#
# One EFS file system resource and one mount target is defined for each subnet
# in a VPC.  The ICPD deployment has a single cluster subnet which is passed in
# to this template as a parameter.
#
# For documentation on EFS and how it works see:
#  https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html
#
---
AWSTemplateFormatVersion: 2010-09-09
Description: >-
  EFS file system used for shared storage by the master nodes and worker nodes of the IBM Cloud Pak Data cluster. **WARNING** You will be billed for the AWS resources used if you create a stack from this template.

Parameters:
  AvailabilityZoneCount:
    Description: >-
      The number of Availability Zones.
    Type: Number

  PrivateSubnetCIDR:
    Description: >-
      The PrivateSubnetCIDR used in defining the security group for access to the shared storage on EFS.
    Type: String

  PrivateSubnetIds:
    Description: >-
      A comma delimted list of private subnet resource IDs passed in from the parent stack.
    Type: CommaDelimitedList

  ICPDVPC:
    Description: >-
      The ICPDVPC resource ID from the parent template.
    Type: AWS::EC2::VPC::Id


Conditions:
  3AZCondition: !Equals [!Ref AvailabilityZoneCount, 3]

Resources:

  ClusterSharedStorage:
    Type: AWS::EFS::FileSystem
    Properties:
      PerformanceMode: generalPurpose
      Encrypted: True
      FileSystemTags:
        - Key: Name
          Value: ClusterSharedStorage


  SharedStorageSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref ICPDVPC
      GroupDescription: Allow mounting of EFS volume on NFS port 2049.
      SecurityGroupIngress:
        - Description: NFS network connections from the ICPD cluster nodes
          IpProtocol: tcp
          FromPort: 2049
          ToPort: 2049
          CidrIp: !Ref PrivateSubnetCIDR

  SharedStorageMountTargetOne:
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref ClusterSharedStorage
      SubnetId: !Select [0, !Ref PrivateSubnetIds]
      SecurityGroups:
        - !Ref SharedStorageSecurityGroup

  SharedStorageMountTargetTwo:
    Condition: 3AZCondition
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref ClusterSharedStorage
      SubnetId: !Select [1, !Ref PrivateSubnetIds]
      SecurityGroups:
        - !Ref SharedStorageSecurityGroup

  SharedStorageMountTargetThree:
    Condition: 3AZCondition
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref ClusterSharedStorage
      SubnetId: !Select [2, !Ref PrivateSubnetIds]
      SecurityGroups:
        - !Ref SharedStorageSecurityGroup

Outputs:
  EFSFileSystemId:
    Description: >-
      The EFS file system to be used for shared storage by the master nodes and worker nodes.
    Value: !Ref ClusterSharedStorage

  EFSDNSName:
    Description: >-
      The EFS server public DNS name used for mounting EFS volumes.
    Value: !Join
        - "."
        - - !Ref ClusterSharedStorage
          - efs
          - !Ref AWS::Region
          - amazonaws.com