CheckPointSW
diff --git a/‎aws/templates/cluster/cluster-master.yaml‎
Lines changed: 3 additions & 2 deletions b/‎aws/templates/cluster/cluster-master.yaml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎aws/templates/cluster/cluster.yaml‎
Lines changed: 147 additions & 38 deletions b/‎aws/templates/cluster/cluster.yaml‎
Lines changed: 147 additions & 38 deletions
@@ -1,7 +1,7 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
 Description: |
-  Deploy a Check Point Cluster in a new VPC (20260302).
+  Deploy a Check Point Cluster in a new VPC (20260407).
   See CloudGuard Network for AWS Single Availability Zone Cluster Deployment guide for detailed deployment and configuration steps.
 Metadata:
   AWS::CloudFormation::Interface:
@@ -102,7 +102,7 @@ Metadata:
         default: Secondary NTP server
 Parameters:
   AvailabilityZone:
-    Description: The availability zone in which to deploy the cluster.
+    Description: The availability zone in which to deploy the cluster. Pick a regional AZ (e.g. ap-southeast-2a) or a Local Zone (e.g. ap-southeast-2-per-1a) .
     Type: AWS::EC2::AvailabilityZone::Name
     MinLength: 1
   VPCCIDR:
@@ -526,6 +526,7 @@ Resources:
         VPC: !GetAtt VPCStack.Outputs.VPCID
         PublicSubnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID
         PrivateSubnet: !GetAtt VPCStack.Outputs.PrivateSubnet1ID
+        LocalZoneAz: !Ref AvailabilityZone
         InternalRouteTable: !Ref InternalRouteTable
         GatewayName: !Ref GatewayName
         GatewayInstanceType: !Ref GatewayInstanceType
 
@@ -1,8 +1,68 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
 Description: |
-  Deploys a Check Point Cluster into an existing VPC (20260302).
+  Deploys a Check Point Cluster into an existing VPC (20260407).
   See CloudGuard Network for AWS Single Availability Zone Cluster Deployment guide for detailed deployment and configuration steps.
+Mappings:
+  # Maps Local Zone AZ names to their NetworkBorderGroup.
+  # The NBG is the AZ name with the trailing AZ letter removed (e.g. ap-southeast-2-per-1a -> ap-southeast-2-per-1).
+  # Add new Local Zone AZs here as needed.
+  LocalZoneNetworkBorderGroups:
+    # Australia
+    ap-southeast-2-per-1a:
+      NBG: ap-southeast-2-per-1
+    # US East 1 Local Zones
+    us-east-1-atl-1a:
+      NBG: us-east-1-atl-1
+    us-east-1-bos-1a:
+      NBG: us-east-1-bos-1
+    us-east-1-chi-1a:
+      NBG: us-east-1-chi-1
+    us-east-1-dfw-1a:
+      NBG: us-east-1-dfw-1
+    us-east-1-iah-1a:
+      NBG: us-east-1-iah-1
+    us-east-1-mci-1a:
+      NBG: us-east-1-mci-1
+    us-east-1-mia-1a:
+      NBG: us-east-1-mia-1
+    us-east-1-msp-1a:
+      NBG: us-east-1-msp-1
+    us-east-1-nyc-1a:
+      NBG: us-east-1-nyc-1
+    us-east-1-phl-1a:
+      NBG: us-east-1-phl-1
+    # US West 2 Local Zones
+    us-west-2-den-1a:
+      NBG: us-west-2-den-1
+    us-west-2-las-1a:
+      NBG: us-west-2-las-1
+    us-west-2-lax-1a:
+      NBG: us-west-2-lax-1
+    us-west-2-lax-1b:
+      NBG: us-west-2-lax-1
+    us-west-2-phx-1a:
+      NBG: us-west-2-phx-1
+    us-west-2-sea-1a:
+      NBG: us-west-2-sea-1
+    # EU Local Zones
+    eu-central-1-ham-1a:
+      NBG: eu-central-1-ham-1
+    eu-central-1-waw-1a:
+      NBG: eu-central-1-waw-1
+    eu-west-2-man-1a:
+      NBG: eu-west-2-man-1
+    # AP Local Zones
+    ap-northeast-1-tpe-1a:
+      NBG: ap-northeast-1-tpe-1
+    ap-northeast-2-sel-1a:
+      NBG: ap-northeast-2-sel-1
+    ap-southeast-1-kul-1a:
+      NBG: ap-southeast-1-kul-1
+    ap-southeast-1-sin-1a:
+      NBG: ap-southeast-1-sin-1
+    ap-southeast-4-mel-1a:
+      NBG: ap-southeast-4-mel-1
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -19,6 +79,7 @@ Metadata:
           - VPC
           - PublicSubnet
           - PrivateSubnet
+          - LocalZoneAz
       - Label:
           default: Advanced Settings
         Parameters:
@@ -51,6 +112,8 @@ Metadata:
         default: Public subnet
       PrivateSubnet:
         default: Private subnet
+      LocalZoneAz:
+        default: Local Zone availability zone
       InternalRouteTable:
         default: Internal route table
       GatewayName:
@@ -116,6 +179,10 @@ Parameters:
     Description: The private subnet of the cluster. The cluster's private IPs will be generated from this subnet.
     Type: AWS::EC2::Subnet::Id
     MinLength: 1
+  LocalZoneAz:
+    Description: Use only for Local Zone subnets. This value must match the Local Zone AZ of the selected subnets and is used only to derive the correct NetworkBorderGroup for EIP allocation. Leave empty for regional subnets. This parameter does not control resource placement.
+    Type: String
+    Default: ''
   InternalRouteTable:
     Description: The route table ID in which to set 0.0.0.0/0 route to the Active Cluster member instance in this route table (e.g. rtb-12a34567). Route table cannot have an existing 0.0.0.0/0 route. If empty - traffic will not be routed through the Security Cluster, this requires manual configuration in the route table. (optional)
     Type: String
@@ -355,7 +422,7 @@ Parameters:
     MinLength: 1
     ConstraintDescription: must be the name of an existing EC2 KeyPair.
   AllocatePublicAddress:
-    Description: Allocate an Elastic IP for each cluster member, in addition to the shared cluster Elastic IP.
+    Description: Allocate Elastic IPs for cluster members and the shared cluster IP. When false, no public IP addresses will be allocated.
     Type: String
     Default: true
     AllowedValues:
@@ -506,6 +573,12 @@ Conditions:
   EmptyHostName: !Equals [!Ref GatewayHostname, '']
   EnableCloudWatch: !Equals [!Ref CloudWatch, true]
   EnableMetaDataToken: !Equals [!Ref MetaDataToken, true]
+  # Detect Local Zone by checking if AZ name has 4+ hyphens (e.g., us-east-1-bos-1a has 4 hyphens)
+  # Regular AZs have 2-3 hyphens (e.g., us-east-1a has 2 hyphens). Empty string also resolves to false.
+  IsLocalZone: !Not [!Equals [!Select [4, !Split ['-', !Join ['-', [!Ref LocalZoneAz, '----']]]], '']]
+  IsRegionalZone: !Not [!Condition IsLocalZone]
+  AllocateAddressLocalZone: !And [!Condition AllocateAddress, !Condition IsLocalZone]
+  AllocateAddressRegional: !And [!Condition AllocateAddress, !Condition IsRegionalZone]
 Resources:
   ClusterRole:
     Condition: CreateRole
@@ -530,7 +603,7 @@ Resources:
     Properties:
       TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml
       Parameters:
-        Version: !Join [-, [!Ref GatewayVersion, GW]]
+        Version: !Join ["-", [!Ref GatewayVersion, GW]]
   PermissiveSecurityGroup:
     Type: AWS::EC2::SecurityGroup
     Properties:
@@ -630,15 +703,22 @@ Resources:
         - Key: x-chkp-member-ips
           Value: !Join
             - ':'
-            - [!Join ['=', ['public-ip', !If [AllocateAddress, !Ref MemberAPublicAddress, '']]],
-               !Join ['=', ['external-private-ip', !GetAtt MemberAExternalInterface.PrimaryPrivateIpAddress]],
-               !Join ['=', ['internal-private-ip', !GetAtt MemberAInternalInterface.PrimaryPrivateIpAddress]]]
+            - - !Join ['=', ['public-ip', !If [AllocateAddress, !If [IsLocalZone, !Ref MemberAPublicAddressLocalZone, !Ref MemberAPublicAddressRegional], '']]]
+              - !Join ['=', ['external-private-ip', !GetAtt MemberAExternalInterface.PrimaryPrivateIpAddress]]
+              - !Join ['=', ['internal-private-ip', !GetAtt MemberAInternalInterface.PrimaryPrivateIpAddress]]
         - Key: x-chkp-cluster-ips
-          Value: !Join
-            - ':'
-            - [!Join ['=', ['cluster-ip', !Ref ClusterPublicAddress]],
-               !Join ['=', ['cluster-eth0-private-ip', !Select [0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses]]],
-               !Join ['=', ['cluster-eth1-private-ip', !Select [0, !GetAtt MemberAInternalInterface.SecondaryPrivateIpAddresses]]]]
+          Value: !If
+            - AllocateAddress
+            - !Join
+              - ':'
+              - - !Join ['=', ['cluster-ip', !If [IsLocalZone, !Ref ClusterPublicAddressLocalZone, !Ref ClusterPublicAddressRegional]]]
+                - !Join ['=', ['cluster-eth0-private-ip', !Select [0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses]]]
+                - !Join ['=', ['cluster-eth1-private-ip', !Select [0, !GetAtt MemberAInternalInterface.SecondaryPrivateIpAddresses]]]
+            - !Join
+              - ':'
+              - - !Join ['=', ['cluster-ip', '']]
+                - !Join ['=', ['cluster-eth0-private-ip', !Select [0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses]]]
+                - !Join ['=', ['cluster-eth1-private-ip', !Select [0, !GetAtt MemberAInternalInterface.SecondaryPrivateIpAddresses]]]
   MemberBInstance:
     Type: AWS::EC2::Instance
     Properties:
@@ -652,15 +732,22 @@ Resources:
         - Key: x-chkp-member-ips
           Value: !Join
             - ':'
-            - [!Join ['=', ['public-ip', !If [AllocateAddress, !Ref MemberBPublicAddress, '']]],
-               !Join ['=', ['external-private-ip', !GetAtt MemberBExternalInterface.PrimaryPrivateIpAddress]],
-               !Join ['=', ['internal-private-ip', !GetAtt MemberBInternalInterface.PrimaryPrivateIpAddress]]]
+            - - !Join ['=', ['public-ip', !If [AllocateAddress, !If [IsLocalZone, !Ref MemberBPublicAddressLocalZone, !Ref MemberBPublicAddressRegional], '']]]
+              - !Join ['=', ['external-private-ip', !GetAtt MemberBExternalInterface.PrimaryPrivateIpAddress]]
+              - !Join ['=', ['internal-private-ip', !GetAtt MemberBInternalInterface.PrimaryPrivateIpAddress]]
         - Key: x-chkp-cluster-ips
-          Value: !Join
-            - ':'
-            - [!Join ['=', ['cluster-ip', !Ref ClusterPublicAddress]],
-               !Join ['=', ['cluster-eth0-private-ip', !Select [0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses]]],
-               !Join ['=', ['cluster-eth1-private-ip', !Select [0, !GetAtt MemberAInternalInterface.SecondaryPrivateIpAddresses]]]]
+          Value: !If
+            - AllocateAddress
+            - !Join
+              - ':'
+              - - !Join ['=', ['cluster-ip', !If [IsLocalZone, !Ref ClusterPublicAddressLocalZone, !Ref ClusterPublicAddressRegional]]]
+                - !Join ['=', ['cluster-eth0-private-ip', !Select [0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses]]]
+                - !Join ['=', ['cluster-eth1-private-ip', !Select [0, !GetAtt MemberAInternalInterface.SecondaryPrivateIpAddresses]]]
+            - !Join
+              - ':'
+              - - !Join ['=', ['cluster-ip', '']]
+                - !Join ['=', ['cluster-eth0-private-ip', !Select [0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses]]]
+                - !Join ['=', ['cluster-eth1-private-ip', !Select [0, !GetAtt MemberAInternalInterface.SecondaryPrivateIpAddresses]]]
   MemberAGatewayLaunchTemplate:
     Type: AWS::EC2::LaunchTemplate
     Properties:
@@ -694,14 +781,15 @@ Resources:
               - '  - |'
               - '    set -e'
               - !Sub '    admin_shell=${Shell} ; allow_info=${AllowUploadDownload} ; cw=${CloudWatch} ; eic=${EnableInstanceConnect} ; ntp1=${NTPPrimary} ; ntp2=${NTPSecondary} ; tokenA=''${MemberAToken}'''
+              # Removed wait_handle reference as ClusterReadyHandle resource is no longer present
               - !If [EmptyHostName, '    hostname=""', !Sub '    hostname=${GatewayHostname}-member-a']
-              - !Join ['', ['    eip="', !If [AllocateAddress, !Ref MemberAPublicAddress, ''], '"']]
+              - !Join ['', ['    eip="', !If [AllocateAddress, !If [IsLocalZone, !Ref MemberAPublicAddressLocalZone, !Ref MemberAPublicAddressRegional], ''], '"']]
               - !Join ['', ['    sic="$(echo ', 'Fn::Base64': !Ref GatewaySICKey, ')"']]
               - !Join ['', ['    pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']]
               - !Join ['', ['    maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']]
               - !Join ['', ['    bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']]
               - !Sub ['    version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}]
-              - '    python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20260302\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
+              - '    python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20260407\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
       VersionDescription: Initial template version
   MemberBGatewayLaunchTemplate:
     Type: AWS::EC2::LaunchTemplate
@@ -737,67 +825,88 @@ Resources:
               - '    set -e'
               - !Sub '    admin_shell=${Shell} ; allow_info=${AllowUploadDownload} ; cw=${CloudWatch} ; eic=${EnableInstanceConnect} ; ntp1=${NTPPrimary} ; ntp2=${NTPSecondary} ; tokenB=''${MemberBToken}'''
               - !If [EmptyHostName, '    hostname=""', !Sub '    hostname=${GatewayHostname}-member-b']
-              - !Join ['', ['    eip="', !If [AllocateAddress, !Ref MemberBPublicAddress, ''], '"']]
+              - !Join ['', ['    eip="', !If [AllocateAddress, !If [IsLocalZone, !Ref MemberBPublicAddressLocalZone, !Ref MemberBPublicAddressRegional], ''], '"']]
               - !Join ['', ['    sic="$(echo ', 'Fn::Base64': !Ref GatewaySICKey, ')"']]
               - !Join ['', ['    pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']]
               - !Join ['', ['    maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']]
               - !Join ['', ['    bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']]
               - !Sub ['    version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}]
-              - '    python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20260302\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
+              - '    python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20260407\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
       VersionDescription: Initial template version
-  ClusterPublicAddress:
+  ClusterPublicAddressLocalZone:
     Type: AWS::EC2::EIP
+    Condition: AllocateAddressLocalZone
     Properties:
       Domain: vpc
-  MemberAPublicAddress:
+      NetworkBorderGroup: !FindInMap [LocalZoneNetworkBorderGroups, !Ref LocalZoneAz, NBG]
+  ClusterPublicAddressRegional:
     Type: AWS::EC2::EIP
-    Condition: AllocateAddress
+    Condition: AllocateAddressRegional
     Properties:
       Domain: vpc
-  MemberBPublicAddress:
+  MemberAPublicAddressLocalZone:
     Type: AWS::EC2::EIP
-    Condition: AllocateAddress
+    Condition: AllocateAddressLocalZone
+    Properties:
+      Domain: vpc
+      NetworkBorderGroup: !FindInMap [LocalZoneNetworkBorderGroups, !Ref LocalZoneAz, NBG]
+  MemberAPublicAddressRegional:
+    Type: AWS::EC2::EIP
+    Condition: AllocateAddressRegional
+    Properties:
+      Domain: vpc
+  MemberBPublicAddressLocalZone:
+    Type: AWS::EC2::EIP
+    Condition: AllocateAddressLocalZone
+    Properties:
+      Domain: vpc
+      NetworkBorderGroup: !FindInMap [LocalZoneNetworkBorderGroups, !Ref LocalZoneAz, NBG]
+  MemberBPublicAddressRegional:
+    Type: AWS::EC2::EIP
+    Condition: AllocateAddressRegional
     Properties:
       Domain: vpc
   ClusterAddressAssoc:
     Type: AWS::EC2::EIPAssociation
+    Condition: AllocateAddress
     DependsOn: MemberAInstance
     Properties:
       NetworkInterfaceId: !Ref MemberAExternalInterface
-      AllocationId: !GetAtt ClusterPublicAddress.AllocationId
+      AllocationId: !If [IsLocalZone, !GetAtt ClusterPublicAddressLocalZone.AllocationId, !GetAtt ClusterPublicAddressRegional.AllocationId]
       PrivateIpAddress: !Select [0, !GetAtt MemberAExternalInterface.SecondaryPrivateIpAddresses]
   MemberAAddressAssoc:
     Type: AWS::EC2::EIPAssociation
     Condition: AllocateAddress
     DependsOn: MemberAInstance
     Properties:
       NetworkInterfaceId: !Ref MemberAExternalInterface
-      AllocationId: !GetAtt MemberAPublicAddress.AllocationId
+      AllocationId: !If [IsLocalZone, !GetAtt MemberAPublicAddressLocalZone.AllocationId, !GetAtt MemberAPublicAddressRegional.AllocationId]
       PrivateIpAddress: !GetAtt MemberAExternalInterface.PrimaryPrivateIpAddress
   MemberBAddressAssoc:
     Type: AWS::EC2::EIPAssociation
     Condition: AllocateAddress
     DependsOn: MemberBInstance
     Properties:
       NetworkInterfaceId: !Ref MemberBExternalInterface
-      AllocationId: !GetAtt MemberBPublicAddress.AllocationId
+      AllocationId: !If [IsLocalZone, !GetAtt MemberBPublicAddressLocalZone.AllocationId, !GetAtt MemberBPublicAddressRegional.AllocationId]
       PrivateIpAddress: !GetAtt MemberBExternalInterface.PrimaryPrivateIpAddress
 Outputs:
   ClusterPublicAddress:
+    Condition: AllocateAddress
     Description: The public address of the cluster.
-    Value: !Ref ClusterPublicAddress
+    Value: !If [IsLocalZone, !Ref ClusterPublicAddressLocalZone, !Ref ClusterPublicAddressRegional]
   MemberAPublicAddress:
     Condition: AllocateAddress
     Description: The public address of member A.
-    Value: !Ref MemberAPublicAddress
+    Value: !If [IsLocalZone, !Ref MemberAPublicAddressLocalZone, !Ref MemberAPublicAddressRegional]
   MemberASSH:
     Condition: AllocateAddress
     Description: SSH command to member A.
-    Value: !Join ['', ['ssh -i ', !Ref KeyName, ' admin@', !Ref MemberAPublicAddress]]
+    Value: !Join ['', ['ssh -i ', !Ref KeyName, ' admin@', !If [IsLocalZone, !Ref MemberAPublicAddressLocalZone, !Ref MemberAPublicAddressRegional]]]
   MemberAURL:
     Condition: AllocateAddress
     Description: URL to the member A portal.
-    Value: !Join ['', ['https://', !Ref MemberAPublicAddress]]
+    Value: !Join ['', ['https://', !If [IsLocalZone, !Ref MemberAPublicAddressLocalZone, !Ref MemberAPublicAddressRegional]]]
   MemberAExternalInterface:
     Description: The external interface of member A.
     Value: !Ref MemberAExternalInterface
@@ -810,15 +919,15 @@ Outputs:
   MemberBPublicAddress:
     Condition: AllocateAddress
     Description: The public address of member B.
-    Value: !Ref MemberBPublicAddress
+    Value: !If [IsLocalZone, !Ref MemberBPublicAddressLocalZone, !Ref MemberBPublicAddressRegional]
   MemberBSSH:
     Condition: AllocateAddress
     Description: SSH command to member B.
-    Value: !Join ['', ['ssh -i ', !Ref KeyName, ' admin@', !Ref MemberBPublicAddress]]
+    Value: !Join ['', ['ssh -i ', !Ref KeyName, ' admin@', !If [IsLocalZone, !Ref MemberBPublicAddressLocalZone, !Ref MemberBPublicAddressRegional]]]
   MemberBURL:
     Condition: AllocateAddress
     Description: URL to the member B portal.
-    Value: !Join ['', ['https://', !Ref MemberBPublicAddress]]
+    Value: !Join ['', ['https://', !If [IsLocalZone, !Ref MemberBPublicAddressLocalZone, !Ref MemberBPublicAddressRegional]]]
   MemberBPrivateExternalAddress:
     Description: The private external address of member B.
     Value: !GetAtt MemberBExternalInterface.PrimaryPrivateIpAddress