wombat-cli 0.6.1 → 0.6.2

data/generator_files/templates/cfn.json.erb

@@ -1,674 +1,675 @@
-
-{
-  "AWSTemplateFormatVersion": "2010-09-09",
-  "Description": "wombat",
-  "Parameters": {
-    "AvailabilityZone": {
-      "Description": "Availability Zone",
-      "Type": "String",
-      "Default": "<%= @availability_zone %>"
-    },
-    "DemoName": {
-      "Description": "Name of the customer or organization",
-      "Type": "String",
-      "Default": "<%= @demo %>"
-    },
-    "Version": {
-      "Description": "Version",
-      "Type": "String",
-      "Default": "<%= @version %>"
-    },
-    "KeyName": {
-      "Description": "Name of an existing ec2 KeyPair to enable SSH access",
-      "Type": "AWS::EC2::KeyPair::KeyName",
-      "ConstraintDescription": "must be the name of an existing EC2 KeyPair."
-    },
-    "SSHLocation": {
-      "Description": "The IP address range that can be used to SSH to the EC2 instances",
-      "Type": "String",
-      "MinLength": "9",
-      "MaxLength": "18",
-      "Default": "0.0.0.0/0",
-      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
-      "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
-    },
-    "TTL": {
-      "Description": "Time in hours for the demo to stay active. Default is 4, maximum is 720 hours (30 days).",
-      "Type": "Number",
-      "Default": <%= @ttl %>,
-      "MinValue": 0,
-      "MaxValue": 720
-    },
-    "ChefServerAMI": {
-      "Type": "String",
-      "Default": "<%= @chef_server_ami %>",
-      "Description": "AMI ID for the Chef Server"
-    },
-    "ComplianceAMI": {
-      "Type": "String",
-      "Default": "<%= @compliance_ami %>",
-      "Description": "AMI ID for the Compliance Server"
-    },
-<% 1.upto(@build_nodes) do |i| -%>
-    "BuildNode<%= i.to_s %>AMI": {
-      "Type": "String",
-      "Default": "<%= @build_node_ami[i] %>",
-      "Description": "AMI ID for Build Node <%= i %>"
-    },
-<% end -%>
-<% @infra.each do |name, ami| -%>
-    "<%= name %>AMI": {
-      "Type": "String",
-      "Default": "<%= ami %>",
-      "Description": "AMI ID for <%= name %>"
-    },
-<% end -%>
-<% 1.upto(@workstations) do |i| -%>
-    "WindowsWorkstation<%= i.to_s %>AMI": {
-      "Type": "String",
-      "Default": "<%= @workstation_ami[i] %>",
-      "Description": "AMI ID for the Windows Workstation"
-    },
-<% end -%>
-    "AutomateAMI": {
-      "Type": "String",
-      "Default": "<%= @automate_ami %>",
-      "Description": "AMI ID for the Automate Server"
-    }
-  },
-  "Resources": {
-<% if @iam_roles -%>
-    "InstanceProfile" : {
-      "Type" : "AWS::IAM::InstanceProfile",
-      "Properties" : {
-        "Path" : "/",
-        "Roles" : <%= @iam_roles %>
-      }
-    },
-<% end -%>
-    "VPC": {
-      "Type": "AWS::EC2::VPC",
-      "Properties": {
-        "CidrBlock": "172.31.0.0/16",
-        "EnableDnsSupport": "true",
-        "EnableDnsHostnames": "true",
-        "Tags": [
-          {
-            "Key": "Application",
-            "Value": {
-              "Ref": "AWS::StackId"
-            },
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "VPC" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "SubnetAutomate": {
-      "Type": "AWS::EC2::Subnet",
-      "Properties": {
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-        "VpcId": {
-          "Ref": "VPC"
-        },
-        "CidrBlock": "172.31.54.0/24",
-        "Tags": [
-          {
-            "Key": "Application",
-            "Value": {
-              "Ref": "AWS::StackId"
-            },
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Automate Subnet" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "SubnetProd": {
-      "Type": "AWS::EC2::Subnet",
-      "Properties": {
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-        "VpcId": {
-          "Ref": "VPC"
-        },
-        "CidrBlock": "172.31.62.0/24",
-        "Tags": [
-          {
-            "Key": "Application",
-            "Value": {
-              "Ref": "AWS::StackId"
-            },
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Prod Subnet" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "SubnetWorkstations": {
-      "Type": "AWS::EC2::Subnet",
-      "Properties": {
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-        "VpcId": {
-          "Ref": "VPC"
-        },
-        "CidrBlock": "172.31.10.0/24",
-        "Tags": [
-          {
-            "Key": "Application",
-            "Value": {
-              "Ref": "AWS::StackId"
-            },
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Workstations Subnet" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "InternetGateway": {
-      "Type": "AWS::EC2::InternetGateway",
-      "Properties": {
-        "Tags": [
-          {
-            "Key": "Application",
-            "Value": {
-              "Ref": "AWS::StackId"
-            },
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, " IG" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "AttachGateway": {
-      "Type": "AWS::EC2::VPCGatewayAttachment",
-      "Properties": {
-        "VpcId": {
-          "Ref": "VPC"
-        },
-        "InternetGatewayId": {
-          "Ref": "InternetGateway"
-        }
-      }
-    },
-    "RouteTable": {
-      "Type": "AWS::EC2::RouteTable",
-      "Properties": {
-        "VpcId": {
-          "Ref": "VPC"
-        },
-        "Tags": [
-          {
-            "Key": "Application",
-            "Value": {
-              "Ref": "AWS::StackId"
-            },
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Demo RouteTable" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "Route": {
-      "Type": "AWS::EC2::Route",
-      "DependsOn": "AttachGateway",
-      "Properties": {
-        "RouteTableId": {
-          "Ref": "RouteTable"
-        },
-        "DestinationCidrBlock": "0.0.0.0/0",
-        "GatewayId": {
-          "Ref": "InternetGateway"
-        }
-      }
-    },
-    "SubnetRouteTableAssociationAutomate": {
-      "Type": "AWS::EC2::SubnetRouteTableAssociation",
-      "Properties": {
-        "SubnetId": {
-          "Ref": "SubnetAutomate"
-        },
-        "RouteTableId": {
-          "Ref": "RouteTable"
-        }
-      }
-    },
-    "SubnetRouteTableAssociationProd": {
-      "Type": "AWS::EC2::SubnetRouteTableAssociation",
-      "Properties": {
-        "SubnetId": {
-          "Ref": "SubnetProd"
-        },
-        "RouteTableId": {
-          "Ref": "RouteTable"
-        }
-      }
-    },
-    "SubnetRouteTableAssociationWorkstations": {
-      "Type": "AWS::EC2::SubnetRouteTableAssociation",
-      "Properties": {
-        "SubnetId": {
-          "Ref": "SubnetWorkstations"
-        },
-        "RouteTableId": {
-          "Ref": "RouteTable"
-        }
-      }
-    },
-    "NetworkAcl": {
-      "Type": "AWS::EC2::NetworkAcl",
-      "Properties": {
-        "VpcId": {
-          "Ref": "VPC"
-        },
-        "Tags": [
-          {
-            "Key": "Application",
-            "Value": {
-              "Ref": "AWS::StackId"
-            },
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "NetworkAcl" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "InboundNetworkAclEntry": {
-      "Type": "AWS::EC2::NetworkAclEntry",
-      "Properties": {
-        "NetworkAclId": {
-          "Ref": "NetworkAcl"
-        },
-        "RuleNumber": "100",
-        "Protocol": "-1",
-        "RuleAction": "allow",
-        "Egress": "false",
-        "CidrBlock": "0.0.0.0/0"
-      }
-    },
-    "OutBoundNetworkAclEntry": {
-      "Type": "AWS::EC2::NetworkAclEntry",
-      "Properties": {
-        "NetworkAclId": {
-          "Ref": "NetworkAcl"
-        },
-        "RuleNumber": "100",
-        "Protocol": "-1",
-        "RuleAction": "allow",
-        "Egress": "true",
-        "CidrBlock": "0.0.0.0/0"
-      }
-    },
-    "SubnetNetworkAclAssociationAutomate": {
-      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
-      "Properties": {
-        "SubnetId": {
-          "Ref": "SubnetAutomate"
-        },
-        "NetworkAclId": {
-          "Ref": "NetworkAcl"
-        }
-      }
-    },
-    "SubnetNetworkAclAssociationProd": {
-      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
-      "Properties": {
-        "SubnetId": {
-          "Ref": "SubnetProd"
-        },
-        "NetworkAclId": {
-          "Ref": "NetworkAcl"
-        }
-      }
-    },
-    "SubnetNetworkAclAssociationPOCWorkstations": {
-      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
-      "Properties": {
-        "SubnetId": {
-          "Ref": "SubnetWorkstations"
-        },
-        "NetworkAclId": {
-          "Ref": "NetworkAcl"
-        }
-      }
-    },
-<% 1.upto(@workstations) do |i| -%>
-    "WindowsWorkstation<%= i.to_s %>": {
-      "Type": "AWS::EC2::Instance",
-      "Properties": {
-        "InstanceType": "m3.large",
-<% if @iam_roles -%>
-        "IamInstanceProfile" : {"Ref" : "InstanceProfile"},
-<% end -%>
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-        "NetworkInterfaces": [
-          {
-            "GroupSet": [
-              {
-                "Ref": "DemoSecurityGroup"
-              }
-            ],
-            "AssociatePublicIpAddress": "true",
-            "PrivateIpAddress": "172.31.54.<%= 200 + i %>",
-            "DeviceIndex": "0",
-            "DeleteOnTermination": "true",
-            "SubnetId": {
-              "Ref": "SubnetAutomate"
-            }
-          }
-        ],
-        "KeyName": {
-          "Ref": "KeyName"
-        },
-        "ImageId": {
-              "Ref": "WindowsWorkstation<%= i.to_s %>AMI"
-        },
-        "Tags": [
-          {
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Workstation" ] ]
-            }
-          }
-        ]
-      }
-    },
-<% end -%>
-<% 1.upto(@build_nodes) do |i| -%>
-    "BuildNode<%= i.to_s %>": {
-      "Type": "AWS::EC2::Instance",
-      "Properties": {
-        "InstanceType": "m3.large",
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-        "NetworkInterfaces": [
-          {
-            "GroupSet": [
-              {
-                "Ref": "DemoSecurityGroup"
-              }
-            ],
-            "AssociatePublicIpAddress": "true",
-            "PrivateIpAddress": "172.31.54.<%= 50 + i %>",
-            "DeviceIndex": "0",
-            "DeleteOnTermination": "true",
-            "SubnetId": {
-              "Ref": "SubnetAutomate"
-            }
-          }
-        ],
-        "KeyName": { "Ref": "KeyName" },
-        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
-             "#!/bin/bash -xe\n",
-             "hostnamectl set-hostname build-node-<%= i.to_s %>\n"]]}
-        },
-        "ImageId": {
-              "Ref": "BuildNode<%= i.to_s %>AMI"
-        },
-        "Tags": [
-          {
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Build Node <%= i.to_s %>" ] ]
-            }
-          }
-        ]
-      }
-    },
-<% end -%>
-<% @infra.sort.each do |name, _ami| -%>
-    "<%= name %>": {
-      "Type": "AWS::EC2::Instance",
-      "Properties": {
-        "InstanceType": "m3.large",
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-        "NetworkInterfaces": [
-          {
-            "GroupSet": [
-              {
-                "Ref": "DemoSecurityGroup"
-              }
-            ],
-            "AssociatePublicIpAddress": "true",
-            "PrivateIpAddress": "172.31.54.<%= 101 + @infra.keys.find_index(name) %>",
-            "DeviceIndex": "0",
-            "DeleteOnTermination": "true",
-            "SubnetId": {
-              "Ref": "SubnetAutomate"
-            }
-          }
-        ],
-        "KeyName": { "Ref": "KeyName" },
-        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
-             "#!/bin/bash -xe\n",
-             "hostnamectl set-hostname <%= name %>\n"]]}
-        },
-        "ImageId": {
-              "Ref": "<%= name %>AMI"
-        },
-        "Tags": [
-          {
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "<%= name %>" ] ]
-            }
-          }
-        ]
-      }
-    },
-<% end -%>
-    "Chef": {
-      "Type": "AWS::EC2::Instance",
-      "Properties": {
-        "InstanceType": "c3.xlarge",
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-      	"BlockDeviceMappings" : [
-         	{
-        	  "DeviceName" : "/dev/sda1",
-        	  "Ebs" : { "VolumeSize" : "50" }
-         	}
-      	],
-        "NetworkInterfaces": [
-          {
-            "GroupSet": [
-              {
-                "Ref": "DemoSecurityGroup"
-              }
-            ],
-            "AssociatePublicIpAddress": "true",
-            "PrivateIpAddress": "172.31.54.10",
-            "DeviceIndex": "0",
-            "DeleteOnTermination": "true",
-            "SubnetId": {
-              "Ref": "SubnetAutomate"
-            }
-          }
-        ],
-        "KeyName": { "Ref": "KeyName" },
-        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
-             "#!/bin/bash -xe\n",
-             "hostnamectl set-hostname chef\n",
-             "chef-server-ctl reconfigure\n"]]}
-        },
-        "ImageId": {
-              "Ref": "ChefServerAMI"
-        },
-        "Tags": [
-          {
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Chef Server" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "Automate": {
-      "Type": "AWS::EC2::Instance",
-      "Properties": {
-        "InstanceType": "c3.xlarge",
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-      	"BlockDeviceMappings" : [
-         	{
-            	  "DeviceName" : "/dev/sda1",
-            	  "Ebs" : { "VolumeSize" : "50" }
-         	}
-      	] ,
-        "NetworkInterfaces": [
-          {
-            "GroupSet": [
-              {
-                "Ref": "DemoSecurityGroup"
-              }
-            ],
-            "AssociatePublicIpAddress": "true",
-            "PrivateIpAddress": "172.31.54.11",
-            "DeviceIndex": "0",
-            "DeleteOnTermination": "true",
-            "SubnetId": {
-              "Ref": "SubnetAutomate"
-            }
-          }
-        ],
-        "KeyName": { "Ref": "KeyName" },
-        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
-             "#!/bin/bash -xe\n",
-             "hostnamectl set-hostname automate\n",
-             "delivery-ctl reconfigure\n"]]}
-        },
-        "ImageId": {
-              "Ref": "AutomateAMI"
-        },
-        "Tags": [
-          {
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Automate Server" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "Compliance": {
-      "Type": "AWS::EC2::Instance",
-      "Properties": {
-        "InstanceType": "c3.large",
-        "AvailabilityZone": { "Ref": "AvailabilityZone" },
-        "BlockDeviceMappings" : [
-          {
-                "DeviceName" : "/dev/sda1",
-                "Ebs" : { "VolumeSize" : "8" }
-          }
-        ] ,
-        "NetworkInterfaces": [
-          {
-            "GroupSet": [
-              {
-                "Ref": "DemoSecurityGroup"
-              }
-            ],
-            "AssociatePublicIpAddress": "true",
-            "PrivateIpAddress": "172.31.54.12",
-            "DeviceIndex": "0",
-            "DeleteOnTermination": "true",
-            "SubnetId": {
-              "Ref": "SubnetAutomate"
-            }
-          }
-        ],
-        "KeyName": { "Ref": "KeyName" },
-        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
-             "#!/bin/bash -xe\n",
-             "hostnamectl set-hostname compliance\n",
-             "chef-compliance-ctl reconfigure\n"]]}
-        },
-        "ImageId": {
-              "Ref": "ComplianceAMI"
-        },
-        "Tags": [
-          {
-            "Key": "Name",
-            "Value": {
-              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Compliance Server" ] ]
-            }
-          }
-        ]
-      }
-    },
-    "DemoSecurityGroup": {
-      "Type": "AWS::EC2::SecurityGroup",
-      "Properties": {
-        "VpcId": {
-          "Ref": "VPC"
-        },
-        "GroupDescription": "Enable required ports for Chef Server",
-        "SecurityGroupIngress": [
-          {
-            "IpProtocol": "tcp",
-            "FromPort": "22",
-            "ToPort": "22",
-            "CidrIp": {
-              "Ref": "SSHLocation"
-            }
-          },
-          {
-            "IpProtocol": "tcp",
-            "FromPort": "0",
-            "ToPort": "65535",
-            "CidrIp": "172.31.0.0/16"
-          },
-          {
-            "IpProtocol": "tcp",
-            "FromPort": "3389",
-            "ToPort": "3389",
-            "CidrIp": "0.0.0.0/0"
-          },
-          {
-            "IpProtocol": "tcp",
-            "FromPort": "443",
-            "ToPort": "443",
-            "CidrIp": "0.0.0.0/0"
-          },
-          {
-            "IpProtocol": "icmp",
-            "FromPort": "8",
-            "ToPort": "-1",
-            "CidrIp": "0.0.0.0/0"
-          },
-          {
-            "IpProtocol": "udp",
-            "FromPort": "3389",
-            "ToPort": "3389",
-            "CidrIp": "0.0.0.0/0"
-          }
-        ]
-      }
-    }
-  },
-  "Outputs":
-<% workstations_hash = {} -%>
-<% 1.upto(@workstations) do |i|
-    workstations_hash["WindowsWorkstation#{i.to_s}PubDNS"] = {
-      "Description" => "Public IP address of the Windows Workstation",
-      "Value" => {
-        "Fn::GetAtt" => [
-          "WindowsWorkstation#{i.to_s}",
-          "PublicIp"
-          ]
-      }
-    }
-  end -%>
-<%=  workstations_hash.to_json %>
-}
+
+{
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "wombat (<%= @version %>)",
+  "Parameters": {
+    "AvailabilityZone": {
+      "Description": "Availability Zone",
+      "Type": "String",
+      "Default": "<%= @availability_zone %>"
+    },
+    "DemoName": {
+      "Description": "Name of the customer or organization",
+      "Type": "String",
+      "Default": "<%= @demo %>"
+    },
+    "Version": {
+      "Description": "Version",
+      "Type": "String",
+      "Default": "<%= @version %>"
+    },
+    "KeyName": {
+      "Description": "Name of an existing ec2 KeyPair to enable SSH access",
+      "Type": "AWS::EC2::KeyPair::KeyName",
+      "ConstraintDescription": "must be the name of an existing EC2 KeyPair."
+    },
+    "SSHLocation": {
+      "Description": "The IP address range that can be used to SSH to the EC2 instances",
+      "Type": "String",
+      "MinLength": "9",
+      "MaxLength": "18",
+      "Default": "0.0.0.0/0",
+      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
+      "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
+    },
+    "TTL": {
+      "Description": "Time in hours for the demo to stay active. Default is 4, maximum is 720 hours (30 days).",
+      "Type": "Number",
+      "Default": <%= @ttl %>,
+      "MinValue": 0,
+      "MaxValue": 720
+    },
+    "ChefServerAMI": {
+      "Type": "String",
+      "Default": "<%= @chef_server_ami %>",
+      "Description": "AMI ID for the Chef Server"
+    },
+    "ComplianceAMI": {
+      "Type": "String",
+      "Default": "<%= @compliance_ami %>",
+      "Description": "AMI ID for the Compliance Server"
+    },
+<% 1.upto(@build_nodes) do |i| -%>
+    "BuildNode<%= i.to_s %>AMI": {
+      "Type": "String",
+      "Default": "<%= @build_node_ami[i] %>",
+      "Description": "AMI ID for Build Node <%= i %>"
+    },
+<% end -%>
+<% @infra.each do |name, ami| -%>
+    "<%= name %>AMI": {
+      "Type": "String",
+      "Default": "<%= ami %>",
+      "Description": "AMI ID for <%= name %>"
+    },
+<% end -%>
+<% 1.upto(@workstations) do |i| -%>
+    "WindowsWorkstation<%= i.to_s %>AMI": {
+      "Type": "String",
+      "Default": "<%= @workstation_ami[i] %>",
+      "Description": "AMI ID for the Windows Workstation"
+    },
+<% end -%>
+    "AutomateAMI": {
+      "Type": "String",
+      "Default": "<%= @automate_ami %>",
+      "Description": "AMI ID for the Automate Server"
+    }
+  },
+  "Resources": {
+<% if @iam_roles -%>
+    "InstanceProfile" : {
+      "Type" : "AWS::IAM::InstanceProfile",
+      "Properties" : {
+        "Path" : "/",
+        "Roles" : <%= @iam_roles %>
+      }
+    },
+<% end -%>
+    "VPC": {
+      "Type": "AWS::EC2::VPC",
+      "Properties": {
+        "CidrBlock": "172.31.0.0/16",
+        "EnableDnsSupport": "true",
+        "EnableDnsHostnames": "true",
+        "Tags": [
+          {
+            "Key": "Application",
+            "Value": {
+              "Ref": "AWS::StackId"
+            },
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "VPC" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "SubnetAutomate": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+        "VpcId": {
+          "Ref": "VPC"
+        },
+        "CidrBlock": "172.31.54.0/24",
+        "Tags": [
+          {
+            "Key": "Application",
+            "Value": {
+              "Ref": "AWS::StackId"
+            },
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Automate Subnet" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "SubnetProd": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+        "VpcId": {
+          "Ref": "VPC"
+        },
+        "CidrBlock": "172.31.62.0/24",
+        "Tags": [
+          {
+            "Key": "Application",
+            "Value": {
+              "Ref": "AWS::StackId"
+            },
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Prod Subnet" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "SubnetWorkstations": {
+      "Type": "AWS::EC2::Subnet",
+      "Properties": {
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+        "VpcId": {
+          "Ref": "VPC"
+        },
+        "CidrBlock": "172.31.10.0/24",
+        "Tags": [
+          {
+            "Key": "Application",
+            "Value": {
+              "Ref": "AWS::StackId"
+            },
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Workstations Subnet" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "InternetGateway": {
+      "Type": "AWS::EC2::InternetGateway",
+      "Properties": {
+        "Tags": [
+          {
+            "Key": "Application",
+            "Value": {
+              "Ref": "AWS::StackId"
+            },
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, " IG" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "AttachGateway": {
+      "Type": "AWS::EC2::VPCGatewayAttachment",
+      "Properties": {
+        "VpcId": {
+          "Ref": "VPC"
+        },
+        "InternetGatewayId": {
+          "Ref": "InternetGateway"
+        }
+      }
+    },
+    "RouteTable": {
+      "Type": "AWS::EC2::RouteTable",
+      "Properties": {
+        "VpcId": {
+          "Ref": "VPC"
+        },
+        "Tags": [
+          {
+            "Key": "Application",
+            "Value": {
+              "Ref": "AWS::StackId"
+            },
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Demo RouteTable" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "Route": {
+      "Type": "AWS::EC2::Route",
+      "DependsOn": "AttachGateway",
+      "Properties": {
+        "RouteTableId": {
+          "Ref": "RouteTable"
+        },
+        "DestinationCidrBlock": "0.0.0.0/0",
+        "GatewayId": {
+          "Ref": "InternetGateway"
+        }
+      }
+    },
+    "SubnetRouteTableAssociationAutomate": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "SubnetAutomate"
+        },
+        "RouteTableId": {
+          "Ref": "RouteTable"
+        }
+      }
+    },
+    "SubnetRouteTableAssociationProd": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "SubnetProd"
+        },
+        "RouteTableId": {
+          "Ref": "RouteTable"
+        }
+      }
+    },
+    "SubnetRouteTableAssociationWorkstations": {
+      "Type": "AWS::EC2::SubnetRouteTableAssociation",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "SubnetWorkstations"
+        },
+        "RouteTableId": {
+          "Ref": "RouteTable"
+        }
+      }
+    },
+    "NetworkAcl": {
+      "Type": "AWS::EC2::NetworkAcl",
+      "Properties": {
+        "VpcId": {
+          "Ref": "VPC"
+        },
+        "Tags": [
+          {
+            "Key": "Application",
+            "Value": {
+              "Ref": "AWS::StackId"
+            },
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "NetworkAcl" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "InboundNetworkAclEntry": {
+      "Type": "AWS::EC2::NetworkAclEntry",
+      "Properties": {
+        "NetworkAclId": {
+          "Ref": "NetworkAcl"
+        },
+        "RuleNumber": "100",
+        "Protocol": "-1",
+        "RuleAction": "allow",
+        "Egress": "false",
+        "CidrBlock": "0.0.0.0/0"
+      }
+    },
+    "OutBoundNetworkAclEntry": {
+      "Type": "AWS::EC2::NetworkAclEntry",
+      "Properties": {
+        "NetworkAclId": {
+          "Ref": "NetworkAcl"
+        },
+        "RuleNumber": "100",
+        "Protocol": "-1",
+        "RuleAction": "allow",
+        "Egress": "true",
+        "CidrBlock": "0.0.0.0/0"
+      }
+    },
+    "SubnetNetworkAclAssociationAutomate": {
+      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "SubnetAutomate"
+        },
+        "NetworkAclId": {
+          "Ref": "NetworkAcl"
+        }
+      }
+    },
+    "SubnetNetworkAclAssociationProd": {
+      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "SubnetProd"
+        },
+        "NetworkAclId": {
+          "Ref": "NetworkAcl"
+        }
+      }
+    },
+    "SubnetNetworkAclAssociationPOCWorkstations": {
+      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
+      "Properties": {
+        "SubnetId": {
+          "Ref": "SubnetWorkstations"
+        },
+        "NetworkAclId": {
+          "Ref": "NetworkAcl"
+        }
+      }
+    },
+<% 1.upto(@workstations) do |i| -%>
+    "WindowsWorkstation<%= i.to_s %>": {
+      "Type": "AWS::EC2::Instance",
+      "Properties": {
+        "InstanceType": "c4.large",
+        "EbsOptimized" : "true",
+<% if @iam_roles -%>
+        "IamInstanceProfile" : {"Ref" : "InstanceProfile"},
+<% end -%>
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+        "NetworkInterfaces": [
+          {
+            "GroupSet": [
+              {
+                "Ref": "DemoSecurityGroup"
+              }
+            ],
+            "AssociatePublicIpAddress": "true",
+            "PrivateIpAddress": "172.31.54.<%= 200 + i %>",
+            "DeviceIndex": "0",
+            "DeleteOnTermination": "true",
+            "SubnetId": {
+              "Ref": "SubnetAutomate"
+            }
+          }
+        ],
+        "KeyName": {
+          "Ref": "KeyName"
+        },
+        "ImageId": {
+              "Ref": "WindowsWorkstation<%= i.to_s %>AMI"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Workstation" ] ]
+            }
+          }
+        ]
+      }
+    },
+<% end -%>
+<% 1.upto(@build_nodes) do |i| -%>
+    "BuildNode<%= i.to_s %>": {
+      "Type": "AWS::EC2::Instance",
+      "Properties": {
+        "InstanceType": "m3.large",
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+        "NetworkInterfaces": [
+          {
+            "GroupSet": [
+              {
+                "Ref": "DemoSecurityGroup"
+              }
+            ],
+            "AssociatePublicIpAddress": "true",
+            "PrivateIpAddress": "172.31.54.<%= 50 + i %>",
+            "DeviceIndex": "0",
+            "DeleteOnTermination": "true",
+            "SubnetId": {
+              "Ref": "SubnetAutomate"
+            }
+          }
+        ],
+        "KeyName": { "Ref": "KeyName" },
+        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
+             "#!/bin/bash -xe\n",
+             "hostnamectl set-hostname build-node-<%= i.to_s %>\n"]]}
+        },
+        "ImageId": {
+              "Ref": "BuildNode<%= i.to_s %>AMI"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Build Node <%= i.to_s %>" ] ]
+            }
+          }
+        ]
+      }
+    },
+<% end -%>
+<% @infra.sort.each do |name, _ami| -%>
+    "<%= name %>": {
+      "Type": "AWS::EC2::Instance",
+      "Properties": {
+        "InstanceType": "m3.large",
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+        "NetworkInterfaces": [
+          {
+            "GroupSet": [
+              {
+                "Ref": "DemoSecurityGroup"
+              }
+            ],
+            "AssociatePublicIpAddress": "true",
+            "PrivateIpAddress": "172.31.54.<%= 101 + @infra.keys.find_index(name) %>",
+            "DeviceIndex": "0",
+            "DeleteOnTermination": "true",
+            "SubnetId": {
+              "Ref": "SubnetAutomate"
+            }
+          }
+        ],
+        "KeyName": { "Ref": "KeyName" },
+        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
+             "#!/bin/bash -xe\n",
+             "hostnamectl set-hostname <%= name %>\n"]]}
+        },
+        "ImageId": {
+              "Ref": "<%= name %>AMI"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "<%= name %>" ] ]
+            }
+          }
+        ]
+      }
+    },
+<% end -%>
+    "Chef": {
+      "Type": "AWS::EC2::Instance",
+      "Properties": {
+        "InstanceType": "c3.xlarge",
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+      	"BlockDeviceMappings" : [
+         	{
+        	  "DeviceName" : "/dev/sda1",
+        	  "Ebs" : { "VolumeSize" : "50" }
+         	}
+      	],
+        "NetworkInterfaces": [
+          {
+            "GroupSet": [
+              {
+                "Ref": "DemoSecurityGroup"
+              }
+            ],
+            "AssociatePublicIpAddress": "true",
+            "PrivateIpAddress": "172.31.54.10",
+            "DeviceIndex": "0",
+            "DeleteOnTermination": "true",
+            "SubnetId": {
+              "Ref": "SubnetAutomate"
+            }
+          }
+        ],
+        "KeyName": { "Ref": "KeyName" },
+        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
+             "#!/bin/bash -xe\n",
+             "hostnamectl set-hostname chef\n",
+             "chef-server-ctl reconfigure\n"]]}
+        },
+        "ImageId": {
+              "Ref": "ChefServerAMI"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Chef Server" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "Automate": {
+      "Type": "AWS::EC2::Instance",
+      "Properties": {
+        "InstanceType": "c3.xlarge",
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+      	"BlockDeviceMappings" : [
+         	{
+            	  "DeviceName" : "/dev/sda1",
+            	  "Ebs" : { "VolumeSize" : "50" }
+         	}
+      	] ,
+        "NetworkInterfaces": [
+          {
+            "GroupSet": [
+              {
+                "Ref": "DemoSecurityGroup"
+              }
+            ],
+            "AssociatePublicIpAddress": "true",
+            "PrivateIpAddress": "172.31.54.11",
+            "DeviceIndex": "0",
+            "DeleteOnTermination": "true",
+            "SubnetId": {
+              "Ref": "SubnetAutomate"
+            }
+          }
+        ],
+        "KeyName": { "Ref": "KeyName" },
+        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
+             "#!/bin/bash -xe\n",
+             "hostnamectl set-hostname automate\n",
+             "delivery-ctl reconfigure\n"]]}
+        },
+        "ImageId": {
+              "Ref": "AutomateAMI"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Automate Server" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "Compliance": {
+      "Type": "AWS::EC2::Instance",
+      "Properties": {
+        "InstanceType": "c3.large",
+        "AvailabilityZone": { "Ref": "AvailabilityZone" },
+        "BlockDeviceMappings" : [
+          {
+                "DeviceName" : "/dev/sda1",
+                "Ebs" : { "VolumeSize" : "8" }
+          }
+        ] ,
+        "NetworkInterfaces": [
+          {
+            "GroupSet": [
+              {
+                "Ref": "DemoSecurityGroup"
+              }
+            ],
+            "AssociatePublicIpAddress": "true",
+            "PrivateIpAddress": "172.31.54.12",
+            "DeviceIndex": "0",
+            "DeleteOnTermination": "true",
+            "SubnetId": {
+              "Ref": "SubnetAutomate"
+            }
+          }
+        ],
+        "KeyName": { "Ref": "KeyName" },
+        "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
+             "#!/bin/bash -xe\n",
+             "hostnamectl set-hostname compliance\n",
+             "chef-compliance-ctl reconfigure\n"]]}
+        },
+        "ImageId": {
+              "Ref": "ComplianceAMI"
+        },
+        "Tags": [
+          {
+            "Key": "Name",
+            "Value": {
+              "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Compliance Server" ] ]
+            }
+          }
+        ]
+      }
+    },
+    "DemoSecurityGroup": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "VpcId": {
+          "Ref": "VPC"
+        },
+        "GroupDescription": "Enable required ports for Chef Server",
+        "SecurityGroupIngress": [
+          {
+            "IpProtocol": "tcp",
+            "FromPort": "22",
+            "ToPort": "22",
+            "CidrIp": {
+              "Ref": "SSHLocation"
+            }
+          },
+          {
+            "IpProtocol": "tcp",
+            "FromPort": "0",
+            "ToPort": "65535",
+            "CidrIp": "172.31.0.0/16"
+          },
+          {
+            "IpProtocol": "tcp",
+            "FromPort": "3389",
+            "ToPort": "3389",
+            "CidrIp": "0.0.0.0/0"
+          },
+          {
+            "IpProtocol": "tcp",
+            "FromPort": "443",
+            "ToPort": "443",
+            "CidrIp": "0.0.0.0/0"
+          },
+          {
+            "IpProtocol": "icmp",
+            "FromPort": "8",
+            "ToPort": "-1",
+            "CidrIp": "0.0.0.0/0"
+          },
+          {
+            "IpProtocol": "udp",
+            "FromPort": "3389",
+            "ToPort": "3389",
+            "CidrIp": "0.0.0.0/0"
+          }
+        ]
+      }
+    }
+  },
+  "Outputs":
+<% workstations_hash = {} -%>
+<% 1.upto(@workstations) do |i|
+    workstations_hash["WindowsWorkstation#{i.to_s}PubDNS"] = {
+      "Description" => "Public IP address of the Windows Workstation",
+      "Value" => {
+        "Fn::GetAtt" => [
+          "WindowsWorkstation#{i.to_s}",
+          "PublicIp"
+          ]
+      }
+    }
+  end -%>
+<%=  workstations_hash.to_json %>
+}