# (c) 2020 Amazon Web Services, Inc. or its affiliates. All Rights Reserved.
# This AWS Content is provided subject to the terms of the AWS Customer
# Agreement available at https://aws.amazon.com/agreement/ or other written
# agreement between Customer and Amazon Web Services, Inc.
# Author : vaidys@amazon.com

AWSTemplateFormatVersion: 2010-09-09
Description: Creates the route table for IGW with VPCE for ingress inspection
Parameters:
  pVpc:
    Type: String
  pProtectedSubnet1Cidr:
    Type: String
  pProtectedSubnet2Cidr:
    Type: String
  pNetworkFirewallSubnetAz1:
    Type: String
  pNetworkFirewallSubnetAz2:
    Type: String
  pVpcName:
    Type: String
  pVpcEndpoints:
    Type: String
  pInternetGatewayId:
    Type: String


#Conditions:
#  CAz1:
#    !Equals [
#    !Select ["0",!Split [":",!Select ["0", !Split [",", !Ref pVpcEndpoints]]]], !Ref pNetworkFirewallSubnetAZ1
#    ]
#  CAz2:
#    !Equals [
#    !Select ["0",!Split [":",!Select ["1", !Split [",", !Ref pVpcEndpoints]]]], !Ref pNetworkFirewallSubnetAZ2
#    ]

Resources:
  rIgwRt:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref pVpc
      Tags:
        - Key: Name
          Value: !Sub ${pVpcName}-igw-rt

  rVPCERoute1:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref rIgwRt
      DestinationCidrBlock: !Ref pProtectedSubnet1Cidr
      VpcEndpointId: !Select ["1",!Split [":",!Select ["0", !Split [",", !Ref pVpcEndpoints]]]]

  rVPCERoute2:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref rIgwRt
      DestinationCidrBlock: !Ref pProtectedSubnet2Cidr
      VpcEndpointId: !Select ["1",!Split [":",!Select ["1", !Split [",", !Ref pVpcEndpoints]]]]

  rIgwRtAssociation:
    Type: AWS::EC2::GatewayRouteTableAssociation
    Properties:
      GatewayId: !Ref pInternetGatewayId
      RouteTableId: !Ref rIgwRt

Outputs:
  oIgwRt:
    Value: !Ref rIgwRt
    Export:
      Name: IgwRtId