---
  AWSTemplateFormatVersion: 2010-09-09
  Description: VPC Infrastructure setup and deployment of Cloud9 IDE for Serverless Auth Workshop
  Resources:
    # Create the Cloud9 Instance in a specified Subnet
    Cloud9Instance:
      Type: AWS::Cloud9::EnvironmentEC2
      Properties:
        Description: "Cloud9 IDE for the Serverless Authentication and Authorization Workshop"
        AutomaticStopTimeMinutes: 60
        InstanceType: t3.small
        Name: !Sub ${AWS::StackName}-Cloud9Instance
        SubnetId: !Ref PublicSubnet1
      DependsOn: GatewayToInternet

    # Create the VPC infrastructure
    Vpc:
      Type: AWS::EC2::VPC
      Properties:
        CidrBlock: 172.20.0.0/16
        EnableDnsHostnames: true
        Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-VPC"

    PublicSubnet1:
      Type: AWS::EC2::Subnet
      Properties:
        VpcId: !Ref Vpc
        AvailabilityZone: !Select [ 0, !GetAZs '' ]
        CidrBlock: 172.20.1.0/24
        Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-PublicSubnet1"

    InternetGateway:
      Type: AWS::EC2::InternetGateway
      Properties:
        Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-InternetGateway"

    GatewayToInternet:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId: !Ref Vpc
        InternetGatewayId: !Ref InternetGateway

    PublicRouteTable:
      Type: AWS::EC2::RouteTable
      Properties:
        VpcId: !Ref Vpc
        Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-InternetGateway"

    PublicRoute:
      Properties:
        RouteTableId: !Ref PublicRouteTable
        DestinationCidrBlock: 0.0.0.0/0
        GatewayId: !Ref InternetGateway
      Type: AWS::EC2::Route
      DependsOn:
        - InternetGateway
        - GatewayToInternet

    PubSubnet1RTAssoc:
      Properties:
        SubnetId: !Ref PublicSubnet1
        RouteTableId: !Ref PublicRouteTable
      Type: AWS::EC2::SubnetRouteTableAssociation

    ResizeC9VolumeCustom:
      Type: Custom::ResizeC9Volume
      Version: '1.0'
      Properties:
        ServiceToken: !GetAtt ResizeC9VolumeFunction.Arn
        Region: !Ref 'AWS::Region'
        Version: '1.0'
      DependsOn: Cloud9Instance

    ResizeC9VolumeFunction:
      Type: AWS::Lambda::Function
      Properties:
        Role: !GetAtt LambdaVolumeResizeRole.Arn
        Runtime: python3.8
        Handler: index.handler
        Environment:
          Variables:
            instance_name: !GetAtt Cloud9Instance.Name
        Code:
          ZipFile: |
            import json
            import cfnresponse
            import boto3
            import botocore.exceptions
            import os

            ec2 = boto3.client('ec2')

            def handler(event, context):
              responseData = {}
              instance_name = '*' + os.environ['instance_name'] + '*'
              print('Modifying Volume size for ' + instance_name)

              try:
                instance_data = ec2.describe_instances(Filters=[{'Name': 'tag:Name', 'Values': [instance_name]}])
                print(instance_data)
              except botocore.exceptions.ClientError as err:
                print(err)
                responseData['Data'] = 'FAILED'
                cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'CustomResourcePhysicalID')
                return
              except:
                responseData['Data'] = 'FAILED'
                cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'CustomResourcePhysicalID')
                return

              volume_id = instance_data['Reservations'][0]['Instances'][0]['BlockDeviceMappings'][0]['Ebs']['VolumeId']
              responseData['Data'] = volume_id

              try:
                volume_response = ec2.modify_volume(VolumeId=volume_id, Size=20)
                print(volume_response)
              except Exception as err:
                print(err)
                responseData['Data'] = 'Failed'
                cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'CustomResourcePhysicalID')
                return

              print('Volume modified for instance ' + instance_name)

              try:
                cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, 'CustomResourcePhysicalID')
              except:
                cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'CustomResourcePhysicalID')

    LambdaVolumeResizeRole:
      Type: AWS::IAM::Role
      Properties:
        AssumeRolePolicyDocument:
          Version: 2012-10-17
          Statement:
            - Effect: 'Allow'
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action: 'sts:AssumeRole'
        Policies:
          - PolicyName: CWLogPolicy
            PolicyDocument:
              Version: 2012-10-17
              Statement:
                - Effect: Allow
                  Action:
                    - logs:CreateLogGroup
                    - logs:CreateLogStream
                    - logs:PutLogEvents
                  Resource: '*'
          - PolicyName: GetEc2Info
            PolicyDocument:
              Version: 2012-10-17
              Statement:
                - Effect: Allow
                  Action:
                    - ec2:DescribeInstances
                    - ec2:ModifyVolume
                  Resource: '*'


  Outputs:
    Cloud9IDE:
      Value:
        !Join ["",["https://",!Ref "AWS::Region",".console.aws.amazon.com/cloud9/ide/",!Ref Cloud9Instance,"?region=",!Ref "AWS::Region"]]
    Vpc:
      Description: Vpc for Cloud9 instance
      Value: !Ref Vpc
      Export:
        Name: !Sub ${AWS::StackName}-Vpc
    PublicSubnet1:
      Description: Public Subnet for Cloud9 Instance
      Value: !Ref PublicSubnet1
      Export:
        Name: !Sub ${AWS::StackName}-PublicSubnet1