Launch the stack

This automated AWS CloudFormation template deploys Workload Discovery on AWS in the AWS Cloud. You must gather deployment parameter details before launching the stack. For details, refer to Prerequisites.

Time to deploy: Approximately 30 minutes

Sign in to the AWS Management Console and select the button to launch the workload-discovery-on-aws.template AWS CloudFormation template.
The template launches in the US East (N. Virginia) Region by default. To launch the solution in a different AWS Region, use the Region selector in the console navigation bar.

Note
This solution uses services that are not available in all AWS Regions. Refer to Supported AWS Regions for a list of supported AWS Regions.
On the Create stack page, verify that the correct template URL is in the Amazon S3 URL text box, and choose Next.
On the Specify stack details page, assign a name to your solution stack. For information about naming character limitations, refer to IAM and AWS STS quotas in the AWS Identity and Access Management User Guide.

Under Parameters, review the parameters for this solution template and modify them as necessary. This solution uses the following default values.

Parameter	Default	Description
AdminUserEmailAddress	`<Requires input>`	An email address to create the first user. The temporary credentials will be sent to this email address.
AlreadyHaveConfigSetup	`No`	Confirmation of whether or not you already have AWS Config set up in the deployment account. For details, refer to Prerequisites.
AthenaWorkgroup	`primary`	The workgroup that will be used to issue the Athena query when the Cost feature is enabled.
ApiAllowListedRanges	`0.0.0.0/1,128.0.0.0/1`	Comma separated list of CIDRs to manage access to the AppSync GraphQL API. To allow the entire internet, use 0.0.0.0/1,128.0.0.0/1. If restricting access to specific CIDRs, you must also include the IP addresses (and a subnet mask of /32) of the NAT gateways that allow the discovery process ECS task running in its private subnet to access the internet. NOTE: This allow list does not govern access to the WebUI, only the GraphQL API.
CreateNeptuneReplica	`No`	Choose whether to create a read replica for Neptune in a separate Availability Zone. Choosing `Yes` improves resilience but increases the cost of this solution.
CreateOpenSearchServiceRole	`Yes`	Confirmation of whether or not you already have a service-linked role for Amazon OpenSearch Service. For details, refer to Prerequisites.
NeptuneInstanceClass	`db.r5.large`	The instance type used to host the Amazon Neptune database. What you select here affects the cost of running this solution.
OpensearchInstanceType	`m6g.large.search`	The instance type used for your OpenSearch Service data nodes. Your selection affects the cost of running the solution.
OpensearchMultiAz	`No`	Choose whether to create an OpenSearch Service cluster that spans multiple Availability Zones. Choosing `Yes` improves resilience but increases the cost of this solution.
CrossAccountDiscovery	`SELF_MANAGED`	Choose whether Workload Discovery on AWS or AWS Organizations manages the importing of accounts. The value can be `SELF_MANAGED` or `AWS_ORGANIZATIONS`.
OrganizationUnitId	<Optional input>	The root organization unit ID. This parameter is only used when CrossAccountDiscovery is set to `AWS_ORGANIZATIONS`.
AccountType	`DELEGATED_ADMIN`	The type of AWS Organizations account to install Workload Discovery on AWS in. This parameter is only used when CrossAccountDiscovery is set to `AWS_ORGANIZATIONS`. For details, refer to Choosing the deployment account.
ConfigAggregatorName	<Optional input>	The AWS Organization-wide Config aggregator to use. You must install the solution in the same account and Region as this aggregator. If you leave this parameter blank, a new aggregator will be created. This parameter is only used when CrossAccountDiscovery is set to `AWS;_ORGANIZATIONS`.
CpuUnits	`1 vCPU`	The number of CPUs to allocate for the Fargate task that the discovery process runs in.
Memory	`2048`	The amount of memory to allocate for the Fargate task that the discovery process runs in.
DiscoveryTaskFrequency	`15mins`	The time interval between every run of the discovery process ECS task.
MinNCUs	`1`	Minimum Neptune Capacity Units (NCUs) to be set on the Neptune cluster (must be less than or equal to MaxNCUs). Required if DBInstance type is `db.serverless`.
MaxNCUs	`128`	Maximum NCUs to be set on the Neptune cluster (must be greater than or equal to MinNCUs). Required if DBInstance type is `db.serverless`.
VpcId	<Optional input>	The ID of an existing VPC for the solution to use. If you leave this parameter blank, a new VPC will be provisioned.
VpcCidrBlock	<Optional input>	The VPC CIDR block of the VPC referenced by the VpcId parameter. This parameter is only used if the VpcId parameter is set.
PrivateSubnet0	<Optional input>	The private subnet you wish to use. This parameter is only used if the VpcId parameter is set.
PrivateSubnet1	<Optional input>	The private subnet you wish to use. This parameter is only used if the VpcId parameter is set.
UsesCustomIdentity	`No`	Confirmation of whether on not you will be using a custom identity provider, such as SAML or OIDC.
CognitoCustomDomain	<Optional input>	The domain prefix for the Amazon Cognito custom domain that hosts the sign-up and sign-in pages for your application. Leave empty if you are not using a custom IdP, otherwise must include only lowercase letters, numbers, and hyphens.
CognitoAttributeMapping	<Optional input>	The mapping of IdP attributes to standard and custom Cognito user pool attributes. Leave empty if you are not using a custom IdP, otherwise must be a valid JSON string.
IdentityType	<Optional input>	The type of Identity Provider to use (`Google`, `SAML`, or `OIDC`). Leave empty if you are not using a custom IdP.
ProviderName	<Optional input>	Name for the Identity Provider. Leave empty if you are not using a custom IdP.
GoogleClientId	<Optional input>	The Google Client ID to use. Parameter only used when IdentityType is set to `Google`.
GoogleClientSecret	<Optional input>	The Google client secret to use. Parameter only used when IdentityType is set to `Google`.
SAMLMetadataURL	<Optional input>	The metadata URL for the SAML Identity Provider. Parameter only used when IdentityType is set to SAML.
OIDCClientId	<Optional input>	The OIDC client ID to use. Parameter only used when IdentityType is set to `OIDC`.
OIDCClientSecret	<Optional input>	The OIDC client secret to use. Parameter only used when IdentityType is set to `OIDC`.
OIDCIssuerURL	<Optional input>	The OIDC issuer URL to use. Parameter only used when IdentityType is set to `OIDC`.
OIDCAttributeRequestMethod	`GET`	The OIDC attribute request method to use. Must be either `GET` or `POST` (refer to OIDC provider or use default value). Parameter only used when IdentityType is set to `OIDC`.

Choose Next.
On the Configure stack options page, choose Next.
On the Review and create page, review and confirm the settings. Select the boxes acknowledging that the template creates IAM resources and require certain capabilities.
Choose Submit to deploy the stack.

You can view the status of the stack in the AWS CloudFormation Console in the Status column. You should receive a CREATE_COMPLETE status in approximately 30 minutes.

Note
If deleted, this stack removes all resources. If the stack is updated, it retains the Amazon Cognito user pool to ensure that configured users aren’t lost.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS CloudFormation Template

Post-deployment configuration tasks

Launch the stack

Note

Note