--- AWSTemplateFormatVersion: '2010-09-09' Description: CloudFormation Template for a NiLabVIEW Disconnected Server. Metadata: Version: Value: 1.0.0 Identifier: Value: nilabview-disconnected-windows-server Parameters: VpcId: Description: Enter the Virtual Private Cloud (VPC) to use. Type: AWS::EC2::VPC::Id PrivateSubnet: Description: Enter the Private Subnet. Type: AWS::EC2::Subnet::Id RootVolumeSize: Description: Volume size (GiB) for the root EBS volume (min 100, max 16384). Type: String Default: 100 AllowedPattern: '\b([1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|1[0-5][0-9]{3}|16[0-2][0-9]{2}|163[0-7][0-9]|1638[0-4])\b|^$' ConstraintDescription: Value must be a number between 100 and 16384. InstanceType: Description: Instance type to use for the EC2 instance. Type: String Default: t3.medium KeyPair: Description: EC2 key pair to retrieve Windows administrator password. Type: String Default: labview-prd-erp WindowsAmiParamStore: Description: SSM Parameter Store key for retrieving the latest latest Windows 2016. Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> Default: /aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-English-64Bit-Base TagService: Description: Name of the service associated with this resource (as listed in the service catalog). Type: String TagContactNetID: Description: NetID of the primary technical resource. Type: String TagTicketNumber: Description: Resource identifier Type: String TagAccountNumber: Description: KFS account number paying for the resource. Type: String TagEnvironment: Description: Environment type. Type: String Default: dev AllowedValues: - dev - tst - prd Resources:

IAMRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: /

IAMInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref IAMRole

IAMPolicyS3Bucket: Type: AWS::IAM::Policy Properties: PolicyName: IAMPolicyS3Bucket PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - s3:ListBucket - s3:GetBucketLocation Resource: - !Sub arn:aws:s3:::erp-ni-labview-prod - Effect: Allow Action: - s3:GetObjectMetaData - s3:GetObject - s3:PutObject Resource: - !Sub arn:aws:s3:::erp-ni-labview-prod/* Roles: - !Ref IAMRole Ec2Instance: Type: AWS::EC2::Instance Properties: ImageId: !Ref WindowsAmiParamStore InstanceType: !Ref InstanceType IamInstanceProfile: !Ref IAMInstanceProfile KeyName: labview-prd-erp NetworkInterfaces: - DeviceIndex: 0 GroupSet: - !Ref SecurityGroup SubnetId: !Ref PrivateSubnet BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: DeleteOnTermination: true VolumeSize: !Ref RootVolumeSize VolumeType: gp2 Tags: - Key: Name Value: NILabVIEW-Disconnected-Windows-Server - Key: environment Value: !Ref TagEnvironment - Key: contactnetid Value: !Ref TagContactNetID - Key: ticketnumber Value: !Ref TagTicketNumber - Key: accountnumber Value: !Ref TagAccountNumber - Key: service Value: !Ref TagService UserData: Fn::Base64: !Sub | <powershell>

Function Set-SystemForNextRun { Param ( [string]$CodeSectionComplete, [switch]$UserDataReset, [switch]$RestartInstance ) If ($CodeSectionComplete) { [System.Void](New-ItemProperty -Path 'HKLM:\SOFTWARE\NILabVIEWDis' -Name "CodeSection$CodeSectionComplete" -Value 'Complete') } # End If. If ($UserDataReset) { try { $Path = 'C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml' [xml]$ConfigXml = Get-Content -Path $Path -ErrorAction Stop ($ConfigXml.Ec2ConfigurationSettings.Plugins.Plugin | Where-Object -Property Name -eq 'Ec2HandleUserData').State = 'Enabled' $ConfigXml.Save($Path) } catch { C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule } # End try-catch. } # End If. If ($RestartInstance) { Restart-Computer -Force } # End If. } # End Function: Set-SystemForNextRun.

If (-Not(Get-Item -Path 'HKLM:\SOFTWARE\NILabVIEWDis' -ErrorAction SilentlyContinue)) { [System.Void](New-Item -Path 'HKLM:\SOFTWARE\' -Name 'NILabVIEWDis') } # End If.

If (-Not((Get-ItemProperty -Path 'HKLM:\SOFTWARE\NILabVIEWDis').CodeSection1 -eq 'Complete')) {

tzutil.exe /s 'US Mountain Standard Time' Start-Sleep -Seconds 10

$Az = Invoke-RestMethod -Uri 'http://169.254.169.254/latest/meta-data/placement/availability-zone' $Region = $Az -replace ".$" $Params = @{ BucketName = 'erp-ni-labview-prod' Key = 'NI_Volume_License_Manager_3.1.1.zip' File = "$($env:PUBLIC)\Desktop\NI_Volume_License_Manager_3.1.1.zip" Region = $Region } Read-S3Object @Params | Out-Null Start-Sleep -Seconds 10

$WarningPreference = 'SilentlyContinue' Rename-Computer -NewName 'NILabVIEWDis' -Force $WarningPreference = 'Continue' Start-Sleep -Seconds 10 Set-SystemForNextRun -CodeSectionComplete 1 -Restart } # End If. </powershell> SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: RDP Security Group VpcId: !Ref VpcId SecurityGroupIngress: - IpProtocol: tcp FromPort: 3389 ToPort: 3389 CidrIp: 150.135.112.64/27 # Infradev VPN. Tags: - Key: Name Value: NILabVIEW-Disconnected-Windows-SG - Key: environment Value: !Ref TagEnvironment - Key: contactnetid Value: !Ref TagContactNetID - Key: ticketnumber Value: !Ref TagTicketNumber - Key: accountnumber Value: !Ref TagAccountNumber - Key: service Value: !Ref TagService