AWSTemplateFormatVersion: 2010-09-09
Description: 'Creates a VPC and BastionHost sufficient to test the cluster stack
  against to minimize teardown and recreation of otherwise stable resources. (qs-1nae6brn2)'
Metadata:
  LintSpellExclude:
    - datacenter
    - xxxxxxxx
  SentenceCaseExclude:
    - Nomad
    - Consul

  QuickStartDocumentation:
    EntrypointName: "Launch into a new VPC"
  LICENSE: 'Apache License, Version 2.0'
  'AWS::CloudFormation::Interface':
    ParameterGroups:
      - Label:
          default: "VPC network configuration"
        Parameters:
          - AvailabilityZones
          - VPCCIDR
          - PrivateSubnet1CIDR
          - PrivateSubnet2CIDR
          - PrivateSubnet3CIDR
          - PublicSubnet1CIDR
          - PublicSubnet2CIDR
          - PublicSubnet3CIDR
      - Label:
          default: "Access configuration"
        Parameters:
          - AccessCIDR
          - KeyPairName
      - Label:
          default: "AWS Quick Start configuration"
        Parameters:
          - QSS3BucketName
          - QSS3KeyPrefix
    ParameterLabels:
      AccessCIDR:
        default: Permitted IP range
      AvailabilityZones:
        default: Availability Zones
      KeyPairName:
        default: Key name
      PrivateSubnet1CIDR:
        default: Private Subnet 1 CIDR
      PrivateSubnet2CIDR:
        default: Private Subnet 2 CIDR
      PrivateSubnet3CIDR:
        default: Private Subnet 3 CIDR
      PublicSubnet1CIDR:
        default: Public Subnet 1 CIDR
      PublicSubnet2CIDR:
        default: Public Subnet 2 CIDR
      PublicSubnet3CIDR:
        default: Public Subnet 3 CIDR
      QSS3BucketName:
        default: Quick Start S3 bucket name
      QSS3KeyPrefix:
        default: Quick Start S3 key prefix
      VPCCIDR:
        default: VPC CIDR

Parameters:
  AvailabilityZones:
    Description: >-
      List of Availability Zones to use for the subnets in the VPC.
      Note: the logical order is preserved; three Availability
      ZonesAZs are used for this deployment.
    Type: 'List<AWS::EC2::AvailabilityZone::Name>'
  AccessCIDR:
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    Description: >-
      The CIDR IP range that is permitted to access Nomad. Note: a value of
      0.0.0.0/0 will allow access from ANY IP address.
    Type: String
  KeyPairName:
    Description: >-
      Public/private key pairs allow you to securely connect to your instance
      after it launches.
    Type: 'AWS::EC2::KeyPair::KeyName'
    #MinLength: 1
  PrivateSubnet1CIDR:
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    Default: 10.0.0.0/19
    Description: CIDR block for private subnet 1 located in Availability Zone 1.
    Type: String
  PrivateSubnet2CIDR:
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    Default: 10.0.32.0/19
    Description: CIDR block for private subnet 2 located in Availability Zone 2.
    Type: String
  PrivateSubnet3CIDR:
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    Default: 10.0.64.0/19
    Description: CIDR block for private subnet 3 located in Availability Zone 3.
    Type: String
  PublicSubnet1CIDR:
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    Default: 10.0.128.0/20
    Description: CIDR block for the public DMZ subnet 1 located in Availability Zone 1.
    Type: String
  PublicSubnet2CIDR:
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    Default: 10.0.144.0/20
    Description: CIDR block for the public DMZ subnet 2 located in Availability Zone 2.
    Type: String
  PublicSubnet3CIDR:
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    Default: 10.0.160.0/20
    Description: CIDR block for the public DMZ subnet 3 located in Availability Zone 3.
    Type: String
  QSS3BucketName:
    AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$'
    ConstraintDescription: >-
      Quick Start bucket name can include numbers, lowercase letters, uppercase
      letters, and hyphens (-). It cannot start or end with a hyphen (-).
    Default: aws-quickstart
    Description: >-
      S3 bucket name for the Quick Start assets. Quick Start bucket name can
      include numbers, lowercase letters, uppercase letters, and hyphens (-). It
      cannot start or end with a hyphen (-).
    Type: String
  QSS3KeyPrefix:
    AllowedPattern: '^[0-9a-zA-Z-/]*$'
    ConstraintDescription: >-
      Quick Start key prefix can include numbers, lowercase letters, uppercase
      letters, hyphens (-), and forward slash (/).
    Default: quickstart-hashicorp-nomad/
    Description: >-
      S3 key prefix for the Quick Start assets. Quick Start key prefix can
      include numbers, lowercase letters, uppercase letters, hyphens (-), and
      forward slash (/).
    Type: String
  VPCCIDR:
    AllowedPattern: >-
      ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    Default: 10.0.0.0/16
    Description: CIDR block for the VPC.
    Type: String


Resources:
  VPCStack:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: !Sub >-
        https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml
      Parameters:
        AvailabilityZones: !Join [",",  !Ref AvailabilityZones ]
        NumberOfAZs: '3'
        PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR
        PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR
        PrivateSubnet3ACIDR: !Ref PrivateSubnet3CIDR
        PublicSubnet1CIDR: !Ref PublicSubnet1CIDR
        PublicSubnet2CIDR: !Ref PublicSubnet2CIDR
        PublicSubnet3CIDR: !Ref PublicSubnet3CIDR
        VPCCIDR: !Ref VPCCIDR

  BastionStack:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: !Sub >-
        https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template
      Parameters:
        BastionAMIOS: Ubuntu-Server-20.04-LTS-HVM
        BastionInstanceType: 't3.medium'
        KeyPairName: !Ref KeyPairName
        PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID
        PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID
        QSS3BucketName: !Ref QSS3BucketName
        QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-linux-bastion/'
        RemoteAccessCIDR: !Ref AccessCIDR
        VPCID: !GetAtt VPCStack.Outputs.VPCID

Outputs:
        PrivateSubnet1ACIDR:
          Value: !Ref PrivateSubnet1CIDR
        PrivateSubnet2ACIDR:
          Value: !Ref PrivateSubnet2CIDR
        PrivateSubnet3ACIDR:
          Value: !Ref PrivateSubnet3CIDR
        PublicSubnet1CIDR:
          Value: !Ref PublicSubnet1CIDR
        PublicSubnet2CIDR:
          Value: !Ref PublicSubnet2CIDR
        PublicSubnet3CIDR:
          Value: !Ref PublicSubnet3CIDR
        VPCCIDR:
          Value: !Ref VPCCIDR
        VPCID:
          Value: !GetAtt VPCStack.Outputs.VPCID
        BastionSecurityGroupID:
          Value: !GetAtt BastionStack.Outputs.BastionSecurityGroupID