Updates for v2.1.0

CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.0] - 2021-01-12
+
+### Changed
+
+- Updated FSxDNSName Lambda runtime to python3.9
+- Restructured cfn-init configsets to create steps for the Remote Display Protocol installation
+
+### Added
+
+- Added support for NICE DCV as a Remote Display Protocol. Default set to Teradici CAS. 
+- Added powershell script to install NICE DCV from latest release (if selected)
+- Added support for NICE DCV TCP and UDP protocol to host security group (if selected)
+- Added permission to obtain NICE DCV license via s3:GetObject permissions in IAM Role (if selected)
+
 ## [2.0.0] - 2021-08-05
 
 ### Changed

README.md

@@ -27,7 +27,16 @@ chmod +x ./build-s3-dist.sh
 ./build-s3-dist.sh $DIST_OUTPUT_BUCKET $SOLUTION_NAME $VERSION $TEMPLATE_OUTPUT_BUCKET
 ```
 
-* Deploy the distributable to an Amazon S3 bucket in your account. _Note:_ you must have the AWS Command Line Interface installed.
+> **Notes**: The _build-s3-dist_ script expects two S3 buckets as input parameters: one for the global assets, and one for regional assets. 
+
+Ensure that you are owner of the AWS S3 buckets passed to the build-s3-dist.sh script:
+
+```
+aws s3api head-bucket --bucket $TEMPLATE_OUTPUT_BUCKET --expected-bucket-owner YOUR-AWS-ACCOUNT-NUMBER
+aws s3api head-bucket --bucket $BUILD_OUTPUT_BUCKET --expected-bucket-owner YOUR-AWS-ACCOUNT-NUMBER
+```
+
+* Deploy the distributable to an Amazon S3 bucket in your account. 
 
 ```sh
 aws s3 cp global-s3-assets/  s3://$TEMPLATE_OUTPUT_BUCKET/$SOLUTION_NAME/$VERSION/ --recursive --acl bucket-owner-full-control

deployment/run-unit-tests.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 #
+# There are currently no unit tests for this project.  
+#
 # This assumes all of the OS-level configuration has been completed and git repo has already been cloned
 #
 # This script should be run from the repo's deployment directory

deployment/templates/aws-edit-in-the-cloud-edit-host.template

@@ -9,6 +9,7 @@ Metadata:
           - HostSubnetId
           - ExistingHostSecurityGroupID
           - KeyPairName
+          - RemoteDisplayProtocol
           - FSxNetworkFileShare
           - SGWNetworkFileShare
       - Label:
@@ -36,6 +37,8 @@ Metadata:
         default: Subnet for edit host - should be public for remote access 
       KeyPairName:
         default: Key Pair Name
+      RemoteDisplayProtocol:
+        default: Remote Display Protocol
       InstanceType:
         default: Amazon EC2 instance type for the video editing server
       ExistingHostSecurityGroupID:
@@ -87,6 +90,13 @@ Parameters:
   KeyPairName:
     Type: String
     Description: Keypair for the instance
+  RemoteDisplayProtocol:
+    Description: Remote Display Protocol configured on the instance (Teradici PCoIP | NICE DCV)
+    Type: String
+    Default: teradici
+    AllowedValues:
+      - teradici
+      - nicedcv
   InstanceType:
     Type: String
     Description: Amazon EC2 instance type for the video editing server
@@ -124,6 +134,11 @@ Parameters:
       S3 key prefix for the CloudFormation assets. The key prefix can include numbers,
       lowercase letters, uppercase letters, hyphens (-), and forward slash (/).
     Type: String
+
+Conditions:
+  DeployTeradici: !Equals [!Ref RemoteDisplayProtocol, teradici]
+  DeployNICEDCV: !Equals [!Ref RemoteDisplayProtocol, nicedcv]
+
 Resources:
   EditHostRole:
     Type: AWS::IAM::Role
@@ -144,6 +159,13 @@ Resources:
                   - s3:GetObject
                 Resource: 'arn:aws:s3:::ec2-windows-nvidia-drivers/*'
                 Effect: Allow
+              - !If
+                - DeployNICEDCV
+                - Action:
+                    - s3:GetObject
+                  Resource: !Sub 'arn:aws:s3:::dcv-license.${AWS::Region}/*'
+                  Effect: Allow
+                - !Ref AWS::NoValue
           PolicyName: aws-s3-policy
       Path: /
       AssumeRolePolicyDocument:
@@ -175,6 +197,14 @@ Resources:
           config:
             - setup
             - configInstance
+            - !If 
+              - DeployNICEDCV
+              - installNICEDCV
+              - !Ref AWS::NoValue
+            - !If 
+              - DeployTeradici
+              - installTeradici
+              - !Ref AWS::NoValue
             - joinDomain
             - finalize
         setup:
@@ -222,9 +252,6 @@ Resources:
             C:\cfn\scripts\install-gpu-drivers.ps1:
               source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/install-gpu-drivers.ps1'
               authentication: S3AccessCreds
-            C:\cfn\scripts\install-teradici.ps1:
-              source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/install-teradici.ps1'
-              authentication: S3AccessCreds
             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\automount.bat:
               content: !Sub |
                     @echo OFF
@@ -249,7 +276,22 @@ Resources:
             '10-reboot':
               command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\Restart-Computer.ps1'
               waitAfterCompletion: forever
-            '15-install-teradici':
+        installNICEDCV:
+          files: 
+            C:\cfn\scripts\install-nicedcv.ps1:
+              source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/install-nicedcv.ps1'
+              authentication: S3AccessCreds
+          commands:
+            '01-install-nicedcv':
+              command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\install-nicedcv.ps1 -Verbose'
+              waitAfterCompletion: '0'
+        installTeradici:
+          files:
+            C:\cfn\scripts\install-teradici.ps1:
+              source: !Sub 'https://${CloudFormationBucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${CloudFormationKeyPrefix}/install-teradici.ps1'
+              authentication: S3AccessCreds
+          commands:
+            '01-install-teradici':
               command: 'powershell.exe -ExecutionPolicy Unrestricted C:\cfn\scripts\install-teradici.ps1 -Verbose'
               waitAfterCompletion: '0'
         joinDomain:

deployment/templates/aws-edit-in-the-cloud-fsx-dns-name.template

@@ -91,6 +91,7 @@ Resources:
       CompatibleRuntimes: 
         - python3.7
         - python3.8
+        - python3.9
       Content: 
         S3Bucket: !Ref CloudFormationBucketName
         S3Key: !Ref Boto3LayerS3Key
@@ -109,7 +110,7 @@ Resources:
     Properties:
       FunctionName: !Sub '${Project}-FSxDNSNameLambda'
       Description: Get FSx DNS Name (file_system_id)
-      Runtime: python3.8
+      Runtime: python3.9
       Code:
         S3Bucket: !Ref CloudFormationBucketName
         S3Key: !Ref LambdaFunctionS3Key

deployment/templates/aws-edit-in-the-cloud-host-security-group.template

@@ -8,6 +8,18 @@ Parameters:
   VPCID:
     Description: ID of the VPC (e.g., vpc-0343606e)
     Type: AWS::EC2::VPC::Id
+  RemoteDisplayProtocol:
+    Description: Remote Display Protocol configured on the instance (Teradici PCoIP | NICE DCV)
+    Type: String
+    Default: teradici
+    AllowedValues:
+      - teradici
+      - nicedcv
+
+Conditions:
+  DeployTeradici: !Equals [!Ref RemoteDisplayProtocol, teradici]
+  DeployNICEDCV: !Equals [!Ref RemoteDisplayProtocol, nicedcv]
+
 Resources:
   HostSecurityGroup:
     Type: AWS::EC2::SecurityGroup
@@ -37,21 +49,46 @@ Resources:
           FromPort: 3389
           ToPort: 3389
           CidrIp: !Ref 'HostAccessCIDR'
-        - IpProtocol: tcp
-          Description: "HTTPS"
-          FromPort: 443
-          ToPort: 443
-          CidrIp: !Ref 'HostAccessCIDR'
-        - IpProtocol: udp
-          Description: "Teradici PCoIP"
-          FromPort: 4172
-          ToPort: 4172
-          CidrIp: !Ref 'HostAccessCIDR'
-        - IpProtocol: tcp
-          Description: "Teradici PCoIP"
-          FromPort: 4172
-          ToPort: 4172
-          CidrIp: !Ref 'HostAccessCIDR'
+        - !If 
+          - DeployTeradici
+          - IpProtocol: tcp
+            Description: "HTTPS"
+            FromPort: 443
+            ToPort: 443
+            CidrIp: !Ref 'HostAccessCIDR'
+          - !Ref AWS::NoValue
+        - !If 
+          - DeployTeradici
+          - IpProtocol: udp
+            Description: "Teradici PCoIP"
+            FromPort: 4172
+            ToPort: 4172
+            CidrIp: !Ref 'HostAccessCIDR'
+          - !Ref AWS::NoValue
+        - !If 
+          - DeployTeradici
+          - IpProtocol: tcp
+            Description: "Teradici PCoIP"
+            FromPort: 4172
+            ToPort: 4172
+            CidrIp: !Ref 'HostAccessCIDR'
+          - !Ref AWS::NoValue
+        - !If 
+          - DeployNICEDCV
+          - IpProtocol: tcp
+            Description: "NICE DCV"
+            FromPort: 8443
+            ToPort: 8443
+            CidrIp: !Ref 'HostAccessCIDR'
+          - !Ref AWS::NoValue
+        - !If 
+          - DeployNICEDCV
+          - IpProtocol: udp
+            Description: "NICE DCV"
+            FromPort: 8443
+            ToPort: 8443
+            CidrIp: !Ref 'HostAccessCIDR'
+          - !Ref AWS::NoValue
       VpcId: !Ref 'VPCID'
 Outputs:
   EditInstanceSG:

deployment/templates/aws-edit-in-the-cloud.template

@@ -40,6 +40,7 @@ Metadata:
           - EditHostInstanceType
           - EditHostAccessCIDR
           - KeyPairName
+          - RemoteDisplayProtocol
       - Label:
           default: Microsoft Active Directory Configuration
         Parameters:
@@ -71,6 +72,8 @@ Metadata:
         default: Edit Host Access CIDR
       KeyPairName:
         default: Key Pair Name
+      RemoteDisplayProtocol:
+        default: Remote Display Protocol
       EditHostInstanceType:
         default: Amazon EC2 instance type for the video editing server
       PrivateSubnet1CIDR:
@@ -154,6 +157,13 @@ Parameters:
       Public/private key pairs allow you to securely connect to your instance
       after it launches
     Type: AWS::EC2::KeyPair::KeyName
+  RemoteDisplayProtocol:
+    Description: Remote Display Protocol configured on the instance (Teradici PCoIP | NICE DCV)
+    Type: String
+    Default: teradici
+    AllowedValues:
+      - teradici
+      - nicedcv
   PrivateSubnet1CIDR:
     AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
     ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
@@ -254,6 +264,7 @@ Resources:
       Parameters:
         HostAccessCIDR: !Ref 'EditHostAccessCIDR'
         VPCID: !GetAtt 'VPCStack.Outputs.VPCID'
+        RemoteDisplayProtocol: !Ref 'RemoteDisplayProtocol'
   ADStack:
     DependsOn: HostSecGrpStack
     Type: AWS::CloudFormation::Stack
@@ -295,6 +306,7 @@ Resources:
         DomainNetBIOSName: !Ref 'DomainNetBIOSName'
         InstanceType: !Ref 'EditHostInstanceType'
         KeyPairName: !Ref 'KeyPairName'
+        RemoteDisplayProtocol: !Ref 'RemoteDisplayProtocol'
         HostSubnetId: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID'
         FSxNetworkFileShare: !GetAtt 'FSXDNSNameStack.Outputs.FSxNetworkShare'
         SGWNetworkFileShare: 'NONE'

source/install-nicedcv.ps1

@@ -0,0 +1,60 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory=$false)]
+    [string]$Source = 'https://d1uj6qtbmh3dt5.cloudfront.net/nice-dcv-server-x64-Release.msi',
+    [Parameter(Mandatory=$false)]
+    [string]$Destination = 'C:\cfn\downloads\nice-dcv-server-x64-Release.msi'
+)
+
+try {
+    $ErrorActionPreference = "Stop"
+
+    $parentDir = Split-Path $Destination -Parent
+    if (-not (Test-Path $parentDir)) {
+        New-Item -Path $parentDir -ItemType directory -Force | Out-Null
+    }
+
+    Write-Host "Trying to download NiceDCV from $Source to $Destination"
+    $tries = 5
+    while ($tries -ge 1) {
+        try {
+            (New-Object System.Net.WebClient).DownloadFile($Source,$Destination)
+            break
+        }
+        catch {
+            $tries--
+            Write-Host "Exception:"
+            Write-Host "$_"
+            if ($tries -lt 1) {
+                throw $_
+            }
+            else {
+                Write-Host "Failed download. Retrying again in 5 seconds"
+                Start-Sleep 5
+            }
+        }
+    }
+
+    # Add a registry key to enable the QUIC (UDP) protocol in NiceDCV
+    New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
+    New-Item -Path HKU:\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\ -Name connectivity -Force
+    New-ItemProperty -Path HKU:\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\connectivity\ -Name enable-quic-frontend -Value 1
+
+    if ([System.IO.Path]::GetExtension($Destination) -eq '.msi') {
+       Write-Host "Start install of NiceDCV ..."
+       # AUTOMATIC_SESSION_OWNER variable changes the default owner from SYSTEM to the local administrator
+       # '/norestart' - to prevent reboot
+       # 
+       Start-Process msiexec.exe -ArgumentList "/I $Destination", 'AUTOMATIC_SESSION_OWNER=Administrator', '/quiet','/norestart', '/l*v dcv_install_msi.log'  -Wait
+    } else {
+        throw "Problem installing NiceDCV, not .msi extension"
+    }
+    Write-Host "Install NiceDCV complete"
+}
+catch {
+    Write-Host "catch: $_"
+    $_ | Write-AWSQuickStartException
+}