Parameters:
  KeyPair:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: "AWS::EC2::KeyPair::KeyName"
    MinLength: '1'
    MaxLength: '255'
    AllowedPattern: '[\x20-\x7E]*'
    ConstraintDescription: can contain only ASCII characters.
  RoleName:
    Description: Set role name
    Type: String
    MinLength: '1'
    MaxLength: '255'
    AllowedPattern: '[\x20-\x7E]*'
Resources:
# Create VPC
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/24
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'
      InstanceTenancy: default
      Tags:
      - Key: Name
        Value: handson-minilake
# Create Public RouteTable
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref MyVPC
      Tags:
      - Key: Name
        Value: handson-minilake
# Create Public Subnet A
  PublicSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.0.0/27
      AvailabilityZone: "ap-northeast-1a"
      Tags:
      - Key: Name
        Value: handson-minilake
  PubSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnetA
      RouteTableId: !Ref PublicRouteTable
# Create InternetGateway
  myInternetGateway:
    Type: "AWS::EC2::InternetGateway"
    Properties:
      Tags:
      - Key: Name
        Value: handson-minilake
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref MyVPC
      InternetGatewayId: !Ref myInternetGateway
  myRoute:
    Type: AWS::EC2::Route
    DependsOn: myInternetGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref myInternetGateway
  MyEIP:
    Type: "AWS::EC2::EIP"
    Properties:
      Domain: vpc
  ElasticIPAssociate:
    DependsOn: MyEC2Instance
    Type: AWS::EC2::EIPAssociation
    Properties:
      AllocationId: !GetAtt MyEIP.AllocationId
      InstanceId: !Ref MyEC2Instance
  MyEC2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: ami-08c23a10b77e0835b
      InstanceType: t3.micro
      SubnetId: !Ref PublicSubnetA
      KeyName :
        Ref: KeyPair
      SecurityGroupIds:
        - Ref: MyEC2SecurityGroup
      IamInstanceProfile: !Ref InstanceProfile
      Tags:
        - Key: Name
          Value: handson-minilake
  MyEC2SecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupName: handson-minilake-sg
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref MyVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp:
            '0.0.0.0/0'
        - IpProtocol: tcp
          FromPort: '5439'
          ToPort: '5439'
          CidrIp:
            '0.0.0.0/0'
  minilaketestrole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      RoleName:  !Ref RoleName
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
  InstanceProfile:
    Type: 'AWS::IAM::InstanceProfile'
    Properties:
      Path: '/'
      Roles:
        - !Ref minilaketestrole
Outputs:
  AllowIPAddress:
    Description: EC2 PublicIP
    Value: !Join
      - ','
      - - !Ref MyEIP