AWSTemplateFormatVersion: 2010-09-09
Description: "This template creates the infrastructure required to implement and test SageMaker Studio VPC Mode. It creates a VPC, Subnet, VPC Endpoints, VPC Policies, and IAM Execution Roles. **WARNING** This template creates AWS Resources in your account. You will be billed for the AWS resources used if you create a stack from this template."
Parameters:
  ProjectName:
    AllowedPattern: '[A-Za-z0-9-]{1,16}'
    ConstraintDescription: Maximum of 22 alphanumeric characters. Can include hyphens
      (-), but not spaces. Must be unique within your account in an AWS Region.
    Description: Project Name used to identify your resources
    MaxLength: '16'
    MinLength: '1'
    Type: String
    Default: studiovpc
  VpcCIDR:
    Type: String
    Default: 10.2.0.0/16
  PrivateSubnetCIDR:
    Type: String
    Default: 10.2.1.0/24

Resources:
  #================================================================================
  # IAM ROLE AND KMS ENCRYPTION KEY 
  #================================================================================
  IAM:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        ProjectName: !Ref ProjectName
        DataBucket: !GetAtt S3.Outputs.DataBucket
      TemplateURL:  https://aws-ml-blog.s3.amazonaws.com/artifacts/Securing-Amazon-SageMaker-Studio-connectivity-using-private-vpc/iam_template.yaml
  #================================================================================
  # S3 BUCKETS - DATA BUCKET AND MODEL BUCKET 
  #================================================================================
  S3:
    Type: AWS::CloudFormation::Stack
    DependsOn: VPC
    Properties:
      Parameters:
        ProjectName: !Ref ProjectName
        DataBucketName: !Sub ${ProjectName}-data-${AWS::AccountId}
      TemplateURL:  https://aws-ml-blog.s3.amazonaws.com/artifacts/Securing-Amazon-SageMaker-Studio-connectivity-using-private-vpc/s3_template.yaml 
  #================================================================================
  # VPC WITH A PRIVATE SUBNET AND SECURITY GROUP 
  #================================================================================
  VPC:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        ProjectName: !Ref ProjectName
        VpcCIDR: !Ref VpcCIDR
        PrivateSubnetCIDR: !Ref PrivateSubnetCIDR
      TemplateURL:  https://aws-ml-blog.s3.amazonaws.com/artifacts/Securing-Amazon-SageMaker-Studio-connectivity-using-private-vpc/vpc_template.yaml