aws · jusiskin · Jan 28, 2021 · Dec 2, 2020 · Dec 2, 2020 · Jan 16, 2021
diff --git a/examples/deadline/All-In-AWS-Infrastructure-Basic/python/README.md b/examples/deadline/All-In-AWS-Infrastructure-Basic/python/README.md
@@ -32,7 +32,22 @@ These instructions assume that your working directory is `examples/deadline/All-
     popd
     pip install ../../../../dist/python/aws-rfdk-<version>.tar.gz
     ```
-4.  Change the value in the `deadline_client_linux_ami_map` variable in `package/config.py` to include the region + AMI ID mapping of your EC2 AMI(s) with Deadline Worker. You can use the following AWS CLI query to find AMI ID's:
+4.  You must read and accept the [AWS Thinkbox End-User License Agreement (EULA)](https://www.awsthinkbox.com/end-user-license-agreement) to deploy and run Deadline. To do so, change the value of the `accept_aws_thinkbox_eula` in `package/config.py`:
+
+    ```py
+    # Change this value to AwsThinkboxEulaAcceptance.USER_ACCEPTS_AWS_THINKBOX_EULA if you wish to accept the EULA
+    # for Deadline and proceed with Deadline deployment. Users must explicitly accept the AWS Thinkbox EULA before
+    # using the AWS Thinkbox Deadline container images.
+    #
+    # See https://www.awsthinkbox.com/end-user-license-agreement for the terms of the agreement.
+    self.accept_aws_thinkbox_eula: AwsThinkboxEulaAcceptance = AwsThinkboxEulaAcceptance.USER_REJECTS_AWS_THINKBOX_EULA
+    ```
+5.  Change the value of the `deadline_version` variable in `package/config.py` to specify the desired version of Deadline to be deployed to your render farm. RFDK is compatible with Deadline versions 10.1.9.x and later. To see the available versions of Deadline, consult the [Deadline release notes](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/release-notes.html). It is recommended to use the latest version of Deadline available when building your farm, but to pin this version when the farm is ready for production use. For example, to pin to the latest `10.1.12.x` release of Deadline, use:
+
+    ```python
+    self.deadline_version: str = '10.1.12'
+    ```
+6.  Change the value of the `deadline_client_linux_ami_map` variable in `package/config.py` to include the region + AMI ID mapping of your EC2 AMI(s) with Deadline Worker. You can use the following AWS CLI query to find AMI ID's:
     ```bash
     aws --region <region> ec2 describe-images \
     --owners 357466774442 \
@@ -48,17 +63,17 @@ These instructions assume that your working directory is `examples/deadline/All-
         'us-west-2': '<your ami id>'
     }
     ```
-5.  Create a binary secret in [SecretsManager](https://aws.amazon.com/secrets-manager/) that contains your [Usage-Based Licensing](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/aws-portal/licensing-setup.html?highlight=usage%20based%20licensing) certificates in a `.zip` file:
+7.  Create a binary secret in [SecretsManager](https://aws.amazon.com/secrets-manager/) that contains your [Usage-Based Licensing](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/aws-portal/licensing-setup.html?highlight=usage%20based%20licensing) certificates in a `.zip` file:
 
     ```bash
     aws secretsmanager create-secret --name <name> --secret-binary fileb://<path-to-zip-file>
     ```
-6.  The output from the previous step will contain the secret's ARN. Change the value of the `ubl_certificate_secret_arn` variable in `package/config.py` to the secret's ARN:
+8.  The output from the previous step will contain the secret's ARN. Change the value of the `ubl_certificate_secret_arn` variable in `package/config.py` to the secret's ARN:
 
     ```python
     self.ubl_certificate_secret_arn: str = '<your secret arn>'
     ```
-7.  Choose your UBL limits and change the value of the `ubl_licenses` variable in `package/config.py` accordingly. For example:
+9.  Choose your UBL limits and change the value of the `ubl_licenses` variable in `package/config.py` accordingly. For example:
 
     ```python
     self.ubl_licenses: List[UsageBasedLicense] = [
@@ -77,49 +92,38 @@ These instructions assume that your working directory is `examples/deadline/All-
     **Note:** The next two steps are optional. You may skip these if you do not need SSH access into your render farm.
 
     ---
-8.  Create an EC2 key pair to give you SSH access to the render farm:
+10. Create an EC2 key pair to give you SSH access to the render farm:
 
     ```bash
     aws ec2 create-key-pair --key-name <key-name>
     ```
-9.  Change the value of the `key_pair_name` variable in `package/config.py` to your value for `<key-name>` in the previous step:
+11. Change the value of the `key_pair_name` variable in `package/config.py` to your value for `<key-name>` in the previous step:
 
     **Note:** Save the value of the `"KeyMaterial"` field as a file in a secure location. This is your private key that you can use to SSH into the render farm.
 
     ```python
     self.key_pair_name: Optional[str] = '<your key pair name>'
     ```
-10. Choose the type of database you would like to deploy (AWS DocumentDB or MongoDB).
+12. Choose the type of database you would like to deploy (AWS DocumentDB or MongoDB).
     If you would like to use MongoDB, you will need to accept the Mongo SSPL (see next step).
     Once you've decided on a database type, change the value of the `deploy_mongo_db` variable in `package/config.py` accordingly:
 
     ```python
     # True = MongoDB, False = Amazon DocumentDB
     self.deploy_mongo_db: bool = False
     ```
-11. If you set `deploy_mongo_db` to `True`, then you must accept the [SSPL license](https://www.mongodb.com/licensing/server-side-public-license) to successfully deploy MongoDB. To do so, change the value of `accept_sspl_license` in `package/config.py`:
+13. If you set `deploy_mongo_db` to `True`, then you must accept the [SSPL license](https://www.mongodb.com/licensing/server-side-public-license) to successfully deploy MongoDB. To do so, change the value of `accept_sspl_license` in `package/config.py`:
 
     ```python
     # To accept the MongoDB SSPL, change from USER_REJECTS_SSPL to USER_ACCEPTS_SSPL
     self.accept_sspl_license: MongoDbSsplLicenseAcceptance = MongoDbSsplLicenseAcceptance.USER_REJECTS_SSPL
     ```
-12. Stage the Docker recipes for `RenderQueue` and `UBLLicensing`:
-
-    ```bash
-    # Set this value to the version of RFDK your application targets
-    RFDK_VERSION=<version_of_RFDK>
-
-    # Set this value to the version of AWS Thinkbox Deadline you'd like to deploy to your farm. Deadline 10.1.9 and up are supported.
-    RFDK_DEADLINE_VERSION=<version_of_deadline>
-
-    npx --package=aws-rfdk@${RFDK_VERSION} stage-deadline ${RFDK_DEADLINE_VERSION} --output stage
-    ```
-12. Deploy all the stacks in the sample app:
+14. Deploy all the stacks in the sample app:
 
     ```bash
     cdk deploy "*"
     ```
-13. Once you are finished with the sample app, you can tear it down by running:
+15. Once you are finished with the sample app, you can tear it down by running:
 
     ```bash
     cdk destroy "*"

diff --git a/examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/app.py b/examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/app.py
@@ -103,11 +103,12 @@ def main():
         database=storage.database,
         file_system=storage.file_system,
         vpc=network.vpc,
-        docker_recipes_stage_path=os.path.join(os.path.dirname(os.path.realpath(__file__)), os.pardir, 'stage'),
         ubl_certs_secret_arn=config.ubl_certificate_secret_arn,
         ubl_licenses=config.ubl_licenses,
         root_ca=security.root_ca,
-        dns_zone=network.dns_zone
+        dns_zone=network.dns_zone,
+        deadline_version=config.deadline_version,
+        accept_aws_thinkbox_eula=config.accept_aws_thinkbox_eula
     )
     service = service_tier.ServiceTier(app, 'ServiceTier', props=service_props, env=env)
 

diff --git a/examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/config.py b/examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/config.py
@@ -8,7 +8,10 @@
 )
 
 from aws_rfdk import MongoDbSsplLicenseAcceptance
-from aws_rfdk.deadline import UsageBasedLicense
+from aws_rfdk.deadline import (
+    AwsThinkboxEulaAcceptance,
+    UsageBasedLicense
+)
 
 
 class AppConfig:
@@ -18,6 +21,17 @@ class AppConfig:
     TODO: Fill these in with your own values.
     """
     def __init__(self):
+        # Change this value to AwsThinkboxEulaAcceptance.USER_ACCEPTS_AWS_THINKBOX_EULA if you wish to accept the EULA
+        # for Deadline and proceed with Deadline deployment. Users must explicitly accept the AWS Thinkbox EULA before
+        # using the AWS Thinkbox Deadline container images.
+        #
+        # See https://www.awsthinkbox.com/end-user-license-agreement for the terms of the agreement.
+        self.accept_aws_thinkbox_eula: AwsThinkboxEulaAcceptance = AwsThinkboxEulaAcceptance.USER_REJECTS_AWS_THINKBOX_EULA
+
+        # The version of Deadline to use on the render farm. Leave as None for the latest release or specify a version
+        # to pin to. Some examples of pinned version values are "10", "10.1", or "10.1.12"
+        self.deadline_version: Optional[str] = None
+
         # A map of regions to Deadline Client Linux AMIs.As an example, the Linux Deadline 10.1.12.1 AMI ID
         # from us-west-2 is filled in. It can be used as-is, added to, or replaced. Ideally the version here
         #  should match the one used for staging the render queue and usage based licensing recipes.

diff --git a/examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/lib/service_tier.py b/examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/lib/service_tier.py
@@ -35,16 +35,17 @@
     X509CertificatePem
 )
 from aws_rfdk.deadline import (
+    AwsThinkboxEulaAcceptance,
     DatabaseConnection,
     RenderQueue,
     RenderQueueHostNameProps,
     RenderQueueTrafficEncryptionProps,
     RenderQueueExternalTLSProps,
     Repository,
-    Stage,
-    ThinkboxDockerRecipes,
+    ThinkboxDockerImages,
     UsageBasedLicense,
     UsageBasedLicensing,
+    VersionQuery,
 )
 
 
@@ -59,8 +60,6 @@ class ServiceTierProps(StackProps):
     database: DatabaseConnection
     # The file system to install Deadline Repository to.
     file_system: IMountableLinuxFilesystem
-    # The path to the directory where the staged Deadline Docker recipes are.
-    docker_recipes_stage_path: str
     # The ARN of the secret containing the UBL certificates .zip file (in binary form).
     ubl_certs_secret_arn: typing.Optional[str]
     # The UBL licenses to configure
@@ -69,6 +68,10 @@ class ServiceTierProps(StackProps):
     root_ca: X509CertificatePem
     # Internal DNS zone for the VPC
     dns_zone: IPrivateHostedZone
+    # Version of Deadline to use
+    deadline_version: str
+    # Whether the AWS Thinkbox End-User License Agreement is accepted or not
+    accept_aws_thinkbox_eula: AwsThinkboxEulaAcceptance
 
 
 class ServiceTier(Stack):
@@ -113,10 +116,10 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
             location='/mnt/efs'
         )
 
-        recipes = ThinkboxDockerRecipes(
+        self.version = VersionQuery(
             self,
-            'Image',
-            stage=Stage.from_directory(props.docker_recipes_stage_path)
+            'Version',
+            version=props.deadline_version
         )
 
         repository = Repository(
@@ -126,7 +129,14 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
             database=props.database,
             file_system=props.file_system,
             repository_installation_timeout=Duration.minutes(20),
-            version=recipes.version,
+            version=self.version
+        )
+
+        images = ThinkboxDockerImages(
+            self,
+            'Images',
+            version=self.version,
+            user_aws_thinkbox_eula_acceptance=props.accept_aws_thinkbox_eula
         )
 
         server_cert = X509CertificatePem(
@@ -144,7 +154,7 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
             self,
             'RenderQueue',
             vpc=props.vpc,
-            images=recipes.render_queue_images,
+            images=images,
             repository=repository,
             hostname=RenderQueueHostNameProps(
                 hostname='renderqueue',
@@ -156,7 +166,7 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
                 ),
                 internal_protocol=ApplicationProtocol.HTTPS
             ),
-            version=recipes.version,
+            version=self.version,
             # TODO - Evaluate deletion protection for your own needs. This is set to false to
             # cleanly remove everything when this stack is destroyed. If you would like to ensure
             # that this resource is not accidentally deleted, you should set this to true.
@@ -178,9 +188,9 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
             ubl_cert_secret = Secret.from_secret_arn(self, 'ublcertssecret', props.ubl_certs_secret_arn)
             self.ubl_licensing = UsageBasedLicensing(
                 self,
-                'usagebasedlicensing',
+                'UsageBasedLicensing',
                 vpc=props.vpc,
-                images=recipes.ubl_images,
+                images=images,
                 licenses=props.ubl_licenses,
                 render_queue=self.render_queue,
                 certificate_secret=ubl_cert_secret,