This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Deployment Reference

CloudFormation template parameters and advanced deployment configuration options

Deployment Reference

Technical reference for CloudFormation template parameters and advanced deployment configurations for Ohlala SmartOps.

For step-by-step deployment, see the Getting Started Guide. This page is for technical reference and customization.

📋 Parameter Overview

The template supports two deployment modes:

NewVPC: Creates complete network infrastructure (recommended)
ExistingVPC: Integrates with your existing VPC

🔑 Required Parameters

Deployment Configuration

DeploymentMode

Type: String
Default: NewVPC
Allowed Values: NewVPC, ExistingVPC
Description: Choose to create a new VPC or use existing VPC infrastructure

ContainerImageTag

Type: String
Default: v1.0.0
Description: Container image tag version (e.g., v1.0.0, v1.1.0)
Example: v1.0.0

Microsoft Teams Configuration

MicrosoftAppId

Type: String
Description: Microsoft Teams Bot App ID
Format: GUID format
Example: 12345678-90ab-cdef-1234-567890abcdef
Where to find: Azure Portal → Bot Resource → Configuration
NoEcho: false

MicrosoftAppPassword

Type: String
Description: Microsoft Teams Bot App Password
Format: String with special characters
Example: abcDEF123~hijKLM456-nopQRS789.tuvWXY012
Where to find: Created during bot registration (save immediately!)
NoEcho: true (hidden in console)

MicrosoftAppTenantId

Type: String
Description: Microsoft Teams Tenant ID
Format: GUID format
Example: 87654321-abcd-efgh-4321-0987654321fe
Where to find: Azure Portal → Azure Active Directory → Overview
NoEcho: false

🏗️ Existing VPC Parameters

These parameters are required only when DeploymentMode: ExistingVPC:

ExistingVPCId

Type: String
Default: "" (empty)
Description: ID of existing VPC (e.g., vpc-12345678)
Pattern: ^(vpc-[0-9a-f]{8,17})?$
Example: vpc-0123456789abcdef0
Constraint: Must be a valid VPC ID or empty for NewVPC mode

ExistingPrivateSubnet1Id

Type: String
Default: "" (empty)
Description: ID of first private subnet (e.g., subnet-12345678)
Pattern: ^(subnet-[0-9a-f]{8,17})?$
Example: subnet-0123456789abcdef0
Requirement: Must be in different AZ from ExistingPrivateSubnet2Id

ExistingPrivateSubnet2Id

Type: String
Default: "" (empty)
Description: ID of second private subnet in different AZ (e.g., subnet-87654321)
Pattern: ^(subnet-[0-9a-f]{8,17})?$
Example: subnet-0fedcba9876543210
Requirement: Must be in different AZ from ExistingPrivateSubnet1Id

ExistingPublicSubnet1Id

Type: String
Default: "" (empty)
Description: ID of first public subnet (e.g., subnet-abcd1234)
Pattern: ^(subnet-[0-9a-f]{8,17})?$
Example: subnet-0abcd1234efgh5678
Requirement: Must be in different AZ from ExistingPublicSubnet2Id

ExistingPublicSubnet2Id

Type: String
Default: "" (empty)
Description: ID of second public subnet in different AZ (e.g., subnet-dcba4321)
Pattern: ^(subnet-[0-9a-f]{8,17})?$
Example: subnet-0dcba4321hgfe8765
Requirement: Must be in different AZ from ExistingPublicSubnet1Id

🌐 NewVPC Network Configuration

These parameters are optional and only used when DeploymentMode: NewVPC:

VPCCIDR

Type: String
Default: 10.0.0.0/16
Description: CIDR block for the VPC
Pattern: Valid IP CIDR range (x.x.x.x/x)
Example: 10.0.0.0/16

PublicSubnet1CIDR

Type: String
Default: 10.0.1.0/24
Description: CIDR block for public subnet 1
Pattern: Valid IP CIDR range (x.x.x.x/x)
Example: 10.0.1.0/24

PublicSubnet2CIDR

Type: String
Default: 10.0.2.0/24
Description: CIDR block for public subnet 2
Pattern: Valid IP CIDR range (x.x.x.x/x)
Example: 10.0.2.0/24

PrivateSubnet1CIDR

Type: String
Default: 10.0.10.0/24
Description: CIDR block for private subnet 1
Pattern: Valid IP CIDR range (x.x.x.x/x)
Example: 10.0.10.0/24

PrivateSubnet2CIDR

Type: String
Default: 10.0.11.0/24
Description: CIDR block for private subnet 2
Pattern: Valid IP CIDR range (x.x.x.x/x)
Example: 10.0.11.0/24

EnableNATGateway

Type: String
Default: "true"
Allowed Values: "true", "false"
Description: Enable NAT Gateway for private subnets
Cost Impact: NAT Gateway adds ~$32/month
Recommendation: Set to "false" for cost savings if outbound internet not needed

📤 Stack Outputs

The template provides these outputs after successful deployment:

APIGatewayEndpoint

Description: API Gateway endpoint URL
Format: https://{ApiGateway}.execute-api.{Region}.amazonaws.com/prod-{StackName}
Usage: Base URL for API access

TeamsWebhookURL

Description: URL to configure in Microsoft Teams Bot Framework
Format: https://{ApiGateway}.execute-api.{Region}.amazonaws.com/prod-{StackName}/api/messages
Usage: Set this as the messaging endpoint in Azure Bot Configuration

ECSCluster

Description: ECS Cluster Name
Format: OhlalaSmartOps-Cluster-{StackName}
Usage: For monitoring and management

ECSService

Description: ECS Service Name
Format: OhlalaSmartOps-Service-{StackName}
Usage: For monitoring and scaling

VPCId

Description: VPC ID (created or existing)
Format: vpc-xxxxxxxxx
Usage: For reference and additional resource creation

🚀 Deployment Examples

Simple NewVPC Deployment

Parameters:
  DeploymentMode: NewVPC
  ContainerImageTag: v1.0.0
  MicrosoftAppId: "12345678-90ab-cdef-1234-567890abcdef"
  MicrosoftAppPassword: "your-secret-password"
  MicrosoftAppTenantId: "87654321-abcd-efgh-4321-0987654321fe"
  EnableNATGateway: "false"  # Cost optimization

Custom NewVPC with Different CIDR

Parameters:
  DeploymentMode: NewVPC
  VPCCIDR: "172.16.0.0/16"
  PublicSubnet1CIDR: "172.16.1.0/24"
  PublicSubnet2CIDR: "172.16.2.0/24"
  PrivateSubnet1CIDR: "172.16.10.0/24"
  PrivateSubnet2CIDR: "172.16.11.0/24"
  EnableNATGateway: "true"
  # ... Teams parameters

ExistingVPC Deployment

Parameters:
  DeploymentMode: ExistingVPC
  ExistingVPCId: "vpc-0123456789abcdef0"
  ExistingPrivateSubnet1Id: "subnet-0123456789abcdef0"
  ExistingPrivateSubnet2Id: "subnet-0fedcba9876543210"
  ExistingPublicSubnet1Id: "subnet-0abcd1234efgh5678"
  ExistingPublicSubnet2Id: "subnet-0dcba4321hgfe8765"
  # ... Teams parameters

🔍 Parameter Validation

The template includes validation rules:

Pattern Validation

VPC IDs: Must match vpc- followed by 8-17 hex characters
Subnet IDs: Must match subnet- followed by 8-17 hex characters
CIDR Blocks: Must be valid IP CIDR format

Logical Validation

ExistingVPC mode requires all four subnet IDs
Subnets must be in at least 2 different availability zones
CIDR blocks must not overlap

Cross-Parameter Rules

If DeploymentMode: ExistingVPC, all existing VPC parameters are required
If DeploymentMode: NewVPC, existing VPC parameters are ignored

💰 Cost Impact by Parameter

Parameter	Cost Impact	Notes
`EnableNATGateway: "true"`	+$32/month	Only for NewVPC mode
`EnableNATGateway: "false"`	$0	Saves money but no outbound internet
`DeploymentMode: ExistingVPC`	$0	Uses existing network infrastructure
`ContainerImageTag`	$0	No cost difference between versions

🚨 Common Parameter Errors

Missing Required Parameters

Template validation error: Parameter 'MicrosoftAppId' must have a value

Solution: Provide all required Teams configuration parameters

Invalid VPC ID Format

Parameter validation failed: vpc-invalid does not match pattern

Solution: Use correct format: vpc- + 8-17 hex characters

Subnet AZ Requirements Not Met

The subnet IDs must be in at least two different availability zones

Solution: Choose subnets from different AZs in your region

ExistingVPC Missing Parameters

When using ExistingVPC mode, you must provide all subnet IDs

Solution: Provide all four subnet parameters for ExistingVPC mode

📚 Additional Resources

Getting Started Guide - Step-by-step deployment
AWS CloudFormation User Guide ↗️
VPC Configuration Best Practices ↗️