---
- input:
    Resources:
      rcsg:
        Type: 'AWS::Redshift::ClusterSubnetGroup'
        Properties:
          SubnetIds: [{Ref: subnet}, "subnet-2"]
      subnet:
        Type: 'AWS::EC2::Subnet'
      subRtAssoc:
        Type: 'AWS::EC2::SubnetRouteTableAssociation'
        Properties:
          SubnetId: { Ref: subnet }
          RouteTableId: { Ref: rt }
      rt:
        Type: 'AWS::EC2::RouteTable'
      route1:
        Type: 'AWS::EC2::Route'
        Properties:
          GatewayId: { Ref: gw }
          RouteTableId: { Ref: rt }
      gw:
        Type: 'AWS::EC2::InternetGateway'
  expectations:
    rules:
      redshift_is_not_internet_accessible: FAIL
- input:
    Resources:
      rcsg:
        Type: 'AWS::Redshift::ClusterSubnetGroup'
        Properties:
          SubnetIds: [{Ref: subnet}, "subnet-2"]
      subnet:
        Type: 'AWS::EC2::Subnet'
      subRtAssoc:
        Type: 'AWS::EC2::SubnetRouteTableAssociation'
        Properties:
          SubnetId: { Ref: subnet }
          RouteTableId: { Ref: rt }
      rt:
        Type: 'AWS::EC2::RouteTable'
      route1:
        Type: 'AWS::EC2::Route'
        Properties:
          GatewayId: { Ref: gw }
          RouteTableId: { Ref: rt }
      gw:
        Type: 'AWS::EC2::TransitGateway'
  expectations:
    rules:
      redshift_is_not_internet_accessible: PASS