---
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  DatabaseName:
    Description: The name of the first database to be created when the cluster is created
    Type: String
    Default: dev
    AllowedPattern: "([a-z]|[0-9])+"
  ClusterType:
    Description: The type of cluster
    Type: String
    Default: multi-node
    AllowedValues:
      - single-node
      - multi-node
  NumberOfNodes:
    Description: The number of compute nodes in the cluster. For multi-node clusters,
      the NumberOfNodes parameter must be greater than 1
    Type: Number
    Default: '2'
  NodeType:
    Description: The type of node to be provisioned
    Type: String
    Default: ds2.8xlarge
    AllowedValues:
      - ds2.xlarge
      - ds2.8xlarge
      - dc2.large
      - dc2.8xlarge
  MasterUsername:
    Description: The user name that is associated with the master user account for the cluster that is being created
    Type: String
    Default: awsuser
    AllowedPattern: "([a-z])([a-z]|[0-9])*"
  MasterUserPassword:
    Description: The password that is associated with the master user account for the cluster that is being created. Default is Awsuser123
    Type: String
    Default: Awsuser123
    NoEcho: 'true'
  InboundTraffic:
    Description: The IP address CIDR range (x.x.x.x/x) to connect from your local machine.  FYI, get your address using http://www.whatismyip.com.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: Must be a valid CIDR range of the form x.x.x.x/x.
  PortNumber:
    Description: The port number on which the cluster accepts incoming connections.
    Type: Number
    Default: '5439'
Conditions:
  IsMultiNodeCluster:
    Fn::Equals:
      - Ref: ClusterType
      - multi-node
Resources:
  RedshiftRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: RedshiftImmersionRole
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          -
            Effect: Allow
            Principal:
              Service:
                - redshift.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: /
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
        - arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess
  RedshiftCluster:
    Type: AWS::Redshift::Cluster
    DependsOn:
      - AttachGateway
    Properties:
      ClusterType: !Ref ClusterType
      NumberOfNodes:
        Fn::If:
          - IsMultiNodeCluster
          - Ref: NumberOfNodes
          - Ref: AWS::NoValue
      NodeType: !Ref NodeType
      DBName: !Ref DatabaseName
      MasterUsername: !Ref MasterUsername
      MasterUserPassword: !Ref MasterUserPassword
      ClusterParameterGroupName: default.redshift-1.0
      VpcSecurityGroupIds:
        - !Ref SecurityGroup
      ClusterSubnetGroupName: !Ref RedshiftClusterSubnetGroup
      PubliclyAccessible: true
      Port: !Ref PortNumber
      IamRoles: 
        - !GetAtt RedshiftRole.Arn
  RedshiftClusterSubnetGroup:
    Type: AWS::Redshift::ClusterSubnetGroup
    Properties:
      Description: Cluster subnet group
      SubnetIds:
        - !Ref PublicSubnet1
        - !Ref PublicSubnet2
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      CidrBlock: 10.0.0.0/24
      AvailabilityZone: !Select [0, !GetAZs ""]
      VpcId: !Ref VPC
  PublicSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: !Select [1, !GetAZs ""]
      VpcId: !Ref VPC
  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group
      SecurityGroupIngress:
        - CidrIp: !Ref InboundTraffic
          FromPort: 5439
          ToPort: 5439
          IpProtocol: tcp
      VpcId: !Ref VPC
  SecurityGroupSelfReference:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: Self Referencing Rule
      FromPort: -1
      IpProtocol: "-1"
      GroupId: !GetAtt [SecurityGroup, GroupId]
      SourceSecurityGroupId: !GetAtt [SecurityGroup, GroupId]
      ToPort: -1
  InternetGateway:
    Type: AWS::EC2::InternetGateway
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  PublicSubnetRouteTableAssociation1:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet1
      RouteTableId: !Ref PublicRouteTable
  PublicSubnetRouteTableAssociation2:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet2
      RouteTableId: !Ref PublicRouteTable
Outputs:
  ClusterEndpoint:
    Description: Redshift Hostname and Port
    Value: !Sub "${RedshiftCluster.Endpoint.Address}:${RedshiftCluster.Endpoint.Port}"
  RedshiftRoleARN:
    Description: Redshift Role ARN Number
    Value: !GetAtt RedshiftRole.Arn
  MasterUsername:
    Description: Redshift Username
    Value: !Ref MasterUsername
  MasterUserPassword:
    Description: Redshift Password
    Value: !Ref MasterUserPassword
  RedshiftDatabaseName:
    Description: Redshift Database Name
    Value: !Ref DatabaseName