AWS CloudFormation templates

The Quick Start team has developed boilerplates for the Quick Start entrypoint and workload templates. You can find these in Quick Start Examples repo. These follow the new naming standard of “WorkloadName-entrypoint.template.yaml” and “WorkloadName-template.yaml”. Quick Starts are moving away from JSON and all new Quick Starts should be developed in YAML.

Entry Point and workload templates:

You’ll need both templates for your Quick Start, as discussed in the Modularity section.

The Quick Start Examples repo also includes code for integrating with AWS services, such as adding an Amazon Redshift cluster to your Quick Start. Using these templates will save you time and will ensure that you’re following AWS best practices. We’re planning to update the repo with new examples, so check back for more.

AWS CloudFormation examples

We also recommend that you review the following templates and use them as building blocks for your Quick Start. These are referenced in the entrypoint and workload template boilerplates. Reviewing these designs will give you better insight into your AWS CloudFormation code.

  • Building a new virtual private cloud (VPC) - This template builds a new Multi-AZ, multi-subnet VPC according to AWS best practices. The first set of private subnets share the default network access control list (ACL) from the VPC, and a second, optional set of private subnets include dedicated custom network ACLs per subnet. The Quick Start divides the VPC address space in a predictable manner across 2-4 Availability Zones, and deploys either NAT instances or NAT gateways, depending on the AWS Region you deploy the Quick Start in.


  • Adding bastion host functionality for secure Linux-based deployments - These templates deploy Linux bastion hosts that provide secure access to your Linux instances in public or private subnets. The two templates create a new VPC environment for the Linux bastion hosts or deploy them into an existing VPC environment.


  • Adding encrypted connections for secure Windows-based deployments - RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users and EC2 instances running Microsoft Windows, without needing to configure a virtual private network (VPN). This helps reduce the attack surface on your Windows-based instances while providing a remote administration solution for administrators. This set of templates automate three scenarios for RD Gateway deployments: new VPC, existing VPC (standalone), and existing VPC (domain-joined).


Quick Start documentation templates

For information on templates and other instructions for documenting your Quick Start, see the Providing content section.