Resources:
  ExampleVPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      InstanceTenancy: default
  PrivateSubnetA:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select 
        - 0
        - !GetAZs 
          Ref: 'AWS::Region'
      VpcId: !Ref ExampleVPC
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: false
  PrivateSubnetB:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select 
        - 1
        - !GetAZs 
          Ref: 'AWS::Region'
      VpcId: !Ref ExampleVPC
      CidrBlock: 10.0.2.0/24
      MapPublicIpOnLaunch: false
  ExampleRouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref ExampleVPC
  SubnetARouteTableAssociation:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref ExampleRouteTable
      SubnetId: !Ref PrivateSubnetA
  SubnetBRouteTableAssociation:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref ExampleRouteTable
      SubnetId: !Ref PrivateSubnetB
  SecretsManagerVpcEndpoint:
    Type: 'AWS::EC2::VPCEndpoint'
    Properties:
      ServiceName: !Sub 'com.amazonaws.${AWS::Region}.secretsmanager'
      VpcId: !Ref ExampleVPC
      VpcEndpointType: Interface
      SubnetIds:
        - !Ref PrivateSubnetA
        - !Ref PrivateSubnetB
      SecurityGroupIds:
        - !GetAtt VpcEndpointSecurityGroup.GroupId
      PrivateDnsEnabled: true
  VpcEndpointSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      VpcId: !Ref ExampleVPC
      GroupDescription: 'Security group for VPC Endpoint'
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          SourceSecurityGroupId: !GetAtt VpcEndpointLambdaSecurityGroup.GroupId
  VpcEndpointLambdaSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      VpcId: !Ref ExampleVPC
      GroupDescription: 'Security group for VPC Endpoint Lambda'