---
AWSTemplateFormatVersion: "2010-09-09"
Description: >
  Conditions
Parameters:
  myEnvironment:
    Type: String
    AllowedValues:
      - prod
      - dev
  EnableGeoBlocking:
    Type: String
Conditions:
  isProd:
    "Fn::Equals":
    - !Ref myEnvironment
    - "prod"
  isDev:
    "Fn::Equals":
    - !Ref myEnvironment
    - "dev"
  EnableGeoBlocking: !Equals [ !Ref EnableGeoBlocking, "true" ]
  EnableGeoBlockingAlias: !Condition EnableGeoBlocking
  PrimaryRegion:
    "Fn::Equals":
    - !Ref AWS::Region
    - 'us-east-1'
Resources:
  myInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !If [ isProd, 'ami-1234567', 'ami-abcdefg']
      Tags:
      -
        Key: TestKey
        Value: TestValue
      - Fn::If:
        - isProd
        - Key: Environment1
          Value: Prod
        - Fn::If:
          - isDev
          - Key: Environment2
            Value: Dev
          - !Ref AWS::NoValue
  CloudFrontDistribution:
    Type: "AWS::CloudFront::Distribution"
    Properties:
      DistributionConfig:
        Origins:
        - DomainName: mybucket.s3.amazonaws.com
          Id: myS3Origin
          S3OriginConfig:
            OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z
        DefaultCacheBehavior:
          AllowedMethods:
          - DELETE
          - GET
          - HEAD
          - OPTIONS
          - PATCH
          - POST
          - PUT
          TargetOriginId: myS3Origin
          ForwardedValues:
            QueryString: false
            Cookies:
              Forward: none
          ViewerProtocolPolicy: allow-all
        Enabled: true
        Restrictions:
          GeoRestriction:
            !If
              - EnableGeoBlockingAlias
              -
                RestrictionType: whitelist
                Locations:
                  !If
                    - PrimaryRegion
                    - - GB
                    - - BE
                      - LU
                      - NL
              - RestrictionType: none