Merge branch 'develop'

Author: tonynv

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "submodules/quickstart-aws-vpc"]
+	path = submodules/quickstart-aws-vpc
+	url = [email protected]:aws-quickstart/quickstart-aws-vpc.git
+	branch = master

submodules/quickstart-aws-vpc

@@ -778,9 +778,9 @@ Resources:
               - -e $? -r "Complete"
               - !Join
                 - ''
-                - - '-e $? -r "DSM Node configuration complete" '
-                  - !Base64
-                      Ref: DSM1CompleteWaitHandle
+                - - '-e $? -r "DSM Node configuration complete" "'
+                  - Ref: DSM1CompleteWaitHandle
+                  - '"'
             ProxyOption2:
               !If
               - UseProxy

templates/common/.DS_Store

@@ -616,7 +616,7 @@ Resources:
     - DSMNode1
     Properties:
       Handle: !Ref DSM1CompleteWaitHandle
-      Timeout: '1800'
+      Timeout: '3600'
   DSM1NoDBCompleteWaitHandle:
     Condition: DoNotLaunchRDSInstance
     Type: AWS::CloudFormation::WaitConditionHandle
@@ -627,7 +627,7 @@ Resources:
     - DSMNode1NoDB
     Properties:
       Handle: !Ref DSM1CompleteWaitHandle
-      Timeout: '1800'
+      Timeout: '3600'
 Conditions:
   DSIsMultiNode:
     !Equals

templates/marketplace/dsm-mp.template

@@ -0,0 +1,352 @@
+---
+AWSTemplateFormatVersion: 2010-09-09
+Description: 'This template is used strictly for CI entrypoints. It is not designed to be launched outside of the CI/CD Pipeline of the AWS QuickStart Team'
+Parameters:
+  AWSKeyPairName:
+    Description: Select an existing key pair to use for connecting to your Deep Security
+      Manager Instance.
+    Type: AWS::EC2::KeyPair::KeyName
+    MinLength: '1'
+    MaxLength: '255'
+    ConstraintDescription: Select an existing EC2 Key Pair.
+  AWSVPC:
+    Description: Select an existing VPC to deploy Deep Security Manager.
+    Type: AWS::EC2::VPC::Id
+    MinLength: '1'
+    MaxLength: '255'
+    AllowedPattern: '[-_a-zA-Z0-9]*'
+  DatabaseSubnet1:
+    Description: Select a private subnet for the RDS database.  Must be a private
+      subnet contained the in VPC chosen above.
+    Type: AWS::EC2::Subnet::Id
+    ConstraintDescription: RDS Subnet Groups must be comprised of 2 subnets in seperate
+      availability zones within the specified VPC for deploying this template
+  DatabaseSubnet2:
+    Description: Select a second private subnet for the RDS database.  Must be a private
+      subnet contained the in VPC chosen above.
+    Type: AWS::EC2::Subnet::Id
+    ConstraintDescription: RDS Subnet Groups must be comprised of 2 subnets in seperate
+      availability zones within the specified VPC for deploying this template
+  DeepSecuritySubnet:
+    Description: Select an existing Subnet for Deep Security Manager. Must be a public
+      subnet contained the in VPC chosen above.
+    Type: AWS::EC2::Subnet::Id
+    MinLength: '1'
+    MaxLength: '255'
+    AllowedPattern: '[-_a-zA-Z0-9]*'
+    ConstraintDescription: Subnet ID must exist in the chosen VPC
+  DeepSecurityAdminName:
+    Default: MasterAdmin
+    Description: The Deep Security Manager administrator username for Web Console
+      Access.
+    Type: String
+    MinLength: 1
+    MaxLength: 16
+    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
+    ConstraintDescription: Must begin with a letter and contain only alphanumeric
+      characters. Min length 1, max length 16
+  DeepSecurityAdminPass:
+    NoEcho: true
+    Description: The Deep Security Manager administrator password. Must be 8-41 characters
+      long and can only contain alphanumeric characters or the following special characters
+      !^*-_+
+    Type: String
+    MinLength: 8
+    MaxLength: 41
+    AllowedPattern: '[a-zA-Z0-9!^*\-_+]*'
+    ConstraintDescription: Can only contain alphanumeric characters or the following
+      special characters !^*-_+ Min length 8, max length 41
+  ProtectedInstances:
+    Description: Select how many instances would you like to protect.
+    Type: String
+    AllowedValues:
+    - 1-100
+    - 101-500
+    - 501-1000
+    - 1001-2000
+  QSS3BucketName:
+    AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
+    ConstraintDescription: Quick Start bucket name can include numbers, lowercase
+      letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
+      (-).
+    Default: aws-quickstart
+    Description: S3 bucket name for the Quick Start assets. Quick Start bucket name
+      can include numbers, lowercase letters, uppercase letters, and hyphens (-).
+      It cannot start or end with a hyphen (-).
+    Type: String
+  QSS3KeyPrefix:
+    AllowedPattern: ^[0-9a-zA-Z-/]*$
+    ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
+      uppercase letters, hyphens (-), and forward slash (/).
+    Default: quickstart-trendmicro-deepsecurity/
+    Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
+      can include numbers, lowercase letters, uppercase letters, hyphens (-), and
+      forward slash (/).
+    Type: String
+  AvailabilityZones:
+  Description: List of Availability Zones to use for the subnets in the VPC. Three
+    Availability Zones are used for this deployment, and the logical order of your
+    selections is preserved.
+  Type: List<AWS::EC2::AvailabilityZone::Name>
+  KeyPairName:
+    Description: The name of an existing public/private key pair, which allows you
+      to securely connect to your instance after it launches
+    Type: AWS::EC2::KeyPair::KeyName
+Mappings:
+Mappings:
+  DSMSIZE:
+    us-east-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    us-west-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    us-west-2:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    eu-west-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    eu-central-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    sa-east-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    ap-northeast-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    ap-southeast-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    ap-southeast-2:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    ap-northeast-2:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    us-east-2:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    ca-central-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    ap-south-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    eu-west-2:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+    eu-west-3:
+      '1': r4.large
+      '2': r4.large
+      '3': r4.xlarge
+      '4': r4.xlarge
+    us-gov-west-1:
+      '1': m4.large
+      '2': m4.large
+      '3': m4.xlarge
+      '4': m4.xlarge
+  RDSStorageSize:
+    1-100:
+      Size: '50'
+    101-500:
+      Size: '150'
+    501-1000:
+      Size: '200'
+    1001-2000:
+      Size: '300'
+  RDSInstanceSize:
+    us-east-1:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    us-east-2:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    us-west-1:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    us-west-2:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    ca-central-1:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    ap-south-1:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    ap-northeast-2:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    ap-southeast-1:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    ap-southeast-2:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    ap-northeast-1:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    eu-central-1:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    eu-west-1:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    eu-west-2:
+      '1': db.m4.large
+      '2': db.m4.large
+      '3': db.m4.xlarge
+      '4': db.m4.xlarge
+    sa-east-1:
+      '1': db.m3.large
+      '2': db.m3.large
+      '3': db.m3.xlarge
+      '4': db.m3.xlarge
+    eu-west-3:
+      '1': db.r4.large
+      '2': db.r4.large
+      '3': db.r4.xlarge
+      '4': db.r4.xlarge
+    us-gov-west-1:
+      '1': db.m3.large
+      '2': db.m3.large
+      '3': db.m3.xlarge
+      '4': db.m3.xlarge
+  DeploymentSize:
+    1-100:
+      Size: '1'
+    101-500:
+      Size: '2'
+    501-1000:
+      Size: '3'
+    1001-2000:
+      Size: '4'
+Resources:
+  VPCStack:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template'
+      Parameters:
+        AvailabilityZones: !Join [ ',', !Ref 'AvailabilityZones' ]
+        KeyPairName: !Ref 'KeyPairName'
+        NumberOfAZs: '3'
+  TrendMicroMaster:
+    Type: AWS::CloudFormation::Stack
+    Condition: PerHostSupportedRegion
+    Properties:
+      TemplateURL:
+        Fn::Sub:
+        - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/marketplace/master-mp.template
+        - QSS3Region:
+            !If
+            - GovCloudCondition
+            - s3-us-gov-west-1
+            - s3
+      Parameters:
+        AWSIKeyPairName: !Ref AWSKeyPairName
+        AWSIVPC: !Ref AWSVPC
+        DSISubnetID: !Ref DeepSecuritySubnet
+        DBIRDSInstanceSize:
+          !FindInMap
+          - RDSInstanceSize
+          - !Ref AWS::Region
+          - !FindInMap
+            - DeploymentSize
+            - !Ref ProtectedInstances
+            - Size
+        DBIStorageAllocation:
+          !FindInMap
+          - RDSStorageSize
+          - !Ref ProtectedInstances
+          - Size
+        DBPBackupDays: '5'
+        DBPCreateDbInstance: 'Yes'
+        DBICAdminName: dsmadmin
+        DBICAdminPassword: !Ref DeepSecurityAdminPass
+        DBPEngine: PostgreSQL
+        DBPEndpoint: ''
+        DBPName: dsm
+        DSCAdminName: !Ref DeepSecurityAdminName
+        DSCAdminPassword: !Ref DeepSecurityAdminPass
+        DSIMultiNode: '2'
+        DSIPLicenseKey: XX-XXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
+        DSIPHeartbeatPort: '4120'
+        DSIPGUIPort: '443'
+        DSIPInstanceType:
+          !FindInMap
+          - DSMSIZE
+          - !Ref AWS::Region
+          - !FindInMap
+            - DeploymentSize
+            - !Ref ProtectedInstances
+            - Size
+        DBISubnet1: !Ref 'VPCStack.Outputs.PrivateSubnet1AID'
+        DBISubnet2: !Ref 'VPCStack.Outputs.PrivateSubnet2AID'
+        DSIPLicense: PerHost
+        DBPMultiAZ: 'true'
+        QSS3BucketName: !Ref QSS3BucketName
+        QSS3KeyPrefix: !Ref QSS3KeyPrefix
+Conditions:
+  PerHostSupportedRegion:
+    !Not
+    - !Equals
+      - !Ref AWS::Region
+      - match-all-regions
+  GovCloudCondition:
+    !Equals
+    - !Ref AWS::Region
+    - us-gov-west-1
+...