Merge branch 'stop_ad_admin' into 'develop'

[BI] Shut down Windows AD management host

See merge request mwvaughn/aws-hpc-recipes!102

Author: junbo75

recipes/dir/demo_managed_ad/README.md

@@ -37,7 +37,7 @@ Then select **Connect** to connect to the instance using AWS Session Manager whi
 
 Follow the same instructions as for accessing the host by SSM, until you get to the **Connect** step. There, select **SSH Client** to get directions on how to connect with SSH. 
 
-**Note** If you haven chosen **Yes** for the parameter **StopAdAdminInstance** whe  you launched the CloudFormation template, the Linux instance may be in a stopped state. Choose **Instance state::Start instance** to bring it back online before connecting to it. You can shut the instance down again when you are done working with it. 
+**Note** If you haven chosen **True** for the parameter **StopAdAdminInstance** when  you launched the CloudFormation template, the Linux instance may be in a stopped state. Choose **Instance state::Start instance** to bring it back online before connecting to it. You can shut the instance down again when you are done working with it. 
 
 #### Adding Users and Groups
 
@@ -87,7 +87,7 @@ There is a [Windows Management Host](https://console.aws.amazon.com/cloudformati
 
 You may access this instance by going to the Outputs tab and copying the **ManagementHostId**. Next, navigate to the EC2 console and search for the instance ID. Copy its **Public IPv4 address** and use that with your RDP client to connect to the instance. The access credentials will be `Admin` and the value for **AdministratorPassword** you provided when you created the AD. 
 
-**Note** If you haven chosen **Yes** for the parameter **StopAdAdminInstance** when you launched the CloudFormation template, the Windows instance may be in a stopped state. Choose **Instance state::Start instance** to bring it back online before connecting to it. You can shut the instance down again when you are done working with it. 
+**Note** If you haven chosen **True** for the parameter **StopAdAdminInstance** when you launched the CloudFormation template, the Windows instance may be in a stopped state. Choose **Instance state::Start instance** to bring it back online before connecting to it. You can shut the instance down again when you are done working with it. 
 
 Once you connect to the instance, you may open the **Active Directory Users and Computers** interface by choosing to run that from the Windows Start menu:
 ![image](https://github.com/charlesg3/aws-hpc-recipes/assets/6087509/387f0abe-5db4-4d8d-aaff-9e42023f5dc9)

recipes/dir/demo_managed_ad/assets/main-import.yaml

@@ -96,10 +96,10 @@ Parameters:
   StopAdAdminInstance:
     Description: Automatically stop the Management Instance to save costs
     Type: String
-    Default: "No"
+    Default: "False"
     AllowedValues:
-         - "Yes"
-         - "No"
+         - "True"
+         - "False"
 
 Conditions: 
   isUSEast1: !Equals [!Ref "AWS::Region", "us-east-1"]
@@ -510,7 +510,7 @@ Resources:
               user_name = event['ResourceProperties']['UserName']
               user_password = event['ResourceProperties']['UserPassword']
               admin_password = event['ResourceProperties']['AdminPassword']
-              stop_ad_admin_instance = event['ResourceProperties']['StopAdAdminInstance'] == 'Yes'
+              stop_ad_admin_instance = event['ResourceProperties']['StopAdAdminInstance'] == 'True'
 
               response_data = {}
               reason = None

recipes/dir/demo_managed_ad/assets/main.yaml

@@ -118,10 +118,10 @@ Parameters:
   StopAdAdminInstance:
     Description: Automatically stop the management instance to save costs.
     Type: String
-    Default: "No"
+    Default: "False"
     AllowedValues:
-         - "Yes"
-         - "No"
+         - "True"
+         - "False"
 
 Transform: AWS::Serverless-2016-10-31
 
@@ -633,7 +633,7 @@ Resources:
               user_name = event['ResourceProperties']['UserName']
               user_password = event['ResourceProperties']['UserPassword']
               admin_password = event['ResourceProperties']['AdminPassword']
-              stop_ad_admin_instance = event['ResourceProperties']['StopAdAdminInstance'] == 'Yes'
+              stop_ad_admin_instance = event['ResourceProperties']['StopAdAdminInstance'] == 'True'
 
               response_data = {}
               reason = None

recipes/dir/demo_managed_ad/assets/windows_management_host.yaml

@@ -116,10 +116,10 @@ Parameters:
   StopAdAdminInstance:
     Description: Automatically stop the management instance after launch to reduce costs.
     Type: String
-    Default: "No"
+    Default: "False"
     AllowedValues:
-         - "Yes"
-         - "No"
+         - "True"
+         - "False"
 
 Conditions:
   AddPrefixList: !Not [!Equals [!Ref ClientPrefixList, ""]]
@@ -307,6 +307,9 @@ Resources:
                 }
                 Unregister-ScheduledTask -TaskName $task_name -Confirm:$false # remove subtask
                 Unregister-ScheduledTask -TaskName "Setup domain" -Confirm:$false # remove the parent task that called us
+                if ("${StopAdAdminInstance}" -eq "True") {
+                  stop-computer
+                }
               }
               '@
 
@@ -335,6 +338,7 @@ Resources:
                 DomainName: !Ref DomainName,
                 DelegationUser: !Ref DelegationUser,
                 ServiceAccountName: !Ref ServiceAccountName,
+                StopAdAdminInstance: !Ref StopAdAdminInstance,
                 DC: !Join [",DC=", !Split [".", !Ref DomainName ]],
                 OU: !Select [0, !Split ['.', !Ref DomainName ]]
                 }
@@ -413,19 +417,13 @@ Resources:
           def handler(event, context):
               print( 'boto version {}'.format(boto3.__version__))
 
-              instance_id = event['ResourceProperties']['InstanceId']
-              # stop_admin_instance = event['ResourceProperties']['StopAdAdminInstance'] == 'Yes'
-              stop_admin_instance = False
-
               response_data = {}
               reason = None
               response_status = cfnresponse.SUCCESS
 
               if event['RequestType'] == 'Create':
                   response_data['Message'] = 'Resource creation successful!'
                   physical_resource_id = create_physical_resource_id()
-                  if stop_admin_instance:
-                    ec2.stop_instances(InstanceIds=[instance_id])
               else:
                   physical_resource_id = event['PhysicalResourceId']
 

recipes/res/res_demo_env/assets/bi.yaml

@@ -17,7 +17,7 @@ Metadata:
           - LDIFS3Path
           - ClientIpCidr
           - ClientPrefixList
-          # - StopAdAdminInstances
+          - StopAdAdminInstances
 
 Parameters:
   DomainName:
@@ -58,13 +58,13 @@ Parameters:
     Description: (Optional) An S3 Path (without the s3://) to an LDIF file that will be used during stack creation.
     Type: String
     Default: aws-hpc-recipes/main/recipes/res/res_demo_env/assets/res.ldif
-  # StopAdAdminInstances:
-  #   Description: Automatically stop management instances to save costs.
-  #   Type: String
-  #   Default: "No"
-  #   AllowedValues:
-  #        - "Yes"
-  #        - "No"
+  StopAdAdminInstances:
+    Description: Automatically stop management instances to save costs.
+    Type: String
+    Default: "False"
+    AllowedValues:
+         - "True"
+         - "False"
   Keypair:
     Description: EC2 Keypair to access AD management instances.
     Type: AWS::EC2::KeyPair::KeyName
@@ -148,7 +148,7 @@ Resources:
         Keypair: !Ref Keypair
         VpcId: !GetAtt [ Networking, Outputs.VPC ]
         Subnet: {"Fn::Select": [0, { "Fn::Split" : [",", !GetAtt [ Networking, Outputs.PublicSubnets ]] }]}
-        # StopAdAdminInstance: !Ref StopAdAdminInstances
+        StopAdAdminInstance: !Ref StopAdAdminInstances
         ClientIpCidr: !Ref ClientIpCidr
         ClientPrefixList: !Ref ClientPrefixList
         PSS3Path: aws-hpc-recipes/main/recipes/res/res_demo_env/assets/service_account.ps1