AWSTemplateFormatVersion: 2010-09-09
Parameters:
  VPCCidrBlock:
    Type: String
    Description: 'The /16 CIDR block for the VPC (Format Example: 10.0.0.0/16)'
    MinLength: '9'
    MaxLength: '18'
    Default: 10.0.0.0/16
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.0\.0/16'
    ConstraintDescription: Must be a valid IP CIDR block with a /16
  KeyPair:
    Type: 'AWS::EC2::KeyPair::KeyName'
    Description: The name of an Amazon EC2 key pair in the region in which you are creating a CloudFormation stack.
Mappings:
  AmazonLinuxNatAMI:
    ap-south-1:
        hvm: ami-7fd5f610
    eu-west-3:
        hvm: ami-519c2d2c
    eu-west-2:
        hvm: ami-756d8f12
    eu-west-1:
        hvm: ami-650c381c
    ap-northeast-3:
        hvm: ami-77fef00a
    ap-northeast-2:
        hvm: ami-8e0fa6e0
    ap-northeast-1:
        hvm: ami-cdd63eb2
    sa-east-1:
        hvm: ami-0b81dc67
    ca-central-1:
        hvm: ami-e3890987
    ap-southeast-1:
        hvm: ami-3093a64c
    ap-southeast-2:
        hvm: ami-943cebf6
    eu-central-1:
        hvm: ami-0097b5eb
    us-east-1:
        hvm: ami-54ca472b
    us-east-2:
        hvm: ami-882914ed
    us-west-1:
        hvm: ami-1a0e107a
    us-west-2:
        hvm: ami-78502100

Resources:
  VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: !Ref VPCCidrBlock
      InstanceTenancy: default
      EnableDnsSupport: true
      EnableDnsHostnames: true

  VPCPubSn1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: !Select [0, !Cidr [!GetAtt 'VPC.CidrBlock', 256, 8]]
      AvailabilityZone: !Select
        - '0'
        - !GetAZs
          Ref: 'AWS::Region'
      VpcId: !Ref VPC
      MapPublicIpOnLaunch: true

  VPCPrivSn1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: !Select [6, !Cidr [!GetAtt 'VPC.CidrBlock', 256, 8]]
      AvailabilityZone: !Select
        - '0'
        - !GetAZs
          Ref: 'AWS::Region'
      VpcId: !Ref VPC
      MapPublicIpOnLaunch: true

  VPCPubRt1:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
  VPCPubSn1RtAssoc:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref VPCPubRt1
      SubnetId: !Ref VPCPubSn1

  VPCPrivRt1:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
  VPCPrivSn1RtAssoc:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref VPCPrivRt1
      SubnetId: !Ref VPCPrivSn1

  VPCPubDefaultRoute:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      RouteTableId: !Ref VPCPubRt1
      GatewayId: !Ref VPCIGW
  VPCPrivDefaultRoute:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      RouteTableId: !Ref VPCPrivRt1
      InstanceId: !Ref VPCNatInstance

  VPCIGW:
    Type: 'AWS::EC2::InternetGateway'
  VPCIGWAttachment:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref VPCIGW

  SGAllTrafficFromVPC:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupName: SGAllTrafficFromVPC
      GroupDescription: VPN Traffic from VPC CIDR
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: '-1'
          CidrIp: !Ref VPCCidrBlock
          Description: All Traffic from VPC CIDR

  VPCNatInstance:
    Type: 'AWS::EC2::Instance'
    Properties:
      DisableApiTermination: false
      InstanceInitiatedShutdownBehavior: stop
      ImageId: !FindInMap
        - AmazonLinuxNatAMI
        - !Ref 'AWS::Region'
        - hvm
      InstanceType: t2.micro
      KeyName: !Ref KeyPair
      Monitoring: false
      NetworkInterfaces:
        - DeleteOnTermination: true
          Description: Primary network interface
          DeviceIndex: '0'
          SubnetId: !Ref VPCPubSn1
          GroupSet:
            - !Ref SGAllTrafficFromVPC
          AssociatePublicIpAddress: true

Transform:
  - CreateSubnetsPerAZ