Parameters:
  VPC:
    Type: String
    Default: vpc-0608dc7958c00eda3

  PublicSubnetId:
    Type: String
    Default: subnet-0dc30cb0df03761e3

  EnvironmentName:
    Description: An environment name that is prefixed to resource names
    Type: String
    Default: ManagedBlockchainWorkshop

  PrivateSubnet1CIDR:
    Description: The IP range (CIDR notation) for the private subnet
    Type: String
    Default: 10.1.0.0/16

  AvailabilityZone:
    Type: String
    Default: us-east-1d

Resources:

  NatGateway1EIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

  NatGateway1:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NatGateway1EIP.AllocationId
      SubnetId: !Ref PublicSubnetId

  VpcCidrBlock:
    Type: AWS::EC2::VPCCidrBlock
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 192.0.0.0/24

  PrivateSubnet1:
    Type: AWS::EC2::Subnet
    DependsOn:
      - VpcCidrBlock
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Ref AvailabilityZone
      CidrBlock: 192.0.0.0/24
      MapPublicIpOnLaunch: false
      Tags:
        - Key: Name
          Value: !Sub ${EnvironmentName} Private Subnet (AZ1)

  PrivateRouteTable1:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: !Sub ${EnvironmentName} Private Routes (AZ1)

  DefaultPrivateRoute1:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateRouteTable1
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway1

  PrivateSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PrivateRouteTable1
      SubnetId: !Ref PrivateSubnet1

  NoIngressSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: "no-ingress-sg"
      GroupDescription: "Security group with no ingress rule"
      VpcId: !Ref VPC

Outputs:
  PrivateSubnetID:
    Description: The private subnet Id
    Value: !Ref PrivateSubnet1