This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).

# Amazon Elastic VMware Service
<a name="AWS_EVS"></a>

**Resource types**
+ [AWS::EVS::Environment](aws-resource-evs-environment.md)

# AWS::EVS::Environment
<a name="aws-resource-evs-environment"></a>

Creates an Amazon EVS environment that runs VCF software, such as SDDC Manager, NSX Manager, and vCenter Server.

During environment creation, Amazon EVS performs validations on DNS settings, provisions VLAN subnets and hosts, and deploys the supplied version of VCF.

It can take several hours to create an environment. After the deployment completes, you can configure VCF in the vSphere user interface according to your needs.

**Important**  
When creating a new environment, the default ESX version for the selected VCF version will be used, you cannot choose a specific ESX version in `CreateEnvironment` action. When a host has been added with a specific ESX version, it can only be upgraded using vCenter Lifecycle Manager.

**Note**  
You cannot use the `dedicatedHostId` and `placementGroupId` parameters together in the same `CreateEnvironment` action. This results in a `ValidationException` response.

## Syntax
<a name="aws-resource-evs-environment-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-resource-evs-environment-syntax.json"></a>

```
{
  "Type" : "AWS::EVS::Environment",
  "Properties" : {
      "[ConnectivityInfo](#cfn-evs-environment-connectivityinfo)" : ConnectivityInfo,
      "[EnvironmentName](#cfn-evs-environment-environmentname)" : String,
      "[Hosts](#cfn-evs-environment-hosts)" : [ HostInfoForCreate, ... ],
      "[InitialVlans](#cfn-evs-environment-initialvlans)" : InitialVlans,
      "[KmsKeyId](#cfn-evs-environment-kmskeyid)" : String,
      "[LicenseInfo](#cfn-evs-environment-licenseinfo)" : LicenseInfo,
      "[ServiceAccessSecurityGroups](#cfn-evs-environment-serviceaccesssecuritygroups)" : ServiceAccessSecurityGroups,
      "[ServiceAccessSubnetId](#cfn-evs-environment-serviceaccesssubnetid)" : String,
      "[SiteId](#cfn-evs-environment-siteid)" : String,
      "[Tags](#cfn-evs-environment-tags)" : [ Tag, ... ],
      "[TermsAccepted](#cfn-evs-environment-termsaccepted)" : Boolean,
      "[VcfHostnames](#cfn-evs-environment-vcfhostnames)" : VcfHostnames,
      "[VcfVersion](#cfn-evs-environment-vcfversion)" : String,
      "[VpcId](#cfn-evs-environment-vpcid)" : String
    }
}
```

### YAML
<a name="aws-resource-evs-environment-syntax.yaml"></a>

```
Type: AWS::EVS::Environment
Properties:
  [ConnectivityInfo](#cfn-evs-environment-connectivityinfo): 
    ConnectivityInfo
  [EnvironmentName](#cfn-evs-environment-environmentname): String
  [Hosts](#cfn-evs-environment-hosts): 
    - HostInfoForCreate
  [InitialVlans](#cfn-evs-environment-initialvlans): 
    InitialVlans
  [KmsKeyId](#cfn-evs-environment-kmskeyid): String
  [LicenseInfo](#cfn-evs-environment-licenseinfo): 
    LicenseInfo
  [ServiceAccessSecurityGroups](#cfn-evs-environment-serviceaccesssecuritygroups): 
    ServiceAccessSecurityGroups
  [ServiceAccessSubnetId](#cfn-evs-environment-serviceaccesssubnetid): String
  [SiteId](#cfn-evs-environment-siteid): String
  [Tags](#cfn-evs-environment-tags): 
    - Tag
  [TermsAccepted](#cfn-evs-environment-termsaccepted): Boolean
  [VcfHostnames](#cfn-evs-environment-vcfhostnames): 
    VcfHostnames
  [VcfVersion](#cfn-evs-environment-vcfversion): String
  [VpcId](#cfn-evs-environment-vpcid): String
```

## Properties
<a name="aws-resource-evs-environment-properties"></a>

`ConnectivityInfo`  <a name="cfn-evs-environment-connectivityinfo"></a>
The connectivity configuration for the environment. Amazon EVS requires that you specify two route server peer IDs. During environment creation, the route server endpoints peer with the NSX uplink VLAN for connectivity to the NSX overlay network.  
*Required*: Yes  
*Type*: [ConnectivityInfo](aws-properties-evs-environment-connectivityinfo.md)  
*Update requires*: Updates are not supported.

`EnvironmentName`  <a name="cfn-evs-environment-environmentname"></a>
The name of the environment.  
*Required*: No  
*Type*: String  
*Pattern*: `^[a-zA-Z0-9_-]{1,100}$`  
*Update requires*: Updates are not supported.

`Hosts`  <a name="cfn-evs-environment-hosts"></a>
Required for environment resource creation.  
*Required*: Conditional  
*Type*: Array of [HostInfoForCreate](aws-properties-evs-environment-hostinfoforcreate.md)  
*Minimum*: `4`  
*Maximum*: `4`  
*Update requires*: Updates are not supported.

`InitialVlans`  <a name="cfn-evs-environment-initialvlans"></a>
The initial VLAN subnets for the environment. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24. Amazon EVS VLAN subnet CIDR blocks must not overlap with other subnets in the VPC.  
Required for environment resource creation.  
*Required*: Conditional  
*Type*: [InitialVlans](aws-properties-evs-environment-initialvlans.md)  
*Update requires*: Updates are not supported.

`KmsKeyId`  <a name="cfn-evs-environment-kmskeyid"></a>
The AWS KMS key ID that AWS Secrets Manager uses to encrypt secrets that are associated with the environment. These secrets contain the VCF credentials that are needed to install vCenter Server, NSX, and SDDC Manager.  
By default, Amazon EVS use the AWS Secrets Manager managed key `aws/secretsmanager`. You can also specify a customer managed key.  
*Required*: No  
*Type*: String  
*Update requires*: Updates are not supported.

`LicenseInfo`  <a name="cfn-evs-environment-licenseinfo"></a>
 The license information that Amazon EVS requires to create an environment. Amazon EVS requires two license keys: a VCF solution key and a vSAN license key. The VCF solution key must cover a minimum of 256 cores. The vSAN license key must provide at least 110 TiB of vSAN capacity.  
*Required*: Yes  
*Type*: [LicenseInfo](aws-properties-evs-environment-licenseinfo.md)  
*Update requires*: Updates are not supported.

`ServiceAccessSecurityGroups`  <a name="cfn-evs-environment-serviceaccesssecuritygroups"></a>
The security groups that allow traffic between the Amazon EVS control plane and your VPC for service access. If a security group is not specified, Amazon EVS uses the default security group in your account for service access.  
*Required*: No  
*Type*: [ServiceAccessSecurityGroups](aws-properties-evs-environment-serviceaccesssecuritygroups.md)  
*Update requires*: Updates are not supported.

`ServiceAccessSubnetId`  <a name="cfn-evs-environment-serviceaccesssubnetid"></a>
 The subnet that is used to establish connectivity between the Amazon EVS control plane and VPC. Amazon EVS uses this subnet to perform validations and create the environment.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^subnet-[a-f0-9]{8}([a-f0-9]{9})?$`  
*Minimum*: `15`  
*Maximum*: `24`  
*Update requires*: Updates are not supported.

`SiteId`  <a name="cfn-evs-environment-siteid"></a>
The Broadcom Site ID that is associated with your Amazon EVS environment. Amazon EVS uses the Broadcom Site ID that you provide to meet Broadcom VCF license usage reporting requirements for Amazon EVS.  
*Required*: Yes  
*Type*: String  
*Update requires*: Updates are not supported.

`Tags`  <a name="cfn-evs-environment-tags"></a>
Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources.  
*Required*: No  
*Type*: Array of [Tag](aws-properties-evs-environment-tag.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`TermsAccepted`  <a name="cfn-evs-environment-termsaccepted"></a>
Customer confirmation that the customer has purchased and will continue to maintain the required number of VCF software licenses to cover all physical processor cores in the Amazon EVS environment. Information about your VCF software in Amazon EVS will be shared with Broadcom to verify license compliance. Amazon EVS does not validate license keys. To validate license keys, visit the Broadcom support portal.   
*Required*: Yes  
*Type*: Boolean  
*Update requires*: Updates are not supported.

`VcfHostnames`  <a name="cfn-evs-environment-vcfhostnames"></a>
The DNS hostnames to be used by the VCF management appliances in your environment.  
For environment creation to be successful, each hostname entry must resolve to a domain name that you've registered in your DNS service of choice and configured in the DHCP option set of your VPC. DNS hostnames cannot be changed after environment creation has started.  
*Required*: Yes  
*Type*: [VcfHostnames](aws-properties-evs-environment-vcfhostnames.md)  
*Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

`VcfVersion`  <a name="cfn-evs-environment-vcfversion"></a>
The VCF version of the environment.  
*Required*: Yes  
*Type*: String  
*Allowed values*: `VCF-5.2.1 | VCF-5.2.2`  
*Update requires*: Updates are not supported.

`VpcId`  <a name="cfn-evs-environment-vpcid"></a>
The VPC associated with the environment.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^vpc-[a-f0-9]{8}([a-f0-9]{9})?$`  
*Minimum*: `12`  
*Maximum*: `21`  
*Update requires*: Updates are not supported.

## Return values
<a name="aws-resource-evs-environment-return-values"></a>

### Ref
<a name="aws-resource-evs-environment-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the Amazon EVS `EnvironmentId`. For example: `{ "Ref": "env-1234567890" }`.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html).

### Fn::GetAtt
<a name="aws-resource-evs-environment-return-values-fn--getatt"></a>

The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html).

#### 
<a name="aws-resource-evs-environment-return-values-fn--getatt-fn--getatt"></a>

`Checks`  <a name="Checks-fn::getatt"></a>
A check on the environment to identify instance health and VMware VCF licensing issues. For example:  

```
            {
                "checks": [
                    {
                        "type": "KEY_REUSE",
                        "result": "PASSED"
                    },
                    {
                        "type": "KEY_COVERAGE",
                        "result": "PASSED"
                    },
                    {
                        "type": "REACHABILITY",
                        "result": "PASSED"
                    },
                    {
                        "type": "HOST_COUNT",
                        "result": "PASSED"
                    }
                ]
            }
```

`CreatedAt`  <a name="CreatedAt-fn::getatt"></a>
The date and time that the environment was created. For example:`1749081600.000`.

`Credentials`  <a name="Credentials-fn::getatt"></a>
The VCF credentials that are stored as Amazon EVS managed secrets in AWS Secrets Manager. Amazon EVS stores credentials that are needed to install vCenter Server, NSX, and SDDC Manager. For example:  

```
            {
                [
                    {
                        "secretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:evs!env-1234567890_vCenterAdmin-MnTMEi"
                    },
                    {
                        "secretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:evs!env-1234567890_vCenterRoot-87VyCF"
                    },
                    {
                        "secretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:evs!env-1234567890_NSXRoot-SR3k43"
                    },
                    {
                        "secretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:evs!env-1234567890_NSXAdmin-L5LUiD"
                    },
                    {
                        "secretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:evs!env-1234567890_NSXAudit-Q2oW46"
                    },
                    {
                        "secretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:evs!env-1234567890_SDDCManagerRoot-bFulOq"
                    },
                    {
                        "secretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:evs!env-1234567890_SDDCManagerVCF-Ec3gES"
                    },
                    {
                        "secretArn": "arn:aws:secretsmanager:us-east-1:000000000000:secret:evs!env-1234567890_SDDCManagerAdmin-JMTAAb"
                    }
                ]
            }
```

`EnvironmentArn`  <a name="EnvironmentArn-fn::getatt"></a>
The Amazon Resource Name (ARN) that is associated with the environment. For example: `arn:aws:evs:us-east-1:000000000000:environment/env-1234567890`.

`EnvironmentId`  <a name="EnvironmentId-fn::getatt"></a>
The unique ID for the environment. For example: `env-1234567890`.

`EnvironmentState`  <a name="EnvironmentState-fn::getatt"></a>
The state of an environment. For example: `CREATED`.

`ModifiedAt`  <a name="ModifiedAt-fn::getatt"></a>
 The date and time that the environment was modified. For example:`1749081600.000`.

`StateDetails`  <a name="StateDetails-fn::getatt"></a>
A detailed description of the `environmentState` of an environment. For example: `Environment successfully created`.

# AWS::EVS::Environment Check
<a name="aws-properties-evs-environment-check"></a>

A check on the environment to identify environment health and validate VMware VCF licensing compliance.

## Syntax
<a name="aws-properties-evs-environment-check-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-check-syntax.json"></a>

```
{
  "[ImpairedSince](#cfn-evs-environment-check-impairedsince)" : String,
  "[Result](#cfn-evs-environment-check-result)" : String,
  "[Type](#cfn-evs-environment-check-type)" : String
}
```

### YAML
<a name="aws-properties-evs-environment-check-syntax.yaml"></a>

```
  [ImpairedSince](#cfn-evs-environment-check-impairedsince): String
  [Result](#cfn-evs-environment-check-result): String
  [Type](#cfn-evs-environment-check-type): String
```

## Properties
<a name="aws-properties-evs-environment-check-properties"></a>

`ImpairedSince`  <a name="cfn-evs-environment-check-impairedsince"></a>
The time when environment health began to be impaired.  
*Required*: No  
*Type*: String  
*Update requires*: Updates are not supported.

`Result`  <a name="cfn-evs-environment-check-result"></a>
 The check result.  
*Required*: Yes  
*Type*: String  
*Allowed values*: `PASSED | FAILED | UNKNOWN`  
*Update requires*: Updates are not supported.

`Type`  <a name="cfn-evs-environment-check-type"></a>
The check type. Amazon EVS performs the following checks.  
+ `KEY_REUSE`: checks that the VCF license key is not used by another Amazon EVS environment. This check fails if a used license is added to the environment.
+ `KEY_COVERAGE`: checks that your VCF license key allocates sufficient vCPU cores for all deployed hosts. The check fails when any assigned hosts in the EVS environment are not covered by license keys, or when any unassigned hosts cannot be covered by available vCPU cores in keys.
+ `REACHABILITY`: checks that the Amazon EVS control plane has a persistent connection to SDDC Manager. If Amazon EVS cannot reach the environment, this check fails.
+ `HOST_COUNT`: Checks that your environment has a minimum of 4 hosts.

  If this check fails, you will need to add hosts so that your environment meets this minimum requirement. Amazon EVS only supports environments with 4-16 hosts.
*Required*: Yes  
*Type*: String  
*Allowed values*: `KEY_REUSE | KEY_COVERAGE | REACHABILITY | VCF_VERSION | HOST_COUNT`  
*Update requires*: Updates are not supported.

# AWS::EVS::Environment ConnectivityInfo
<a name="aws-properties-evs-environment-connectivityinfo"></a>

The connectivity configuration for the environment. Amazon EVS requires that you specify two route server peer IDs. During environment creation, the route server endpoints peer with the NSX uplink VLAN for connectivity to the NSX overlay network.

## Syntax
<a name="aws-properties-evs-environment-connectivityinfo-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-connectivityinfo-syntax.json"></a>

```
{
  "[PrivateRouteServerPeerings](#cfn-evs-environment-connectivityinfo-privaterouteserverpeerings)" : [ String, ... ]
}
```

### YAML
<a name="aws-properties-evs-environment-connectivityinfo-syntax.yaml"></a>

```
  [PrivateRouteServerPeerings](#cfn-evs-environment-connectivityinfo-privaterouteserverpeerings): 
    - String
```

## Properties
<a name="aws-properties-evs-environment-connectivityinfo-properties"></a>

`PrivateRouteServerPeerings`  <a name="cfn-evs-environment-connectivityinfo-privaterouteserverpeerings"></a>
The unique IDs for private route server peers.  
*Required*: Yes  
*Type*: Array of String  
*Minimum*: `2`  
*Maximum*: `2`  
*Update requires*: Updates are not supported.

# AWS::EVS::Environment HostInfoForCreate
<a name="aws-properties-evs-environment-hostinfoforcreate"></a>

An object that represents a host.

**Note**  
You cannot use `dedicatedHostId` and `placementGroupId` together in the same `HostInfoForCreate`object. This results in a `ValidationException` response.

## Syntax
<a name="aws-properties-evs-environment-hostinfoforcreate-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-hostinfoforcreate-syntax.json"></a>

```
{
  "[DedicatedHostId](#cfn-evs-environment-hostinfoforcreate-dedicatedhostid)" : String,
  "[HostName](#cfn-evs-environment-hostinfoforcreate-hostname)" : String,
  "[InstanceType](#cfn-evs-environment-hostinfoforcreate-instancetype)" : String,
  "[KeyName](#cfn-evs-environment-hostinfoforcreate-keyname)" : String,
  "[PlacementGroupId](#cfn-evs-environment-hostinfoforcreate-placementgroupid)" : String
}
```

### YAML
<a name="aws-properties-evs-environment-hostinfoforcreate-syntax.yaml"></a>

```
  [DedicatedHostId](#cfn-evs-environment-hostinfoforcreate-dedicatedhostid): String
  [HostName](#cfn-evs-environment-hostinfoforcreate-hostname): String
  [InstanceType](#cfn-evs-environment-hostinfoforcreate-instancetype): String
  [KeyName](#cfn-evs-environment-hostinfoforcreate-keyname): String
  [PlacementGroupId](#cfn-evs-environment-hostinfoforcreate-placementgroupid): String
```

## Properties
<a name="aws-properties-evs-environment-hostinfoforcreate-properties"></a>

`DedicatedHostId`  <a name="cfn-evs-environment-hostinfoforcreate-dedicatedhostid"></a>
The unique ID of the Amazon EC2 Dedicated Host.  
*Required*: No  
*Type*: String  
*Pattern*: `^h-[a-f0-9]{8}([a-f0-9]{9})?$`  
*Minimum*: `1`  
*Maximum*: `25`  
*Update requires*: Updates are not supported.

`HostName`  <a name="cfn-evs-environment-hostinfoforcreate-hostname"></a>
The DNS hostname of the host. DNS hostnames for hosts must be unique across Amazon EVS environments and within VCF.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`InstanceType`  <a name="cfn-evs-environment-hostinfoforcreate-instancetype"></a>
The EC2 instance type that represents the host.  
Currently, Amazon EVS supports only the `i4i.metal` instance type.
*Required*: Yes  
*Type*: String  
*Allowed values*: `i4i.metal`  
*Update requires*: Updates are not supported.

`KeyName`  <a name="cfn-evs-environment-hostinfoforcreate-keyname"></a>
The name of the SSH key that is used to access the host.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^[a-zA-Z0-9_-]+$`  
*Minimum*: `1`  
*Maximum*: `255`  
*Update requires*: Updates are not supported.

`PlacementGroupId`  <a name="cfn-evs-environment-hostinfoforcreate-placementgroupid"></a>
The unique ID of the placement group where the host is placed.  
*Required*: No  
*Type*: String  
*Pattern*: `^pg-[a-f0-9]{8}([a-f0-9]{9})?$`  
*Minimum*: `1`  
*Maximum*: `25`  
*Update requires*: Updates are not supported.

# AWS::EVS::Environment InitialVlanInfo
<a name="aws-properties-evs-environment-initialvlaninfo"></a>

An object that represents an initial VLAN subnet for the Amazon EVS environment. Amazon EVS creates initial VLAN subnets when you first create the environment. Amazon EVS creates the following 10 VLAN subnets: host management VLAN, vMotion VLAN, vSAN VLAN, VTEP VLAN, Edge VTEP VLAN, Management VM VLAN, HCX uplink VLAN, NSX uplink VLAN, expansion VLAN 1, expansion VLAN 2.

**Note**  
For each Amazon EVS VLAN subnet, you must specify a non-overlapping CIDR block. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24.

## Syntax
<a name="aws-properties-evs-environment-initialvlaninfo-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-initialvlaninfo-syntax.json"></a>

```
{
  "[Cidr](#cfn-evs-environment-initialvlaninfo-cidr)" : String
}
```

### YAML
<a name="aws-properties-evs-environment-initialvlaninfo-syntax.yaml"></a>

```
  [Cidr](#cfn-evs-environment-initialvlaninfo-cidr): String
```

## Properties
<a name="aws-properties-evs-environment-initialvlaninfo-properties"></a>

`Cidr`  <a name="cfn-evs-environment-initialvlaninfo-cidr"></a>
 The CIDR block that you provide to create an Amazon EVS VLAN subnet. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24. Amazon EVS VLAN subnet CIDR blocks must not overlap with other subnets in the VPC.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/(3[0-2]|[1-2][0-9]|[0-9])$`  
*Update requires*: Updates are not supported.

# AWS::EVS::Environment InitialVlans
<a name="aws-properties-evs-environment-initialvlans"></a>

The initial VLAN subnets for the environment. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24. Amazon EVS VLAN subnet CIDR blocks must not overlap with other subnets in the VPC.

## Syntax
<a name="aws-properties-evs-environment-initialvlans-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-initialvlans-syntax.json"></a>

```
{
  "[EdgeVTep](#cfn-evs-environment-initialvlans-edgevtep)" : InitialVlanInfo,
  "[ExpansionVlan1](#cfn-evs-environment-initialvlans-expansionvlan1)" : InitialVlanInfo,
  "[ExpansionVlan2](#cfn-evs-environment-initialvlans-expansionvlan2)" : InitialVlanInfo,
  "[Hcx](#cfn-evs-environment-initialvlans-hcx)" : InitialVlanInfo,
  "[HcxNetworkAclId](#cfn-evs-environment-initialvlans-hcxnetworkaclid)" : String,
  "[IsHcxPublic](#cfn-evs-environment-initialvlans-ishcxpublic)" : Boolean,
  "[NsxUpLink](#cfn-evs-environment-initialvlans-nsxuplink)" : InitialVlanInfo,
  "[VmkManagement](#cfn-evs-environment-initialvlans-vmkmanagement)" : InitialVlanInfo,
  "[VmManagement](#cfn-evs-environment-initialvlans-vmmanagement)" : InitialVlanInfo,
  "[VMotion](#cfn-evs-environment-initialvlans-vmotion)" : InitialVlanInfo,
  "[VSan](#cfn-evs-environment-initialvlans-vsan)" : InitialVlanInfo,
  "[VTep](#cfn-evs-environment-initialvlans-vtep)" : InitialVlanInfo
}
```

### YAML
<a name="aws-properties-evs-environment-initialvlans-syntax.yaml"></a>

```
  [EdgeVTep](#cfn-evs-environment-initialvlans-edgevtep): 
    InitialVlanInfo
  [ExpansionVlan1](#cfn-evs-environment-initialvlans-expansionvlan1): 
    InitialVlanInfo
  [ExpansionVlan2](#cfn-evs-environment-initialvlans-expansionvlan2): 
    InitialVlanInfo
  [Hcx](#cfn-evs-environment-initialvlans-hcx): 
    InitialVlanInfo
  [HcxNetworkAclId](#cfn-evs-environment-initialvlans-hcxnetworkaclid): String
  [IsHcxPublic](#cfn-evs-environment-initialvlans-ishcxpublic): Boolean
  [NsxUpLink](#cfn-evs-environment-initialvlans-nsxuplink): 
    InitialVlanInfo
  [VmkManagement](#cfn-evs-environment-initialvlans-vmkmanagement): 
    InitialVlanInfo
  [VmManagement](#cfn-evs-environment-initialvlans-vmmanagement): 
    InitialVlanInfo
  [VMotion](#cfn-evs-environment-initialvlans-vmotion): 
    InitialVlanInfo
  [VSan](#cfn-evs-environment-initialvlans-vsan): 
    InitialVlanInfo
  [VTep](#cfn-evs-environment-initialvlans-vtep): 
    InitialVlanInfo
```

## Properties
<a name="aws-properties-evs-environment-initialvlans-properties"></a>

`EdgeVTep`  <a name="cfn-evs-environment-initialvlans-edgevtep"></a>
The edge VTEP VLAN subnet. This VLAN subnet manages traffic flowing between the internal network and external networks, including internet access and other site connections.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`ExpansionVlan1`  <a name="cfn-evs-environment-initialvlans-expansionvlan1"></a>
An additional VLAN subnet that can be used to extend VCF capabilities once configured. For example, you can configure an expansion VLAN subnet to use NSX Federation for centralized management and synchronization of multiple NSX deployments across different locations.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`ExpansionVlan2`  <a name="cfn-evs-environment-initialvlans-expansionvlan2"></a>
An additional VLAN subnet that can be used to extend VCF capabilities once configured. For example, you can configure an expansion VLAN subnet to use NSX Federation for centralized management and synchronization of multiple NSX deployments across different locations.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`Hcx`  <a name="cfn-evs-environment-initialvlans-hcx"></a>
The HCX VLAN subnet. This VLAN subnet allows the HCX Interconnnect (IX) and HCX Network Extension (NE) to reach their peers and enable HCX Service Mesh creation.  
If you plan to use a public HCX VLAN subnet, the following requirements must be met:  
+ Must have a /28 netmask and be allocated from the IPAM public pool. Required for HCX internet access configuration.
+ The HCX public VLAN CIDR block must be added to the VPC as a secondary CIDR block.
+ Must have at least two Elastic IP addresses to be allocated from the public IPAM pool for HCX components.
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`HcxNetworkAclId`  <a name="cfn-evs-environment-initialvlans-hcxnetworkaclid"></a>
A unique ID for a network access control list that the HCX VLAN uses. Required when `isHcxPublic` is set to `true`.  
*Required*: No  
*Type*: String  
*Pattern*: `^acl-[a-zA-Z0-9_-]+$`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`IsHcxPublic`  <a name="cfn-evs-environment-initialvlans-ishcxpublic"></a>
Determines if the HCX VLAN that Amazon EVS provisions is public or private.  
*Required*: No  
*Type*: Boolean  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`NsxUpLink`  <a name="cfn-evs-environment-initialvlans-nsxuplink"></a>
 The NSX uplink VLAN subnet. This VLAN subnet allows connectivity to the NSX overlay network.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`VmkManagement`  <a name="cfn-evs-environment-initialvlans-vmkmanagement"></a>
 The host VMkernel management VLAN subnet. This VLAN subnet carries traffic for managing ESX hosts and communicating with VMware vCenter Server.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`VmManagement`  <a name="cfn-evs-environment-initialvlans-vmmanagement"></a>
The VM management VLAN subnet. This VLAN subnet carries traffic for vSphere virtual machines.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`VMotion`  <a name="cfn-evs-environment-initialvlans-vmotion"></a>
 The vMotion VLAN subnet. This VLAN subnet carries traffic for vSphere vMotion.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`VSan`  <a name="cfn-evs-environment-initialvlans-vsan"></a>
 The vSAN VLAN subnet. This VLAN subnet carries the communication between ESX hosts to implement a vSAN shared storage pool.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

`VTep`  <a name="cfn-evs-environment-initialvlans-vtep"></a>
 The VTEP VLAN subnet. This VLAN subnet handles internal network traffic between virtual machines within a VCF instance.  
*Required*: Yes  
*Type*: [InitialVlanInfo](aws-properties-evs-environment-initialvlaninfo.md)  
*Update requires*: Updates are not supported.

# AWS::EVS::Environment LicenseInfo
<a name="aws-properties-evs-environment-licenseinfo"></a>

 The license information that Amazon EVS requires to create an environment. Amazon EVS requires two license keys: a VCF solution key and a vSAN license key.

## Syntax
<a name="aws-properties-evs-environment-licenseinfo-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-licenseinfo-syntax.json"></a>

```
{
  "[SolutionKey](#cfn-evs-environment-licenseinfo-solutionkey)" : String,
  "[VsanKey](#cfn-evs-environment-licenseinfo-vsankey)" : String
}
```

### YAML
<a name="aws-properties-evs-environment-licenseinfo-syntax.yaml"></a>

```
  [SolutionKey](#cfn-evs-environment-licenseinfo-solutionkey): String
  [VsanKey](#cfn-evs-environment-licenseinfo-vsankey): String
```

## Properties
<a name="aws-properties-evs-environment-licenseinfo-properties"></a>

`SolutionKey`  <a name="cfn-evs-environment-licenseinfo-solutionkey"></a>
 The VCF solution key. This license unlocks VMware VCF product features, including vSphere, NSX, SDDC Manager, and vCenter Server. The VCF solution key must cover a minimum of 256 cores.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}$`  
*Update requires*: Updates are not supported.

`VsanKey`  <a name="cfn-evs-environment-licenseinfo-vsankey"></a>
 The VSAN license key. This license unlocks vSAN features. The vSAN license key must provide at least 110 TiB of vSAN capacity.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}$`  
*Update requires*: Updates are not supported.

# AWS::EVS::Environment Secret
<a name="aws-properties-evs-environment-secret"></a>

A managed secret that contains the credentials for installing vCenter Server, NSX, and SDDC Manager. During environment creation, the Amazon EVS control plane uses AWS Secrets Manager to create, encrypt, validate, and store secrets. If you choose to delete your environment, Amazon EVS also deletes the secrets that are associated with your environment. Amazon EVS does not provide managed rotation of secrets. We recommend that you rotate secrets regularly to ensure that secrets are not long-lived.

## Syntax
<a name="aws-properties-evs-environment-secret-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-secret-syntax.json"></a>

```
{
  "[SecretArn](#cfn-evs-environment-secret-secretarn)" : String
}
```

### YAML
<a name="aws-properties-evs-environment-secret-syntax.yaml"></a>

```
  [SecretArn](#cfn-evs-environment-secret-secretarn): String
```

## Properties
<a name="aws-properties-evs-environment-secret-properties"></a>

`SecretArn`  <a name="cfn-evs-environment-secret-secretarn"></a>
 The Amazon Resource Name (ARN) of the secret.  
*Required*: No  
*Type*: String  
*Update requires*: Updates are not supported.

# AWS::EVS::Environment ServiceAccessSecurityGroups
<a name="aws-properties-evs-environment-serviceaccesssecuritygroups"></a>

The security groups that allow traffic between the Amazon EVS control plane and your VPC for Amazon EVS service access. If a security group is not specified, Amazon EVS uses the default security group in your account for service access.

## Syntax
<a name="aws-properties-evs-environment-serviceaccesssecuritygroups-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-serviceaccesssecuritygroups-syntax.json"></a>

```
{
  "[SecurityGroups](#cfn-evs-environment-serviceaccesssecuritygroups-securitygroups)" : [ String, ... ]
}
```

### YAML
<a name="aws-properties-evs-environment-serviceaccesssecuritygroups-syntax.yaml"></a>

```
  [SecurityGroups](#cfn-evs-environment-serviceaccesssecuritygroups-securitygroups): 
    - String
```

## Properties
<a name="aws-properties-evs-environment-serviceaccesssecuritygroups-properties"></a>

`SecurityGroups`  <a name="cfn-evs-environment-serviceaccesssecuritygroups-securitygroups"></a>
The security groups that allow service access.  
*Required*: No  
*Type*: Array of String  
*Update requires*: Updates are not supported.

# AWS::EVS::Environment Tag
<a name="aws-properties-evs-environment-tag"></a>

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources.

## Syntax
<a name="aws-properties-evs-environment-tag-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-tag-syntax.json"></a>

```
{
  "[Key](#cfn-evs-environment-tag-key)" : String,
  "[Value](#cfn-evs-environment-tag-value)" : String
}
```

### YAML
<a name="aws-properties-evs-environment-tag-syntax.yaml"></a>

```
  [Key](#cfn-evs-environment-tag-key): String
  [Value](#cfn-evs-environment-tag-value): String
```

## Properties
<a name="aws-properties-evs-environment-tag-properties"></a>

`Key`  <a name="cfn-evs-environment-tag-key"></a>
The key name of the tag. You can specify a value that's 1 to 128 Unicode characters in length and can't be prefixed with `aws:`. digits, whitespace, `_`, `.`, `:`, `/`, `=`, `+`, `@`, `-`, and `"`.  
For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).  
*Required*: Yes  
*Type*: String  
*Minimum*: `1`  
*Maximum*: `128`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Value`  <a name="cfn-evs-environment-tag-value"></a>
The value for the tag. You can specify a value that's 1 to 256 characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_`, `.`, `/`, `=`, `+`, and `-`.  
For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).  
*Required*: Yes  
*Type*: String  
*Minimum*: `0`  
*Maximum*: `256`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::EVS::Environment VcfHostnames
<a name="aws-properties-evs-environment-vcfhostnames"></a>

The DNS hostnames that Amazon EVS uses to install VMware vCenter Server, NSX, SDDC Manager, and Cloud Builder. Each hostname must be unique, and resolve to a domain name that you've registered in your DNS service of choice. Hostnames cannot be changed.

VMware VCF requires the deployment of two NSX Edge nodes, and three NSX Manager virtual machines.

## Syntax
<a name="aws-properties-evs-environment-vcfhostnames-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-evs-environment-vcfhostnames-syntax.json"></a>

```
{
  "[CloudBuilder](#cfn-evs-environment-vcfhostnames-cloudbuilder)" : String,
  "[Nsx](#cfn-evs-environment-vcfhostnames-nsx)" : String,
  "[NsxEdge1](#cfn-evs-environment-vcfhostnames-nsxedge1)" : String,
  "[NsxEdge2](#cfn-evs-environment-vcfhostnames-nsxedge2)" : String,
  "[NsxManager1](#cfn-evs-environment-vcfhostnames-nsxmanager1)" : String,
  "[NsxManager2](#cfn-evs-environment-vcfhostnames-nsxmanager2)" : String,
  "[NsxManager3](#cfn-evs-environment-vcfhostnames-nsxmanager3)" : String,
  "[SddcManager](#cfn-evs-environment-vcfhostnames-sddcmanager)" : String,
  "[VCenter](#cfn-evs-environment-vcfhostnames-vcenter)" : String
}
```

### YAML
<a name="aws-properties-evs-environment-vcfhostnames-syntax.yaml"></a>

```
  [CloudBuilder](#cfn-evs-environment-vcfhostnames-cloudbuilder): String
  [Nsx](#cfn-evs-environment-vcfhostnames-nsx): String
  [NsxEdge1](#cfn-evs-environment-vcfhostnames-nsxedge1): String
  [NsxEdge2](#cfn-evs-environment-vcfhostnames-nsxedge2): String
  [NsxManager1](#cfn-evs-environment-vcfhostnames-nsxmanager1): String
  [NsxManager2](#cfn-evs-environment-vcfhostnames-nsxmanager2): String
  [NsxManager3](#cfn-evs-environment-vcfhostnames-nsxmanager3): String
  [SddcManager](#cfn-evs-environment-vcfhostnames-sddcmanager): String
  [VCenter](#cfn-evs-environment-vcfhostnames-vcenter): String
```

## Properties
<a name="aws-properties-evs-environment-vcfhostnames-properties"></a>

`CloudBuilder`  <a name="cfn-evs-environment-vcfhostnames-cloudbuilder"></a>
The hostname for VMware Cloud Builder.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`Nsx`  <a name="cfn-evs-environment-vcfhostnames-nsx"></a>
The VMware NSX hostname.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`NsxEdge1`  <a name="cfn-evs-environment-vcfhostnames-nsxedge1"></a>
The hostname for the first NSX Edge node.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`NsxEdge2`  <a name="cfn-evs-environment-vcfhostnames-nsxedge2"></a>
The hostname for the second NSX Edge node.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`NsxManager1`  <a name="cfn-evs-environment-vcfhostnames-nsxmanager1"></a>
The hostname for the first VMware NSX Manager virtual machine (VM).  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`NsxManager2`  <a name="cfn-evs-environment-vcfhostnames-nsxmanager2"></a>
The hostname for the second VMware NSX Manager virtual machine (VM).  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`NsxManager3`  <a name="cfn-evs-environment-vcfhostnames-nsxmanager3"></a>
The hostname for the third VMware NSX Manager virtual machine (VM).  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`SddcManager`  <a name="cfn-evs-environment-vcfhostnames-sddcmanager"></a>
The hostname for SDDC Manager.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.

`VCenter`  <a name="cfn-evs-environment-vcfhostnames-vcenter"></a>
The VMware vCenter hostname.  
*Required*: Yes  
*Type*: String  
*Pattern*: `^([a-zA-Z0-9\-]*)$`  
*Update requires*: Updates are not supported.