---
AWSTemplateFormatVersion: 2010-09-09

Description: >
    This template deploys A Retail Demo Store Service Load Balancer.

Parameters:
  ServiceName:
    Type: String

  Subnets:
    Type: List<AWS::EC2::Subnet::Id>

  VpcId:
    Type: String

  VpcCidr:
    Type: String

Resources:
  SecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupDescription: !Sub ${AWS::StackName}/ECS/${ServiceName}/SecurityGroup
      SecurityGroupEgress:
        - CidrIp: "0.0.0.0/0"
          Description: Allow all outbound traffic by default
          IpProtocol: "-1"
      SecurityGroupIngress:
        - CidrIp: !Ref VpcCidr
          Description: Allow from within the VPC for port 80
          FromPort: 80
          IpProtocol: tcp
          ToPort: 80
      VpcId: !Ref VpcId

  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Subnets: !Ref Subnets
      LoadBalancerAttributes:
        - Key: deletion_protection.enabled
          Value: "false"
      Scheme: internal
      Type: network
      Tags:
        -
          Key: RetailDemoStoreServiceName
          Value: !Ref ServiceName

  LoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      LoadBalancerArn: !Ref LoadBalancer
      Port: 80
      Protocol: TCP
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref TargetGroup

  # Target Groups
  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    DependsOn: LoadBalancer
    Properties:
      VpcId: !Ref VpcId
      Port: 80
      Protocol: TCP
      HealthCheckIntervalSeconds: 10
      HealthCheckPath: /
      HealthCheckProtocol: HTTP
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 2
      TargetType: ip
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: '30'

  # Loadbalancer SSM Parameter
  ServicesLoadBalancerSSMParameter:
    Type: "AWS::SSM::Parameter"
    Properties:
      Name: !Sub "/retaildemostore/services_load_balancers/${ServiceName}"
      Type: "String"
      Value: !Sub http://${LoadBalancer.DNSName} 
      Description: !Sub "Load balancer URL for the Retail Demo Store ${ServiceName} service"

Outputs:
  TargetGroup:
    Description: Target Group for Web UI Service Instances
    Value: !Ref TargetGroup

  ServiceDNSName:
    Description: DNS name of the load balancer for this service
    Value: !GetAtt LoadBalancer.DNSName

  ServiceUrl:
    Description: URL of the load balancer for this service
    Value: !Sub http://${LoadBalancer.DNSName}

  SecurityGroup:
    Value: !Ref SecurityGroup
  
  LoadBalancerListener:
    Description: Arn of the load balancer listener for this service
    Value: !GetAtt LoadBalancerListener.ListenerArn