dw_generic_windows

--- AWSTemplateFormatVersion: '2010-09-09' Description: CloudFormation Template for a Docuware Server. Metadata: Version: Value: 1.0.0 Identifier: Value: docuware-windows-server Parameters: RootVolumeSize: Description: Volume size (GiB) for the root EBS volume (min 100, max 16384). Type: String Default: 100 AllowedPattern: '\b([1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|1[0-5][0-9]{3}|16[0-2][0-9]{2}|163[0-7][0-9]|1638[0-4])\b|^$' ConstraintDescription: Value must be a number between 100 and 16384. VPCStackName: Description: CF stack name Type: String Default: ua-uits-docuware-vpc InstanceType: Description: Instance type to use for the EC2 instance. Type: String Default: m5.2xlarge KeyPair: Description: EC2 key pair to retrieve Windows administrator password. Type: String Default: docuware-keypair WindowsAmiParamStore: Description: SSM Parameter Store key for retrieving the latest latest Windows 2016. Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> Default: /aws/service/ami-windows-latest/Windows_Server-2016-English-Full-Base TagService: Description: Name of the service associated with this resource (as listed in the service catalog). Type: String Default: Docuware TagContactNetID: Description: NetID of the primary technical resource. Type: String Default: mhirst TagTicketNumber: Description: Resource identifier Type: String TagAccountNumber: Description: Docuware account number paying for the resource. Type: String Default: 1192623 TagSubAccountNumber: Description: Docuware sub account number Type: String Default: 11AWS TagEnvironment: Description: Environment type. Type: String Default: prd AllowedValues: - tst - prd Resources:

IAM Role.

IAMRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: /

IAM Instance Profile.

IAMInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref IAMRole Ec2Instance: Type: AWS::EC2::Instance Properties: ImageId: !Ref WindowsAmiParamStore InstanceType: !Ref InstanceType IamInstanceProfile: !Ref IAMInstanceProfile KeyName: docuware-keypair NetworkInterfaces: - DeviceIndex: 0 GroupSet: - !Ref SecurityGroup SubnetId: Fn::ImportValue: !Sub "${VPCStackName}-private-subnet-a" BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: DeleteOnTermination: true VolumeSize: !Ref RootVolumeSize VolumeType: gp2 Tags: - Key: Name Value: Docuware-Windows-Server - Key: environment Value: !Ref TagEnvironment - Key: contactnetid Value: !Ref TagContactNetID - Key: ticketnumber Value: !Ref TagTicketNumber - Key: accountnumber Value: !Ref TagAccountNumber - Key: service Value: !Ref TagService

This section is purposely left in, but commented out as we do not know exactly what would be needed for a real DW server in AWS. We might need to use this section to install or configure things so leaving it so we don't have to start from scratch.
UserData: Fn::Base64: !Sub |

  # >> Add function to memory.
  Function Set-SystemForNextRun {
      Param (
          [string]$CodeSectionComplete,
          [switch]$UserDataReset,
          [switch]$RestartInstance
      )
      If ($CodeSectionComplete) {
          [System.Void](New-ItemProperty -Path 'HKLM:\SOFTWARE\Docuware' -Name "CodeSection$CodeSectionComplete" -Value 'Complete')
      } # End If.
      If ($UserDataReset) {
          try {
              $Path = 'C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml'
              [xml]$ConfigXml = Get-Content -Path $Path -ErrorAction Stop
              ($ConfigXml.Ec2ConfigurationSettings.Plugins.Plugin |
                  Where-Object -Property Name -eq 'Ec2HandleUserData').State = 'Enabled'
              $ConfigXml.Save($Path)
          } catch {
              C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule
          } # End try-catch.
      } # End If.
      If ($RestartInstance) {
          Restart-Computer -Force
      } # End If.
  } # End Function: Set-SystemForNextRun.

  # >> Check for/Create Windows Registry Key.
  If (-Not(Get-Item -Path 'HKLM:\SOFTWARE\Docuware' -ErrorAction SilentlyContinue)) {
      [System.Void](New-Item -Path 'HKLM:\SOFTWARE\' -Name 'Docuware')
  } # End If.

  # >> Run user code/invoke Set-SystemForNextRun function.
  If (-Not((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Docuware').CodeSection1 -eq 'Complete')) {

      # Set TimeZone.
      tzutil.exe /s 'US Mountain Standard Time'
      Start-Sleep -Seconds 10

      # Copy installer from S3 to Public Desktop.
      $Az = Invoke-RestMethod -Uri 'http://169.254.169.254/latest/meta-data/placement/availability-zone'
      $Region = $Az -replace ".$"

      $Params = @{
          BucketName = 'erp-ni-labview-prod'
          Key = 'NI_Volume_License_Manager_3.1.1.zip'
          File = "$($env:PUBLIC)\Desktop\NI_Volume_License_Manager_3.1.1.zip"
          Region = $Region
      }
      Read-S3Object @Params | Out-Null
      Start-Sleep -Seconds 10

      # Rename Computer.
      $WarningPreference =  'SilentlyContinue'
      Rename-Computer -NewName 'Docuware' -Force
      $WarningPreference = 'Continue'
      Start-Sleep -Seconds 10

      Set-SystemForNextRun -CodeSectionComplete 1 -Restart
  } # End If.
  </powershell>

TODO - This needs to change and probably be a generic SG that allows access from within the VPC

SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: RDP Security Group VpcId: !ImportValue ua-uits-docuware-vpc-vpcid SecurityGroupIngress: - IpProtocol: tcp FromPort: 3389 ToPort: 3389 CidrIp: 150.135.112.64/27 # Infradev VPN. Tags: - Key: Name Value: Docuware-Windows-SG - Key: environment Value: !Ref TagEnvironment - Key: contactnetid Value: !Ref TagContactNetID - Key: ticketnumber Value: !Ref TagTicketNumber - Key: accountnumber Value: !Ref TagAccountNumber - Key: service Value: !Ref TagService