AWSTemplateFormatVersion: '2010-09-09'
Description: |
 Master stack to create all resources from nested stack
 Master Stack usec for end to end setup of below components
 VPC - Subnets, NAT, IGW
 ECR - Single registry
 ECS - Cluster, Task Definition, Fargate Service, Security Group to allow traffic from LB
 ALB - Application Load Balancer, Listener, Target Groups
Parameters:
  Environment:
    Description: An environment name that is tagged to resource names for identification
    Type: String
    Default: Poc
  EnvironmentType:
    Description: An environment name that is tagged to resource names for identification (QA/Staging/Production)
    Type: String
    AllowedValues:
    - QA
    - Staging
    - Production
  ECRRepositoryName:
      Type: String
      Description: The ECR Repository name to be defined for ECR
  Vpc:
    Description: Please enter the IP range (CIDR notation) for this VPC
    Type: String
    Default: 10.192.0.0/16
  PublicSubnet1:
    Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
    Type: String
    Default: 10.192.10.0/24
  PublicSubnet2:
    Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone
    Type: String
    Default: 10.192.11.0/24
  PrivateSubnet1:
    Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone
    Type: String
    Default: 10.192.20.0/24
  PrivateSubnet2:
    Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone
    Type: String
    Default: 10.192.21.0/24
  ToolsAccount:
    Description: Tools Account id that has the codepipeline
    Type: String

Resources:
  #VPC used is common across all environments - QA, Staging and Production. All other resources are isolated.
  VPCStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: "VPC.yaml"
      Parameters:
        VpcCIDR: !Ref Vpc
        PublicSubnet1CIDR: !Ref PublicSubnet1
        PublicSubnet2CIDR: !Ref PublicSubnet2
        PrivateSubnet1CIDR: !Ref PrivateSubnet1
        PrivateSubnet2CIDR: !Ref PrivateSubnet2
        EnvironmentName: !Ref Environment
      Tags:
        - Key: Name
          Value: !Ref Environment

  QAALBStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: "ALB.yaml"
      Parameters:
        VpcID:
          Fn::GetAtt:
          - VPCStack
          - Outputs.VPC
        ALBPublicSubnet1:
          Fn::GetAtt:
          - VPCStack
          - Outputs.PublicSubnet1
        ALBPublicSubnet2:
          Fn::GetAtt:
          - VPCStack
          - Outputs.PublicSubnet2
        EnvironmentName: !Ref Environment
        EnvironmentType: QA
        VPCCidr: !Ref Vpc
      Tags:
        - Key: Name
          Value: !Ref Environment
        - Key: EnvironmentType
          Value: !Sub ${EnvironmentType}

  ECRRepository:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName: !Ref ECRRepositoryName
      ImageScanningConfiguration:
        ScanOnPush: true
      RepositoryPolicyText:
        Version: '2012-10-17'
        Statement:
          - 
            Sid: AllowPushPull
            Effect: Allow
            Principal:
              AWS: 
               - !Sub "arn:aws:iam::${ToolsAccount}:root"
            Action:
              - 'ecr:GetDownloadUrlForLayer'
              - 'ecr:BatchGetImage'
              - 'ecr:BatchCheckLayerAvailability'
              - 'ecr:PutImage'
              - 'ecr:InitiateLayerUpload'
              - 'ecr:UploadLayerPart'
              - 'ecr:CompleteLayerUpload'

  QAECSStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: "ECS.yaml"
      Parameters:
        VpcID:
          Fn::GetAtt:
          - VPCStack
          - Outputs.VPC
        ECSPrivateSubnet1:
          Fn::GetAtt:
          - VPCStack
          - Outputs.PrivateSubnet1
        ECSPrivateSubnet2:
          Fn::GetAtt:
          - VPCStack
          - Outputs.PrivateSubnet2
        EnvironmentName: !Ref Environment
        EnvironmentType: QA
        ImageRegistryName: !Ref ECRRepository
        RegistryAccountid: !Ref "AWS::AccountId"
        ImageName: "web" #Hard coded as of now can be changed to use parameters later. Need to understand requirement
        ImageRegion: !Ref "AWS::Region"
        LBSecurityGroup:
          Fn::GetAtt:
          - QAALBStack
          - Outputs.ALBSecurityGroup
        TargetGroup1:
          Fn::GetAtt:
          - QAALBStack
          - Outputs.ECSTargetGroup1
        TargetGroup2:
          Fn::GetAtt:
          - QAALBStack
          - Outputs.ECSTargetGroup2
      Tags:
        - Key: Name
          Value: !Ref Environment
        - Key: EnvironmentType
          Value: !Sub ${EnvironmentType}

Outputs:
  ALBListenerFQDN:
    Description: Application Load balancer FQDN to access ECS Service
    Value:
      Fn::GetAtt:
      - QAALBStack
      - Outputs.ALBListenerFQDN
  ECRReponame:
    Description: The ECR Repository name
    Value: !Ref ECRRepository
    Export:
      Name:
        'Fn::Sub': '${AWS::StackName}-ECRRepository'
  ECSClustername:
    Description: The ECS Cluster name
    Value:
      Fn::GetAtt:
      - QAECSStack
      - Outputs.ECSCluster
    Export:
      Name:
        'Fn::Sub': '${AWS::StackName}-ECSCluster-${EnvironmentType}'
  ECSServicename:
    Description: The ECS Cluster name
    Value:
      Fn::GetAtt:
      - QAECSStack
      - Outputs.ECSService
    Export:
      Name:
        'Fn::Sub': '${AWS::StackName}-ECSService-${EnvironmentType}'
  ALBListener:
    Description: ALB Listener ARN to pass to CodeDeploy Deployment Group
    Value:
      Fn::GetAtt:
      - QAALBStack
      - Outputs.ALBListenerARN
    Export:
      Name:
        'Fn::Sub': '${AWS::StackName}-ALBListener-${EnvironmentType}'