AWSTemplateFormatVersion: 2010-09-09
Description: This template creates a new VPC to deploy the FortiWeb Autoscale Solution.
Parameters:
  AvailabilityZones:
    Description: >-
      The list of Availability Zones to use for the subnets in the VPC. The
      Quick Start uses two Availability Zones from your list and preserves the
      logical order you specify.
    Type: 'List<AWS::EC2::AvailabilityZone::Name>'
  VPCCIDR:
    Type: String
    Default: 10.0.0.0/16
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]){1}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
    ConstraintDescription: must be a valid CIDR block format.
    Description: The CIDR block for the VPC.

  PublicSubnet1CIDR:
    Type: String
    Default: 10.0.0.0/24
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]){1}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
    ConstraintDescription: must be a valid CIDR block format.
    Description: The CIDR block for the public (DMZ) subnet located in Availability Zone 1.
    
  PublicSubnet2CIDR:
    Type: String
    Default: 10.0.1.0/24
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]){1}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
    ConstraintDescription: must be a valid CIDR block format.
    Description: The CIDR block for the public (DMZ) subnet located in Availability Zone 2.

  PrivateSubnet1CIDR:
    Type: String
    Default: 10.0.2.0/24
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]){1}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
    ConstraintDescription: must be a valid CIDR block format.
    Description: The CIDR block for the private subnet (Fortiweb) located in Availability Zone 1.

  PrivateSubnet2CIDR:
    Type: String
    Default: 10.0.3.0/24
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]){1}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
    ConstraintDescription: must be a valid CIDR block format.
    Description: The CIDR block for the private subnet (Fortiweb)  located in Availability Zone 2.

  # PrivateSubnet3CIDR:
  #   Type: String
  #   Default: 10.0.4.0/24
  #   AllowedPattern: >-
  #     ^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]){1}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
  #   ConstraintDescription: must be a valid CIDR block format.
  #   Description: The CIDR block for the private subnet (WebServer) located in Availability Zone 1.

  # PrivateSubnet4CIDR:
  #   Type: String
  #   Default: 10.0.5.0/24
  #   AllowedPattern: >-
  #     ^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]){1}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
  #   ConstraintDescription: must be a valid CIDR block format.
  #   Description: The CIDR block for the private subnet (WebServer) located in Availability Zone 2.

  CustomIdentifier:
    Type: String
    Default: fwbha
    MaxLength: '10'
    AllowedPattern: '[A-Za-z0-9]+'
    ConstraintDescription: >-
      must only contain uppercase and lowercase letters and numbers. Max length is 10.
    Description: >-
      A custom identifier as resource name prefix. Must be at most 10 characters long and only contain uppercase, lowercase letters, and numbers. Max length is 10.
Resources:
  FwbHAVpc:
    Type: 'AWS::EC2::VPC'
    Metadata:
      cfn_nag:
        rules_to_suppress:
            - id: W60 
              reason: "Need not a VPC Flow log "
    Properties:
      CidrBlock: !Ref VPCCIDR
      InstanceTenancy: default
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'
      Tags:
        - Key: Name
          Value: !Ref CustomIdentifier
  PublicSubnet1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: !Ref PublicSubnet1CIDR
      AvailabilityZone: !Select 
        - 0
        - !Ref AvailabilityZones
      VpcId: !Ref FwbHAVpc
      Tags:
        - Key: Name
          Value: !Sub "${CustomIdentifier}-PublicSubnet1"
  PublicSubnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: !Ref PublicSubnet2CIDR
      AvailabilityZone: !Select 
        - 1
        - !Ref AvailabilityZones
      VpcId: !Ref FwbHAVpc
      Tags:
        - Key: Name
          Value: !Sub "${CustomIdentifier}-PublicSubnet2"
  PrivateSubnet1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: !Ref PrivateSubnet1CIDR
      AvailabilityZone: !Select 
        - 0
        - !Ref AvailabilityZones
      VpcId: !Ref FwbHAVpc
      Tags:
        - Key: Name
          Value: !Sub "${CustomIdentifier}-PrivateSubnet1"
  PrivateSubnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: !Ref PrivateSubnet2CIDR
      AvailabilityZone: !Select 
        - 1
        - !Ref AvailabilityZones
      VpcId: !Ref FwbHAVpc
      Tags:
        - Key: Name
          Value: !Sub "${CustomIdentifier}-PrivateSubnet2"
  # PrivateSubnet3:
  #   Type: 'AWS::EC2::Subnet'
  #   Properties:
  #     CidrBlock: !Ref PrivateSubnet3CIDR
  #     AvailabilityZone: !Select 
  #       - 0
  #       - !Ref AvailabilityZones
  #     VpcId: !Ref FwbHAVpc
  #     Tags:
  #       - Key: Name
  #         Value: !Sub "${CustomIdentifier}-PrivateSubnet3"
  # PrivateSubnet4:
  #   Type: 'AWS::EC2::Subnet'
  #   Properties:
  #     CidrBlock: !Ref PrivateSubnet4CIDR
  #     AvailabilityZone: !Select 
  #       - 1
  #       - !Ref AvailabilityZones
  #     VpcId: !Ref FwbHAVpc
  #     Tags:
  #       - Key: Name
  #         Value: !Sub "${CustomIdentifier}-PrivateSubnet4"

  FwbInternetGateway:
    Type: 'AWS::EC2::InternetGateway'
    Properties:
      Tags:
        - Key: Name
          Value: !Sub "${CustomIdentifier}-NATGateway"

  FwbIgwAttachment:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      VpcId: !Ref FwbHAVpc
      InternetGatewayId: !Ref FwbInternetGateway
 
  FwbPublicSubnetRouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref FwbHAVpc
      Tags:
        - Key: Name
          Value: 'FwbPublicSubnetRouteTable'

  FwbPublicSubnet1RouteTableAssoc:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref FwbPublicSubnetRouteTable
      SubnetId: !Ref PublicSubnet1
    DependsOn:
      - FwbPublicSubnetRouteTable
      - PublicSubnet1

  FwbPublicSubnet2RouteTableAssoc:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref FwbPublicSubnetRouteTable
      SubnetId: !Ref PublicSubnet2
    DependsOn:
      - FwbPublicSubnetRouteTable
      - PublicSubnet2

  FwbPublicSubnetRoute1:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      RouteTableId: !Ref FwbPublicSubnetRouteTable
      GatewayId: !Ref FwbInternetGateway
    DependsOn:
      - FwbIgwAttachment

#private route table
  RouteTablePrivate1:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId:
        Ref: FwbHAVpc
      Tags:
        - Key: Name
          Value: Private Route Table A

  RouteTablePrivate1Association1:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId:
        Ref: RouteTablePrivate1
      SubnetId:
        Ref: PrivateSubnet1

  RouteTablePrivate1Route0:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      RouteTableId:
        Ref: RouteTablePrivate1
      NatGatewayId:
        Ref: NatGw1

  RouteTablePrivate2:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId:
        Ref: FwbHAVpc
      Tags:
        - Key: Name
          Value: Private Route Table B

  RouteTablePrivate2Association1:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId:
        Ref: RouteTablePrivate2
      SubnetId:
        Ref: PrivateSubnet2

  RouteTablePrivate2Route0:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      RouteTableId:
        Ref: RouteTablePrivate2
      NatGatewayId:
        Ref: NatGw1

  NatGw1:
    Type: 'AWS::EC2::NatGateway'
    Properties:
      SubnetId:
        Ref: PublicSubnet1
      AllocationId:
        'Fn::GetAtt':
          - NatGw1ElasticIP
          - AllocationId
      Tags:
        - Key: Name
          Value: NAT GW A

  NatGw1ElasticIP:
    Type: 'AWS::EC2::EIP'
    Properties:
      Domain: FwbHAVpc

Metadata:
  'AWS::CloudFormation::Interface':
    ParameterGroups:
      - Label:
          default: Common configuration
        Parameters:
          - CustomIdentifier
      - Label:
          default: Network Configuration
        Parameters:
          - AvailabilityZones
          - VPCCIDR
          - PublicSubnet1CIDR
          - PublicSubnet2CIDR
          - PrivateSubnet1CIDR
          - PrivateSubnet2CIDR
    ParameterLabels:
      AvailabilityZones:
        default: Availability Zones
      VPCCIDR:
        default: VPC CIDR
      PublicSubnet1CIDR:
        default: Public Subnet 1 CIDR
      PublicSubnet2CIDR:
        default: Public Subnet 2 CIDR
      PrivateSubnet1CIDR:
        default: Private Subnet 1 CIDR
      PrivateSubnet2CIDR:
        default: Private Subnet 2 CIDR
      # PrivateSubnet3CIDR:
      #   default: Private Subnet 3 CIDR
      # PrivateSubnet4CIDR:
      #   default: Private Subnet 4 CIDR
      CustomIdentifier:
        default: Resource name prefix
Outputs:
  FwbHAVpc:
    Description: VPC ID
    Value: !Ref FwbHAVpc
  PublicSubnet1:
    Description: Public Subnet 1 ID
    Value: !Ref PublicSubnet1
  PublicSubnet2:
    Description: Public Subnet 2 ID
    Value: !Ref PublicSubnet2
  PrivateSubnet1:
    Description: Private Subnet 1 ID
    Value: !Ref PrivateSubnet1
  PrivateSubnet2:
    Description: Private Subnet 2 ID
    Value: !Ref PrivateSubnet2
  # PrivateSubnet3:
  #   Description: Private Subnet 3 ID
  #   Value: !Ref PrivateSubnet3
  # PrivateSubnet4:
  #   Description: Private Subnet 4 ID
  #   Value: !Ref PrivateSubnet4