AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Simple Lambda based HTTP service template

Mappings:
  # The VPC and subnet configuration is passed in via the environment spec.
  SubnetConfig:
    VPC:
      CIDR: '{{ environment.inputs.vpc_cidr}}'         # customization parameter
    DNS:
      Hostname: '{{ environment.inputs.dns_hostname}}' # customization parameter      

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      EnableDnsSupport: true
      EnableDnsHostnames: true
      CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']

  PublicSubnetOne:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone:
         Fn::Select:
         - 0
         - Fn::GetAZs: {Ref: 'AWS::Region'}
      VpcId: !Ref 'VPC'
      CidrBlock: !Select [ 0, !Cidr [ !FindInMap ['SubnetConfig', 'VPC', 'CIDR'], 3, 8 ]]
      MapPublicIpOnLaunch: true

  PublicSubnetTwo:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone:
         Fn::Select:
         - 1
         - Fn::GetAZs: {Ref: 'AWS::Region'}
      VpcId: !Ref 'VPC'
      CidrBlock: !Select [ 1, !Cidr [ !FindInMap ['SubnetConfig', 'VPC', 'CIDR'], 3, 8 ]]
      MapPublicIpOnLaunch: true

  PublicSubnetThree:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone:
         Fn::Select:
         - 2
         - Fn::GetAZs: {Ref: 'AWS::Region'}
      VpcId: !Ref 'VPC'
      CidrBlock: !Select [ 2, !Cidr [ !FindInMap ['SubnetConfig', 'VPC', 'CIDR'], 3, 8 ]]
      MapPublicIpOnLaunch: true

  # Setup networking resources for the public subnets. Containers
  # in the public subnets have public IP addresses and the routing table
  # sends network traffic via the internet gateway.
  InternetGateway:
    Type: AWS::EC2::InternetGateway
  GatewayAttachement:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref 'VPC'
      InternetGatewayId: !Ref 'InternetGateway'
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref 'VPC'
  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: GatewayAttachement
    Properties:
      RouteTableId: !Ref 'PublicRouteTable'
      DestinationCidrBlock: '0.0.0.0/0'
      GatewayId: !Ref 'InternetGateway'
  PublicSubnetOneRouteTableAssociation:
      Type: AWS::EC2::SubnetRouteTableAssociation
      Properties:
        SubnetId: !Ref PublicSubnetOne
        RouteTableId: !Ref PublicRouteTable
  PublicSubnetTwoRouteTableAssociation:
      Type: AWS::EC2::SubnetRouteTableAssociation
      Properties:
        SubnetId: !Ref PublicSubnetTwo
        RouteTableId: !Ref PublicRouteTable
  PublicSubnetThreeRouteTableAssociation:
      Type: AWS::EC2::SubnetRouteTableAssociation
      Properties:
        SubnetId: !Ref PublicSubnetThree
        RouteTableId: !Ref PublicRouteTable

  # ECS Resources
  ECSCluster:
    Type: AWS::ECS::Cluster

  # A security group for the containers we will run in Fargate.
  # Rules are added to this security group based on what ingress you
  # add for the cluster.
  ContainerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Access to the ECS Containers
      VpcId: !Ref 'VPC'

  # This is a role to allows ECS container agent makes calls to 
  # the Amazon ECS API on your behalf.
  ECSTaskExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - ecs.amazonaws.com
            - ecs-tasks.amazonaws.com
          Action: ['sts:AssumeRole']
      Path: /
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'

  DnsHostedZone:
    Type: AWS::Route53::HostedZone
    Properties:
      Name: !FindInMap ['SubnetConfig', 'DNS', 'Hostname']
      HostedZoneConfig:
        Comment: Private hosted zone
      VPCs:
        - VPCId: !Ref VPC
          VPCRegion: !Ref AWS::Region        

# These output values are will be available to service templates, given the
# the 'environment' namespace, for example, environment.outputs.ClusterName.
Outputs:
  ContainerSecurityGroup:
    Description: Container Security group
    Value: !Ref 'ContainerSecurityGroup'
  ClusterName:
    Description: The name of the ECS cluster
    Value: !Ref 'ECSCluster'
  ECSTaskExecutionRole:
    Description: The ARN of the ECS task execution role
    Value: !GetAtt 'ECSTaskExecutionRole.Arn'
  VpcId:
    Description: The ID of the VPC that this stack is deployed in
    Value: !Ref 'VPC'
  PublicSubnetOne:
    Description: Public subnet one
    Value: !Ref 'PublicSubnetOne'
  PublicSubnetTwo:
    Description: Public subnet two
    Value: !Ref 'PublicSubnetTwo'
  PublicSubnetThree:
    Description: Public subnet three
    Value: !Ref 'PublicSubnetThree'
  HostedZoneId:
    Description: The ID of the hosted zone
    Value: !Ref 'DnsHostedZone'
  VpcCIDR:
    Description: The VPC CIDR
    Value: '{{ environment.inputs.vpc_cidr }}'
  DnsHostname:
    Description: The DNS hostname of the hosted zone
    Value: '{{ environment.inputs.dns_hostname }}'