicationName", 40 | "ParameterValue" : "sc-dms-endpoint" 41 | } 42 | ] 43 | -------------------------------------------------------------------------------- /templates/examples/configs/dms-replication.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "ReplicationInstanceIdentifier", 4 | "ParameterValue" : "mydmsinstance" 5 | }, 6 | { 7 | "ParameterKey" : "ReplicationInstanceClass", 8 | "ParameterValue" : "dms.t2.large" 9 | }, 10 | { 11 | "ParameterKey" : "EngineVersion", 12 | "ParameterValue" : "3.1.3" 13 | }, 14 | { 15 | "ParameterKey" : "Storage", 16 | "ParameterValue" : "50" 17 | }, 18 | { 19 | "ParameterKey" : "KMSId", 20 | "ParameterValue" : "var.kms" 21 | }, 22 | { 23 | "ParameterKey" : "ReplicationSubnetGroupIdentifier", 24 | "ParameterValue" : "var.dmssubnet" 25 | }, 26 | { 27 | "ParameterKey" : "SecurityGroupIds", 28 | "ParameterValue" : "var.sg" 29 | }, 30 | { 31 | "ParameterKey" : "ProvisionedApplicationName", 32 | "ParameterValue" : "sc-dms-instance" 33 | } 34 | ] 35 | -------------------------------------------------------------------------------- /templates/examples/configs/dynamodb.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "TableName", 4 | "ParameterValue" : "testtable" 5 | }, 6 | { 7 | "ParameterKey" : "ReadCapacityUnits", 8 | "ParameterValue" : "5" 9 | }, 10 | { 11 | "ParameterKey" : "WriteCapacityUnits", 12 | "ParameterValue" : "5" 13 | }, 14 | { 15 | "ParameterKey" : "KeySchema", 16 | "ParameterValue" : "Id=HASH,Name=RANGE" 17 | }, 18 | { 19 | "ParameterKey" : "AttributeDefinitions", 20 | "ParameterValue" : "Id=S,Name=S" 21 | }, 22 | { 23 | "ParameterKey" : "ProvisionedApplicationName", 24 | "ParameterValue" : "sc-dynamodb" 25 | } 26 | ] 27 | -------------------------------------------------------------------------------- /templates/examples/configs/ebs.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "AutoEnableIO", 4 | "ParameterValue" : "false" 5 | }, 6 | { 7 | "ParameterKey" : "KMSId", 8 | "ParameterValue" : "var.kms" 9 | }, 10 | { 11 | "ParameterKey" : "VolumeSize", 12 | "ParameterValue" : "1" 13 | }, 14 | { 15 | "ParameterKey" : "Name", 16 | "ParameterValue" : "myEBS" 17 | }, 18 | { 19 | "ParameterKey" : "ProvisionedApplicationName", 20 | "ParameterValue" : "sc-ebs" 21 | } 22 | ] 23 | -------------------------------------------------------------------------------- /templates/examples/configs/efs.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "KMSId", 4 | "ParameterValue" : "var.kms" 5 | }, 6 | { 7 | "ParameterKey" : "ProvisionedApplicationName", 8 | "ParameterValue" : "sc-efs" 9 | } 10 | ] 11 | -------------------------------------------------------------------------------- /templates/examples/configs/elasticache.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "ClusterName", 4 | "ParameterValue" : "myclluster" 5 | }, 6 | { 7 | "ParameterKey" : "NodeType", 8 | "ParameterValue" : "cache.t2.micro" 9 | }, 10 | { 11 | "ParameterKey" : "NumberClusters", 12 | "ParameterValue" : "1" 13 | }, 14 | { 15 | "ParameterKey" : "CacheSubnetGroupName", 16 | "ParameterValue" : "var.cachesubnet" 17 | }, 18 | { 19 | "ParameterKey" : "SecurityGroupIds", 20 | "ParameterValue" : "var.sg" 21 | }, 22 | { 23 | "ParameterKey" : "ProvisionedApplicationName", 24 | "ParameterValue" : "sc-elasticache" 25 | } 26 | ] 27 | -------------------------------------------------------------------------------- /templates/examples/configs/elasticsearch.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "DomainName", 4 | "ParameterValue" : "mydomain" 5 | }, 6 | { 7 | "ParameterKey" : "ElasticsearchVersion", 8 | "ParameterValue" : "6.2" 9 | }, 10 | { 11 | "ParameterKey" : "InstanceType", 12 | "ParameterValue" : "m4.large.elasticsearch" 13 | }, 14 | { 15 | "ParameterKey" : "InstanceCount", 16 | "ParameterValue" : "1" 17 | }, 18 | { 19 | "ParameterKey" : "DedicatedMasterType", 20 | "ParameterValue" : "m4.large.elasticsearch" 21 | }, 22 | { 23 | "ParameterKey" : "DedicatedMasterCount", 24 | "ParameterValue" : "0" 25 | }, 26 | { 27 | "ParameterKey" : "VolumeSize", 28 | "ParameterValue" : "10" 29 | }, 30 | { 31 | "ParameterKey" : "EnableZoneAwareness", 32 | "ParameterValue" : "false" 33 | }, 34 | { 35 | "ParameterKey" : "KMSId", 36 | "ParameterValue" : "var.kms" 37 | }, 38 | { 39 | "ParameterKey" : "SubnetIds", 40 | "ParameterValue" : "var.subnet" 41 | }, 42 | { 43 | "ParameterKey" : "SecurityGroupIds", 44 | "ParameterValue" : "var.sg" 45 | }, 46 | { 47 | "ParameterKey" : "ProvisionedApplicationName", 48 | "ParameterValue" : "sc-elasticsearch" 49 | } 50 | ] 51 | -------------------------------------------------------------------------------- /templates/examples/configs/fsx.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "KMSId", 4 | "ParameterValue" : "var.kms" 5 | }, 6 | { 7 | "ParameterKey" : "StorageCapacity", 8 | "ParameterValue" : "300" 9 | }, 10 | { 11 | "ParameterKey" : "SubnetIds", 12 | "ParameterValue" : "var.adsubnet" 13 | }, 14 | { 15 | "ParameterKey" : "SecurityGroupIds", 16 | "ParameterValue" : "var.adsg" 17 | }, 18 | { 19 | "ParameterKey" : "ActiveDirectoryId", 20 | "ParameterValue" : "var.ad" 21 | }, 22 | { 23 | "ParameterKey" : "ThroughputCapacity", 24 | "ParameterValue" : "8" 25 | }, 26 | { 27 | "ParameterKey" : "AutomaticBackupRetentionDays", 28 | "ParameterValue" : "0" 29 | }, 30 | { 31 | "ParameterKey" : "ProvisionedApplicationName", 32 | "ParameterValue" : "sc-fsx" 33 | } 34 | ] 35 | -------------------------------------------------------------------------------- /templates/examples/configs/kinesis.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "Name", 4 | "ParameterValue" : "mykinesisstream" 5 | }, 6 | { 7 | "ParameterKey" : "RetentionPeriodHours", 8 | "ParameterValue" : "24" 9 | }, 10 | { 11 | "ParameterKey" : "ShardCount", 12 | "ParameterValue" : "1" 13 | }, 14 | { 15 | "ParameterKey" : "KMSId", 16 | "ParameterValue" : "var.kms" 17 | }, 18 | { 19 | "ParameterKey" : "ProvisionedApplicationName", 20 | "ParameterValue" : "sc-kinesis" 21 | } 22 | ] 23 | -------------------------------------------------------------------------------- /templates/examples/configs/s3.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "Tags", 4 | "ParameterValue" : "name=bucket,environment=test" 5 | }, 6 | { 7 | "ParameterKey" : "KMSId", 8 | "ParameterValue" : "var.kms" 9 | }, 10 | { 11 | "ParameterKey" : "ProvisionedApplicationName", 12 | "ParameterValue" : "sc-s3" 13 | } 14 | ] 15 | -------------------------------------------------------------------------------- /templates/examples/configs/sagemaker.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "KMSId", 4 | "ParameterValue" : "var.kms" 5 | }, 6 | { 7 | "ParameterKey" : "InstanceType", 8 | "ParameterValue" : "ml.t3.medium" 9 | }, 10 | { 11 | "ParameterKey" : "NotebookInstanceName", 12 | "ParameterValue" : "mysagemaker" 13 | }, 14 | { 15 | "ParameterKey" : "RoleName", 16 | "ParameterValue" : "var.smrole" 17 | }, 18 | { 19 | "ParameterKey" : "SubnetId", 20 | "ParameterValue" : "var.subnet" 21 | }, 22 | { 23 | "ParameterKey" : "SecurityGroupIds", 24 | "ParameterValue" : "var.sg" 25 | }, 26 | { 27 | "ParameterKey" : "VolumeSizeInGB", 28 | "ParameterValue" : "5" 29 | }, 30 | { 31 | "ParameterKey" : "ProvisionedApplicationName", 32 | "ParameterValue" : "sc-sagemaker" 33 | } 34 | ] 35 | -------------------------------------------------------------------------------- /templates/examples/configs/sns.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "TopicName", 4 | "ParameterValue" : "mytesttopic" 5 | }, 6 | { 7 | "ParameterKey" : "KMSId", 8 | "ParameterValue" : "var.kms" 9 | }, 10 | { 11 | "ParameterKey" : "ProvisionedApplicationName", 12 | "ParameterValue" : "sc-sns" 13 | } 14 | ] 15 | -------------------------------------------------------------------------------- /templates/examples/configs/sqs.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey" : "QueueName", 4 | "ParameterValue" : "mytestq" 5 | }, 6 | { 7 | "ParameterKey" : "FifoQueue", 8 | "ParameterValue" : "false" 9 | }, 10 | { 11 | "ParameterKey" : "ContentBasedDeduplication", 12 | "ParameterValue" : "false" 13 | }, 14 | { 15 | "ParameterKey" : "KMSId", 16 | "ParameterValue" : "var.kms" 17 | }, 18 | { 19 | "ParameterKey" : "MessageRetentionPeriod", 20 | "ParameterValue" : "60" 21 | }, 22 | { 23 | "ParameterKey" : "DelaySeconds", 24 | "ParameterValue" : "0" 25 | }, 26 | { 27 | "ParameterKey" : "ReceiveMessageWaitTimeSeconds", 28 | "ParameterValue" : "0" 29 | }, 30 | { 31 | "ParameterKey" : "VisibilityTimeout", 32 | "ParameterValue" : "30" 33 | }, 34 | { 35 | "ParameterKey" : "ProvisionedApplicationName", 36 | "ParameterValue" : "sc-sqs" 37 | } 38 | ] 39 | -------------------------------------------------------------------------------- /templates/examples/lab/aws-kinesis-agent-latest.amzn1.noarch.rpm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-preventive-control/a5eeaa6528ed7c1b72be0d617af36831eb331f54/templates/examples/lab/aws-kinesis-agent-latest.amzn1.noarch.rpm -------------------------------------------------------------------------------- /templates/examples/lab/bonus-elasticsearch-cfn.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog Lab - Provision ElasticSearch from Service Catalog 18 | Resources: 19 | ESResourceSelector: 20 | Type: "Custom::ResourceSelector" 21 | Version: "1.0" 22 | Properties: 23 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-selector' 24 | Options: 25 | OnError: failed 26 | Resources: 27 | vpc: 28 | Tags: 29 | - Key: Env 30 | Value: lab 31 | - Key: Name 32 | Value: sc-lab-vpc 33 | Options: 34 | Match: all 35 | Output: single 36 | subnet: 37 | Tags: 38 | - Key: Env 39 | Value: lab 40 | - Key: sdlc 41 | Value: web 42 | - Key: Name 43 | Value: sc-lab-web-subnet 44 | Options: 45 | Match: all 46 | Output: single 47 | sg: 48 | Tags: 49 | - Key: Env 50 | Value: lab 51 | - Key: sdlc 52 | Value: web 53 | - Key: Name 54 | Value: sc-lab-web-sg 55 | Options: 56 | Match: all 57 | Output: single 58 | GroupName: sc-lab-web-sg 59 | ProductSelectorES: 60 | Type: "Custom::ProductSelector" 61 | Version: "1.0" 62 | Properties: 63 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 64 | Action: 65 | Name: product 66 | Parameters: 67 | ProductName: elasticsearch 68 | ES: 69 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 70 | DependsOn: LabKMSKeyAlias 71 | Properties: 72 | ProvisionedProductName: 'sc-lab-elasticsearch' 73 | ProvisioningParameters: 74 | - Key: DomainName 75 | Value: sc-lab-es 76 | - Key: InstanceType 77 | Value: m4.large.elasticsearch 78 | - Key: DedicatedMasterType 79 | Value: m4.large.elasticsearch 80 | - Key: ESAccessPrincipalFull 81 | Value: !GetAtt KinesisRole.Arn 82 | - Key: KMSId 83 | Value: !Ref LabKMSKey 84 | - Key: SubnetIds 85 | Value: !GetAtt ESResourceSelector.subnet 86 | - Key: SecurityGroupIds 87 | Value: !GetAtt ESResourceSelector.sg 88 | 89 | ProductId: !GetAtt ProductSelectorES.ProductId 90 | ProvisioningArtifactId: !GetAtt ProductSelectorES.ArtifactId 91 | -------------------------------------------------------------------------------- /templates/examples/lab/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # /* 4 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 5 | # * 6 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 7 | # * software and associated documentation files (the "Software"), to deal in the Software 8 | # * without restriction, including without limitation the rights to use, copy, modify, 9 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 10 | # * permit persons to whom the Software is furnished to do so. 11 | # * 12 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 14 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 15 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 16 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 17 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 18 | # */ 19 | 20 | # list of product to delete from Service Catalog 21 | products_to_deploy=(sns elasticsearch ebs autoscaling alb albtarget alblistener s3) 22 | # Domain Name to remove from ACM 23 | domainName='www.example.com' 24 | 25 | printf "Delete SSL Certificate from ACM\n" 26 | certArn=$(aws acm list-certificates --query 'CertificateSummaryList[?DomainName==`'$domainName'`].CertificateArn' --output text) 27 | aws acm delete-certificate --certificate-arn $certArn 28 | 29 | # Delete Service Catalog Products 30 | for i in ${products_to_deploy[*]} 31 | do 32 | printf "Deleting Product: $i\n" 33 | aws cloudformation update-termination-protection --no-enable-termination-protection --stack-name "sc-$i-product-cfn" 34 | aws cloudformation delete-stack --stack-name "sc-$i-product-cfn" 35 | done 36 | -------------------------------------------------------------------------------- /templates/examples/lab/fh-agent.json: -------------------------------------------------------------------------------- 1 | { 2 | "cloudwatch.emitMetrics": false, 3 | "firehose.endpoint": "https://firehose.us-east-1.amazonaws.com", 4 | "flows": [ 5 | { 6 | "filePattern": "/var/log/httpd/*_log", 7 | "deliveryStream": "sc-lab-kinesis-fh-stream" 8 | } 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /templates/examples/lab/kinesis-deployment-cfn.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog Lab - Provision Kinesis Firehose Stream 18 | Parameters: 19 | KinesisRole: 20 | Description: Kinesis IAM Role Arn 21 | Type: String 22 | S3StackName: 23 | Description: Arn of S3 bucket to store failed documents 24 | Type: String 25 | KMSEncryptionKeyArn: 26 | Description: Arn of KMS key use to encrypt content on S3 27 | Type: String 28 | 29 | Resources: 30 | Kinesis: 31 | Type: AWS::KinesisFirehose::DeliveryStream 32 | Properties: 33 | DeliveryStreamName: sc-lab-kinesis-fh-stream 34 | DeliveryStreamType: DirectPut 35 | S3DestinationConfiguration: 36 | BucketARN: 37 | Fn::ImportValue: 38 | !Sub "${S3StackName}-S3BucketArn" 39 | RoleARN: !Ref KinesisRole 40 | EncryptionConfiguration: 41 | KMSEncryptionConfig: 42 | AWSKMSKeyARN: !Ref KMSEncryptionKeyArn 43 | BufferingHints: 44 | IntervalInSeconds: 60 45 | SizeInMBs: 2 46 | CompressionFormat: GZIP 47 | 48 | Outputs: 49 | KinesisArn: 50 | Value: !GetAtt Kinesis.Arn 51 | Export: 52 | Name: !Sub ${AWS::StackName}-KinesisArn 53 | KinesisId: 54 | Value: !Ref Kinesis 55 | Export: 56 | Name: !Sub ${AWS::StackName}-KinesisId 57 | -------------------------------------------------------------------------------- /templates/examples/lab/service-catalog-s3-deployment-bucket-cfn.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: '2010-09-09' 17 | Description: Service Catalog Lab - S3 Bucket 18 | Parameters: 19 | DeploymentBucketName: 20 | Description: S3 Bucket Name 21 | Type: String 22 | LambdaArn: 23 | Description: Deployer Lambda Arn 24 | Type: String 25 | DeploymentConfigSuffix: 26 | Description: Deployment Configuration file suffix e.g. deployer 27 | Type: String 28 | Resources: 29 | PermissionForS3ToInvokeMyLambda: 30 | Type: 'AWS::Lambda::Permission' 31 | Properties: 32 | Action: 'lambda:InvokeFunction' 33 | FunctionName: !Ref LambdaArn 34 | Principal: 's3.amazonaws.com' 35 | SourceArn: !Sub 'arn:aws:s3:::${DeploymentBucketName}' 36 | S3Bucket: 37 | DependsOn: PermissionForS3ToInvokeMyLambda 38 | Type: AWS::S3::Bucket 39 | Properties: 40 | BucketName: !Ref DeploymentBucketName 41 | AccessControl: BucketOwnerFullControl 42 | VersioningConfiguration: 43 | Status: Enabled 44 | Tags: 45 | - 46 | Key: "LAB:Object" 47 | Value: "sc-lab-deployment-bucket" 48 | - 49 | Key: "LAB:Env" 50 | Value: "sc-lab" 51 | NotificationConfiguration: 52 | LambdaConfigurations: 53 | - 54 | Function: !Ref LambdaArn 55 | Event: "s3:ObjectCreated:*" 56 | Filter: 57 | S3Key: 58 | Rules: 59 | - 60 | Name: suffix 61 | Value: !Ref DeploymentConfigSuffix 62 | Outputs: 63 | BucketArn: 64 | Value: !GetAtt S3Bucket.Arn 65 | Export: 66 | Name: !Sub ${AWS::StackName}-BucketArn 67 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-dms-endpoint-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision DMS Endpoint from Service Catalog 18 | Parameters: 19 | EndpointIdentifier: 20 | Description: Endpoint Name 21 | Type: String 22 | EndpointType: 23 | Description: Endpoint Type 24 | Type: String 25 | Default: source 26 | AllowedValues: 27 | - source 28 | - target 29 | EngineName: 30 | Description: Engine Name 31 | Type: String 32 | DatabaseName: 33 | Description: Database Name 34 | Type: String 35 | ServerName: 36 | Description: Server Name 37 | Type: String 38 | Port: 39 | Description: Port 40 | Type: Number 41 | UserName: 42 | Description: User Name 43 | Type: String 44 | Password: 45 | Description: Password 46 | Type: String 47 | NoEcho: True 48 | KMSId: 49 | Description: Encryption Key Id 50 | Type: String 51 | ProvisionedApplicationName: 52 | Description: 'Name of Provision Application' 53 | Type: String 54 | 55 | Resources: 56 | ProductSelector: 57 | Type: "Custom::ProductSelector" 58 | Version: "1.0" 59 | Properties: 60 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 61 | ProductName: dmsendpoint 62 | DMSEndpoint: 63 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 64 | Properties: 65 | ProvisionedProductName: !Ref ProvisionedApplicationName 66 | ProvisioningParameters: 67 | - Key: EndpointIdentifier 68 | Value: !Ref EndpointIdentifier 69 | - Key: EndpointType 70 | Value: !Ref EndpointType 71 | - Key: EngineName 72 | Value: !Ref EngineName 73 | - Key: DatabaseName 74 | Value: !Ref DatabaseName 75 | - Key: ServerName 76 | Value: !Ref ServerName 77 | - Key: Port 78 | Value: !Ref Port 79 | - Key: UserName 80 | Value: !Ref UserName 81 | - Key: Password 82 | Value: !Ref Password 83 | - Key: KMSId 84 | Value: !Ref KMSId 85 | - Key: Tags 86 | Value: !Sub 'Name=${EndpointIdentifier},Environment=Test' 87 | 88 | ProductId: !GetAtt ProductSelector.ProductId 89 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 90 | 91 | Outputs: 92 | ProductTemplateName: 93 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt DMSEndpoint.CloudformationStackArn ]]]] 94 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-dms-replication-instance-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision DMS Replication Instance from Service Catalog 18 | Parameters: 19 | ReplicationInstanceIdentifier: 20 | Description: Replication Instance Name 21 | Type: String 22 | ReplicationInstanceClass: 23 | Description: Replication Instance Type 24 | Type: String 25 | EngineVersion: 26 | Description: Engine Version 27 | Type: String 28 | Storage: 29 | Type: Number 30 | MinValue: 50 31 | MaxValue: 500 32 | Default: 50 33 | Description: Allocate Storage in GB min 50 max 500 34 | KMSId: 35 | Description: KMS Encryption Key Id 36 | Type: String 37 | ReplicationSubnetGroupIdentifier: 38 | Description: Replication Subnet Group Identifier 39 | Type: String 40 | SecurityGroupIds: 41 | Description: VPC Security Groups Ids 42 | Type: String 43 | ProvisionedApplicationName: 44 | Description: 'Name of Provision Application' 45 | Type: String 46 | 47 | Resources: 48 | ProductSelector: 49 | Type: "Custom::ProductSelector" 50 | Version: "1.0" 51 | Properties: 52 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 53 | ProductName: dmsinstance 54 | DMS: 55 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 56 | Properties: 57 | ProvisionedProductName: !Ref ProvisionedApplicationName 58 | ProvisioningParameters: 59 | - Key: ReplicationInstanceIdentifier 60 | Value: !Ref ReplicationInstanceIdentifier 61 | - Key: ReplicationInstanceClass 62 | Value: !Ref ReplicationInstanceClass 63 | - Key: Storage 64 | Value: !Ref Storage 65 | - Key: EngineVersion 66 | Value: !Ref EngineVersion 67 | - Key: ReplicationSubnetGroupIdentifier 68 | Value: !Ref ReplicationSubnetGroupIdentifier 69 | - Key: SecurityGroupIds 70 | Value: !Ref SecurityGroupIds 71 | - Key: KMSId 72 | Value: !Ref KMSId 73 | - Key: Tags 74 | Value: !Sub 'Name=${ReplicationInstanceIdentifier},Environment=Test' 75 | ProductId: !GetAtt ProductSelector.ProductId 76 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 77 | 78 | Outputs: 79 | ProductTemplateName: 80 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt DMS.CloudformationStackArn ]]]] 81 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-dynamodb-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision DynamoDB from Service Catalog 18 | Parameters: 19 | TableName: 20 | Description: A name for the table 21 | Type: String 22 | ReadCapacityUnits: 23 | Description: Sets the desired minimum number of consistent reads 24 | Type: Number 25 | Default: 5 26 | WriteCapacityUnits: 27 | Description: Sets the desired minimum number of consistent writes 28 | Type: Number 29 | Default: 5 30 | KeySchema: 31 | Description: Specifies the attributes that make up the primary key for the table 32 | Type: String 33 | AttributeDefinitions: 34 | Description: A list of attributes that describe the key schema for the table and indexes. 35 | Type: String 36 | ProvisionedApplicationName: 37 | Description: 'Name of Provision Application' 38 | Type: String 39 | 40 | Resources: 41 | ProductSelector: 42 | Type: "Custom::ProductSelector" 43 | Version: "1.0" 44 | Properties: 45 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 46 | ProductName: dynamodb 47 | DynamoDB: 48 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 49 | Properties: 50 | ProvisionedProductName: !Ref ProvisionedApplicationName 51 | ProvisioningParameters: 52 | - Key: TableName 53 | Value: !Ref TableName 54 | - Key: ReadCapacityUnits 55 | Value: !Ref ReadCapacityUnits 56 | - Key: WriteCapacityUnits 57 | Value: !Ref WriteCapacityUnits 58 | - Key: KeySchema 59 | Value: !Ref KeySchema 60 | - Key: AttributeDefinitions 61 | Value: !Ref AttributeDefinitions 62 | - Key: Tags 63 | Value: !Sub 'Name=${TableName},Environment=Test' 64 | 65 | ProductId: !GetAtt ProductSelector.ProductId 66 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 67 | 68 | Outputs: 69 | ProductTemplateName: 70 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt DynamoDB.CloudformationStackArn ]]]] 71 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-ebs-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision EBS from Service Catalog 18 | Parameters: 19 | AutoEnableIO: 20 | Description: 'Indicates whether the volume is auto-enabled for I/O operations.' 21 | Type: String 22 | Default: false 23 | AllowedValues: 24 | - true 25 | - false 26 | KMSId: 27 | Description: KMS Encryption Key Id 28 | Type: String 29 | VolumeSize: 30 | Description: The size of the volume, in gibibytes (GiBs). 31 | Type: Number 32 | MinValue: 1 33 | MaxValue: 500 34 | Default: 10 35 | SnapshotId: 36 | Description: The snapshot from which to create the new volume. 37 | Type: String 38 | Default: '' 39 | Name: 40 | Description: 'EBS Volume Name' 41 | Type: String 42 | ProvisionedApplicationName: 43 | Description: 'Name of Provision Application' 44 | Type: String 45 | 46 | Resources: 47 | ProductSelector: 48 | Type: "Custom::ProducteSelector" 49 | Version: "1.0" 50 | Properties: 51 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 52 | ProductName: ebs 53 | EBS: 54 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 55 | Properties: 56 | ProvisionedProductName: !Ref ProvisionedApplicationName 57 | ProvisioningParameters: 58 | - Key: AutoEnableIO 59 | Value: !Ref AutoEnableIO 60 | - Key: AvailabilityZone 61 | Value: !Select 62 | - 0 63 | - Fn::GetAZs: !Ref 'AWS::Region' 64 | - Key: KMSId 65 | Value: !Ref KMSId 66 | - Key: VolumeSize 67 | Value: !Ref VolumeSize 68 | - Key: SnapshotId 69 | Value: !Ref SnapshotId 70 | - Key: Tags 71 | Value: !Sub 'Name=${Name},Environment=Test' 72 | ProductId: !GetAtt ProductSelector.ProductId 73 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 74 | 75 | Outputs: 76 | ProductTemplateName: 77 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt EBS.CloudformationStackArn ]]]] 78 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-efs-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision EFS from Service Catalog 18 | Parameters: 19 | KMSId: 20 | Description: KMS Encryption Key Id 21 | Type: String 22 | ProvisionedApplicationName: 23 | Description: 'Name of Provision Application' 24 | Type: String 25 | 26 | Resources: 27 | ProductSelector: 28 | Type: "Custom::ProductSelector" 29 | Version: "1.0" 30 | Properties: 31 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 32 | ProductName: efs 33 | EFS: 34 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 35 | Properties: 36 | ProvisionedProductName: !Ref ProvisionedApplicationName 37 | ProvisioningParameters: 38 | - Key: KMSId 39 | Value: !Ref KMSId 40 | - Key: Tags 41 | Value: 'Name=My EFS,Environment=Test' 42 | 43 | ProductId: !GetAtt ProductSelector.ProductId 44 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 45 | 46 | Outputs: 47 | ProductTemplateName: 48 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt EFS.CloudformationStackArn ]]]] 49 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-elasticache-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision ElastiCache from Service Catalog 18 | Parameters: 19 | ClusterName: 20 | Description: Cluster Name 21 | Type: String 22 | NodeType: 23 | Description: Elasticache Node Type 24 | Type: String 25 | NumberClusters: 26 | Description: Number of Cache Clusters 27 | Type: Number 28 | MinValue: 1 29 | MaxValue: 6 30 | Default: 2 31 | ConstraintDescription: Value must be between 1-6 32 | AuthToken: 33 | Description: The password that's used to access a password-protected server 34 | Type: String 35 | NoEcho: true 36 | Default: '' 37 | CacheSubnetGroupName: 38 | Description: Cache Subnet Group Name 39 | Type: String 40 | SecurityGroupIds: 41 | Description: Security Groups Ids 42 | Type: String 43 | ProvisionedApplicationName: 44 | Description: 'Name of Provision Application' 45 | Type: String 46 | 47 | Resources: 48 | ProductSelector: 49 | Type: "Custom::ProductSelector" 50 | Version: "1.0" 51 | Properties: 52 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 53 | ProductName: elasticache 54 | EC: 55 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 56 | Properties: 57 | ProvisionedProductName: !Ref ProvisionedApplicationName 58 | ProvisioningParameters: 59 | - Key: ClusterName 60 | Value: !Ref ClusterName 61 | - Key: NodeType 62 | Value: !Ref NodeType 63 | - Key: NumberClusters 64 | Value: !Ref NumberClusters 65 | - Key: AuthToken 66 | Value: !Ref AuthToken 67 | - Key: CacheSubnetGroupName 68 | Value: !Ref CacheSubnetGroupName 69 | - Key: SecurityGroupIds 70 | Value: !Ref SecurityGroupIds 71 | - Key: Tags 72 | Value: !Sub 'Name=${ClusterName},Environment=Test' 73 | 74 | ProductId: !GetAtt ProductSelector.ProductId 75 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 76 | 77 | Outputs: 78 | ProductTemplateName: 79 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt EC.CloudformationStackArn ]]]] 80 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-fsx-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision FSx For Windows from Service Catalog 18 | Parameters: 19 | KMSId: 20 | Description: KMS Encryption Key Id 21 | Type: String 22 | StorageCapacity: 23 | Description: The storage capacity of the file system 24 | Type: Number 25 | MinValue: 300 26 | MaxValue: 65536 27 | Default: 300 28 | SubnetIds: 29 | Description: VPC Subnets Ids as comma separated list 30 | Type: String 31 | SecurityGroupIds: 32 | Description: VPC Security Groups Ids as comma separated list 33 | Type: String 34 | ActiveDirectoryId: 35 | Description: The ID for an existing Microsoft Active Directory 36 | Type: String 37 | ThroughputCapacity: 38 | Description: The throughput of an Amazon FSx file system, measured in megabytes per second 39 | Type: Number 40 | MinValue: 8 41 | MaxValue: 2048 42 | Default: 8 43 | AutomaticBackupRetentionDays: 44 | Description: The number of days to retain automatic backups. Setting this to 0 disables automatic backups 45 | Type: Number 46 | MinValue: 0 47 | MaxValue: 35 48 | Default: 0 49 | ProvisionedApplicationName: 50 | Description: 'Name of Provision Application' 51 | Type: String 52 | 53 | Resources: 54 | ProductSelector: 55 | Type: "Custom::ProductSelector" 56 | Version: "1.0" 57 | Properties: 58 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 59 | ProductName: fsx 60 | FSX: 61 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 62 | Properties: 63 | ProvisionedProductName: !Ref ProvisionedApplicationName 64 | ProvisioningParameters: 65 | - Key: KMSId 66 | Value: !Ref KMSId 67 | - Key: StorageCapacity 68 | Value: !Ref StorageCapacity 69 | - Key: SubnetIds 70 | Value: !Ref SubnetIds 71 | - Key: SecurityGroupIds 72 | Value: !Ref SecurityGroupIds 73 | - Key: ActiveDirectoryId 74 | Value: !Ref ActiveDirectoryId 75 | - Key: ThroughputCapacity 76 | Value: !Ref ThroughputCapacity 77 | - Key: AutomaticBackupRetentionDays 78 | Value: !Ref AutomaticBackupRetentionDays 79 | - Key: Tags 80 | Value: 'Name=My Test FSx,Environment=Test' 81 | 82 | ProductId: !GetAtt ProductSelector.ProductId 83 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 84 | 85 | Outputs: 86 | ProductTemplateName: 87 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt FSX.CloudformationStackArn ]]]] 88 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-kinesis-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision Kinesis from Service Catalog 18 | Parameters: 19 | Name: 20 | Description: Kinesis Name 21 | Type: String 22 | RetentionPeriodHours: 23 | Description: The number of hours for the data records that are stored in shards to remain accessible 24 | Type: Number 25 | MinValue: 24 26 | MaxValue: 168 27 | Default: 24 28 | ShardCount: 29 | Description: The number of shards that the stream uses 30 | Type: Number 31 | MinValue: 1 32 | MaxValue: 30 33 | Default: 1 34 | KMSId: 35 | Description: KMS Encryption Key Id 36 | Type: String 37 | ProvisionedApplicationName: 38 | Description: 'Name of Provision Application' 39 | Type: String 40 | 41 | Resources: 42 | ProductSelector: 43 | Type: "Custom::ProductSelector" 44 | Version: "1.0" 45 | Properties: 46 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 47 | ProductName: kinesis 48 | Kinesis: 49 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 50 | Properties: 51 | ProvisionedProductName: !Ref ProvisionedApplicationName 52 | ProvisioningParameters: 53 | - Key: Name 54 | Value: !Ref Name 55 | - Key: RetentionPeriodHours 56 | Value: !Ref RetentionPeriodHours 57 | - Key: ShardCount 58 | Value: !Ref ShardCount 59 | - Key: KMSId 60 | Value: !Ref KMSId 61 | - Key: Tags 62 | Value: !Sub 'Name=${Name},Environment=Test' 63 | 64 | ProductId: !GetAtt ProductSelector.ProductId 65 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 66 | 67 | Outputs: 68 | ProductTemplateName: 69 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt Kinesis.CloudformationStackArn ]]]] 70 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-s3-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision S3 from Service Catalog 18 | Parameters: 19 | Tags: 20 | Description: SNS Topic Name 21 | Type: String 22 | KMSId: 23 | Description: KMS Encryption Key Id 24 | Type: String 25 | BucketName: 26 | Type: String 27 | Description: Bucket name, must be globaly unique. If not provided CFT will make a unique name. Commented for testing 28 | Default: '' 29 | ProvisionedApplicationName: 30 | Description: 'Name of Provision Application' 31 | Type: String 32 | VersioningParam: 33 | Description: Determine if versioning is enabled for the bucket 34 | Type: String 35 | AllowedValues: [Enabled, Suspended] 36 | Default: "Enabled" 37 | 38 | Resources: 39 | ProductSelector: 40 | Type: "Custom::ProductSelector" 41 | Version: "1.0" 42 | Properties: 43 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 44 | ProductName: s3 45 | S3: 46 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 47 | Properties: 48 | ProvisionedProductName: !Ref ProvisionedApplicationName 49 | ProvisioningParameters: 50 | - Key: BucketName 51 | Value: !Ref BucketName 52 | - Key: Tags 53 | Value: !Ref Tags 54 | - Key: KMSId 55 | Value: !Ref KMSId 56 | - Key: VersioningParam 57 | Value: !Ref VersioningParam 58 | 59 | ProductId: !GetAtt ProductSelector.ProductId 60 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 61 | 62 | Outputs: 63 | ProductTemplateName: 64 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt S3.CloudformationStackArn ]]]] 65 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-sagemaker-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision SageMaker from Service Catalog 18 | Parameters: 19 | KMSId: 20 | Description: KMS Encryption Key Id 21 | Type: String 22 | InstanceType: 23 | Description: The type of ML compute instance to launch for the notebook instance 24 | Type: String 25 | NotebookInstanceName: 26 | Description: The name of the new notebook instance. 27 | Type: String 28 | RoleName: 29 | Description: Name of SageMaker IAM Role. 30 | Type: String 31 | SubnetId: 32 | Description: The ID of the subnet in a VPC to which you would like to have a connectivity from your ML compute instance 33 | Type: String 34 | SecurityGroupIds: 35 | Description: VPC Security Groups Ids as comma separated list 36 | Type: String 37 | VolumeSizeInGB: 38 | Description: The size, in GB, of the ML storage volume to attach to the notebook instance 39 | Type: Number 40 | MinValue: 5 41 | MaxValue: 16384 42 | Default: 5 43 | ProvisionedApplicationName: 44 | Description: 'Name of Provision Application' 45 | Type: String 46 | 47 | Resources: 48 | ProductSelector: 49 | Type: "Custom::ProductSelector" 50 | Version: "1.0" 51 | Properties: 52 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 53 | ProductName: sagemaker 54 | SageMaker: 55 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 56 | Properties: 57 | ProvisionedProductName: !Ref ProvisionedApplicationName 58 | ProvisioningParameters: 59 | - Key: InstanceType 60 | Value: !Ref InstanceType 61 | - Key: KMSId 62 | Value: !Ref KMSId 63 | - Key: NotebookInstanceName 64 | Value: !Ref NotebookInstanceName 65 | - Key: RoleArn 66 | Value: !Sub 'arn:aws:iam::${AWS::AccountId}:role/${RoleName}' 67 | - Key: SubnetId 68 | Value: !Ref SubnetId 69 | - Key: SecurityGroupIds 70 | Value: !Ref SecurityGroupIds 71 | - Key: VolumeSizeInGB 72 | Value: !Ref VolumeSizeInGB 73 | - Key: Tags 74 | Value: !Sub 'Name=${NotebookInstanceName},Environment=Test' 75 | 76 | ProductId: !GetAtt ProductSelector.ProductId 77 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 78 | 79 | Outputs: 80 | ProductTemplateName: 81 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt SageMaker.CloudformationStackArn ]]]] 82 | -------------------------------------------------------------------------------- /templates/examples/sc-provision-sns-cft.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Provision SNS from Service Catalog 18 | Parameters: 19 | TopicName: 20 | Description: SNS Topic Name 21 | Type: String 22 | KMSId: 23 | Description: KMS Encryption Key Id 24 | Type: String 25 | ProvisionedApplicationName: 26 | Description: 'Name of Provision Application' 27 | Type: String 28 | 29 | Resources: 30 | ProductSelector: 31 | Type: "Custom::ProductSelector" 32 | Version: "1.0" 33 | Properties: 34 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 35 | ProductName: sns 36 | SNS: 37 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 38 | Properties: 39 | ProvisionedProductName: !Ref ProvisionedApplicationName 40 | ProvisioningParameters: 41 | - Key: TopicName 42 | Value: !Ref TopicName 43 | - Key: KMSId 44 | Value: !Ref KMSId 45 | 46 | ProductId: !GetAtt ProductSelector.ProductId 47 | ProvisioningArtifactId: !GetAtt ProductSelector.ArtifactId 48 | 49 | Outputs: 50 | ProductTemplateName: 51 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt SNS.CloudformationStackArn ]]]] 52 | -------------------------------------------------------------------------------- /templates/examples/terminate-cfn.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # /* 4 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 5 | # * 6 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 7 | # * software and associated documentation files (the "Software"), to deal in the Software 8 | # * without restriction, including without limitation the rights to use, copy, modify, 9 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 10 | # * permit persons to whom the Software is furnished to do so. 11 | # * 12 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 14 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 15 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 16 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 17 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 18 | # */ 19 | 20 | resource_stack_name="sc-test-resources-cfn" 21 | 22 | aws cloudformation delete-stack --stack-name sc-dms-endpoint-cfn 23 | aws cloudformation delete-stack --stack-name sc-dms-instance-cf 24 | aws cloudformation delete-stack --stack-name sc-dynamodb-cfn 25 | aws cloudformation delete-stack --stack-name sc-ebs-cfn 26 | aws cloudformation delete-stack --stack-name sc-efs-cfn 27 | aws cloudformation delete-stack --stack-name sc-elasticache-cfn 28 | aws cloudformation delete-stack --stack-name sc-elasticsearch-cfn 29 | aws cloudformation delete-stack --stack-name sc-fsx-cfn 30 | aws cloudformation delete-stack --stack-name sc-kinesis-cfn 31 | aws cloudformation delete-stack --stack-name sc-sagemaker-cfn 32 | aws cloudformation delete-stack --stack-name sc-sns-cfn 33 | aws cloudformation delete-stack --stack-name sc-sqs-cfn 34 | aws cloudformation delete-stack --stack-name sc-s3-cfn 35 | 36 | # Wait 5 minutes for ElasticSearch and ELastiCache termination 37 | sleep 300 38 | aws cloudformation delete-stack --stack-name $resource_stack_name 39 | -------------------------------------------------------------------------------- /templates/sc-(product)-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "", 4 | "ProductVersionDescription": "", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-alb-listener-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "Application Load Balancer Listener Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-alb-listener.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-alb-target-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "Application Load Balancer Target Group Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-alb-target.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-alb-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "Application Load Balancer Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-alb.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-autoscaling-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "AutoScaling Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-asc.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-dmsendpoint-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "DMS Endpoint Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-dmsendpoint.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-dmsinstance-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "DMS Replication Instance Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-dmsinstance.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-ebs-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "EBS Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-ebs.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-efs-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "EFS Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-efs.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-elasticache-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "ElastiCache Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-elasticache.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-elasticsearch-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "ElasticSearch Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-elasticsearch.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-fsx-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "FSx for Windows Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-fsx.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-governance-lambda-roles-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "Governance Lambda Roles Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-governance-lambda-roles.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-governance-lambdas-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "Governance Lambdas Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-governance-lambdas.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-kinesis-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "Kinesis Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-kinesis.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-kms-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "KMS Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-kms.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-mq-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "MQ Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-mq.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-s3-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "S3 Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-s3.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-sagemaker-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "SageMaker Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-sagemaker.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-sns-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "SNS Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-sns.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-sqs-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "SQS Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-sqs.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-subnet-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "Subnet Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-subnet.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-vpc-firehose.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "Firehose Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-firehose.yml" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /templates/updates/sc-vpc-update.json: -------------------------------------------------------------------------------- 1 | { 2 | "SchemaVersion": "1.0", 3 | "ProductVersionName": "1.1", 4 | "ProductVersionDescription": "VPC Update", 5 | "ProductType": "CLOUD_FORMATION_TEMPLATE", 6 | "Properties": { 7 | "TemplateFilePath": "/sc-vpc.yml" 8 | } 9 | } 10 | --------------------------------------------------------------------------------