AWS CloudFormation templates

The Integration & Automation team has developed boilerplates for the Partner Solution entrypoint and workload templates. You can find these in Partner Solution Examples repo. These follow the new naming standard of “WorkloadName-entrypoint.template.yaml” and “WorkloadName-template.yaml”. Partner Solutions are moving away from JSON and all new Partner Solutions should be developed in YAML.

Entry Point and workload templates:

You’ll need both templates for your Partner Solution, as discussed in the Modularity section.

The Partner Solution Examples repo also includes code for integrating with AWS services, such as adding an Amazon Redshift cluster to your Partner Solution. Using these templates saves you time and ensures that you’re following AWS best practices.

AWS CloudFormation examples

We also recommend that you review the following templates and use them as building blocks for your Partner Solution. These are referenced in the entrypoint and workload template boilerplates. Reviewing these designs gives you better insight into your AWS CloudFormation code.

  • Building a new virtual private cloud (VPC) - This template builds a new Multi-AZ, multi-subnet VPC according to AWS best practices. The first set of private subnets share the default network access control list (ACL) from the VPC, and a second, optional set of private subnets include dedicated custom network ACLs per subnet. The Partner Solution divides the VPC address space in a predictable manner across 2-4 Availability Zones, and deploys either NAT instances or NAT gateways, depending on the AWS Region you deploy the Partner Solution in.

 

  • Adding bastion host functionality for secure Linux-based deployments - These templates deploy Linux bastion hosts that provide secure access to your Linux instances in public or private subnets. The two templates create a new VPC environment for the Linux bastion hosts or deploy them into an existing VPC environment.

 

  • Adding encrypted connections for secure Windows-based deployments - RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users and EC2 instances running Microsoft Windows, without needing to configure a virtual private network (VPN). This helps reduce the attack surface on your Windows-based instances while providing a remote administration solution for administrators. This set of templates automate three scenarios for RD Gateway deployments: new VPC, existing VPC (standalone), and existing VPC (domain-joined).

 

Partner Solution documentation templates

For documentation templates and instructions for documenting your Partner Solution, such as creating a deployment guide, refer to the Build your AWS Partner Solution documentation guide.