AWSTemplateFormatVersion: 2010-09-09

Description: CloudWAN Workshop
Parameters:
  FirewallAttachmentIdEU:
    Type: String
    Default: ""
  FirewallAttachmentIdUS:
    Type: String
    Default: ""

Resources:
  GlobalNetwork:
    Type: AWS::NetworkManager::GlobalNetwork
    Properties:
      Description: Global Network - Cloud WAN Workshop
      Tags:
        - Key: Env
          Value: Workshop
        - Key: Name
          Value: Workshop-GlobalNetwork

  CoreNetwork:
    Type: AWS::NetworkManager::CoreNetwork
    Metadata:
      cfn-lint:
        config:
          ignore_checks:
            - E3002
    Properties:
      GlobalNetworkId: !Ref GlobalNetwork
      PolicyDocument:
        version: "2021.12"
        core-network-configuration:
          vpn-ecmp-support: false
          asn-ranges:
            - 64520-65534
          edge-locations:
            - location: eu-north-1
            - location: us-west-2
        segments:
          - name: prod
            require-attachment-acceptance: false
            isolate-attachments: true
            edge-locations:
              - eu-north-1
              - us-west-2
          - name: nonprod
            require-attachment-acceptance: false
            edge-locations:
              - eu-north-1
              - us-west-2
          - name: sharedservices
            require-attachment-acceptance: false
        #   - name: legacy
        #     require-attachment-acceptance: false
        #     edge-locations:
        #       - eu-north-1
        #       - us-west-2
        # attachment-policies:
        #   - rule-number: 100
        #     conditions:
        #       - type: tag-exists
        #         key: prod
        #     action:
        #       association-method: constant
        #       segment: prod
        #   - rule-number: 200
        #     conditions:
        #       - type: tag-exists
        #         key: nonprod
        #     action:
        #       association-method: constant
        #       segment: nonprod
        #   - rule-number: 300
        #     conditions:
        #       - type: tag-exists
        #         key: sharedservices
        #     action:
        #       association-method: constant
        #       segment: sharedservices
        #   - rule-number: 400
        #     conditions:
        #       - type: tag-exists
        #         key: legacy
        #     action:
        #       association-method: constant
        #       segment: legacy
        # segment-actions:
        #   - action: share
        #     mode: attachment-route
        #     segment: sharedservices
        #     share-with: "*"
        #   - action: create-route
        #     destination-cidr-blocks:
        #       - 0.0.0.0/0
        #     segment: prod
        #     destinations:
        #       - !Ref FirewallAttachmentIdEU
        #       - !Ref FirewallAttachmentIdUS
        #   - action: create-route
        #     destination-cidr-blocks:
        #       - 0.0.0.0/0
        #     segment: nonprod
        #     destinations:
        #       - !Ref FirewallAttachmentIdEU
        #       - !Ref FirewallAttachmentIdUS           
        #   - action: share
        #     mode: attachment-route
        #     segment: legacy
        #     share-with:
        #       - prod
        #       - nonprod

Outputs:
  CoreNetworkId:
    Value: !GetAtt CoreNetwork.CoreNetworkId
    Description: Core Network Id
  CoreNetworkArn:
    Value: !GetAtt CoreNetwork.CoreNetworkArn
    Description: Core Network ARN