Description: |
  Create a secure VPC designed to host a data science project team.

Parameters:
  StackSetName:
    Type: String 
    Description: A name to be used across nested stacks 

  SharedServicesVpcCIDR:
    Type: String
    Default: 10.1.0.0/16
    Description: CIDR range for shared services VPC
    AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'

  SharedServicesSubnet1CIDR:
    Type: String
    Default: 10.1.0.0/24
    Description: CIDR range for shared services Subnet A
    AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'

  SharedServicesSubnet2CIDR:
    Type: String
    Default: 10.1.1.0/24
    Description: CIDR range for shared services Subnet B
    AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'

  SharedServicesSubnet3CIDR:
    Type: String
    Default: 10.1.2.0/24
    Description: CIDR range for shared services Subnet C
    AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'

Outputs:
  SharedServicesVPCId:
    Description: The ID of the Shared Services VPC
    Value: !Ref SharedServicesVPC
    Export:
      Name: !Sub 'srv-vpc-${StackSetName}'

  SharedServicesVpcCIDRRange:
    Description: The ID of the Shared Services VPC
    Value: !Ref SharedServicesVpcCIDR
    Export:
      Name: !Sub 'srv-vpc-${StackSetName}-cidr'

  SharedServicesSubnetAId:
    Description: The ID of the first Subnet in Shared Services VPC
    Value: !Ref SharedServicesSubnetA
    Export:
      Name: !Sub 'srv-subneta-${StackSetName}'

  SharedServicesSubnetBId:
    Description: The ID of the second Subnet in Shared Services VPC
    Value: !Ref SharedServicesSubnetB
    Export:
      Name: !Sub 'srv-subnetb-${StackSetName}'

  SharedServicesSubnetCId:
    Description: The ID of the second Subnet in Shared Services VPC
    Value: !Ref SharedServicesSubnetC
    Export:
      Name: !Sub 'srv-subnetc-${StackSetName}'


Resources:
  #########################
  #
  # VPC AND SUBNETS
  #
  #########################
  SharedServicesVPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: !Ref SharedServicesVpcCIDR
      InstanceTenancy: default
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: !Sub "srv-vpc-${StackSetName}"

  SharedServicesVPCId:
    Type: 'AWS::SSM::Parameter'
    Properties:
      Name: !Sub "srv-vpc-${StackSetName}-id"
      Type: String
      Value: !Ref SharedServicesVPC
      Description: Shared Services VPC ID

  SharedServicesSubnetA:
    Type: 'AWS::EC2::Subnet'
    Properties:
      VpcId: !Ref SharedServicesVPC
      CidrBlock: !Ref SharedServicesSubnet1CIDR
      AvailabilityZone: !Sub  "${AWS::Region}a"

  SharedServicesSubnetAId:
    Type: 'AWS::SSM::Parameter'
    Properties:
      Name: !Sub "srv-subneta-${StackSetName}-subnetId"
      Type: String
      Value: !Ref SharedServicesSubnetA
      Description: Shared Services Subnet-A ID

  SharedServicesSubnetB:
    Type: 'AWS::EC2::Subnet'
    Properties:
      VpcId: !Ref SharedServicesVPC
      CidrBlock: !Ref SharedServicesSubnet2CIDR
      AvailabilityZone: !Sub  "${AWS::Region}b"

  SharedServicesSubnetBId:
    Type: 'AWS::SSM::Parameter'
    Properties:
      Name: !Sub "srv-subnetb-${StackSetName}-subnetId"
      Type: String
      Value: !Ref SharedServicesSubnetB
      Description: Shared Services Subnet-B ID

  SharedServicesSubnetC:
    Type: 'AWS::EC2::Subnet'
    Properties:
      VpcId: !Ref SharedServicesVPC
      CidrBlock: !Ref SharedServicesSubnet3CIDR
      AvailabilityZone: !Sub  "${AWS::Region}c"

  SharedServicesSubnetCId:
    Type: 'AWS::SSM::Parameter'
    Properties:
      Name: !Sub "srv-subnetc-${StackSetName}-subnetId"
      Type: String
      Value: !Ref SharedServicesSubnetC
      Description: Shared Services Subnet-C ID

  #########################
  #
  # ROUTE TABLES & IGW
  #
  #########################

  SharedServicesIGW:
    Type: AWS::EC2::InternetGateway

  SharedServicesIGWAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref SharedServicesVPC
      InternetGatewayId: !Ref SharedServicesIGW

  SharedServicesRouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref SharedServicesVPC

  SharedServicesPublicRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref SharedServicesRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref SharedServicesIGW

  SharedServicesSubnetRouteTableAssociation1:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref SharedServicesRouteTable
      SubnetId: !Ref SharedServicesSubnetA

  SharedServicesSubnetRouteTableAssociation2:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref SharedServicesRouteTable
      SubnetId: !Ref SharedServicesSubnetB

  SharedServicesSubnetRouteTableAssociation3:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref SharedServicesRouteTable
      SubnetId: !Ref SharedServicesSubnetC

  S3Endpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      PolicyDocument: '{
        "Version":"2012-10-17",
        "Statement":[{
          "Effect":"Allow",
          "Principal": "*",
          "Action":["s3:Get*", "s3:List*"],
          "Resource":["*"]
        }]
      }'
      RouteTableIds:
        - !Ref SharedServicesRouteTable
      ServiceName: !Sub com.amazonaws.${AWS::Region}.s3
      VpcId: !Ref SharedServicesVPC