From 226dba8088a663b51502924f60eb37241f99320f Mon Sep 17 00:00:00 2001 From: avivm Date: Mon, 20 Oct 2025 14:43:40 +0000 Subject: [PATCH] Sync master templates with base templates --- aws/templates/asg/autoscale-master.yaml | 269 +++--------------- .../management/management-master.yaml | 213 +++----------- 2 files changed, 82 insertions(+), 400 deletions(-) diff --git a/aws/templates/asg/autoscale-master.yaml b/aws/templates/asg/autoscale-master.yaml index 953f3120..b3162559 100755 --- a/aws/templates/asg/autoscale-master.yaml +++ b/aws/templates/asg/autoscale-master.yaml @@ -1,5 +1,7 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Create an Auto Scaling group of Check Point gateways into a new VPC (__VERSION__) +Description: | + Create an Auto Scaling group of Check Point gateways into a new VPC (20250821) + See CloudGuard Network for AWS Auto Scale Group deployment guide for detailed deployment and configuration steps. Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -513,19 +515,14 @@ Parameters: Default: "" MaxLength: 100 Conditions: - ProvidedAdminEmail: !Not [!Equals [!Ref AdminEmail, '']] - ProvidedTargetGroups: !Not [!Equals [!Ref GatewaysTargetGroups, '']] - EnableCloudWatch: !Equals [!Ref CloudWatch, true] - CreateELB: !Not [!Equals [!Ref ELBType, none]] - EnableMetaDataToken: !Equals [!Ref MetaDataToken, true] 4AZs: !Equals [ !Ref NumberOfAZs, 4 ] 3AZs: !Or [ !Equals [ !Ref NumberOfAZs, 3 ], !Condition 4AZs ] - GenerateAutoScalingName: !Equals [!Ref AutoScaleGroupName, ""] + CreateELB: !Not [!Equals [!Ref ELBType, none]] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [ ',' , !Ref AvailabilityZones ] NumberOfAZs: !Ref NumberOfAZs @@ -538,232 +535,50 @@ Resources: PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR PrivateSubnet3CIDR: !Ref PrivateSubnet3CIDR PrivateSubnet4CIDR: !Ref PrivateSubnet4CIDR - ChkpGatewayRole: - Type: AWS::IAM::Role - Condition: EnableCloudWatch - Properties: - AssumeRolePolicyDocument: - Version: 2012-10-17 - Statement: - - Effect: Allow - Principal: - Service: - - ec2.amazonaws.com - Action: - - sts:AssumeRole - Path: / - CloudwatchPolicy: - Condition: EnableCloudWatch - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: __URL__/iam/cloudwatch-policy.yaml - Parameters: - PolicyName: ChkpGatewayPolicy - PolicyRole: !Ref ChkpGatewayRole - InstanceProfile: - Type: AWS::IAM::InstanceProfile - Condition: EnableCloudWatch - Properties: - Path: / - Roles: - - !Ref ChkpGatewayRole - AMI: + AutoScaleStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.us-east-1.amazonaws.com/autoscale/autoscale.yaml Parameters: - Version: !Join ['-', [!Ref GatewayVersion, GW]] - NotificationTopic: - Type: AWS::SNS::Topic - Condition: ProvidedAdminEmail - Properties: - Subscription: - - Endpoint: !Ref AdminEmail - Protocol: email - ElasticLoadBalancer: - Type: AWS::ElasticLoadBalancing::LoadBalancer - Condition: CreateELB - Properties: - CrossZone: true - Listeners: - - LoadBalancerPort: !Ref ELBPort - InstancePort: !Ref ELBPort - Protocol: TCP - HealthCheck: - Target: !Join [':', [TCP, !Ref ELBPort]] - HealthyThreshold: 3 - UnhealthyThreshold: 5 - Interval: 30 - Timeout: 5 - Scheme: !Ref ELBType - Subnets: - - !GetAtt VPCStack.Outputs.PublicSubnet1ID - - !GetAtt VPCStack.Outputs.PublicSubnet2ID - - !If [3AZs, !GetAtt VPCStack.Outputs.PublicSubnet3ID, !Ref 'AWS::NoValue'] - - !If [4AZs, !GetAtt VPCStack.Outputs.PublicSubnet4ID, !Ref 'AWS::NoValue'] - Policies: - - PolicyName: EnableProxyProtocol - PolicyType: ProxyProtocolPolicyType - Attributes: - - Name: ProxyProtocol - Value: true - InstancePorts: - - !Ref ELBPort - SecurityGroups: - - !Ref ELBSecurityGroup - PermissiveSecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - Tags: - - Key: Name - Value: !Join ['_', [!Ref 'AWS::StackName', PermissiveSecurityGroup]] - GroupDescription: Permissive security group. - VpcId: !GetAtt VPCStack.Outputs.VPCID - SecurityGroupIngress: - - IpProtocol: -1 - CidrIp: 0.0.0.0/0 - GatewayGroup: - Type: AWS::AutoScaling::AutoScalingGroup - DependsOn: GatewayLaunchTemplate - Properties: - VPCZoneIdentifier: - - !GetAtt VPCStack.Outputs.PublicSubnet1ID - - !GetAtt VPCStack.Outputs.PublicSubnet2ID - - !If [3AZs, !GetAtt VPCStack.Outputs.PublicSubnet3ID, !Ref 'AWS::NoValue'] - - !If [4AZs, !GetAtt VPCStack.Outputs.PublicSubnet4ID, !Ref 'AWS::NoValue'] - LaunchTemplate: - LaunchTemplateId: !Ref GatewayLaunchTemplate - Version: !GetAtt GatewayLaunchTemplate.LatestVersionNumber - AutoScalingGroupName: !If [GenerateAutoScalingName, !Join ["-", [!Ref 'AWS::StackName', GatewayGroup]], !Ref AutoScaleGroupName] - MinSize: !Ref GatewaysMinSize - MaxSize: !Ref GatewaysMaxSize - LoadBalancerNames: !If [CreateELB, [!Ref ElasticLoadBalancer], !Ref 'AWS::NoValue'] - TargetGroupARNs: !If [ProvidedTargetGroups, !Split [',', !Ref GatewaysTargetGroups], !Ref 'AWS::NoValue'] - HealthCheckType: ELB - HealthCheckGracePeriod: 3600 - NotificationConfiguration: !If - - ProvidedAdminEmail - - TopicARN: !Ref NotificationTopic - NotificationTypes: - - autoscaling:EC2_INSTANCE_LAUNCH - - autoscaling:EC2_INSTANCE_LAUNCH_ERROR - - autoscaling:EC2_INSTANCE_TERMINATE - - autoscaling:EC2_INSTANCE_TERMINATE_ERROR - - !Ref 'AWS::NoValue' - Tags: - - Key: Name - Value: !Ref GatewayName - PropagateAtLaunch: true - - Key: x-chkp-tags - Value: !Join - - ':' - - - !Join ['=', [management, !Ref ManagementServer]] - - !Join ['=', [template, !Ref ConfigurationTemplate]] - - !Join ['=', [ip-address, !Ref ControlGatewayOverPrivateOrPublicAddress]] - PropagateAtLaunch: true - GatewayLaunchTemplate: - Type: AWS::EC2::LaunchTemplate - Properties: - LaunchTemplateData: - NetworkInterfaces: - - DeviceIndex: 0 - AssociatePublicIpAddress: true - Groups: - - !Ref PermissiveSecurityGroup - Monitoring: - Enabled: true + VPC: !GetAtt VPCStack.Outputs.VPCID + GatewaysSubnets: !Join + - ',' + - - !GetAtt VPCStack.Outputs.PublicSubnet1ID + - !GetAtt VPCStack.Outputs.PublicSubnet2ID + - !If [3AZs, !GetAtt VPCStack.Outputs.PublicSubnet3ID, !Ref 'AWS::NoValue'] + - !If [4AZs, !GetAtt VPCStack.Outputs.PublicSubnet4ID, !Ref 'AWS::NoValue'] + GatewayName: !Ref GatewayName + GatewayInstanceType: !Ref GatewayInstanceType KeyName: !Ref KeyName - ImageId: !GetAtt AMI.Outputs.ImageId - InstanceType: !Ref GatewayInstanceType - MetadataOptions: - HttpTokens: !If [EnableMetaDataToken, required, optional] - BlockDeviceMappings: - - DeviceName: '/dev/xvda' - Ebs: - Encrypted: !Ref EnableVolumeEncryption - VolumeType: !Ref VolumeType - VolumeSize: !Ref VolumeSize - IamInstanceProfile: - Name: !If [EnableCloudWatch, !Ref InstanceProfile, !Ref 'AWS::NoValue'] - UserData: - 'Fn::Base64': - !Join - - |+ - - - - '#cloud-config' - - 'runcmd:' - - ' - |' - - ' set -e' - - !Sub ' admin_shell=${Shell} ; allow_info=${AllowUploadDownload} ; cw=${CloudWatch} ; eic=${EnableInstanceConnect}' - - !Join ['', [' sic="$(echo ', 'Fn::Base64': !Ref GatewaySICKey, ')"']] - - !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']] - - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']] - - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" sicKey=\"${sic}\" installationType=\"autoscale\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"autoscale\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" bootstrapScript64=\"${bootstrap}\"' - VersionDescription: Initial template version - GatewayScaleUpPolicy: - Type: AWS::AutoScaling::ScalingPolicy - Properties: - AdjustmentType: ChangeInCapacity - AutoScalingGroupName: !Ref GatewayGroup - Cooldown: 300 - ScalingAdjustment: 1 - GatewayScaleDownPolicy: - Type: AWS::AutoScaling::ScalingPolicy - Properties: - AdjustmentType: ChangeInCapacity - AutoScalingGroupName: !Ref GatewayGroup - Cooldown: 300 - ScalingAdjustment: -1 - CPUAlarmHigh: - Type: AWS::CloudWatch::Alarm - Properties: - AlarmDescription: Scale-up if CPU > 80% for 10 minutes. - MetricName: CPUUtilization - Namespace: AWS/EC2 - Statistic: Average - Period: 300 - EvaluationPeriods: 2 - Threshold: 80 - AlarmActions: - - !Ref GatewayScaleUpPolicy - Dimensions: - - Name: AutoScalingGroupName - Value: !Ref GatewayGroup - ComparisonOperator: GreaterThanThreshold - CPUAlarmLow: - Type: AWS::CloudWatch::Alarm - Properties: - AlarmDescription: Scale-down if CPU < 60% for 10 minutes. - MetricName: CPUUtilization - Namespace: AWS/EC2 - Statistic: Average - Period: 300 - EvaluationPeriods: 2 - Threshold: 60 - AlarmActions: - - !Ref GatewayScaleDownPolicy - Dimensions: - - Name: AutoScalingGroupName - Value: !Ref GatewayGroup - ComparisonOperator: LessThanThreshold - ELBSecurityGroup: - Type: AWS::EC2::SecurityGroup - Condition: CreateELB - Properties: - GroupDescription: ELB security group. - VpcId: !GetAtt VPCStack.Outputs.VPCID - SecurityGroupIngress: - - IpProtocol: tcp - CidrIp: !Ref ELBClients - FromPort: !Ref ELBPort - ToPort: !Ref ELBPort + VolumeSize: !Ref VolumeSize + VolumeType: !Ref VolumeType + EnableVolumeEncryption: !Ref EnableVolumeEncryption + EnableInstanceConnect: !Ref EnableInstanceConnect + MetaDataToken: !Ref MetaDataToken + GatewaysMinSize: !Ref GatewaysMinSize + GatewaysMaxSize: !Ref GatewaysMaxSize + AdminEmail: !Ref AdminEmail + GatewaysTargetGroups: !Ref GatewaysTargetGroups + GatewayVersion: !Ref GatewayVersion + Shell: !Ref Shell + GatewayPasswordHash: !Ref GatewayPasswordHash + GatewayMaintenancePasswordHash: !Ref GatewayMaintenancePasswordHash + GatewaySICKey: !Ref GatewaySICKey + AllowUploadDownload: !Ref AllowUploadDownload + CloudWatch: !Ref CloudWatch + GatewayBootstrapScript: !Ref GatewayBootstrapScript + ControlGatewayOverPrivateOrPublicAddress: !Ref ControlGatewayOverPrivateOrPublicAddress + ManagementServer: !Ref ManagementServer + ConfigurationTemplate: !Ref ConfigurationTemplate + ELBType: !Ref ELBType + ELBPort: !Ref ELBPort + ELBClients: !Ref ELBClients + AutoScaleGroupName: !Ref AutoScaleGroupName Outputs: URL: Description: The URL of the Proxy. Condition: CreateELB - Value: !Join ['', ['http://', !GetAtt ElasticLoadBalancer.DNSName]] + Value: !GetAtt AutoScaleStack.Outputs.URL SecurityGroup: Description: The Security Group of the Auto Scaling group. - Value: !GetAtt PermissiveSecurityGroup.GroupId \ No newline at end of file + Value: !GetAtt AutoScaleStack.Outputs.SecurityGroup diff --git a/aws/templates/management/management-master.yaml b/aws/templates/management/management-master.yaml index 63cfd538..8570c919 100755 --- a/aws/templates/management/management-master.yaml +++ b/aws/templates/management/management-master.yaml @@ -1,5 +1,7 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point Management Server into a new VPC (__VERSION__) +Description: | + Deploys a Check Point Management Server into a new VPC (20250821) + See sk130372 administration guide for detailed deployment and configuration steps. Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -445,22 +447,11 @@ Parameters: AllowedPattern: '[\.a-zA-Z0-9\-]*' Conditions: EIP: !Equals [!Ref AllocatePublicAddress, true] - ManageOverInternet: !Equals [!Ref GatewayManagement, Over the internet] - ManageOverInternetAndEIP: !And [!Condition EIP, !Condition ManageOverInternet] - CreateRole: !Or - - !Equals [!Ref ManagementPermissions, Create with assume role permissions (specify an STS role ARN)] - - !Equals [!Ref ManagementPermissions, Create with read permissions] - - !Equals [!Ref ManagementPermissions, Create with read-write permissions] - EncryptedVolume: !Not [!Equals [!Ref VolumeEncryption, '']] - UseRole: !Not [!Equals [!Ref ManagementPermissions, None (configure later)]] - NoSIC: !Equals [!Ref SICKey, ''] - PreRole: !And [!Condition UseRole, !Not [!Condition CreateRole]] - EnableMetaDataToken: !Equals [!Ref MetaDataToken, true] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Ref AvailabilityZone NumberOfAZs: 1 @@ -468,174 +459,50 @@ Resources: PublicSubnet1CIDR: !Ref PublicSubnet1CIDR CreatePrivateSubnets: false CreateAttachmentSubnets: false - AMI: + ManagementStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.us-east-1.amazonaws.com/management/management.yaml Parameters: - Version: !Join ['-', [!Ref ManagementVersion, MGMT]] - ManagementReadyHandle: - Type: AWS::CloudFormation::WaitConditionHandle - Condition: EIP - Properties: {} - ManagementReadyCondition: - Type: AWS::CloudFormation::WaitCondition - Condition: EIP - DependsOn: ManagementInstance - Properties: - Handle: !Ref ManagementReadyHandle - Timeout: 1800 - ManagementSecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: Management security group - VpcId: !GetAtt VPCStack.Outputs.VPCID - SecurityGroupIngress: - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 257 - ToPort: 257 - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 8211 - ToPort: 8211 - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 18191 - ToPort: 18191 - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 18192 - ToPort: 18192 - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 18208 - ToPort: 18208 - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 18210 - ToPort: 18210 - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 18211 - ToPort: 18211 - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 18221 - ToPort: 18221 - - CidrIp: !Ref GatewaysAddresses - IpProtocol: tcp - FromPort: 18264 - ToPort: 18264 - - CidrIp: !Ref AdminCIDR - IpProtocol: tcp - FromPort: 22 - ToPort: 22 - - CidrIp: !Ref AdminCIDR - IpProtocol: tcp - FromPort: 443 - ToPort: 443 - - CidrIp: !Ref AdminCIDR - IpProtocol: tcp - FromPort: 18190 - ToPort: 18190 - - CidrIp: !Ref AdminCIDR - IpProtocol: tcp - FromPort: 19009 - ToPort: 19009 - ManagementRoleStack: - Type: AWS::CloudFormation::Stack - Condition: CreateRole - Properties: - TemplateURL: __URL__/iam/cme-iam-role.yaml - Parameters: - Permissions: !Ref ManagementPermissions - STSRoles: !Join [',', !Ref ManagementSTSRoles] - InstanceProfile: - Type: AWS::IAM::InstanceProfile - Condition: PreRole - Properties: - Path: / - Roles: - - !Ref ManagementPredefinedRole - ManagementInstance: - Type: AWS::EC2::Instance - DependsOn: ManagementLaunchTemplate - Properties: - LaunchTemplate: - LaunchTemplateId: !Ref ManagementLaunchTemplate - Version: !GetAtt ManagementLaunchTemplate.LatestVersionNumber - DisableApiTermination: !Ref TerminationProtection - Tags: - - Key: Name - Value: !Ref ManagementName - NetworkInterfaces: - - DeviceIndex: 0 - AssociatePublicIpAddress: false - Description: eth0 - GroupSet: - - !Ref ManagementSecurityGroup - DeleteOnTermination: true - SubnetId: !GetAtt VPCStack.Outputs.PublicSubnet1ID - ManagementLaunchTemplate: - Type: AWS::EC2::LaunchTemplate - Properties: - LaunchTemplateData: + VPC: !GetAtt VPCStack.Outputs.VPCID + ManagementSubnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID + ManagementName: !Ref ManagementName + ManagementInstanceType: !Ref ManagementInstanceType KeyName: !Ref KeyName - ImageId: !GetAtt AMI.Outputs.ImageId - InstanceType: !Ref ManagementInstanceType - MetadataOptions: - HttpTokens: !If [EnableMetaDataToken, required, optional] - BlockDeviceMappings: - - DeviceName: '/dev/xvda' - Ebs: - Encrypted: !If [ EncryptedVolume, true, false ] - KmsKeyId: !If [ EncryptedVolume, !Ref VolumeEncryption, !Ref 'AWS::NoValue' ] - VolumeType: !Ref VolumeType - VolumeSize: !Ref VolumeSize - IamInstanceProfile: - Name: !If [ UseRole, !If [ PreRole, !Ref InstanceProfile, !GetAtt ManagementRoleStack.Outputs.CMEIAMRole ], !Ref 'AWS::NoValue' ] - UserData: - 'Fn::Base64': - !Join - - |+ - - - - '#cloud-config' - - 'runcmd:' - - ' - |' - - ' set -e' - - !Sub ' admin_shell=${Shell} ; allow_info=${AllowUploadDownload} ; hostname=${ManagementHostname} ; eic=${EnableInstanceConnect} ; admin_subnet=${AdminCIDR} ; eip=${AllocatePublicAddress} ; ntp1=${NTPPrimary} ; ntp2=${NTPSecondary} ; mgmt_install_type=''${ManagementInstallationType}''' - - !If [EIP, !Sub ' wait_handle=''${ManagementReadyHandle}''',!Ref 'AWS::NoValue'] - - !If [NoSIC, ' sic=""', !Join ['', [' sic="$(echo ', 'Fn::Base64': !Ref SICKey, ')"']]] - - !If [ManageOverInternetAndEIP, ' pub_mgmt=true', ' pub_mgmt=false'] - - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref ManagementBootstrapScript, ')"']] - - !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref ManagementPasswordHash, ')"']] - - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref ManagementMaintenancePasswordHash, ')"']] - - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref ManagementVersion]]}] - - ' python3 /etc/cloud_config.py waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" installationType=\"management\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"management\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" "management_installation_type=\"${mgmt_install_type}\"" adminSubnet=\"${admin_subnet}\" allocatePublicAddress=\"${eip}\" overTheInternet=\"${pub_mgmt}\" bootstrapScript64=\"${bootstrap}\"' - VersionDescription: Initial template version - PublicAddress: - Type: AWS::EC2::EIP - Condition: EIP - Properties: - Domain: vpc - AddressAssoc: - Type: AWS::EC2::EIPAssociation - Condition: EIP - DependsOn: ManagementInstance - Properties: - InstanceId: !Ref ManagementInstance - AllocationId: !GetAtt PublicAddress.AllocationId + AllocatePublicAddress: !Ref AllocatePublicAddress + VolumeSize: !Ref VolumeSize + VolumeType: !Ref VolumeType + VolumeEncryption: !Ref VolumeEncryption + EnableInstanceConnect: !Ref EnableInstanceConnect + TerminationProtection: !Ref TerminationProtection + MetaDataToken: !Ref MetaDataToken + ManagementPermissions: !Ref ManagementPermissions + ManagementPredefinedRole: !Ref ManagementPredefinedRole + ManagementSTSRoles: !Join [',', !Ref ManagementSTSRoles] + AdminCIDR: !Ref AdminCIDR + GatewaysAddresses: !Ref GatewaysAddresses + ManagementVersion: !Ref ManagementVersion + Shell: !Ref Shell + ManagementPasswordHash: !Ref ManagementPasswordHash + ManagementMaintenancePasswordHash: !Ref ManagementMaintenancePasswordHash + SICKey: !Ref SICKey + ManagementHostname: !Ref ManagementHostname + ManagementInstallationType: !Ref ManagementInstallationType + AllowUploadDownload: !Ref AllowUploadDownload + GatewayManagement: !Ref GatewayManagement + ManagementBootstrapScript: !Ref ManagementBootstrapScript + NTPPrimary: !Ref NTPPrimary + NTPSecondary: !Ref NTPSecondary Outputs: PublicAddress: Condition: EIP - Description: The public address of the Management Server. - Value: !Ref PublicAddress + Description: The public address of the management server. + Value: !GetAtt ManagementStack.Outputs.PublicAddress SSH: Condition: EIP - Description: SSH command. - Value: !Join ['', ['ssh -i ', !Ref KeyName, ' admin@', !Ref PublicAddress]] + Description: SSH command to the management server. + Value: !GetAtt ManagementStack.Outputs.SSH URL: Condition: EIP - Description: URL to the portal. - Value: !Join ['', ['https://', !Ref PublicAddress]] + Description: URL to the management server portal. + Value: !GetAtt ManagementStack.Outputs.URL