AWS CloudFormation templates

The Integration & Automation team has developed boilerplates for the Partner Solution entrypoint and workload templates. You can find these in Partner Solution examples repository. These follow the new naming standard of “workloadname-entrypoint.template.yaml” and “workloadname-template.yaml”. Partner Solutions are moving away from JSON and all new Partner Solutions should be developed in YAML.

You can preview the entrypoint and workload templates:

Most Partner Solutions should use both templates, as discussed in the Modularity section.

The Partner Solution examples repository also includes code for integrating with AWS services, such as adding an Amazon Redshift cluster to your Partner Solution. Using these templates saves you time and ensures that you’re following AWS best practices.

AWS CloudFormation architecture examples

Review the following examples, and use the associated template files as building blocks for your Partner Solution. These are referenced in the entrypoint and workload template boilerplates. Reviewing these designs gives you better insight into your AWS CloudFormation code.

Example 1: Building a new virtual private cloud (VPC)

This example comprises a new Multi-AZ, multisubnet VPC according to AWS best practices. In the first set of private subnets, the subnets share the default network access control list (ACL) from the VPC. A second (optional) set of private subnets includes dedicated custom network ACLs for each subnet. The Partner Solution divides the VPC address space in a predictable manner across two to four Availability Zones and deploys either NAT instances or NAT gateways, depending on the AWS Region you deploy the Partner Solution in.

Example 2: Adding bastion-host functionality for secure Linux-based deployments

In this example, Linux bastion hosts provide secure access to your Linux instances in public or private subnets. The two templates give people a choice of creating a new VPC environment for the Linux bastion hosts or deploying them into an existing VPC environment.

Example 3: Adding encrypted connections for secure Windows-based deployments

RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote customers and EC2 instances running Microsoft Windows without needing to configure a virtual private network (VPN). This architecture helps reduce the attack surface on your Windows-based instances while providing a remote administration solution for administrators. Each of these three templates automates an RD Gateway–deployment scenario: new VPC, standalone existing VPC, and domain-joined existing VPC.

Additional templates

Documentation templates and examples

For templates, examples, and instructions for documenting your Partner Solution, refer to Build your AWS Partner Solution documentation.