---
AWSTemplateFormatVersion: 2010-09-09
Description: IRIS Arbiter node (qs-1s15se3pg)
Metadata:
  Author: Anton Umnikov
  Last Updated: April 6, 2020
  Description: IRIS Arbiter Node
  cfn-lint:
    config:
      ignore_checks:
        - W9002
        - W9003
        - W9006
Parameters:
  #VpcIdParameter:
  #  Description: Launch EC2 instances in this VPC
  #  Default: vpc-029aba04d6dbcfae4
  #  Type: AWS::EC2::VPC::Id
  InstanceSubnetIdParameter:
    Description: Launch EC2 instances in this subnet
    Type: AWS::EC2::Subnet::Id
  InstanceSecurityGroupParameter:
    Description:  Security group for the instance
    Type: AWS::EC2::SecurityGroup::Id
  SshKeyParameter:
    Description: SSH Keypair to login to the instance
    Default: anton-isc
    Type: AWS::EC2::KeyPair::KeyName
  S3BucketNameParameter:
    Description: S3 Bucket with IRIS binaries
    Type: String
    Default: ''
  InstanceTypeParameter:
    Description: Cluster node instance type
    Type: String
    Default: t3.small
    AllowedValues: 
      - t3.small
      - t3.large
  LatestAmiId:
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
    Description: Systems Manager parameter for latest AMI
  MirrorInstanceRole:
    Description: Cluster node instance role
    Type: String
    Default: ARBITER
    AllowedValues: 
      - NONE
      - PRIMARY
      - FAILOVER
      - ASYNC
      - ARBITER
  QSS3BucketName:
    AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
    ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).
    Default: aws-quickstart
    Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html.
    Type: String
  QSS3KeyPrefix:
    AllowedPattern: ^[0-9a-zA-Z-/]*$
    ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/).
    Default: quickstart-intersystems-iris/
    Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html.
    Type: String

Conditions:
  UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart']  

Resources:
  IRISRole:
    Type: AWS::IAM::Role
    Properties:
      Policies:
        - PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action: s3:ListBucket
                Resource: !Sub
                  - 'arn:${AWS::Partition}:s3:::${S3Bucket}'
                  - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
              - Effect: Allow
                Action: s3:GetObject
                Resource: !Sub
                  - 'arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}*'
                  - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
          PolicyName: aws-quick-start-s3-policy
      AssumeRolePolicyDocument:
        Statement:
          - Action:
              - sts:AssumeRole
            Principal:
              Service:
                - ec2.amazonaws.com
            Effect: Allow
        Version: '2012-10-17'
  IRISProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Roles:
        - !Ref 'IRISRole'
      Path: /
  ##Node Start##         
  NodeInstance:
    Type: AWS::EC2::Instance
    Properties:
      Tags: 
        - 
          Key: Name
          Value: !Sub "${AWS::StackName}-IRIS"
      ImageId: !Ref LatestAmiId
        #Fn::FindInMap:
        #- RegionMap
        #- Ref: AWS::Region
        #- AMIx64
      InstanceType: !Ref InstanceTypeParameter
      KeyName: !Ref SshKeyParameter
      IamInstanceProfile: !Ref 'IRISProfile'
      SecurityGroupIds:
        - !Ref InstanceSecurityGroupParameter
      SubnetId: !Ref InstanceSubnetIdParameter
      UserData:
        Fn::Base64:
         Fn::Sub:
         - |
           #!/usr/bin/env bash
           DISTR=ISCAgent-2020.1.0.215.0-lnxrhx64
           BUCKET=${ConfigS3BucketName}
           INSTANCEROLE=${MirrorInstanceRole}
           set -o errexit
           yum update -y
           mkdir /tmp/irisdistr
           cd /tmp/irisdistr
           aws s3 cp s3://$BUCKET/$DISTR.tar.gz .
           tar -xvf $DISTR.tar.gz
           cd $DISTR
           ./agentinstall << END
           1
           yes
           END
           cd ..
           sudo systemctl daemon-reload
           sudo systemctl enable ISCAgent.service
           sudo systemctl start ISCAgent.service
         - {
           ConfigS3BucketName: !Ref S3BucketNameParameter,
           MirrorInstanceRole: !Ref MirrorInstanceRole
           }
  ##Node End##          

Outputs:
  NodePrivateIP:
    Description: Node PrivateIP
    Value: !Join
      - ''
      - ['', !GetAtt NodeInstance.PrivateIp, '']
  #NodePublicIP:
  #  Description: Node PublicIP
  #  Value: !Join
  #    - ''
  #    - ['', !GetAtt NodeInstance.PublicIp, '']