This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Deployment Reference

CloudFormation template parameters and advanced deployment configuration options

Parameter Overview

The template supports two deployment modes:

  • NewVPC: Creates complete network infrastructure (recommended)
  • ExistingVPC: Integrates with your existing VPC

Required Parameters

Deployment Configuration

DeploymentMode

  • Type: String
  • Default: NewVPC
  • Allowed Values: NewVPC, ExistingVPC
  • Description: Choose to create a new VPC or use existing VPC infrastructure

ContainerImageTag

  • Type: String
  • Default: v1.1.0
  • Description: Container image tag version (e.g., v1.0.0, v1.1.0)
  • Example: v1.1.0

Microsoft Teams Configuration

MicrosoftAppId

  • Type: String
  • Description: Microsoft Teams Bot App ID
  • Format: GUID format
  • Example: 12345678-90ab-cdef-1234-567890abcdef
  • Where to find: Azure Portal → Bot Resource → Configuration
  • NoEcho: false

MicrosoftAppPassword

  • Type: String
  • Description: Microsoft Teams Bot App Password
  • Format: String with special characters
  • Example: abcDEF123~hijKLM456-nopQRS789.tuvWXY012
  • Where to find: Created during bot registration (save immediately!)
  • NoEcho: true (hidden in console)

MicrosoftAppTenantId

  • Type: String
  • Description: Microsoft Teams Tenant ID
  • Format: GUID format
  • Example: 87654321-abcd-efgh-4321-0987654321fe
  • Where to find: Azure Portal → Azure Active Directory → Overview
  • NoEcho: false

Google Chat Configuration (Optional)

These parameters are optional and only needed if you want to enable Google Chat integration.

GoogleChatEnabled

  • Type: String
  • Default: "false"
  • Allowed Values: "true", "false"
  • Description: Enable Google Chat integration
  • When to enable: If your organization uses Google Workspace and Google Chat

GoogleChatProjectId

  • Type: String
  • Default: "" (empty)
  • Description: Google Cloud Project ID for Google Chat integration
  • Format: lowercase letters, numbers, and hyphens
  • Example: my-company-smartops-123456
  • Where to find: Google Cloud Console → Project selector → Project ID
  • NoEcho: false

GoogleChatServiceAccountInfo

  • Type: String
  • Default: "" (empty)
  • Description: Google Chat service account JSON key (single line)
  • Format: JSON string on a single line
  • Where to find: GCP Console → IAM → Service Accounts → Keys → Create JSON key
  • NoEcho: true (hidden in console)
  • Important: Must be minified to a single line. Use cat key.json | jq -c on Linux/Mac

AI Features (Optional)

EnableAIInsights

  • Type: String
  • Default: "false"
  • Allowed Values: "true", "false"
  • Description: Enable AI-powered insights in instance reports (uses Claude Sonnet 4 via Bedrock)
  • When to enable: For enhanced analysis and recommendations in reports

Existing VPC Parameters

These parameters are required only when DeploymentMode: ExistingVPC:

ExistingVPCId

  • Type: String
  • Default: "" (empty)
  • Description: ID of existing VPC (e.g., vpc-12345678)
  • Pattern: ^(vpc-[0-9a-f]{8,17})?$
  • Example: vpc-0123456789abcdef0
  • Constraint: Must be a valid VPC ID or empty for NewVPC mode

ExistingPrivateSubnet1Id

  • Type: String
  • Default: "" (empty)
  • Description: ID of first private subnet (e.g., subnet-12345678)
  • Pattern: ^(subnet-[0-9a-f]{8,17})?$
  • Example: subnet-0123456789abcdef0
  • Requirement: Must be in different AZ from ExistingPrivateSubnet2Id

ExistingPrivateSubnet2Id

  • Type: String
  • Default: "" (empty)
  • Description: ID of second private subnet in different AZ (e.g., subnet-87654321)
  • Pattern: ^(subnet-[0-9a-f]{8,17})?$
  • Example: subnet-0fedcba9876543210
  • Requirement: Must be in different AZ from ExistingPrivateSubnet1Id

ExistingPublicSubnet1Id

  • Type: String
  • Default: "" (empty)
  • Description: ID of first public subnet (e.g., subnet-abcd1234)
  • Pattern: ^(subnet-[0-9a-f]{8,17})?$
  • Example: subnet-0abcd1234efgh5678
  • Requirement: Must be in different AZ from ExistingPublicSubnet2Id

ExistingPublicSubnet2Id

  • Type: String
  • Default: "" (empty)
  • Description: ID of second public subnet in different AZ (e.g., subnet-dcba4321)
  • Pattern: ^(subnet-[0-9a-f]{8,17})?$
  • Example: subnet-0dcba4321hgfe8765
  • Requirement: Must be in different AZ from ExistingPublicSubnet1Id

NewVPC Network Configuration

These parameters are optional and only used when DeploymentMode: NewVPC:

VPCCIDR

  • Type: String
  • Default: 10.0.0.0/16
  • Description: CIDR block for the VPC
  • Pattern: Valid IP CIDR range (x.x.x.x/x)
  • Example: 10.0.0.0/16

PublicSubnet1CIDR

  • Type: String
  • Default: 10.0.1.0/24
  • Description: CIDR block for public subnet 1
  • Pattern: Valid IP CIDR range (x.x.x.x/x)
  • Example: 10.0.1.0/24

PublicSubnet2CIDR

  • Type: String
  • Default: 10.0.2.0/24
  • Description: CIDR block for public subnet 2
  • Pattern: Valid IP CIDR range (x.x.x.x/x)
  • Example: 10.0.2.0/24

PrivateSubnet1CIDR

  • Type: String
  • Default: 10.0.10.0/24
  • Description: CIDR block for private subnet 1
  • Pattern: Valid IP CIDR range (x.x.x.x/x)
  • Example: 10.0.10.0/24

PrivateSubnet2CIDR

  • Type: String
  • Default: 10.0.11.0/24
  • Description: CIDR block for private subnet 2
  • Pattern: Valid IP CIDR range (x.x.x.x/x)
  • Example: 10.0.11.0/24

EnableNATGateway

  • Type: String
  • Default: "true"
  • Allowed Values: "true", "false"
  • Description: Enable NAT Gateway for private subnets
  • Cost Impact: NAT Gateway adds ~$32/month
  • Recommendation: Set to "false" for cost savings if outbound internet not needed

Stack Outputs

The template provides these outputs after successful deployment:

APIGatewayEndpoint

  • Description: API Gateway endpoint URL
  • Format: https://{ApiGateway}.execute-api.{Region}.amazonaws.com/prod-{StackName}
  • Usage: Base URL for API access

TeamsWebhookURL

  • Description: URL to configure in Microsoft Teams Bot Framework
  • Format: https://{ApiGateway}.execute-api.{Region}.amazonaws.com/prod-{StackName}/api/messages
  • Usage: Set this as the messaging endpoint in Azure Bot Configuration

GoogleChatWebhookURL

  • Description: URL to configure in Google Chat API Configuration
  • Format: https://{ApiGateway}.execute-api.{Region}.amazonaws.com/prod-{StackName}/api/google-chat
  • Usage: Set this as the App URL in Google Cloud Console → Chat API Configuration

ECSCluster

  • Description: ECS Cluster Name
  • Format: OhlalaSmartOps-Cluster-{StackName}
  • Usage: For monitoring and management

ECSService

  • Description: ECS Service Name
  • Format: OhlalaSmartOps-Service-{StackName}
  • Usage: For monitoring and scaling

VPCId

  • Description: VPC ID (created or existing)
  • Format: vpc-xxxxxxxxx
  • Usage: For reference and additional resource creation

Deployment Examples

Simple NewVPC Deployment

Parameters:
  DeploymentMode: NewVPC
  ContainerImageTag: v1.1.0
  MicrosoftAppId: "12345678-90ab-cdef-1234-567890abcdef"
  MicrosoftAppPassword: "your-secret-password"
  MicrosoftAppTenantId: "87654321-abcd-efgh-4321-0987654321fe"
  EnableNATGateway: "false"  # Cost optimization

Custom NewVPC with Different CIDR

Parameters:
  DeploymentMode: NewVPC
  VPCCIDR: "172.16.0.0/16"
  PublicSubnet1CIDR: "172.16.1.0/24"
  PublicSubnet2CIDR: "172.16.2.0/24"
  PrivateSubnet1CIDR: "172.16.10.0/24"
  PrivateSubnet2CIDR: "172.16.11.0/24"
  EnableNATGateway: "true"
  # ... Teams parameters

ExistingVPC Deployment

Parameters:
  DeploymentMode: ExistingVPC
  ExistingVPCId: "vpc-0123456789abcdef0"
  ExistingPrivateSubnet1Id: "subnet-0123456789abcdef0"
  ExistingPrivateSubnet2Id: "subnet-0fedcba9876543210"
  ExistingPublicSubnet1Id: "subnet-0abcd1234efgh5678"
  ExistingPublicSubnet2Id: "subnet-0dcba4321hgfe8765"
  # ... Teams parameters

Parameter Validation

The template includes validation rules:

Pattern Validation

  • VPC IDs: Must match vpc- followed by 8-17 hex characters
  • Subnet IDs: Must match subnet- followed by 8-17 hex characters
  • CIDR Blocks: Must be valid IP CIDR format

Logical Validation

  • ExistingVPC mode requires all four subnet IDs
  • Subnets must be in at least 2 different availability zones
  • CIDR blocks must not overlap

Cross-Parameter Rules

  • If DeploymentMode: ExistingVPC, all existing VPC parameters are required
  • If DeploymentMode: NewVPC, existing VPC parameters are ignored

Cost Impact by Parameter

Parameter Cost Impact Notes
EnableNATGateway: "true" +$32/month Only for NewVPC mode
EnableNATGateway: "false" $0 Saves money but no outbound internet
DeploymentMode: ExistingVPC $0 Uses existing network infrastructure
ContainerImageTag $0 No cost difference between versions

Common Parameter Errors

Missing Required Parameters

Template validation error: Parameter 'MicrosoftAppId' must have a value

Solution: Provide all required Teams configuration parameters

Invalid VPC ID Format

Parameter validation failed: vpc-invalid does not match pattern

Solution: Use correct format: vpc- + 8-17 hex characters

Subnet AZ Requirements Not Met

The subnet IDs must be in at least two different availability zones

Solution: Choose subnets from different AZs in your region

ExistingVPC Missing Parameters

When using ExistingVPC mode, you must provide all subnet IDs

Solution: Provide all four subnet parameters for ExistingVPC mode

Additional Resources