AWSTemplateFormatVersion: "2010-09-09"

Description: "VPC infrastructure setup and deployment for Cloud9 IDE for k8s networking workshop"

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      InstanceTenancy: default
      Tags:
        - Key: Name
          Value: "k8s-cluster-mgmt-vpc"
  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: "k8s-cluster-mgmt-igw"
  AttachInternetGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  PubSub:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      CidrBlock: 10.0.1.0/24
      VpcId: !Ref VPC
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: "k8s-cluster-mgmt-pubsub"
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: "k8s-cluster-mgmt-pubrt"
  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachInternetGateway
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
      RouteTableId: !Ref PublicRouteTable
  PublicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PubSub
      RouteTableId: !Ref PublicRouteTable
  Cloud9InstanceRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      RoleName: "amazonk8snetworkshop-admin"
  Cloud9InstancePolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: Cloud9AdminAccessPolicy
      PolicyDocument:
        Statement:
          - Effect: Allow
            Action: '*'
            Resource: '*'
      Roles:
        - !Ref Cloud9InstanceRole
  Cloud9InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      InstanceProfileName: "amazonk8snetworkshop-admin"
      Path: /
      Roles:
        - !Ref Cloud9InstanceRole
  KopsCloud9Ide:
    DependsOn: AttachInternetGateway
    Type: "AWS::Cloud9::EnvironmentEC2"
    Properties:
      Description: "Cloud9 IDE for the AWS Container and Kubernetes Networking Workshop"
      AutomaticStopTimeMinutes: 150
      InstanceType: t2.micro
      Name: k8s-kops-mgmt-cloud9-instance
      SubnetId: !Ref PubSub
  EksCloud9Ide:
    DependsOn: AttachInternetGateway
    Type: "AWS::Cloud9::EnvironmentEC2"
    Properties:
      Description: "Cloud9 IDE for the AWS Container and Kubernetes Networking Workshop"
      AutomaticStopTimeMinutes: 150
      InstanceType: t2.micro
      Name: k8s-eks-mgmt-cloud9-instance
      SubnetId: !Ref PubSub

Outputs:
  KopsCloud9Ide:
    Description: "k8s kops mgmt cloud9 instance"
    Value:
      !Join ["",["https://",!Ref "AWS::Region",".console.aws.amazon.com/cloud9/ide/",!Ref KopsCloud9Ide,"?region=",!Ref "AWS::Region"]]
  EksCloud9Ide:
    Description: "k8s eks mgmt cloud9 instance"
    Value:
      !Join ["",["https://",!Ref "AWS::Region",".console.aws.amazon.com/cloud9/ide/",!Ref EksCloud9Ide,"?region=",!Ref "AWS::Region"]]
  VPC:
    Description: "VPC id for net403 cluster mgmt"
    Value: !Ref VPC
    Export:
      Name: k8s-cluster-mgmt-vpc
  PublicSubnet1:
    Description: "Public subnet 1 id (subnet id) in which cloud9 is intantiated"
    Value: !Ref PubSub
    Export:
      Name: "k8s-cluster-mgmt-pubsub"