AWSTemplateFormatVersion: '2010-09-09'
Metadata:
  License: Apache-2.0
Description: 'AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample:
  Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based
  on the region in which the stack is run. This example creates an EC2 security group
  for the instance to give you SSH access. **WARNING** This template creates an Amazon
  EC2 instance. You will be billed for the AWS resources used if you create a stack
  from this template.'
Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable access to the instance
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: m5.large
    AllowedValues: [t3.medium, t3.large, m5.large, m5.xlarge]
    ConstraintDescription: must be a valid EC2 instance type.
  LatestAmiId:
    Type:  'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
  VPCID:
    Description: The VPC the directory will be created in
    Type: AWS::EC2::VPC::Id
  PublicSubnet0:
    Description: Subnet to be used for the EC2 Instance
    Type: AWS::EC2::Subnet::Id
  SSHLocation:
    Description: The IP address range that can be used to SSH and access over HTTP to the Splunk EC2 instances
    Type: String
    MinLength: 9
    MaxLength: 18
    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
  VpcCidrRange:
    Description: The IP address range of your VPC to allow to connect to Splunk HTTP Event Collector 
    Type: String
    MinLength: 9
    MaxLength: 18
    Default: 172.20.0.0/16
    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
  RootVolumeSize:
    Description: The size of the Root Volume Size
    Type: String
    Default: 100
  S3BucketName:
    Description: "S3 bucket name where the Splunk install file is located"
    Type: String
  S3Prefix:
    Description: "S3 prefix including the Splunk RPM file"
    Type: String
  S3DownloadLocation:
    Description: "Local Download location of S3 files"
    Type: String
    Default: '/tmp'

Resources:

  InstanceRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - ec2.amazonaws.com
          Action:
          - sts:AssumeRole
      ManagedPolicyArns:
      - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
      Path: /
      Policies:
      - PolicyName: cfS3AllowSplunkFile
        PolicyDocument:
          Version: 2012-10-17
          Statement:
          - Effect: Allow
            Action:
            - s3:GetObject
            Resource:
            - !Sub 'arn:aws:s3:::${S3BucketName}/${S3Prefix}'

  InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
      - !Ref InstanceRole 

  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22 and allow ALB to connect to port 80 on the instance
      SecurityGroupEgress:
      - Description: Allow all outbound traffic
        IpProtocol: -1
        CidrIp: 0.0.0.0/0
      SecurityGroupIngress:
      - Description: Allow 22 and 8000
        IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: !Ref SSHLocation
      - IpProtocol: tcp
        FromPort: 8000
        ToPort: 8000
        CidrIp: !Ref SSHLocation
      - IpProtocol: tcp
        FromPort: 8088
        ToPort: 8088
        CidrIp: !Ref VpcCidrRange
      VpcId: !Ref VPCID

  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref InstanceType
      SecurityGroupIds: [!Ref InstanceSecurityGroup]
      IamInstanceProfile: !Ref InstanceProfile
      KeyName: !Ref KeyName
      ImageId: !Ref LatestAmiId
      SubnetId: !Ref PublicSubnet0
      BlockDeviceMappings:
        -
          DeviceName: "/dev/xvda"
          Ebs:
            VolumeSize: !Ref RootVolumeSize
            VolumeType: gp2
      Tags:
        -
          Key: Name
          Value: 'Splunk Demo Instance'
      UserData:
        Fn::Base64: 
          !Sub | 
            #!/bin/bash -xe
            s3files="s3://${S3BucketName}/${S3Prefix}"
            n=$(echo $s3files | tr -cd / | wc -c | awk '{$1=$1;print}')
            splunkfile=$(echo $s3files | cut -d'/' -f$((n+1)))
            cd ${S3DownloadLocation}
            aws s3 cp $s3files .
            chmod 644 $splunkfile
            rpm -i $splunkfile

Outputs:
  SplunkPrivateDns:
    Description: INTERNAL DNS of the Splunk Instance
    Value: !GetAtt EC2Instance.PrivateDnsName
  SplunkPublicDns:
    Description: EXTERNAL DNS of the Splunk Instance
    Value: !GetAtt EC2Instance.PublicDnsName