AWSTemplateFormatVersion: "2010-09-09"

Description: This template describes an example resource type for an AWS::EC2::VPC resource lookup operation, and an IAM role assumed by CloudFormation to perform resource lookup operations on your behalf.

Parameters:
  Env:
    Description: Name of the environment you plan to use.
    Type: String
    AllowedValues:
      - dev
      - alpha
      - beta
      - prod
    Default: alpha

Resources:
  ResourceLookupRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Action: sts:AssumeRole
            Effect: Allow
            Principal:
              Service: cloudformation.amazonaws.com
        Version: "2012-10-17"
      ManagedPolicyArns:
        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/ReadOnlyAccess'
      Path: /
      RoleName: !Sub 'awscommunity-resource-lookup-setup-${Env}-${AWS::Region}'
      Tags:
        - Key: Name
          Value: AwsCommunityResourceLookup-LookupRole
        - Key: AppName
          Value: AwsCommunityResourceLookup

  TestVpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsHostnames: true
      EnableDnsSupport: true
      Tags:
        - Key: Name
          Value: TestOnly
        - Key: AppName
          Value: TestOnlyApp
        - Key: Env
          Value: !Ref 'Env'
        - Key: Owner
          Value: !Sub 'contract-test-only-test-team-${Env}'

Outputs:
  ResourceLookupRoleArn:
    Value: !GetAtt ResourceLookupRole.Arn
    Export:
      Name: ResourceLookupRoleArn