AWSTemplateFormatVersion: '2010-09-09'
Description: Workshop about AWS WAF and WAF Security Automations Solution (uksb-1q1gt3g5d)
Metadata:
  Version: '2.3'
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          Default: 'Setup: leave as defaults unless  you know what you''re doing'
        Parameters:
          - TheAmi
          - TheVpcRange
          - TheSubnetRange
          - TheOtherSubnetRange
          - ThePublicIp
          - TheWebPort
    ParameterLabels:
      TheAmi:
        Description: must be a linux2 ami
      TheVpcRange:
        Description: vpc cidr block
      TheSubnetRange:
        Description: subnet cidr block
      TheOtherSubnetRange:
        Description: another subnet cidr block
      TheWebPort:
        Description: port application is listening at
      ThePublicIp:
        Description: public ip to whitelist, your public ip nomrally
Parameters:
  TheAmi:
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2
  ThePublicIp:
    Description: public ip to whitelist
    Type: String
    Default: '0.0.0.0/0'
  TheVpcRange:
    Description: vpc CIDR range
    Default: 10.0.3.0/26
    Type: String
  TheSubnetRange:
    Description: subnet CIDR
    Default: 10.0.3.16/28
    Type: String
  TheOtherSubnetRange:
    Description: subnet CIDR
    Default: 10.0.3.32/28
    Type: String
  TheWebPort:
    Description: port application is listening at
    Default: 80
    Type: Number
Resources:
  TheNeworkStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        TheVpcRange: !Ref 'TheVpcRange'
        TheSubnetRange: !Ref 'TheSubnetRange'
        TheOtherSubnetRange: !Ref 'TheOtherSubnetRange'
        ThePublicIp: !Ref 'ThePublicIp'
      Tags:
        - Key: Name
          Value: !Sub '${AWS::StackName}-VPC'
      TemplateURL: ./network.template
      TimeoutInMinutes: 20
  TheSecurityStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        ThePublicIp: !Ref 'ThePublicIp'
        TheWebPort: !Ref 'TheWebPort'
        TheVpcId: !GetAtt 'TheNeworkStack.Outputs.VpcId'
      Tags:
        - Key: Name
          Value: !Sub '${AWS::StackName}-SecurityGroup'
      TemplateURL: ./security.template
      TimeoutInMinutes: 20
  TheInstanceStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        TheAmi: !Ref 'TheAmi'
        WebSecurityGroup: !GetAtt 'TheSecurityStack.Outputs.WebSecurityGroup'
        TheWebPort: !Ref 'TheWebPort'
        ALBSecurityGroup: !GetAtt 'TheSecurityStack.Outputs.ALBSecurityGroup'
        TheSubnetId: !GetAtt 'TheNeworkStack.Outputs.SubnetId'
        TheVpcId: !GetAtt 'TheNeworkStack.Outputs.VpcId'
        TheOtherSubnetId: !GetAtt 'TheNeworkStack.Outputs.OtherSubnetId'
      Tags:
        - Key: Name
          Value: !Sub '${AWS::StackName}-ASG'
      TemplateURL: ./instance.template
      TimeoutInMinutes: 30
Outputs:
  TheSiteUrl:
    Value: !GetAtt TheInstanceStack.Outputs.TheSiteUrl