AWSTemplateFormatVersion: '2010-09-09' Parameters: DomainName: Default: corp.emr.local Description: Default Domain Name For SimpleAD Server. Do Not Change, as it may break other scripts AllowedValues: - corp.emr.local Type: String DomainShortName: Default: EmrSimpleAD Description: Subnet ID2 for creating the SimpleAD Type: String DefaultSubnet: Description: Subnet for EMR cluster and Ranger Server Type: AWS::EC2::Subnet::Id Subnet1SimpleAD: Description: Subnet ID1 for creating the SimpleAD Type: AWS::EC2::Subnet::Id Subnet2SimpleAD: Description: Subnet ID2 for creating the SimpleAD Type: AWS::EC2::Subnet::Id VPC: Description: VPC ID Type: AWS::EC2::VPC::Id VPCCidrBlock: AllowedPattern: '((\d{1,3})\.){3}\d{1,3}/\d{1,2}' Default: 10.0.0.0/16 Description: VPC CIDR Block (eg 10.0.0.0/16) Type: String KeyName: Description: Name of an existing EC2 KeyPair to enable SSH to the instances Type: AWS::EC2::KeyPair::KeyName CoreInstanceCount: Default: '3' Description: Number of core instances Type: Number RangerInstanceType: Default: m4.xlarge Description: Instance Type of the core node Type: String CoreInstanceType: Default: m5.2xlarge Description: Instance Type of the core node Type: String EMRClusterName: Default: EMR-EMRSecurityWithRangerV1 Description: Cluster name for the EMR Type: String EMRLogDir: Description: 'Log Dir for the EMR cluster. Eg: s3://xxx' Type: String AllowedPattern: ^s3://.* MasterInstanceType: Default: m4.2xlarge Description: Instance Type of the master node Type: String myDirectoryBaseDN: Description: Base DN Simple AD server Type: String AllowedValues: - dc=corp,dc=emr,dc=local Default: dc=corp,dc=emr,dc=local myDirectoryBindUser: Description: BindUser Simple AD server Type: String AllowedValues: - binduser@corp.emr.local Default: binduser@corp.emr.local myDirectoryAdminPassword: Description: Admin Password used to setup SimpleAD server Type: String NoEcho: true myDirectoryBindPassword: Description: BindPassword SimpleAD server Type: String NoEcho: true myDirectoryDefaultUserPassword: Description: Default Password for all users created in the SimpleAD server Type: String NoEcho: true rangerVersion: Description: 'RangerVersion. Expected values are : 0.6,0.7,1.0,2.0. NOTE: Use Ranger 0.6 if EMR version is 5.0' AllowedValues: - '0.6' - '0.7' - '1.0' - '2.0' Type: String Default: '2.0' emrReleaseLabel: Description: EMR Version. Pick Ranger 0.6 if EMR version is 5.0 or higher AllowedValues: - emr-5.0.0 - emr-5.4.0 - emr-5.16.0 - emr-5.17.0 - emr-5.26.0 - emr-5.27.0 - emr-5.28.0 - emr-5.28.1 - emr-5.29.0 - emr-5.30.0 Type: String Default: emr-5.29.0 s3artifactsRepoHttp: Default: https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-blog-emr-ranger Description: HTTP location of the repo. Type: String s3artifactsRepo: Default: s3://aws-bigdata-blog/artifacts/aws-blog-emr-ranger Description: S3 location of the repo. Type: String InstallPrestoRangerPlugin: Description: Install the Ranger Presto Plugin. NOTE - This needs Ranger 2.0 and has not been tested with all versions Default: false Type: String AllowedValues: [true, false] Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Artifacts repo Parameters: - s3artifactsRepoHttp - s3artifactsRepo - Label: default: Network Configuration Parameters: - VPC - Subnet1SimpleAD - Subnet2SimpleAD - KeyName - DefaultSubnet - Label: default: Domain Information Parameters: - DomainName - DomainShortName - myDirectoryAdminPassword - myDirectoryBaseDN - myDirectoryBindUser - myDirectoryBindPassword - myDirectoryDefaultUserPassword - Label: default: Ranger Information Parameters: - rangerVersion - RangerInstanceType - Label: default: EMR Information Parameters: - emrReleaseLabel - EMRClusterName - EMRLogDir - CoreInstanceType - MasterInstanceType - CoreInstanceCount Resources: SimpleAD: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Join - '' - - !Ref 's3artifactsRepoHttp' - /cloudformation/simple-ad-template.template Parameters: VPC: !Ref 'VPC' Subnet1SimpleAD: !Ref 'Subnet1SimpleAD' Subnet2SimpleAD: !Ref 'Subnet2SimpleAD' DomainPassword: !Ref 'myDirectoryAdminPassword' TimeoutInMinutes: '60' RangerServer: Type: AWS::CloudFormation::Stack DependsOn: - SimpleAD Properties: TemplateURL: !Join - '' - - !Ref 's3artifactsRepoHttp' - /cloudformation/ranger-server.template Parameters: VPC: !Ref 'VPC' VPCCidrBlock: !Ref 'VPCCidrBlock' KeyName: !Ref 'KeyName' Subnet: !Ref 'DefaultSubnet' InstanceType: !Ref 'RangerInstanceType' myDirectoryIPAddress: !GetAtt 'SimpleAD.Outputs.SimpleADIPAddress' myDirectoryBaseDN: !Ref 'myDirectoryBaseDN' myDirectoryBindUser: !Ref 'myDirectoryBindUser' rangerVersion: !Ref 'rangerVersion' s3artifactsRepoHttp: !Ref 's3artifactsRepoHttp' myDirectoryAdminPassword: !Ref 'myDirectoryAdminPassword' myDirectoryBindPassword: !Ref 'myDirectoryBindPassword' myDirectoryDefaultUserPassword: !Ref 'myDirectoryDefaultUserPassword' TimeoutInMinutes: '60' EMRCluster: Type: AWS::CloudFormation::Stack DependsOn: - RangerServer Properties: TemplateURL: !Join - '' - - !Ref 's3artifactsRepoHttp' - /cloudformation/emr-template.template Parameters: myDirectoryBindUser: !Ref 'myDirectoryBindUser' myDirectoryBindPassword: !Ref 'myDirectoryBindPassword' emrReleaseLabel: !Ref 'emrReleaseLabel' rangerVersion: !Ref 'rangerVersion' LDAPServerIP: !GetAtt 'SimpleAD.Outputs.SimpleADIPAddress' CoreInstanceCount: !Ref 'CoreInstanceCount' CoreInstanceType: !Ref 'CoreInstanceType' EMRClusterName: !Ref 'EMRClusterName' EMRLogDir: !Ref 'EMRLogDir' MasterInstanceType: !Ref 'MasterInstanceType' RangerHostname: !GetAtt 'RangerServer.Outputs.IPAddress' VPC: !Ref 'VPC' KeyName: !Ref 'KeyName' Subnet: !Ref 'DefaultSubnet' s3artifactsRepo: !Ref 's3artifactsRepo' InstallPrestoRangerPlugin: !Ref 'InstallPrestoRangerPlugin' TimeoutInMinutes: '60' Outputs: RangerServerIP: Value: !GetAtt 'RangerServer.Outputs.IPAddress' HueIPAddress: Value: !GetAtt 'EMRCluster.Outputs.IPAddress'