---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Errors:
  Catch: Missing
Mappings:
  runtime:
    us-east-1:
      production:
        - CidrIp: 0.0.0.0/0
          IpProtocol: tcp
          ToPort: 80
          FromPort: 80
Parameters:
  myParam:
    Type: String
    Default: String
    Description: String
Conditions:
  IsProduction: !Equals ["Prod", "Prod"]
Resources:
  ## Missing Properties
  MyEC2Instance1:
    Type: "AWS::EC2::Instance1"
  myIamProfile:
    Type: "AWS::IAM::Role"
  myIamProfile2:
    Type: "AWS::IAM::Role"
    Properties: {}
  myIamProfile3:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument: {}
      Fn::If:
        - IsProduction
        - BadIf
        - BadElse
  ## Fake Properties Key on main level
  ## Bad sub properties in BlockDeviceMappings/Ebs and NetworkInterfaces
  MyEC2Instance:
    Type: "AWS::EC2::Instance"
    Properties:
      ImageId: "ami-2f726546"
      InstanceType: t1.micro
      KeyName: 1
      FakeKey: MadeYouLook
      IamInstanceProfile: !GetAtt RootInstanceProfile.Arn
      BlockDeviceMappings:
        - DeviceName: /dev/sda
          Ebs:
            VolumeType: io1
            Iops: !Ref pIops
            DeleteOnTermination: false
            VolumeSize: 20
            BadSubX2Key: Not valid
      NetworkInterfaces:
        - DeviceIndex:
            - "1"
          BadKey: true
  MyEC2Instance3:
    Type: "AWS::EC2::Instance"
    Properties:
      ImageId: "ami-2f726546"
      IamInstanceProfile: !Ref RootRole
  myEc2Instance4:
    Type: AWS::EC2::Instance
    Properties: {}
  ## Bad Policies property in PolicyDocument
  RootRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              Service:
                - "ec2.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Path: "/"
      Policies:
        - PolicyName: "root"
          PolicyDocument1:
            Version: "2012-10-17"
            Statement:
              - Effect: "Allow"
                Action: "*"
                Resource: "*"
  RolePolicies:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyName: "root"
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Action: "*"
            Resource: "*"
      Roles:
        - Ref: "RootRole"
  RootInstanceProfile:
    Type: "AWS::IAM::InstanceProfile"
    Properties:
      Path: "/"
      Roles:
        - Ref: "RootRole"

  # Bad Key under HealthCheck
  ElasticLoadBalancer:
    Type: AWS::ElasticLoadBalancing::LoadBalancer
    Properties:
      AvailabilityZones:
        Fn::GetAZs: ""
      Instances:
        - Ref: MyEC2Instance
      Listeners:
        - LoadBalancerPort: "80"
          InstancePort:
            Ref: WebServerPort
          Protocol: HTTP
      HealthCheck:
        FakeKey: Another fake key
        Target:
          Fn::Join:
            - ""
            - - "HTTP:"
              - Ref: WebServerPort
              - "/"
        HealthyThreshold: "3"
        # Int which should be string. (No Error)
        UnhealthyThreshold: 5
        # Should be int (Error)
        Interval: Test
        Timeout: "5"
  SecurityGroup:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      FromPort: Test
  myAcl:
    Type: AWS::WAFRegional::WebACL
    Properties:
      Name: myAcl
  myLambdaTwo:
    Type: AWS::Lambda::Function
    Properties:
      Handler: index.handler
  conditionLoadBalancer:
    Type: AWS::ElasticLoadBalancing::LoadBalancer
    Properties:
      Fn::If:
        - IsProduction
        - AvailabilityZones:
            Fn::GetAZs: ""
          Listeners:
            - Fn::If:
                - IsProduction
                - LoadBalancerPort: "443"
                  InstancePort: "443"
                  Protocol: HTTP
                - LoadBalancerPort: "443"
                  InstancePort: "443"
                  Protocol: HTTP
          HealthCheck:
            Target: HTTP:80/
            HealthyThreshold: "3"
            UnhealthyThreshold: "5"
            Interval: "30"
            Timeout: "5"
          ConnectionDrainingPolicy:
            Enabled: "true"
            Timeout: "60"
          Tags:
          - Fn::If:
              - IsProduction
              - Key: Production
                Value: True
              - Key: Production
                Value: False
        - AvailabilityZones:
            Fn::GetAZs: ""
          Listeners:
            - LoadBalancerPort: "80"
              InstancePort: "80"
              Protocol: HTTP
          HealthCheck:
            Target: HTTP:80/
            HealthyThreshold: "3"
            UnhealthyThreshold: "5"
            Interval: "30"
            Timeout: "5"
  # Fail when not using FindInMap
  lambdaMap1:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: test
      SecurityGroupIngress:
        Fn::GetAZs: !Ref AWS::Region
  # fail when using FindInMap for an object
  # Fail when not using FindInMap
  lambdaMap2:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: test
      SecurityGroupIngress:
        - Fn::FindInMap: [runtime, !Ref "AWS::Region", production]
  PermitAllInbound:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      CidrBlock: 10.0.0.0/16
      Icmp: !Ref AWS::NoValue
      NetworkAclId: "1"
      RuleNumber: 1
      Protocol: 1
      RuleAction: allow
  MyEc2BlockDevice:
    Type: "AWS::EC2::Instance"
    Properties:
      ImageId: "ami-2f726546"
      InstanceType: t1.micro
      KeyName: testkey
      BlockDeviceMappings: !Ref "AWS::NoValue"
      NetworkInterfaces:
        - DeviceIndex: "1"
Outputs:
  myOutput:
    Value: !GetAtt ElasticLoadBalancer.CanonicalHostedZoneName
  myErrorOutput:
    Value: !GetAtt ElasticLoadBalancer.DNE