CF Templates

Hydrolix uses AWS Cloudformation to manage and deploy the data platform with your AWS account. The below are provided as examples to provide an insight into the Cloudformation that will be executed in your account. They should not be used in an installation.

  • The Bootstrap Template is generic across customers.

  • The Stage 1 Template upgrades the CloudFormation stack originally created by the bootstrap to include persistent state and control plane elements.

  • The Hydrolix Template is the basis of the creation of the cluster stacks and define compute resources.

👍

Deployment

To deploy Hydrolix take a look at Getting Started with Hydrolix

Bootstrap Template

Click arrow to expand

{
    "Conditions": {
        "IgnoreBoundaryPolicyArn": {
            "Fn::Equals": [
                {
                    "Ref": "BoundaryPolicyArn"
                },
                ""
            ]
        }
    },
    "Parameters": {
        "BoundaryPolicyArn": {
            "Default": "",
            "Type": "String"
        },
        "ClientID": {
            "Type": "String"
        },
        "DeployAccount": {
            "Type": "String"
        },
        "Stage": {
            "Type": "String"
        },
        "VPCCIDR": {
            "Type": "String"
        }
    },
    "Resources": {
        "BootstrapSelfDeploy": {
            "Properties": {
                "Code": {
                    "S3Bucket": {
                        "Fn::Sub": "hdx-${Stage}-art-${AWS::Region}"
                    },
                    "S3Key": "self-deploy/self-deploy-v3.0.9.zip"
                },
                "Description": "SelfDeploy",
                "Environment": {
                    "Variables": {
                        "CLIENT_ID": {
                            "Ref": "ClientID"
                        },
                        "DEPLOY_ACCOUNT": {
                            "Ref": "DeployAccount"
                        },
                        "STAGE": {
                            "Ref": "Stage"
                        },
                        "VPC_CIDR": {
                            "Ref": "VPCCIDR"
                        }
                    }
                },
                "FunctionName": {
                    "Fn::Sub": "${ClientID}-bootstrap-self-deploy"
                },
                "Handler": "hdxinf.handler.lambda_handler",
                "MemorySize": 256,
                "Role": {
                    "Fn::GetAtt": [
                        "SelfDeployRole",
                        "Arn"
                    ]
                },
                "Runtime": "python3.8",
                "Timeout": 600
            },
            "Type": "AWS::Lambda::Function"
        },
        "ClientBucket": {
            "Properties": {
                "BucketEncryption": {
                    "ServerSideEncryptionConfiguration": [
                        {
                            "ServerSideEncryptionByDefault": {
                                "SSEAlgorithm": "AES256"
                            }
                        }
                    ]
                },
                "BucketName": {
                    "Ref": "ClientID"
                }
            },
            "Type": "AWS::S3::Bucket"
        },
        "HdxManageRole": {
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Statement": [
                        {
                            "Action": [
                                "sts:AssumeRole"
                            ],
                            "Effect": "Allow",
                            "Principal": {
                                "AWS": {
                                    "Fn::Sub": "arn:aws:iam::${DeployAccount}:root"
                                }
                            }
                        }
                    ],
                    "Version": "2012-10-17"
                },
                "Description": "Hydrolix manged service role",
                "PermissionsBoundary": {
                    "Fn::If": [
                        "IgnoreBoundaryPolicyArn",
                        {
                            "Ref": "AWS::NoValue"
                        },
                        {
                            "Ref": "BoundaryPolicyArn"
                        }
                    ]
                },
                "Policies": [
                    {
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Action": "s3:GetObject",
                                    "Effect": "Allow",
                                    "Resource": [
                                        {
                                            "Fn::Sub": "arn:aws:s3:::${ClientID}/secrets/client_cookie/*"
                                        },
                                        {
                                            "Fn::Sub": "arn:aws:s3:::${ClientID}/support/*"
                                        }
                                    ]
                                }
                            ],
                            "Version": "2012-10-17"
                        },
                        "PolicyName": "hdx-manage"
                    }
                ],
                "RoleName": {
                    "Fn::Sub": "${ClientID}-hdx-manage"
                }
            },
            "Type": "AWS::IAM::Role"
        },
        "SelfDeployRole": {
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Statement": [
                        {
                            "Action": [
                                "sts:AssumeRole"
                            ],
                            "Effect": "Allow",
                            "Principal": {
                                "Service": [
                                    "lambda.amazonaws.com"
                                ]
                            }
                        }
                    ],
                    "Version": "2012-10-17"
                },
                "Description": "Hydrolix self-deploy role",
                "PermissionsBoundary": {
                    "Fn::If": [
                        "IgnoreBoundaryPolicyArn",
                        {
                            "Ref": "AWS::NoValue"
                        },
                        {
                            "Ref": "BoundaryPolicyArn"
                        }
                    ]
                },
                "Policies": [
                    {
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Action": [
                                        "autoscaling:*",
                                        "acm:*",
                                        "cloudformation:*",
                                        "cloudwatch:*",
                                        "dynamodb:*",
                                        "ec2:*",
                                        "elasticloadbalancing:*",
                                        "iam:*",
                                        "kinesis:*",
                                        "lambda:*",
                                        "logs:*",
                                        "rds:*",
                                        "s3:*",
                                        "secretsmanager:*",
                                        "sqs:*",
                                        "sts:AssumeRole",
                                        "kms:CancelKeyDeletion",
                                        "kms:Create*",
                                        "kms:CreateKey",
                                        "kms:Decrypt",
                                        "kms:Delete*",
                                        "kms:Describe*",
                                        "kms:DescribeKey",
                                        "kms:Disable*",
                                        "kms:Enable*",
                                        "kms:Encrypt",
                                        "kms:GenerateDataKey*",
                                        "kms:Get*",
                                        "kms:List*",
                                        "kms:Put*",
                                        "kms:ReEncrypt*",
                                        "kms:Revoke*",
                                        "kms:ScheduleKeyDeletion",
                                        "kms:TagResource",
                                        "kms:UntagResource",
                                        "kms:Update*"
                                    ],
                                    "Effect": "Allow",
                                    "Resource": "*"
                                }
                            ],
                            "Version": "2012-10-17"
                        },
                        "PolicyName": "self-deploy-lambda"
                    }
                ],
                "RoleName": {
                    "Fn::Sub": "${ClientID}-self-deploy"
                }
            },
            "Type": "AWS::IAM::Role"
        },
        "TempoBucket": {
            "Properties": {
                "BucketEncryption": {
                    "ServerSideEncryptionConfiguration": [
                        {
                            "ServerSideEncryptionByDefault": {
                                "SSEAlgorithm": "AES256"
                            }
                        }
                    ]
                },
                "BucketName": {
                    "Fn::Sub": "${ClientID}-tempo"
                }
            },
            "Type": "AWS::S3::Bucket"
        }
    }
}

Stage 1 Template

Click arrow to expand

{
  "Outputs": {
    "UsingHdxreader": {
      "Value": "False"
    }
  },
  "Resources": {
    "AlterDeadLetterQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-alter-dead-letter"
      },
      "Type": "AWS::SQS::Queue"
    },
    "AlterListingDeadLetterQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-alter-listing-dead-letter"
      },
      "Type": "AWS::SQS::Queue"
    },
    "AlterListingQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-alter-listing",
        "VisibilityTimeout": "43200",
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "AlterListingDeadLetterQueue",
              "Arn"
            ]
          },
          "maxReceiveCount": "1"
        }
      },
      "Type": "AWS::SQS::Queue"
    },
    "AlterPeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-alter-peer-profile",
        "Roles": [
          "hdx-abcdef-alter-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": [
        "AlterPeerRole"
      ]
    },
    "AlterPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-alter-peer-sqs",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "sqs:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "AlterPeerRole",
        "RoleName": "hdx-abcdef-alter-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-alter-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "AlterPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "AlterPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-alter-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "AlterQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-alter",
        "VisibilityTimeout": "43200",
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "AlterDeadLetterQueue",
              "Arn"
            ]
          },
          "maxReceiveCount": "1"
        }
      },
      "Type": "AWS::SQS::Queue"
    },
    "BastionAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-bastion-s3access-profile",
        "Roles": [
          "hdx-abcdef-bastion-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "BastionRole"
    },
    "BastionAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-bastion-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "BastionLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-bastion-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "bastion",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-05f66ce2a06137139",
          "subnet-0fdc7578370f1e62f"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "BastionLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": true,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.micro",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "BastionAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "BastionSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "BastionRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-import-buckets-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-public/*",
                    "arn:aws:s3:::hdx-public"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "BastionRole",
        "RoleName": "hdx-abcdef-bastion-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-bastion-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "BastionSecurityGroup": {
      "Properties": {
        "GroupDescription": "BastionSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 22221,
            "FromPort": 22221,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 22221,
            "FromPort": 22221,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-bastion"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "BatchPeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-batch-peer-profile",
        "Roles": [
          "hdx-abcdef-batch-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "BatchPeerRole"
    },
    "BatchPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-batch-peer-base",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "ec2:CreateNetworkInterface",
                    "ec2:DescribeNetworkInterfaces",
                    "ec2:DeleteNetworkInterface"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-batch-peer-sqs",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "sqs:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-batch-peer-bucket",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-import-buckets-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-public/*",
                    "arn:aws:s3:::hdx-public"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "BatchPeerRole",
        "RoleName": "hdx-abcdef-batch-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-batch-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "BatchPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "BatchPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-batch-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "CheckpointTable": {
      "Properties": {
        "TableName": "hdx-abcdef-checkpoint",
        "AttributeDefinitions": [
          {
            "AttributeName": "StreamShard",
            "AttributeType": "S"
          }
        ],
        "KeySchema": [
          {
            "AttributeName": "StreamShard",
            "KeyType": "HASH"
          }
        ],
        "BillingMode": "PAY_PER_REQUEST",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-checkpoint"
          }
        ]
      },
      "Type": "AWS::DynamoDB::Table"
    },
    "GrafanaAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-grafana",
        "Roles": [
          "hdx-abcdef-grafana-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "GrafanaRole"
    },
    "GrafanaAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-grafana-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "GrafanaLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-grafana-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "grafana",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "GrafanaLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.small",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "GrafanaAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "GrafanaSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "GrafanaRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-tempo-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456-tempo/*",
                    "arn:aws:s3:::hdxcli-123456-tempo"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "GrafanaRole",
        "RoleName": "hdx-abcdef-grafana-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-grafana-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "GrafanaSecurityGroup": {
      "Properties": {
        "GroupDescription": "GrafanaSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3000,
            "FromPort": 3000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3100,
            "FromPort": 3100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 55681,
            "FromPort": 55681,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-grafana"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "ImportQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-import",
        "VisibilityTimeout": "43200",
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "ImportQueueDeadLetter",
              "Arn"
            ]
          },
          "maxReceiveCount": "1"
        }
      },
      "Type": "AWS::SQS::Queue"
    },
    "ImportQueueDeadLetter": {
      "Properties": {
        "QueueName": "hdx-abcdef-import-dead-letter"
      },
      "Type": "AWS::SQS::Queue"
    },
    "IngestStream": {
      "Properties": {
        "Name": "hdx-abcdef-ingest",
        "ShardCount": 2,
        "StreamEncryption": {
          "EncryptionType": "KMS",
          "KeyId": "alias/aws/kinesis"
        }
      },
      "Type": "AWS::Kinesis::Stream"
    },
    "IntakeMiscAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-intake-misc",
        "Roles": [
          "hdx-abcdef-intake-misc-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "IntakeMiscRole"
    },
    "IntakeMiscAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-intake-misc-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "IntakeMiscLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-intake-misc",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "intake-misc",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "IntakeMiscLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.small",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "IntakeMiscAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "IntakeMiscSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "IntakeMiscRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-intake-misc-sqs",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "sqs:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-import-buckets-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-public/*",
                    "arn:aws:s3:::hdx-public"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "IntakeMiscRole",
        "RoleName": "hdx-abcdef-intake-misc-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-intake-misc-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "IntakeMiscSecurityGroup": {
      "Properties": {
        "GroupDescription": "IntakeMiscSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8080,
            "FromPort": 8080,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-intake-misc"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "KafkaPeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-kafka-peer-profile",
        "Roles": [
          "hdx-abcdef-kafka-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "KafkaPeerRole"
    },
    "KafkaPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "KafkaPeerRole",
        "RoleName": "hdx-abcdef-kafka-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-kafka-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "KafkaPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "KafkaPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3000,
            "FromPort": 3000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-kafka-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "ListingQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-listing",
        "VisibilityTimeout": "43200",
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "ListingQueueDeadLetter",
              "Arn"
            ]
          },
          "maxReceiveCount": "1"
        }
      },
      "Type": "AWS::SQS::Queue"
    },
    "ListingQueueDeadLetter": {
      "Properties": {
        "QueueName": "hdx-abcdef-listing-dead-letter"
      },
      "Type": "AWS::SQS::Queue"
    },
    "MergePeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-merge-peer-profile",
        "Roles": [
          "hdx-abcdef-merge-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": [
        "MergePeerRole"
      ]
    },
    "MergePeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-merge-peer-base",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "ec2:CreateNetworkInterface",
                    "ec2:DescribeNetworkInterface",
                    "ec2:DeleteNetworkInterface"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-merge-peer-sqs",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "sqs:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-merge-peer-bucket",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "MergePeerRole",
        "RoleName": "hdx-abcdef-merge-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-merge-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "MergePeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "MergePeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-merge-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "PoolAlterPeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-alter-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-alter-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolAlterPeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-alter-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "alter-peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "alter-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolAlterPeer0LaunchTemplate"
    },
    "PoolAlterPeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 30,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "AlterPeerAccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-09cd8e2e9bc325415",
          "InstanceType": "r5.large",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "AlterPeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "alter-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "alter-peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-alter-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-alter-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PoolBatchPeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-batch-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-batch-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolBatchPeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-batch-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "batch-peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "batch-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolBatchPeer0LaunchTemplate"
    },
    "PoolBatchPeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 30,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "BatchPeerAccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-01969d6c0078a0391",
          "InstanceType": "r5n.2xlarge",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "BatchPeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "batch-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "batch-peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-batch-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-batch-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PoolMergePeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-merge-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-merge-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolMergePeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-merge-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "merge-peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "merge-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolMergePeer0LaunchTemplate"
    },
    "PoolMergePeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 30,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "MergePeerAccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-09cd8e2e9bc325415",
          "InstanceType": "r5.large",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "MergePeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "merge-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "merge-peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-merge-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-merge-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PoolQueryPeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-query-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-query-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolQueryPeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "query-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-05c21a532498614af",
          "subnet-02986964251c51af4"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolQueryPeer0LaunchTemplate"
    },
    "PoolQueryPeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 10,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            },
            {
              "DeviceName": "/dev/sdb",
              "Ebs": {
                "VolumeSize": 24,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "QueryPeerS3AccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-01969d6c0078a0391",
          "InstanceType": "c5n.9xlarge",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "QueryPeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "query-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-query-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-query-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PoolStreamPeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-stream-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-stream-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolStreamPeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "stream-peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "stream-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolStreamPeer0LaunchTemplate"
    },
    "PoolStreamPeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 10,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "StreamPeerAccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-01969d6c0078a0391",
          "InstanceType": "m5.large",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "StreamPeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "stream-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "stream-peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-stream-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-stream-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PrometheusAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-prometheus-profile",
        "Roles": [
          "hdx-abcdef-prometheus-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "PrometheusRole"
    },
    "PrometheusAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-prometheus-asg",
        "AvailabilityZones": [
          "us-east-2a"
        ],
        "LaunchConfigurationName": {
          "Ref": "PrometheusLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-prometheus-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "prometheus",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "PrometheusLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t2.medium",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "PrometheusAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "PrometheusSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "PrometheusRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-prometheus-base",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "ec2:CreateNetworkInterface",
                    "ec2:DescribeNetworkInterface",
                    "ec2:DeleteNetworkInterface",
                    "ec2:DescribeVolumes",
                    "ec2:AttachVolume",
                    "ec2:DetachVolume"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "PrometheusRole",
        "RoleName": "hdx-abcdef-prometheus-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-prometheus-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "PrometheusSecurityGroup": {
      "Properties": {
        "GroupDescription": "PrometheusSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9090,
            "FromPort": 9090,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-prometheus"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "QueryHeadASLaunchGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-queryhead-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "QueryHeadLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "TargetGroupARNs": [
          "arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-native-public/8232f0411b60d6b2",
          "arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-native-private/a6badd46545d0f40"
        ],
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-head-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "head",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-05c21a532498614af",
          "subnet-02986964251c51af4"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "QueryHeadLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-01969d6c0078a0391",
        "InstanceType": "c5n.xlarge",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "QueryHeadS3AccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "QueryHeadSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "QueryHeadRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "QueryHeadRole",
        "RoleName": "hdx-abcdef-query-head-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-head-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "QueryHeadS3AccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-queryhead-s3access-profile",
        "Roles": [
          "hdx-abcdef-query-head-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": [
        "QueryHeadRole"
      ]
    },
    "QueryHeadSecurityGroup": {
      "Properties": {
        "GroupDescription": "QueryHeadSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9000,
            "FromPort": 9000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8088,
            "FromPort": 8088,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8888,
            "FromPort": 8888,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9000,
            "FromPort": 9000,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9000,
            "FromPort": 9000,
            "CidrIp": "1.2.3.4/32"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-head"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "QueryPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "QueryPeerRole",
        "RoleName": "hdx-abcdef-query-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "QueryPeerS3AccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-profile",
        "Roles": [
          "hdx-abcdef-query-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "QueryPeerRole"
    },
    "QueryPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "QueryPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9000,
            "FromPort": 9000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8088,
            "FromPort": 8088,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8888,
            "FromPort": 8888,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "ReaperQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-reaper",
        "VisibilityTimeout": "30"
      },
      "Type": "AWS::SQS::Queue"
    },
    "StreamHeadAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-stream-head-profile",
        "Roles": [
          "hdx-abcdef-stream-head-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "StreamHeadRole"
    },
    "StreamHeadAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-stream-head-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "StreamHeadLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-head-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "stream-head",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-05c21a532498614af",
          "subnet-02986964251c51af4"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "StreamHeadLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-01969d6c0078a0391",
        "InstanceType": "m5.large",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "StreamHeadAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "StreamHeadSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "StreamHeadRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-stream-head-kinesis",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "kinesis:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "StreamHeadRole",
        "RoleName": "hdx-abcdef-stream-head-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-head-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "StreamHeadSecurityGroup": {
      "Properties": {
        "GroupDescription": "StreamHeadSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8089,
            "FromPort": 8089,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-head"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "StreamPeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-stream-peer-profile",
        "Roles": [
          "hdx-abcdef-stream-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "StreamPeerRole"
    },
    "StreamPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-stream-peer-kinesis",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "kinesis:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-stream-head-kinesis",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "dynamodb:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "StreamPeerRole",
        "RoleName": "hdx-abcdef-stream-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "StreamPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "StreamPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3000,
            "FromPort": 3000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "SupersetAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-superset",
        "Roles": [
          "hdx-abcdef-superset-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "SupersetRole"
    },
    "SupersetAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-superset-asg",
        "AvailabilityZones": [
          "us-east-2a"
        ],
        "LaunchConfigurationName": {
          "Ref": "SupersetLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "TargetGroupARNs": [
          "arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-superset-public/2e7eaadce0fba544",
          "arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-superset-private/3fdea02248fbdba1"
        ],
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-superset-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "superset",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "SupersetLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.medium",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "SupersetAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "SupersetSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "SupersetRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-superset-base",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "ec2:CreateNetworkInterface",
                    "ec2:DescribeNetworkInterface",
                    "ec2:DeleteNetworkInterface",
                    "ec2:DescribeVolumes",
                    "ec2:AttachVolume",
                    "ec2:DetachVolume"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "SupersetRole",
        "RoleName": "hdx-abcdef-superset-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-superset-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "SupersetSecurityGroup": {
      "Properties": {
        "GroupDescription": "SupersetSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 80,
            "FromPort": 80,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 81,
            "FromPort": 81,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 81,
            "FromPort": 81,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 81,
            "FromPort": 81,
            "CidrIp": "1.2.3.4/32"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-superset"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "TurbineQueryBucketPolicy": {
      "Properties": {
        "Bucket": "hdxcli-123456",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": "s3:*",
              "Principal": {
                "AWS": [
                  {
                    "Fn::GetAtt": [
                      "QueryHeadRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "QueryPeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "ZookeeperRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "StreamHeadRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "StreamPeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "BatchPeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "AlterPeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "MergePeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "IntakeMiscRole",
                      "Arn"
                    ]
                  },
                  "arn:aws:iam::123456789101:root"
                ]
              },
              "Resource": [
                "arn:aws:s3:::hdxcli-123456/*",
                "arn:aws:s3:::hdxcli-123456"
              ]
            }
          ]
        }
      },
      "Type": "AWS::S3::BucketPolicy"
    },
    "WebAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-web-api-profile",
        "Roles": [
          "hdx-abcdef-web-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "WebRole"
    },
    "WebAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-web-api-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "WebLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "TargetGroupARNs": [
          "arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-web-public/a5d9f6e63453ad6a",
          "arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-web-private/9239a7105f6ed25d"
        ],
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-web-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "web",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ],
        "HealthCheckGracePeriod": 300
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT300S",
          "WaitOnResourceSignals": true,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "WebLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.small",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "WebAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "WebSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "WebRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-control-plane",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "lambda:InvokeFunction",
                    "lambda:InvokeAsync"
                  ],
                  "Resource": [
                    {
                      "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:hdxcli-123456-self-deploy"
                    }
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "WebRole",
        "RoleName": "hdx-abcdef-web-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-web-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "WebSecurityGroup": {
      "Properties": {
        "GroupDescription": "WebSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 80,
            "FromPort": 80,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9113,
            "FromPort": 9113,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 80,
            "FromPort": 80,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 80,
            "FromPort": 80,
            "CidrIp": "1.2.3.4/32"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-web"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "ZookeeperAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-zookeeper-s3access-profile",
        "Roles": [
          "hdx-abcdef-zookeeper-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "ZookeeperRole"
    },
    "ZookeeperAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-zookeeper-asg",
        "AvailabilityZones": [
          "us-east-2a"
        ],
        "LaunchConfigurationName": {
          "Ref": "ZookeeperLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "30",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-zookeeper-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "zookeeper",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": [
        "ZookeeperENI1",
        "ZookeeperENI2",
        "ZookeeperENI3"
      ]
    },
    "ZookeeperENI1": {
      "Properties": {
        "Description": "Zookeeper Network Interface 1",
        "GroupSet": [
          {
            "Ref": "ZookeeperSecurityGroup"
          }
        ],
        "SubnetId": "subnet-048459a83da4dc4ca",
        "Tags": [
          {
            "Key": "Name",
            "Value": "zookeeper-1"
          }
        ]
      },
      "Type": "AWS::EC2::NetworkInterface",
      "DependsOn": "ZookeeperSecurityGroup"
    },
    "ZookeeperENI2": {
      "Properties": {
        "Description": "Zookeeper Network Interface 2",
        "GroupSet": [
          {
            "Ref": "ZookeeperSecurityGroup"
          }
        ],
        "SubnetId": "subnet-048459a83da4dc4ca",
        "Tags": [
          {
            "Key": "Name",
            "Value": "zookeeper-2"
          }
        ]
      },
      "Type": "AWS::EC2::NetworkInterface",
      "DependsOn": "ZookeeperSecurityGroup"
    },
    "ZookeeperENI3": {
      "Properties": {
        "Description": "Zookeeper Network Interface 3",
        "GroupSet": [
          {
            "Ref": "ZookeeperSecurityGroup"
          }
        ],
        "SubnetId": "subnet-048459a83da4dc4ca",
        "Tags": [
          {
            "Key": "Name",
            "Value": "zookeeper-3"
          }
        ]
      },
      "Type": "AWS::EC2::NetworkInterface",
      "DependsOn": "ZookeeperSecurityGroup"
    },
    "ZookeeperLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-01969d6c0078a0391",
        "InstanceType": "t2.micro",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "ZookeeperAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "ZookeeperSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "ZookeeperRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-zookeeper-eni",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "ec2:DescribeNetworkInterfaces",
                    "ec2:AttachNetworkInterface"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "ZookeeperRole",
        "RoleName": "hdx-abcdef-zookeeper-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-zookeeper-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "ZookeeperSecurityGroup": {
      "Properties": {
        "GroupDescription": "ZookeeperSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 2181,
            "FromPort": 2181,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 2888,
            "FromPort": 2888,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3888,
            "FromPort": 3888,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-zookeeper"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    }
  }
}

Stage 1 Template

Click arrow to expand

{
  "Outputs": {
    "UsingHdxreader": {
      "Value": "False"
    }
  },
  "Resources": {
    "AlterDeadLetterQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-alter-dead-letter"
      },
      "Type": "AWS::SQS::Queue"
    },
    "AlterListingDeadLetterQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-alter-listing-dead-letter"
      },
      "Type": "AWS::SQS::Queue"
    },
    "AlterListingQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-alter-listing",
        "VisibilityTimeout": "43200",
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "AlterListingDeadLetterQueue",
              "Arn"
            ]
          },
          "maxReceiveCount": "1"
        }
      },
      "Type": "AWS::SQS::Queue"
    },
    "AlterPeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-alter-peer-profile",
        "Roles": [
          "hdx-abcdef-alter-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": [
        "AlterPeerRole"
      ]
    },
    "AlterPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-alter-peer-sqs",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "sqs:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "AlterPeerRole",
        "RoleName": "hdx-abcdef-alter-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-alter-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "AlterPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "AlterPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-alter-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "AlterQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-alter",
        "VisibilityTimeout": "43200",
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "AlterDeadLetterQueue",
              "Arn"
            ]
          },
          "maxReceiveCount": "1"
        }
      },
      "Type": "AWS::SQS::Queue"
    },
    "BastionAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-bastion-s3access-profile",
        "Roles": [
          "hdx-abcdef-bastion-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "BastionRole"
    },
    "BastionAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-bastion-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "BastionLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-bastion-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "bastion",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-05f66ce2a06137139",
          "subnet-0fdc7578370f1e62f"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "BastionLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": true,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.micro",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "BastionAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "BastionSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "BastionRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-import-buckets-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::qe-datasets/*",
                    "arn:aws:s3:::qe-datasets",
                    "arn:aws:s3:::hdx-public/*",
                    "arn:aws:s3:::hdx-public"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "BastionRole",
        "RoleName": "hdx-abcdef-bastion-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-bastion-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "BastionSecurityGroup": {
      "Properties": {
        "GroupDescription": "BastionSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 22221,
            "FromPort": 22221,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 22221,
            "FromPort": 22221,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-bastion"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "BatchPeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-batch-peer-profile",
        "Roles": [
          "hdx-abcdef-batch-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "BatchPeerRole"
    },
    "BatchPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-batch-peer-base",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "ec2:CreateNetworkInterface",
                    "ec2:DescribeNetworkInterfaces",
                    "ec2:DeleteNetworkInterface"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-batch-peer-sqs",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "sqs:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-batch-peer-bucket",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-import-buckets-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::qe-datasets/*",
                    "arn:aws:s3:::qe-datasets",
                    "arn:aws:s3:::hdx-public/*",
                    "arn:aws:s3:::hdx-public"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "BatchPeerRole",
        "RoleName": "hdx-abcdef-batch-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-batch-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "BatchPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "BatchPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-batch-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "CheckpointTable": {
      "Properties": {
        "TableName": "hdx-abcdef-checkpoint",
        "AttributeDefinitions": [
          {
            "AttributeName": "StreamShard",
            "AttributeType": "S"
          }
        ],
        "KeySchema": [
          {
            "AttributeName": "StreamShard",
            "KeyType": "HASH"
          }
        ],
        "BillingMode": "PAY_PER_REQUEST",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-checkpoint"
          }
        ]
      },
      "Type": "AWS::DynamoDB::Table"
    },
    "GrafanaAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-grafana",
        "Roles": [
          "hdx-abcdef-grafana-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "GrafanaRole"
    },
    "GrafanaAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-grafana-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "GrafanaLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-grafana-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "grafana",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "GrafanaLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.small",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "GrafanaAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "GrafanaSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "GrafanaRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-tempo-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456-tempo/*",
                    "arn:aws:s3:::hdxcli-123456-tempo"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "GrafanaRole",
        "RoleName": "hdx-abcdef-grafana-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-grafana-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "GrafanaSecurityGroup": {
      "Properties": {
        "GroupDescription": "GrafanaSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3000,
            "FromPort": 3000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3100,
            "FromPort": 3100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 55681,
            "FromPort": 55681,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-grafana"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "ImportQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-import",
        "VisibilityTimeout": "43200",
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "ImportQueueDeadLetter",
              "Arn"
            ]
          },
          "maxReceiveCount": "1"
        }
      },
      "Type": "AWS::SQS::Queue"
    },
    "ImportQueueDeadLetter": {
      "Properties": {
        "QueueName": "hdx-abcdef-import-dead-letter"
      },
      "Type": "AWS::SQS::Queue"
    },
    "IngestStream": {
      "Properties": {
        "Name": "hdx-abcdef-ingest",
        "ShardCount": 2,
        "StreamEncryption": {
          "EncryptionType": "KMS",
          "KeyId": "alias/aws/kinesis"
        }
      },
      "Type": "AWS::Kinesis::Stream"
    },
    "IntakeMiscAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-intake-misc",
        "Roles": [
          "hdx-abcdef-intake-misc-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "IntakeMiscRole"
    },
    "IntakeMiscAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-intake-misc-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "IntakeMiscLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-intake-misc",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "intake-misc",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "IntakeMiscLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.small",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "IntakeMiscAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "IntakeMiscSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "IntakeMiscRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-intake-misc-sqs",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "sqs:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-import-buckets-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::qe-datasets/*",
                    "arn:aws:s3:::qe-datasets",
                    "arn:aws:s3:::hdx-public/*",
                    "arn:aws:s3:::hdx-public"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "IntakeMiscRole",
        "RoleName": "hdx-abcdef-intake-misc-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-intake-misc-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "IntakeMiscSecurityGroup": {
      "Properties": {
        "GroupDescription": "IntakeMiscSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8080,
            "FromPort": 8080,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-intake-misc"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "KafkaPeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-kafka-peer-profile",
        "Roles": [
          "hdx-abcdef-kafka-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "KafkaPeerRole"
    },
    "KafkaPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "KafkaPeerRole",
        "RoleName": "hdx-abcdef-kafka-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-kafka-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "KafkaPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "KafkaPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3000,
            "FromPort": 3000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-kafka-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "ListingQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-listing",
        "VisibilityTimeout": "43200",
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "ListingQueueDeadLetter",
              "Arn"
            ]
          },
          "maxReceiveCount": "1"
        }
      },
      "Type": "AWS::SQS::Queue"
    },
    "ListingQueueDeadLetter": {
      "Properties": {
        "QueueName": "hdx-abcdef-listing-dead-letter"
      },
      "Type": "AWS::SQS::Queue"
    },
    "MergePeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-merge-peer-profile",
        "Roles": [
          "hdx-abcdef-merge-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": [
        "MergePeerRole"
      ]
    },
    "MergePeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-merge-peer-base",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "ec2:CreateNetworkInterface",
                    "ec2:DescribeNetworkInterface",
                    "ec2:DeleteNetworkInterface"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-merge-peer-sqs",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "sqs:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-merge-peer-bucket",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "MergePeerRole",
        "RoleName": "hdx-abcdef-merge-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-merge-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "MergePeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "MergePeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-merge-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "PoolAlterPeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-alter-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-alter-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolAlterPeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-alter-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "alter-peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "alter-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolAlterPeer0LaunchTemplate"
    },
    "PoolAlterPeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 30,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "AlterPeerAccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-09cd8e2e9bc325415",
          "InstanceType": "r5.large",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "AlterPeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "alter-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "alter-peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-alter-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-alter-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PoolBatchPeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-batch-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-batch-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolBatchPeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-batch-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "batch-peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "batch-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolBatchPeer0LaunchTemplate"
    },
    "PoolBatchPeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 30,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "BatchPeerAccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-01969d6c0078a0391",
          "InstanceType": "r5n.2xlarge",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "BatchPeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "batch-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "batch-peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-batch-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-batch-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PoolMergePeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-merge-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-merge-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolMergePeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-merge-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "merge-peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "merge-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolMergePeer0LaunchTemplate"
    },
    "PoolMergePeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 30,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "MergePeerAccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-09cd8e2e9bc325415",
          "InstanceType": "r5.large",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "MergePeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "merge-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "merge-peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-merge-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-merge-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PoolQueryPeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-query-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-query-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolQueryPeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "query-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-05c21a532498614af",
          "subnet-02986964251c51af4"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolQueryPeer0LaunchTemplate"
    },
    "PoolQueryPeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 10,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            },
            {
              "DeviceName": "/dev/sdb",
              "Ebs": {
                "VolumeSize": 24,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "QueryPeerS3AccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-01969d6c0078a0391",
          "InstanceType": "c5n.9xlarge",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "QueryPeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "query-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-query-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-query-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PoolStreamPeer0ASG": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-stream-peer0-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "MixedInstancesPolicy": {
          "LaunchTemplate": {
            "LaunchTemplateSpecification": {
              "LaunchTemplateName": "hdx-abcdef-stream-peer0",
              "Version": {
                "Fn::GetAtt": [
                  "PoolStreamPeer0LaunchTemplate",
                  "LatestVersionNumber"
                ]
              }
            },
            "Overrides": []
          },
          "InstancesDistribution": {
            "OnDemandPercentageAboveBaseCapacity": 100,
            "SpotAllocationStrategy": "capacity-optimized"
          }
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-peer0-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "stream-peer",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxPool",
            "Value": "stream-peer0",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": "PoolStreamPeer0LaunchTemplate"
    },
    "PoolStreamPeer0LaunchTemplate": {
      "Properties": {
        "LaunchTemplateData": {
          "BlockDeviceMappings": [
            {
              "DeviceName": "/dev/sda1",
              "Ebs": {
                "VolumeSize": 10,
                "VolumeType": "gp3",
                "Encrypted": true
              }
            }
          ],
          "IamInstanceProfile": {
            "Arn": {
              "Fn::GetAtt": [
                "StreamPeerAccessProfile",
                "Arn"
              ]
            }
          },
          "ImageId": "ami-01969d6c0078a0391",
          "InstanceType": "m5.large",
          "Monitoring": {
            "Enabled": true
          },
          "SecurityGroupIds": [
            {
              "Ref": "StreamPeerSecurityGroup"
            }
          ],
          "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
          "TagSpecifications": [
            {
              "ResourceType": "volume",
              "Tags": [
                {
                  "Key": "HdxPool",
                  "Value": "stream-peer0"
                },
                {
                  "Key": "HdxService",
                  "Value": "stream-peer"
                },
                {
                  "Key": "Name",
                  "Value": "hdx-abcdef-stream-peer0-asg"
                }
              ]
            }
          ]
        },
        "LaunchTemplateName": "hdx-abcdef-stream-peer0"
      },
      "Type": "AWS::EC2::LaunchTemplate"
    },
    "PrometheusAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-prometheus-profile",
        "Roles": [
          "hdx-abcdef-prometheus-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "PrometheusRole"
    },
    "PrometheusAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-prometheus-asg",
        "AvailabilityZones": [
          "us-east-2a"
        ],
        "LaunchConfigurationName": {
          "Ref": "PrometheusLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-prometheus-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "prometheus",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "PrometheusLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t2.medium",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "PrometheusAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "PrometheusSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "PrometheusRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-prometheus-base",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "ec2:CreateNetworkInterface",
                    "ec2:DescribeNetworkInterface",
                    "ec2:DeleteNetworkInterface",
                    "ec2:DescribeVolumes",
                    "ec2:AttachVolume",
                    "ec2:DetachVolume"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "PrometheusRole",
        "RoleName": "hdx-abcdef-prometheus-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-prometheus-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "PrometheusSecurityGroup": {
      "Properties": {
        "GroupDescription": "PrometheusSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9090,
            "FromPort": 9090,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-prometheus"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "QueryHeadASLaunchGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-queryhead-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "QueryHeadLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "TargetGroupARNs": [
          "arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-native-public/8232f0411b60d6b2",
          "arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-native-private/a6badd46545d0f40"
        ],
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-head-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "head",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-05c21a532498614af",
          "subnet-02986964251c51af4"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "QueryHeadLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-01969d6c0078a0391",
        "InstanceType": "c5n.xlarge",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "QueryHeadS3AccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "QueryHeadSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "QueryHeadRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "QueryHeadRole",
        "RoleName": "hdx-abcdef-query-head-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-head-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "QueryHeadS3AccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-queryhead-s3access-profile",
        "Roles": [
          "hdx-abcdef-query-head-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": [
        "QueryHeadRole"
      ]
    },
    "QueryHeadSecurityGroup": {
      "Properties": {
        "GroupDescription": "QueryHeadSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9000,
            "FromPort": 9000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8088,
            "FromPort": 8088,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8888,
            "FromPort": 8888,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9000,
            "FromPort": 9000,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9000,
            "FromPort": 9000,
            "CidrIp": "1.2.3.4/32"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-head"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "QueryPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "QueryPeerRole",
        "RoleName": "hdx-abcdef-query-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "QueryPeerS3AccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-profile",
        "Roles": [
          "hdx-abcdef-query-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "QueryPeerRole"
    },
    "QueryPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "QueryPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9000,
            "FromPort": 9000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8088,
            "FromPort": 8088,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8888,
            "FromPort": 8888,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-query-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "ReaperQueue": {
      "Properties": {
        "QueueName": "hdx-abcdef-reaper",
        "VisibilityTimeout": "30"
      },
      "Type": "AWS::SQS::Queue"
    },
    "StreamHeadAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-stream-head-profile",
        "Roles": [
          "hdx-abcdef-stream-head-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "StreamHeadRole"
    },
    "StreamHeadAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-stream-head-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "StreamHeadLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-head-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "stream-head",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-05c21a532498614af",
          "subnet-02986964251c51af4"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "StreamHeadLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-01969d6c0078a0391",
        "InstanceType": "m5.large",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "StreamHeadAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "StreamHeadSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "StreamHeadRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-stream-head-kinesis",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "kinesis:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "StreamHeadRole",
        "RoleName": "hdx-abcdef-stream-head-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-head-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "StreamHeadSecurityGroup": {
      "Properties": {
        "GroupDescription": "StreamHeadSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 8089,
            "FromPort": 8089,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-head"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "StreamPeerAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-stream-peer-profile",
        "Roles": [
          "hdx-abcdef-stream-peer-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "StreamPeerRole"
    },
    "StreamPeerRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-stream-peer-kinesis",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "kinesis:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-stream-head-kinesis",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": "dynamodb:*",
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "StreamPeerRole",
        "RoleName": "hdx-abcdef-stream-peer-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-peer-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "StreamPeerSecurityGroup": {
      "Properties": {
        "GroupDescription": "StreamPeerSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3000,
            "FromPort": 3000,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-stream-peer"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "SupersetAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-superset",
        "Roles": [
          "hdx-abcdef-superset-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "SupersetRole"
    },
    "SupersetAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-superset-asg",
        "AvailabilityZones": [
          "us-east-2a"
        ],
        "LaunchConfigurationName": {
          "Ref": "SupersetLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "TargetGroupARNs": [
          "arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-superset-public/2e7eaadce0fba544",
          "arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-superset-private/3fdea02248fbdba1"
        ],
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-superset-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "superset",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "SupersetLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.medium",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "SupersetAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "SupersetSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "SupersetRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-superset-base",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "ec2:CreateNetworkInterface",
                    "ec2:DescribeNetworkInterface",
                    "ec2:DeleteNetworkInterface",
                    "ec2:DescribeVolumes",
                    "ec2:AttachVolume",
                    "ec2:DetachVolume"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "SupersetRole",
        "RoleName": "hdx-abcdef-superset-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-superset-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "SupersetSecurityGroup": {
      "Properties": {
        "GroupDescription": "SupersetSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 80,
            "FromPort": 80,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 81,
            "FromPort": 81,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 81,
            "FromPort": 81,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 81,
            "FromPort": 81,
            "CidrIp": "1.2.3.4/32"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-superset"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "TurbineQueryBucketPolicy": {
      "Properties": {
        "Bucket": "hdxcli-123456",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": "s3:*",
              "Principal": {
                "AWS": [
                  {
                    "Fn::GetAtt": [
                      "QueryHeadRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "QueryPeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "ZookeeperRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "StreamHeadRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "StreamPeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "BatchPeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "AlterPeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "MergePeerRole",
                      "Arn"
                    ]
                  },
                  {
                    "Fn::GetAtt": [
                      "IntakeMiscRole",
                      "Arn"
                    ]
                  },
                  "arn:aws:iam::322224041326:root"
                ]
              },
              "Resource": [
                "arn:aws:s3:::hdxcli-123456/*",
                "arn:aws:s3:::hdxcli-123456"
              ]
            }
          ]
        }
      },
      "Type": "AWS::S3::BucketPolicy"
    },
    "WebAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-web-api-profile",
        "Roles": [
          "hdx-abcdef-web-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "WebRole"
    },
    "WebAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-web-api-asg",
        "AvailabilityZones": [
          "us-east-2a",
          "us-east-2b"
        ],
        "LaunchConfigurationName": {
          "Ref": "WebLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "TargetGroupARNs": [
          "arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-web-public/a5d9f6e63453ad6a",
          "arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-web-private/9239a7105f6ed25d"
        ],
        "Cooldown": "10",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-web-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "web",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca",
          "subnet-06fcdac6d3a7e3796"
        ],
        "HealthCheckGracePeriod": 300
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT300S",
          "WaitOnResourceSignals": true,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      }
    },
    "WebLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-09cd8e2e9bc325415",
        "InstanceType": "t3.small",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "WebAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "WebSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "WebRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-control-plane",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "lambda:InvokeFunction",
                    "lambda:InvokeAsync"
                  ],
                  "Resource": [
                    {
                      "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:hdxcli-123456-self-deploy"
                    }
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
        ],
        "Description": "WebRole",
        "RoleName": "hdx-abcdef-web-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-web-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "WebSecurityGroup": {
      "Properties": {
        "GroupDescription": "WebSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 80,
            "FromPort": 80,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 27182,
            "FromPort": 27182,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9113,
            "FromPort": 9113,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 80,
            "FromPort": 80,
            "CidrIp": "1.2.3.4/32"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 80,
            "FromPort": 80,
            "CidrIp": "1.2.3.4/32"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-web"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    },
    "ZookeeperAccessProfile": {
      "Properties": {
        "InstanceProfileName": "hdx-abcdef-zookeeper-s3access-profile",
        "Roles": [
          "hdx-abcdef-zookeeper-role"
        ]
      },
      "Type": "AWS::IAM::InstanceProfile",
      "DependsOn": "ZookeeperRole"
    },
    "ZookeeperAutoscaleGroup": {
      "Properties": {
        "AutoScalingGroupName": "hdx-abcdef-zookeeper-asg",
        "AvailabilityZones": [
          "us-east-2a"
        ],
        "LaunchConfigurationName": {
          "Ref": "ZookeeperLaunchConfig"
        },
        "MinSize": "0",
        "DesiredCapacity": "0",
        "MaxSize": "1",
        "Cooldown": "30",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-zookeeper-asg",
            "PropagateAtLaunch": true
          },
          {
            "Key": "HdxService",
            "Value": "zookeeper",
            "PropagateAtLaunch": true
          }
        ],
        "VPCZoneIdentifier": [
          "subnet-048459a83da4dc4ca"
        ]
      },
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MaxBatchSize": "1",
          "MinInstancesInService": "0",
          "PauseTime": "PT60S",
          "WaitOnResourceSignals": false,
          "SuspendProcesses": [
            "HealthCheck",
            "ReplaceUnhealthy",
            "AZRebalance",
            "AlarmNotification",
            "ScheduledActions"
          ]
        }
      },
      "DependsOn": [
        "ZookeeperENI1",
        "ZookeeperENI2",
        "ZookeeperENI3"
      ]
    },
    "ZookeeperENI1": {
      "Properties": {
        "Description": "Zookeeper Network Interface 1",
        "GroupSet": [
          {
            "Ref": "ZookeeperSecurityGroup"
          }
        ],
        "SubnetId": "subnet-048459a83da4dc4ca",
        "Tags": [
          {
            "Key": "Name",
            "Value": "zookeeper-1"
          }
        ]
      },
      "Type": "AWS::EC2::NetworkInterface",
      "DependsOn": "ZookeeperSecurityGroup"
    },
    "ZookeeperENI2": {
      "Properties": {
        "Description": "Zookeeper Network Interface 2",
        "GroupSet": [
          {
            "Ref": "ZookeeperSecurityGroup"
          }
        ],
        "SubnetId": "subnet-048459a83da4dc4ca",
        "Tags": [
          {
            "Key": "Name",
            "Value": "zookeeper-2"
          }
        ]
      },
      "Type": "AWS::EC2::NetworkInterface",
      "DependsOn": "ZookeeperSecurityGroup"
    },
    "ZookeeperENI3": {
      "Properties": {
        "Description": "Zookeeper Network Interface 3",
        "GroupSet": [
          {
            "Ref": "ZookeeperSecurityGroup"
          }
        ],
        "SubnetId": "subnet-048459a83da4dc4ca",
        "Tags": [
          {
            "Key": "Name",
            "Value": "zookeeper-3"
          }
        ]
      },
      "Type": "AWS::EC2::NetworkInterface",
      "DependsOn": "ZookeeperSecurityGroup"
    },
    "ZookeeperLaunchConfig": {
      "Properties": {
        "AssociatePublicIpAddress": false,
        "ImageId": "ami-01969d6c0078a0391",
        "InstanceType": "t2.micro",
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 10,
              "VolumeType": "gp3",
              "Encrypted": true
            }
          }
        ],
        "IamInstanceProfile": {
          "Ref": "ZookeeperAccessProfile"
        },
        "SecurityGroups": [
          {
            "Ref": "ZookeeperSecurityGroup"
          }
        ],
        "UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
        "InstanceMonitoring": true
      },
      "Type": "AWS::AutoScaling::LaunchConfiguration"
    },
    "ZookeeperRole": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "hdx-abcdef-zookeeper-eni",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "ec2:DescribeNetworkInterfaces",
                    "ec2:AttachNetworkInterface"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-cluster-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdxcli-123456/*",
                    "arn:aws:s3:::hdxcli-123456"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-art-bucket-access",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                  ],
                  "Resource": [
                    "arn:aws:s3:::hdx-dev-art/*",
                    "arn:aws:s3:::hdx-dev-art"
                  ]
                }
              ]
            }
          },
          {
            "PolicyName": "hdx-abcdef-kms-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt",
                    "kms:ReEncrypt*",
                    "kms:GenerateDataKey*",
                    "kms:DescribeKey"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ],
        "ManagedPolicyArns": [],
        "Description": "ZookeeperRole",
        "RoleName": "hdx-abcdef-zookeeper-role",
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-zookeeper-role"
          }
        ]
      },
      "Type": "AWS::IAM::Role"
    },
    "ZookeeperSecurityGroup": {
      "Properties": {
        "GroupDescription": "ZookeeperSecurityGroup",
        "VpcId": "vpc-123456abcdefg",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "ToPort": 22,
            "FromPort": 22,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 9100,
            "FromPort": 9100,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 2181,
            "FromPort": 2181,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 2888,
            "FromPort": 2888,
            "CidrIp": "10.0.0.0/16"
          },
          {
            "IpProtocol": "tcp",
            "ToPort": 3888,
            "FromPort": 3888,
            "CidrIp": "10.0.0.0/16"
          }
        ],
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "Tags": [
          {
            "Key": "Name",
            "Value": "hdx-abcdef-zookeeper"
          }
        ]
      },
      "Type": "AWS::EC2::SecurityGroup"
    }
  }
}