Updates from Pull Request comments

Author: trend-scott-broschell

templates/Common/DB/DSDBAbstract.template

@@ -1,7 +1,7 @@
 AWSTemplateFormatVersion: 2010-09-09
 Description: >-
   v5.3: This template is an abstraction layer for choosing PostgreSQL, Oracle or
-  MSSQL when deploying Deep Security Manager
+  MSSQL when deploying Deep Security Manager (qs-1ngr590i4).
 Parameters:
   DBIRDSInstanceSize:
     Default: db.m3.large
@@ -92,26 +92,45 @@ Parameters:
     Description: Choose a private subnets in the same VPC for the RDS instance
     Type: 'AWS::EC2::Subnet::Id'
     ConstraintDescription: >-
-      RDS Subnet Groups must be comprised of 2 subnets in seperate availability
+      RDS Subnet Groups must be comprised of 2 subnets in separate availability
       zones with the specified VPC for deploying this template
   DBISubnet2:
     Description: Choose private subnets in the same VPC for this RDS instance
     Type: 'AWS::EC2::Subnet::Id'
     ConstraintDescription: >-
-      RDS Subnet Groups must be comprised of 2 subnets in seperate availability
+      RDS Subnet Groups must be comprised of 2 subnets in separate availability
       zones with the specified VPC for deploying this template
-  CfnUrlPrefix:
+  QSS3BucketName:
+    AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
+    ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters,
+      uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).
+    Default: quickstart-reference
+    Description: S3 bucket name for the Quick Start assets. Quick Start bucket name
+      can include numbers, lowercase letters, uppercase letters, and hyphens (-).
+      It cannot start or end with a hyphen (-).
+    Type: String
+  QSS3KeyPrefix:
+    AllowedPattern: ^[0-9a-zA-Z-]+(/[0-9a-zA-Z-]+)*$
+    ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
+      uppercase letters, hyphens (-), and forward slash (/). It cannot start or end
+      with forward slash (/) because they are automatically appended.
+    Default: trendmicro/deepsecurity/latest
+    Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can
+      include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash
+      (/).
     Type: String
-    Default: 'https://s3.amazonaws.com/trend-micro-quick-start/latest/'
 Resources:
   DSOracleRDS:
     Type: 'AWS::CloudFormation::Stack'
     Condition: DBTypeIsOracle
     Properties:
-      TemplateURL: !Join 
-        - ''
-        - - !Ref CfnUrlPrefix
-          - templates/common/db/DSDBOracleRDS.template
+      TemplateURL: !Sub
+              - >-
+                https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/templates/common/db/DSDBOracleRDS.template
+              - QSS3Region: !If
+                  - GovCloudCondition
+                  - s3-us-gov-west-1
+                  - s3
       TimeoutInMinutes: '10'
       Parameters:
         DBIRDSInstanceSize: !Ref DBIRDSInstanceSize
@@ -127,10 +146,13 @@ Resources:
     Type: 'AWS::CloudFormation::Stack'
     Condition: DBTypeIsSQL
     Properties:
-      TemplateURL: !Join 
-        - ''
-        - - !Ref CfnUrlPrefix
-          - templates/common/db/DSDBSQLRDS.template
+      TemplateURL: !Sub
+              - >-
+                https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/templates/common/db/DSDBSQLRDS.template
+              - QSS3Region: !If
+                  - GovCloudCondition
+                  - s3-us-gov-west-1
+                  - s3
       TimeoutInMinutes: '10'
       Parameters:
         DBIRDSInstanceSize: !Ref DBIRDSInstanceSize
@@ -146,10 +168,13 @@ Resources:
     Type: 'AWS::CloudFormation::Stack'
     Condition: DBTypeIsPostgreSQL
     Properties:
-      TemplateURL: !Join 
-        - ''
-        - - !Ref CfnUrlPrefix
-          - templates/common/db/DSDBPostgreSQL.template
+      TemplateURL: !Sub
+              - >-
+                https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/templates/common/db/DSDBPostgreSQL.template
+              - QSS3Region: !If
+                  - GovCloudCondition
+                  - s3-us-gov-west-1
+                  - s3
       TimeoutInMinutes: '10'
       Parameters:
         DBIRDSInstanceSize: !Ref DBIRDSInstanceSize
@@ -178,6 +203,9 @@ Conditions:
   DBTypeIsPostgreSQL: !Equals 
     - !Ref DBPEngine
     - PostgreSQL
+  GovCloudCondition: !Equals
+    - !Ref 'AWS::Region'
+    - us-gov-west-1
 Outputs:
   DSDBEndpoint:
     Value: !If 

templates/Common/DB/DSDBOracleRDS.template

@@ -1,5 +1,6 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.3: This template deploys an Oracle RDS instance for Deep Security Manager'
+Description: >-
+  v5.3: This template deploys an Oracle RDS instance for Deep Security Manager (qs-1ngr590i9).
 Parameters:
   DBIRDSInstanceSize:
     Default: db.m3.large

templates/Common/DB/DSDBSQLRDS.template

@@ -1,5 +1,6 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.3: This template deploys an MSSQL RDS Instance for Deep Security Manager'
+Description: >-
+  v5.3: This template deploys an MSSQL RDS Instance for Deep Security Manager (qs-1ngr590ij).
 Parameters:
   DBIRDSInstanceSize:
     Default: db.m3.large

templates/Common/DSMELB.template

@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: 2010-09-09
 Description: >-
-  v5.3: Deploys Elastic Load Balancers and Security Groups for Deep Security
+  v5.3: Deploys Elastic Load Balancers and Security Groups for Deep Security (qs-1ngr590je).
   Manager.
 Parameters:
   AWSIVPC:
@@ -41,17 +41,36 @@ Parameters:
       - Internet-facing
       - Internal
     Default: Internet-facing
-  CfnUrlPrefix:
+  QSS3BucketName:
+    AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
+    ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters,
+      uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).
+    Default: quickstart-reference
+    Description: S3 bucket name for the Quick Start assets. Quick Start bucket name
+      can include numbers, lowercase letters, uppercase letters, and hyphens (-).
+      It cannot start or end with a hyphen (-).
+    Type: String
+  QSS3KeyPrefix:
+    AllowedPattern: ^[0-9a-zA-Z-]+(/[0-9a-zA-Z-]+)*$
+    ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
+      uppercase letters, hyphens (-), and forward slash (/). It cannot start or end
+      with forward slash (/) because they are automatically appended.
+    Default: trendmicro/deepsecurity/latest
+    Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can
+      include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash
+      (/).
     Type: String
-    Default: 'https://s3.amazonaws.com/trend-micro-quick-start/latest/'
 Resources:
   ELBSG:
     Type: 'AWS::CloudFormation::Stack'
     Properties:
-      TemplateURL: !Join 
-        - ''
-        - - !Ref CfnUrlPrefix
-          - templates/common/security-groups/DSELBSG.template
+      TemplateURL: !Sub
+        - >-
+          https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/templates/common/security-groups/DSELBSG.template
+        - QSS3Region: !If
+            - GovCloudCondition
+            - s3-us-gov-west-1
+            - s3
       Parameters:
         AWSIVPC: !Ref AWSIVPC
         DSIPGUIPort: !Ref DSIPGUIPort
@@ -93,6 +112,9 @@ Conditions:
   InternetFacingELB: !Equals 
     - !Ref DSELBPosture
     - Internet-facing
+  GovCloudCondition: !Equals
+      - !Ref 'AWS::Region'
+      - us-gov-west-1
 Outputs:
   ELBFQDN:
     Value: !GetAtt 

templates/Common/sps.template

@@ -1,5 +1,6 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: ''
+Description: >-
+  v5.3: Smart protection server template (qs-1ngr590jj).
 Parameters:
   AWSIKeyPairName:
     Description: Existing key pair to use for connecting to your Smart Protection Server

templates/Marketplace/DSMMP.template

@@ -4,7 +4,7 @@ Description: >-
   nested in a stack, and requires several passed parameters to launch.
   **WARNING** This template creates Amazon EC2 instances and related resources.
   You will be billed for the AWS resources used if you create a stack from this
-  template.
+  template (qs-1ngr590jo).
 Parameters:
   AWSIKeyPairName:
     Description: >-
@@ -187,9 +187,25 @@ Parameters:
       - Internet-facing
       - Internal
     Default: Internet-facing
-  CfnUrlPrefix:
+  QSS3BucketName:
+    AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
+    ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters,
+      uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).
+    Default: quickstart-reference
+    Description: S3 bucket name for the Quick Start assets. Quick Start bucket name
+      can include numbers, lowercase letters, uppercase letters, and hyphens (-).
+      It cannot start or end with a hyphen (-).
+    Type: String
+  QSS3KeyPrefix:
+    AllowedPattern: ^[0-9a-zA-Z-]+(/[0-9a-zA-Z-]+)*$
+    ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
+      uppercase letters, hyphens (-), and forward slash (/). It cannot start or end
+      with forward slash (/) because they are automatically appended.
+    Default: trendmicro/deepsecurity/latest
+    Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can
+      include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash
+      (/).
     Type: String
-    Default: 'https://s3.amazonaws.com/trend-micro-quick-start/latest/'
   DSCLicenseType:
     Type: String
     Default: Enterprise
@@ -580,24 +596,33 @@ Resources:
         addCloudAccount:
           files:
             /etc/cfn/set-aia-settings.sh:
-              source: !Join 
-                - ''
-                - - !Ref CfnUrlPrefix
-                  - scripts/set-aia-settings.sh
+              source: !Sub
+                - >-
+                  https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/scripts/set-aia-settings.sh
+                - QSS3Region: !If
+                    - GovCloudCondition
+                    - s3-us-gov-west-1
+                    - s3
               owner: root
               mode: '000700'
             /etc/cfn/kill-mp-web-installer.sh:
-              source: !Join 
-                - ''
-                - - !Ref CfnUrlPrefix
-                  - scripts/kill-mp-web-installer.sh
+              source: !Sub
+                - >-
+                  https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/scripts/kill-mp-web-installer.sh
+                - QSS3Region: !If
+                    - GovCloudCondition
+                    - s3-us-gov-west-1
+                    - s3
               owner: root
               mode: '000700'
             /etc/cfn/add-aws-account-with-instance-role.sh:
-              source: !Join 
-                - ''
-                - - !Ref CfnUrlPrefix
-                  - scripts/add-aws-account-with-instance-role.sh
+              source: !Sub
+                - >-
+                  https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/scripts/add-aws-account-with-instance-role.sh
+                - QSS3Region: !If
+                    - GovCloudCondition
+                    - s3-us-gov-west-1
+                    - s3
               owner: root
               mode: '000700'
           commands:
@@ -640,8 +665,14 @@ Resources:
               command: !Join 
                 - ''
                 - - 'cd /etc/cfn/rhel-scripts; curl -O '
-                  - !Ref CfnUrlPrefix
-                  - scripts/create-dsm-db.py; chmod 755 create-dsm-db.py
+                  - !Sub
+                    - >-
+                      https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/scripts/create-dsm-db.py
+                    - QSS3Region: !If
+                      - GovCloudCondition
+                      - s3-us-gov-west-1
+                      - s3
+                  - ' chmod 755 create-dsm-db.py'
               ignoreErrors: 'false'
             2-create-db:
               command: !Join 
@@ -670,17 +701,23 @@ Resources:
         fixManagerLoadBalancerSettings:
           files:
             /etc/cfn/create-console-listener.sh:
-              source: !Join 
-                - ''
-                - - !Ref CfnUrlPrefix
-                  - scripts/create-console-listener.sh
+              source: !Sub
+                - >-
+                  https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/scripts/create-console-listener.sh
+                - QSS3Region: !If
+                    - GovCloudCondition
+                    - s3-us-gov-west-1
+                    - s3
               owner: root
               mode: '000700'
             /etc/cfn/set-lb-settings.sh:
-              source: !Join 
-                - ''
-                - - !Ref CfnUrlPrefix
-                  - scripts/set-lb-settings.sh
+              source: !Sub
+                - >-
+                  https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/scripts/set-lb-settings.sh
+                - QSS3Region: !If
+                    - GovCloudCondition
+                    - s3-us-gov-west-1
+                    - s3
               owner: root
               mode: '000700'
           commands:
@@ -726,10 +763,13 @@ Resources:
         fixManagerHostObject:
           files:
             /etc/cfn/reactivate-manager.sh:
-              source: !Join 
-                - ''
-                - - !Ref CfnUrlPrefix
-                  - scripts/reactivate-manager.sh
+              source: !Sub
+                - >-
+                  https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}/scripts/reactivate-manager.sh
+                - QSS3Region: !If
+                    - GovCloudCondition
+                    - s3-us-gov-west-1
+                    - s3
               owner: root
               mode: '000700'
           commands:
@@ -912,6 +952,9 @@ Conditions:
     - !Equals 
       - !Ref DSProxyUrl
       - ''
+  GovCloudCondition: !Equals
+    - !Ref 'AWS::Region'
+    - us-gov-west-1
 Outputs:
   DSMFQDN:
     Value: !GetAtt