#*
#* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#* SPDX-License-Identifier: MIT-0
#*
#* Permission is hereby granted, free of charge, to any person obtaining a copy of this
#* software and associated documentation files (the "Software"), to deal in the Software
#* without restriction, including without limitation the rights to use, copy, modify,
#* merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
#* permit persons to whom the Software is furnished to do so.
#*
#* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
#* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
#* PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
#* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
#* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
#* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#*

#------------------------------------------------------------------------------
#
# Template: ssm-workshop-resources-episode-01.yml
# Purpose:  CloudFormation template to deploy test instances for episode 01 of the workshop.
#
#------------------------------------------------------------------------------

AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template to launch test instances.

#-----------------------------------------------------------
# Parameters
#-----------------------------------------------------------
Parameters :
  LatestAmazonLinuxAmiId :
    # Use public Systems Manager Parameter
    Type : 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

Resources:

  #-------------------------------------------------
  # VPC and required resources to enable network connectivity to AWS Systems Manager
  #-------------------------------------------------
  VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      InstanceTenancy: default
      Tags:
      - Key: Name
        Value: SSM-Workshop-CF
  InternetGateway:
    Type: 'AWS::EC2::InternetGateway'
    Properties:
      Tags:
      - Key: Name
        Value: SSM-Workshop-CF
  VPCGatewayAttachment:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  SubnetPublic:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: 10.0.0.0/20
      MapPublicIpOnLaunch: true
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: SSM-Workshop-CF
  RouteTablePublic:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: SSM-Workshop-CF
  RouteTableAssociationPublic:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref SubnetPublic
      RouteTableId: !Ref RouteTablePublic
  RouteTablePublicInternetRoute:
    Type: 'AWS::EC2::Route'
    DependsOn: VPCGatewayAttachment
    Properties:
      RouteTableId: !Ref RouteTablePublic
      DestinationCidrBlock: '0.0.0.0/0'
      GatewayId: !Ref InternetGateway
  NetworkAclPublic:
    Type: 'AWS::EC2::NetworkAcl'
    Properties:
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: SSM-Workshop-CF
  SubnetNetworkAclAssociationPublic:
    Type: 'AWS::EC2::SubnetNetworkAclAssociation'
    Properties:
      SubnetId: !Ref SubnetPublic
      NetworkAclId: !Ref NetworkAclPublic
  NetworkAclEntryInPublicAllowAll:
    Type: 'AWS::EC2::NetworkAclEntry'
    Properties:
      NetworkAclId: !Ref NetworkAclPublic
      RuleNumber: 100
      Protocol: -1
      RuleAction: allow
      Egress: false
      CidrBlock: '0.0.0.0/0'
  NetworkAclEntryOutPublicAllowAll:
    Type: 'AWS::EC2::NetworkAclEntry'
    Properties:
      NetworkAclId: !Ref NetworkAclPublic
      RuleNumber: 100
      Protocol: -1
      RuleAction: allow
      Egress: true
      CidrBlock: '0.0.0.0/0'
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "Security Group for SSM Workshop test instances"
      GroupName: SSM-Workshop-CF
      SecurityGroupEgress: 
        - IpProtocol: -1
          FromPort: 0
          ToPort: 65535
          CidrIp: 0.0.0.0/0
      Tags: 
        - Key: Name
          Value: SSM-Workshop-CF
      VpcId: !Ref VPC

  #-------------------------------------------------
  # Two Amazon Linux 2 EC2 instances using the latest AMI for Amazon Linux 2
  #-------------------------------------------------
  LinuxEc2InstanceOne: 
    Type: AWS::EC2::Instance
    Properties: 
      InstanceType: t2.small
      ImageId: !Ref LatestAmazonLinuxAmiId
      NetworkInterfaces: 
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          GroupSet: 
            - Ref: "InstanceSecurityGroup"
          SubnetId: 
            Ref: "SubnetPublic"
      Tags:
        - Key: Name
          Value: App1
  LinuxEc2InstanceTwo: 
    Type: AWS::EC2::Instance
    Properties: 
      InstanceType: t2.small
      ImageId: !Ref LatestAmazonLinuxAmiId
      NetworkInterfaces: 
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          GroupSet: 
            - Ref: "InstanceSecurityGroup"
          SubnetId: 
            Ref: "SubnetPublic"
      Tags:
        - Key: Name
          Value: App2