AWSTemplateFormatVersion: 2010-09-09
Parameters:
  KeyPairName:
    Description: The name of an existing public/private key pair, which allows you
      to securely connect to your instance after it launches
    Type: AWS::EC2::KeyPair::KeyName
  VPCID:
    Type: "AWS::EC2::VPC::Id"
    Description: The ID of your existing VPC (e.g., vpc-0343606e)
  PublicSubnet1ID:
    Type: "AWS::EC2::Subnet::Id"
    Description: The ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd)
  PublicSubnet2ID:
    Type: "AWS::EC2::Subnet::Id"
    Description: The ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-b1236eea)
  PublicSubnet3ID:
    Type: "AWS::EC2::Subnet::Id"
    Description: The ID of the public subnet in Availability Zone 3 in your existing VPC (e.g., subnet-c3456aba)
  PrivateSubnet1ID:
    Type: "AWS::EC2::Subnet::Id"
    Description: The ID of the private subnet in Availability Zone 1 in your existing VPC (e.g., subnet-fe9a8b32) 
  PrivateSubnet2ID:
    Type: "AWS::EC2::Subnet::Id"
    Description: The ID of the private subnet in Availability Zone 2 in your existing VPC (e.g., subnet-be8b01ea)
  PrivateSubnet3ID:
    Type: "AWS::EC2::Subnet::Id"
    Description: The ID of the private subnet in Availability Zone 3 in your existing VPC (e.g., subnet-abd39039)
  QSS3BucketName:
    AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
    ConstraintDescription: Quick Start bucket name can include numbers, lowercase
      letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
      (-).
    Description: S3 bucket name for the Quick Start assets. This string can include
      numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
      or end with a hyphen (-).
    Type: String
  QSS3KeyPrefix:
    AllowedPattern: ^[0-9a-zA-Z-/.]*$
    ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
      uppercase letters, hyphens (-), dots(.) and forward slash (/).
    Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
      can include numbers, lowercase letters, uppercase letters, hyphens (-), dots(.) and
      forward slash (/).
    Type: String
  RemoteAccessCIDR:
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
    Description: The CIDR IP range that is permitted to access the instances. We recommend
      that you set this value to a trusted IP range.
    Type: String
  NodeInstanceType:
    Default: t3.medium
    AllowedValues:
      - t2.small
      - t2.medium
      - t2.large
      - t2.xlarge
      - t2.2xlarge
      - t3.nano
      - t3.micro
      - t3.small
      - t3.medium
      - t3.large
      - t3.xlarge
      - t3.2xlarge
      - m3.medium
      - m3.large
      - m3.xlarge
      - m3.2xlarge
      - m4.large
      - m4.xlarge
      - m4.2xlarge
      - m4.4xlarge
      - m4.10xlarge
      - m5.large
      - m5.xlarge
      - m5.2xlarge
      - m5.4xlarge
      - m5.12xlarge
      - m5.24xlarge
      - c4.large
      - c4.xlarge
      - c4.2xlarge
      - c4.4xlarge
      - c4.8xlarge
      - c5.large
      - c5.xlarge
      - c5.2xlarge
      - c5.4xlarge
      - c5.9xlarge
      - c5.18xlarge
      - i3.large
      - i3.xlarge
      - i3.2xlarge
      - i3.4xlarge
      - i3.8xlarge
      - i3.16xlarge
      - r3.xlarge
      - r3.2xlarge
      - r3.4xlarge
      - r3.8xlarge
      - r4.large
      - r4.xlarge
      - r4.2xlarge
      - r4.4xlarge
      - r4.8xlarge
      - r4.16xlarge
      - x1.16xlarge
      - x1.32xlarge
      - p2.xlarge
      - p2.8xlarge
      - p2.16xlarge
      - p3.2xlarge
      - p3.8xlarge
      - p3.16xlarge
      - r5.large
      - r5.xlarge
      - r5.2xlarge
      - r5.4xlarge
      - r5.12xlarge
      - r5.24xlarge
      - r5d.large
      - r5d.xlarge
      - r5d.2xlarge
      - r5d.4xlarge
      - r5d.12xlarge
      - r5d.24xlarge
      - z1d.large
      - z1d.xlarge
      - z1d.2xlarge
      - z1d.3xlarge
      - z1d.6xlarge
      - z1d.12xlarge
    ConstraintDescription: Must be a valid EC2 instance type
    Description: The type of EC2 instance for the node instances.
    Type: String
  NumberOfNodes:
    Default: 3
    Description: The number of Amazon EKS node instances. The default is one for each of the three Availability Zones.
    Type: Number
  NodeGroupName:
    Default: Default
    Description: The name for EKS node group.
    Type: String
  NodeVolumeSize:
    Default: 20
    Description: "The size for the node's root EBS volumes."
    Type: String
  KubernetesVersion:
    Type: String
  LambdaZipsBucketName:
    Description: '[OPTIONAL] The name of the S3 bucket where the Lambda zip files should be placed. If you leave this parameter blank, an S3 bucket will be created.'
    Type: String
    Default: ''
  ClusterAutoScaler:
    Type: String
    AllowedValues: [ Enabled, Disabled ]
    Default: Disabled
    Description: Choose Enabled to enable Kubernetes cluster autoscaler.
  EfsStorageClass:
    Type: String
    AllowedValues: [ Enabled, Disabled ]
    Default: Disabled
    Description: Choose Enabled to enable EFS storage class, which will create the required EFS volume.
  EfsPerformanceMode:
    Type: String
    AllowedValues: [ generalPurpose, maxIO ]
    Default: generalPurpose
    Description: Choose maxIO mode to provide greater IOPS with an increased latency. Only has an effect when EfsStorageClass is enabled.
  EfsThroughputMode:
    Type: String
    AllowedValues: [ bursting, provisioned ]
    Default: bursting
    Description: Choose provisioned for throughput that is not dependent on the amount of data stored in the file system. Only has an effect when EfsStorageClass is enabled.
  EfsProvisionedThroughputInMibps:
    Type: Number
    MinValue: 0
    Default: 0
    Description: Set to 0 if EfsThroughputMode is set to bursting. Only has an effect when EfsStorageClass is enabled.
  # AdditionalEKSAdminArns:
  #   Default: ""
  #   Description: "[OPTIONAL] Comma separated list of IAM user/role Amazon Resource Names (ARNs) to be granted admin access to the EKS cluster"
  #   Type: String
  EngineVersion:
    Type: String
  MasterUsername:
    Type: String
    Default: root
  MasterUserPassword:
    Type: String
    NoEcho: true
  BastionVariables:
    Type: String
    Default: ""
  SSLCertificateId:
    Default: ''
    Description: "(Optional) The ARN of the SSL certificate to use for the load balancer"
    Type: String
  CloudFrontEnable:
    AllowedValues:
    - 'true'
    - 'false'
    Default: 'true'
    Description: Enable CloudFront Content Delivery Network
    Type: String
  CloudFrontPriceClass:
    AllowedValues:
    - use-all-edge-locations
    - use-only-us-canada-europe-asia
    - use-only-us-canada-europe
    Default: use-all-edge-locations
    Description: Select the price class associated with the maximum price that you
      want to pay for CloudFront service. If you select a price class other than All,
      some of your users may experience higher latency.
    Type: String
    ConstraintDescription: Select a valid CloudFront Price Class.
  CloudFrontAlias:
    Description: Alias for the CloudFront distribution. E.g. cdn.example.com. Mandatory
      when using HTTPS/SSL and optional when using http.
    Type: String
    Default: cdn.default
    AllowedPattern: "(?!-)[a-zA-Z0-9-.]*(?<!-)"
    ConstraintDescription: Must be a valid fully-qualified domain name.
  Route53HostedZoneId:
    Description: Route53 Hosted Zone ID
    Type: String
  DrupalSiteDomain:
    Description: Domain name of the site. e.g. example.com. Valid FQDN required when
      using SSL. Leave the default localhost.local for test environments.
    AllowedPattern: "(?!-)[a-zA-Z0-9-.]*(?<!-)"
    ConstraintDescription: Must be a valid fully-qualified domain name.
    Type: String
  DrupalAccountUsername:
    Description: Username for the Drupal admin account. Default is admin.
    AllowedPattern: "[a-z]+"
    ConstraintDescription: Must be all lowercase letters without spaces.
    Type: String
  DrupalAccountpassword:
    Description: Password for the above Drupal admin account. Default is adminpass
    AllowedPattern: "[a-z]+"
    ConstraintDescription: Must be all lowercase letters without spaces. Default is adminpass
    Type: String
  DrupalSiteName:
    Description: Name of the website. Default value is AWS_DRUPAL_SITE
    Type: String
    Default: 'AWS_DRUPAL_SITE'
  DrupalAccountEmail:
    Description: Username of admin of the Drupal account. Default is admin.
    AllowedPattern: "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$"
    ConstraintDescription: Must be a valid email id.
    Type: String
  Engine: 
    Description: Database Engine. Default is aurora
    Type: String
    Default: aurora
    AllowedValues: [ "aurora", "aurora-mysql", "aurora-postgresql" ]
  CloudfrontSSLCertificateId:
    Default: ''
    Description: "(Optional)The AWS Certification Manager certificate ARN for the CloudFront distribution certificate - this certificate should be created in the us-east-1 (N. Virginia) region and must reference the main domain name you use below"
    Type: String
  EngineMode:
    Description: Database engine mode.
    AllowedValues: ["provisioned", "serverless"]
    Type: String
Mappings: 
  RegionalHostedZoneId: 
    us-east-1: 
      elb: "Z368ELLRRE2KJ0"
    us-west-1: 
      elb: "Z35SXDOTRQ7X7K"
    us-east-2: 
      elb: "Z3AADJGX6KTTL2"
    us-west-2: 
      elb: "Z1H1FL5HABSF5"
    ap-east-1: 
      elb: "Z3DQVH9N71FHZ0"
    ap-south-1: 
      elb: "ZP97RAFLXTNZK"
    ap-northeast-3: 
      elb: "Z5LXEXXYW11ES"
    ap-northeast-2: 
      elb: "ZWKZPGTI48KDX"
    ap-southeast-1: 
      elb: "Z1LMS91P8CMLE5"
    ap-southeast-2: 
      elb: "Z1GM3OXH4ZPM65"
    ap-northeast-1: 
      elb: "Z14GRHDCWA56QT"
    ca-central-1: 
      elb: "ZQSVJUPU6J1EY"
    eu-central-1: 
      elb: "Z215JYRZR1TBD5"
    eu-west-1: 
      elb: "Z32O12XQLNTSW2"
    eu-west-2: 
      elb: "ZHURV8PSTC4K8"
    eu-west-3: 
      elb: "Z3Q77PNBQS71R4"
    eu-north-1: 
      elb: "Z23TAZ6LKFMNIO"
    me-south-1: 
      elb: "ZS929ML54UICD"
    sa-east-1: 
      elb: "Z2P70J7HTTTPLU"
Conditions:
  UseSSL:
    Fn::Not:
    - Fn::Equals:
      - Ref: SSLCertificateId
      - ''
  NoSSL:
    Fn::Equals:
      - Ref: SSLCertificateId
      - ''
  CFUseSSL:
    Fn::Not:
    - Fn::Equals:
      - Ref: CloudfrontSSLCertificateId
      - ''
  DrupalCdnModuleCondition:
    Fn::Equals:
    - Ref: CloudFrontEnable
    - 'true'
  DrupalSiteDomainRoute53Condition:
    Fn::And:
    - Fn::Not:
      - Fn::Equals:
        - Ref: DrupalSiteDomain
        - localhost.local
    - Fn::Not:
      - Fn::Equals:
        - Ref: Route53HostedZoneId
        - ''
  CloudFrontAliasRoute53Condition:
    Fn::And:
    - Fn::Not:
      - Fn::Equals:
        - Ref: CloudFrontAlias
        - cdn.default
    - Fn::Not:
      - Fn::Equals:
        - Ref: Route53HostedZoneId
        - ''
    - Fn::Equals:
      - Ref: CloudFrontEnable
      - 'true'
  AdditionalVars: !Not [!Equals [!Ref 'BastionVariables', '']]
Rules:
  AuroraEngineModeRule:
    RuleCondition:
      Fn::Equals:
      - Ref: EngineMode
      - serverless
    Assertions:
    - Assert:
        Fn::Contains:
        - - 5.6.10a
        - Ref: EngineVersion
      AssertDescription: For the ServerlessEngine Mode , the Engine Version must be 5.6.10a
  EKSSupport:
    Assertions:
      - AssertDescription: Your AWS Region does *NOT* yet support Amazon EKS
        Assert: !Contains
          -  - us-west-2
             - us-east-1
             - us-east-2
             - eu-west-1
             - eu-west-2
             - eu-west-3
             - eu-north-1
             - eu-central-1
             - ap-southeast-1
             - ap-southeast-2
             - ap-northeast-1
             - ap-northeast-2
             - ap-south-1
          - !Ref 'AWS::Region'
  SslAndRoute53Rule:
    RuleCondition:
      Fn::Or:
      - Fn::Not:
        - Fn::Equals:
          - Ref: SSLCertificateId
          - ''
      - Fn::Not:
        - Fn::Equals:
          - Ref: Route53HostedZoneId
          - ''
    Assertions:
    - Assert:
        Fn::Not:
        - Fn::Equals:
          - Ref: DrupalSiteDomain
          - localhost.local
      AssertDescription: Parameter DrupalSiteDomain cannot be the default value 'localhost.local'
        and must provide FQDN e.g. example.com, when SSLCertificateId or Route53HostedZoneIdis
        values are provided.
    - Assert:
        Fn::Not:
        - Fn::Equals:
          - Ref: CloudFrontAlias
          - cdn.default
      AssertDescription: Parameter CloudFrontAlias cannot be the default value 'cdn.default'
        and must provide FQDN e.g. cdn.example.com, when SSLCertificateId or Route53HostedZoneIdis
        values are provided.
Resources:
  ECRStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/ecr.template.yaml'
  RolesStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/roles.template.yaml'
      Parameters:
        RepoArn: !GetAtt ECRStack.Outputs.Arn
        QSS3BucketName: !Ref QSS3BucketName
  AuroraDbStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/aurora.serverless.template.yaml'
      Parameters:
        Engine: !Ref Engine
        EngineVersion: !Ref EngineVersion
        MasterUsername: !Ref MasterUsername
        MasterUserPassword: !Ref MasterUserPassword
        EngineMode: !Ref EngineMode
        VpcId: !Ref VPCID
        SubnetIdList: 
          Fn::Join: 
            - ','
            - - !Sub '${PrivateSubnet1ID}'
              - !Sub '${PrivateSubnet2ID}'
              - !Sub '${PrivateSubnet3ID}'
  EKSStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks.template.yaml'
      Parameters:
        PublicSubnet1ID: !Ref PublicSubnet1ID
        PublicSubnet2ID: !Ref PublicSubnet2ID
        PublicSubnet3ID: !Ref PublicSubnet3ID
        KeyPairName: !Ref KeyPairName
        QSS3BucketName: !Ref QSS3BucketName
        QSS3KeyPrefix: !Sub "${QSS3KeyPrefix}submodules/quickstart-amazon-eks/"
        PrivateSubnet1ID: !Ref PrivateSubnet1ID
        PrivateSubnet2ID: !Ref PrivateSubnet2ID
        PrivateSubnet3ID: !Ref PrivateSubnet3ID
        NumberOfNodes: !Ref NumberOfNodes
        MaxNumberOfNodes: !Ref NumberOfNodes
        NodeGroupName: !Ref NodeGroupName
        NodeVolumeSize: !Ref NodeVolumeSize
        LambdaZipsBucketName: !Ref LambdaZipsBucketName
        NodeInstanceType: !Ref NodeInstanceType
        RemoteAccessCIDR: !Ref RemoteAccessCIDR
        VPCID: !Ref VPCID
        KubernetesVersion: !Ref KubernetesVersion
        ProvisionClusterAutoScaler: !Ref ClusterAutoScaler
        EfsStorageClass: !Ref EfsStorageClass
        EfsPerformanceMode: !Ref EfsPerformanceMode
        EfsThroughputMode: !Ref EfsThroughputMode
        EfsProvisionedThroughputInMibps: !Ref EfsProvisionedThroughputInMibps
        BastionBootstrapScript: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}scripts/masterbootstrap.sh"
        BastionIAMRoleName: !GetAtt RolesStack.Outputs.BastionQSRole
        AdditionalEKSAdminArns: !GetAtt RolesStack.Outputs.BastionQSRoleArn
        BastionInstanceType: "t3.large"
        BastionVariables: !Sub 
        - >
          REPO_NAME=${ECRStack.Outputs.RepositoryName},
          DB_URL=${AuroraDbStack.Outputs.Host},
          DB_NAME=${AuroraDbStack.Outputs.Name},
          DB_UNAME=${AuroraDbStack.Outputs.MasterUsername},
          DB_PASSWORD=${MasterUserPassword},
          DB_SG=${AuroraDbStack.Outputs.DBSecurityGroup},
          ACCOUNT_UNAME=${DrupalAccountUsername},
          ACCOUNT_PASSWORD=${DrupalAccountpassword},
          SITE_NAME=${DrupalSiteName},
          ACCOUNT_EMAIL=${DrupalAccountEmail},
          QSS3BucketName=${QSS3BucketName},
          QSS3KeyPrefix=${QSS3KeyPrefix}${Joiner}
          ${BastionVariables}
        - Joiner: !If [AdditionalVars, ",", ""]
  InboundRule:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      IpProtocol: tcp
      FromPort: 3306
      ToPort: 3306
      SourceSecurityGroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup
      GroupId: !GetAtt AuroraDbStack.Outputs.DBSecurityGroup
  OIDCProviderStack:
    #https://github.com/bambooengineering/example-eks-oidc-iam-cloudformation/blob/master/oidc-provider.yaml
    Type: AWS::CloudFormation::Stack
    DependsOn: EKSStack
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/oidc.template.yaml'
      Parameters:
        EKSClusterName: !GetAtt EKSStack.Outputs.EKSClusterName
  KubemanifestStack:
    Type: AWS::CloudFormation::Stack
    DependsOn: OIDCProviderStack
    Condition: NoSSL
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/kubemanifest.template.yaml'
      Parameters:
        KubeManifestLambdaArn: !GetAtt EKSStack.Outputs.KubeManifestLambdaArn
        KubeGetLambdaArn: !GetAtt EKSStack.Outputs.KubeGetLambdaArn
        KubeConfigPath: !GetAtt EKSStack.Outputs.KubeConfigPath
        KubeConfigKmsContext: "EKSQuickStart"
        DatabaseUrl: !GetAtt AuroraDbStack.Outputs.Host
        DbName: !GetAtt AuroraDbStack.Outputs.Name
        DbUsername: !GetAtt AuroraDbStack.Outputs.MasterUsername
        DbPass: !Ref MasterUserPassword
        ECRRepoUri: !GetAtt ECRStack.Outputs.Uri
        NodeInstanceRoleArn: !GetAtt EKSStack.Outputs.NodeInstanceRoleArn
        EKSClusterName: !GetAtt EKSStack.Outputs.EKSClusterName
        VPCID: !Ref VPCID
        Subnet1: !Ref PrivateSubnet1ID
        Subnet2: !Ref PrivateSubnet2ID
        Subnet3: !Ref PrivateSubnet3ID
        ClusterOIDCURL: !GetAtt OIDCProviderStack.Outputs.ClusterOIDCURL
  KubemanifestSSLStack:
    Condition: UseSSL
    Type: AWS::CloudFormation::Stack
    DependsOn: OIDCProviderStack
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/kubemanifestssl.template.yaml'
      Parameters:
        KubeManifestLambdaArn: !GetAtt EKSStack.Outputs.KubeManifestLambdaArn
        KubeGetLambdaArn: !GetAtt EKSStack.Outputs.KubeGetLambdaArn
        KubeConfigPath: !GetAtt EKSStack.Outputs.KubeConfigPath
        KubeConfigKmsContext: "EKSQuickStart"
        DatabaseUrl: !GetAtt AuroraDbStack.Outputs.Host
        DbName: !GetAtt AuroraDbStack.Outputs.Name
        DbUsername: !GetAtt AuroraDbStack.Outputs.MasterUsername
        DbPass: !Ref MasterUserPassword
        ECRRepoUri: !GetAtt ECRStack.Outputs.Uri
        NodeInstanceRoleArn: !GetAtt EKSStack.Outputs.NodeInstanceRoleArn
        EKSClusterName: !GetAtt EKSStack.Outputs.EKSClusterName
        VPCID: !Ref VPCID
        Subnet1: !Ref PrivateSubnet1ID
        Subnet2: !Ref PrivateSubnet2ID
        Subnet3: !Ref PrivateSubnet3ID
        ClusterOIDCURL: !GetAtt OIDCProviderStack.Outputs.ClusterOIDCURL
        SSLCertificateId:
          Fn::If:
          - UseSSL
          - Ref: SSLCertificateId
          - ''
  AlbHostNameSSL:
    Condition: UseSSL
    DependsOn: KubemanifestSSLStack
    Type: "Custom::KubeGet"
    Version: '1.0'
    Properties:
      ServiceToken: !GetAtt EKSStack.Outputs.KubeGetLambdaArn
      KubeConfigPath: !GetAtt EKSStack.Outputs.KubeConfigPath
      KubeConfigKmsContext: "EKSQuickStart"
      Namespace: default
      Name: 'ingress/qsdrupal-ingress'
      JsonPath: '{.status.loadBalancer.ingress[0].hostname}'
  AlbHostName:
    Condition: NoSSL
    DependsOn: KubemanifestStack
    Type: "Custom::KubeGet"
    Version: '1.0'
    Properties:
      ServiceToken: !GetAtt EKSStack.Outputs.KubeGetLambdaArn
      KubeConfigPath: !GetAtt EKSStack.Outputs.KubeConfigPath
      KubeConfigKmsContext: "EKSQuickStart"
      Namespace: default
      Name: 'ingress/qsdrupal-ingress'
      JsonPath: '{.status.loadBalancer.ingress[0].hostname}'
  DrupalSiteDomainRoute53Record:
    Type: AWS::Route53::RecordSet
    Condition: DrupalSiteDomainRoute53Condition
    Properties:
      Name: !Ref DrupalSiteDomain
      Type: A
      HostedZoneId: !Ref Route53HostedZoneId
      AliasTarget:
        DNSName:
          Fn::If:
            - UseSSL
            - !Ref AlbHostNameSSL 
            - !Ref AlbHostName
        EvaluateTargetHealth: true
        HostedZoneId: !FindInMap [ RegionalHostedZoneId, !Ref "AWS::Region", elb ] 
  CloudFrontStack:
    Type: AWS::CloudFormation::Stack
    DependsOn: DrupalSiteDomainRoute53Record
    Condition: DrupalCdnModuleCondition
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/cloudfront.template.yaml'
      Parameters:
        OriginDnsName:
          Fn::If:
          - DrupalSiteDomainRoute53Condition
          - !Ref DrupalSiteDomain
          - Fn::If:
              - UseSSL
              - Ref: AlbHostNameSSL 
              - Ref: AlbHostName
        OriginAccessProtocol:
          Fn::If:
          - UseSSL
          - https-only
          - http-only
        CloudFrontAlias:
          Fn::Join:
          - ","
          - - Ref: CloudFrontAlias
        CustomSSLCertificateId:
          Fn::If:
          - CFUseSSL
          - Ref: CloudfrontSSLCertificateId
          - ''
        CloudFrontPriceClass:
          Ref: CloudFrontPriceClass
  CloudFrontAliasRoute53Record:
    Type: AWS::Route53::RecordSet
    Condition: CloudFrontAliasRoute53Condition
    Properties:
      Name:
        Ref: CloudFrontAlias
      Type: A
      HostedZoneId: !Ref Route53HostedZoneId
      AliasTarget:
        DNSName: !GetAtt CloudFrontStack.Outputs.CdnUrl
        HostedZoneId: Z2FDTNDATAQYW2
  CleanupECRStack:
    DependsOn: CloudFrontStack
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/cleanup-ecr.yaml'
      Parameters:
        DrupalRepoName: !GetAtt ECRStack.Outputs.RepositoryName
Outputs:
  EKSClusterName:
    Value: !GetAtt EKSStack.Outputs.EKSClusterName
  VPCID:
    Value: !Ref VPCID
  AuroraDatabaseHost:
    Value: !GetAtt AuroraDbStack.Outputs.Host
  DatabaseName:
    Value: !GetAtt AuroraDbStack.Outputs.Name
  DatabaseUsername:
    Value: !GetAtt AuroraDbStack.Outputs.MasterUsername
  ECRUri:
    Value: !GetAtt ECRStack.Outputs.Uri
  DrupalRepoName:
    Value: !GetAtt ECRStack.Outputs.RepositoryName
  DBSecurityGroup:
    Value: !GetAtt AuroraDbStack.Outputs.DBSecurityGroup
  CloudFrontDNS:
    Value: !GetAtt CloudFrontStack.Outputs.CdnUrl
    Condition: DrupalCdnModuleCondition
    Description: Drupal Site Cloudfront URL
  DrupalSiteUrl:
    Description: Drupal Site URL
    Condition: DrupalSiteDomainRoute53Condition
    Value:
      Ref: DrupalSiteDomain
  AlbHostName: 
    Description: Group ID of the security group used.
    Value: !If [UseSSL, !Ref AlbHostNameSSL, !Ref AlbHostName]