Description: "VPC + S3 Authenticated bootstrapping Example (qs-tb2p0t01)"
Metadata:
  LICENSE: Apache License Version 2.0
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Network configuration
      Parameters:
      - KeyPairName
      - AvailabilityZones
      - VPCCIDR
      - PublicSubnet1CIDR
      - PublicSubnet2CIDR
    - Label:
        default: Quick Start configuration
      Parameters:
      - KeyPrefix
    ParameterLabels:
      AvailabilityZones:
        default: Availability Zones
      PublicSubnet1CIDR:
        default: Public subnet 1 CIDR
      PublicSubnet2CIDR:
        default: Public subnet 2 CIDR
      BucketName:
        default: Quick Start S3 bucket name
      KeyPrefix:
        default: Quick Start S3 key prefix
      VPCCIDR:
        default: VPC CIDR
      KeyPairName:
        default: Key Name
      AccessCIDR:
        default: Permitted IP range
Parameters:
  AvailabilityZones:
   Description: >-
      List of Availability Zones to use for the subnets in the VPC. Only two
      Availability Zones are used for this deployment, and the logical order of
      your selections is preserved.
   Type: 'List<AWS::EC2::AvailabilityZone::Name>'
  KeyPairName:
    ConstraintDescription: "Name of an existing EC2 key pair."
    Description: Name of an existing public/private key pair, for connecting to your instance.
    Type: "AWS::EC2::KeyPair::KeyName"
  PublicSubnet1CIDR:
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
    ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
    Default: 10.0.128.0/20
    Description: CIDR block for the public subnet 1 located in Availability Zone 1.
    Type: String
  PublicSubnet2CIDR:
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
    ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
    Default: 10.0.144.0/20
    Description: CIDR block for the public subnet 2 located in Availability Zone 2.
    Type: String
  AccessCIDR:
    AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$"
    ConstraintDescription: "CIDR block parameter must be in the form x.x.x.x/x"
    Description: "Allowed CIDR block for external SSH access."
    Default: 10.0.0.0/16
    Type: String
  VPCCIDR:
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
    ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
    Default: 10.0.0.0/16
    Description: CIDR block for the VPC.
    Type: String
  BucketName:
    AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$"
    ConstraintDescription: "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)."
    Default: aws-quickstart
    Description: "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)."
    Type: String
  KeyPrefix:
    AllowedPattern: "^[0-9a-zA-Z-/]*$"
    ConstraintDescription: "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/)."
    Default: cfn-authenticated-s3-example/
    Description: "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/)."
    Type: String
Conditions:
  GovCloudCondition: !Equals 
    - !Ref 'AWS::Region'
    - us-gov-west-1
Resources:
  VPCStack:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: !Sub
        - https://${BucketName}.${Region}.amazonaws.com/${KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template
        - Region:
            Fn::If:
            - GovCloudCondition
            - s3-us-gov-west-1
            - s3
      Parameters:
        AvailabilityZones: !Join 
          - ','
          - !Ref AvailabilityZones
        KeyPairName: !Ref KeyPairName
        NumberOfAZs: '2'
        PublicSubnet1CIDR: !Ref PublicSubnet1CIDR
        PublicSubnet2CIDR: !Ref PublicSubnet2CIDR
        VPCCIDR: !Ref VPCCIDR
  ExampleStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub 
        - https://${BucketName}.${Region}.amazonaws.com/${KeyPrefix}templates/authenticated-s3.template.yaml
        - Region: !If [GovCloudCondition , s3-us-gov-west-1 , s3]
      Parameters:
        BucketName: !Ref BucketName  
        KeyPairName: !Ref KeyPairName
        AccessCIDR: !Ref AccessCIDR
        SubnetId:
          Fn::GetAtt:
          - VPCStack
          - Outputs.PublicSubnet1ID
        VPCID:
          Fn::GetAtt:
          - VPCStack
          - Outputs.VPCID