---
AWSTemplateFormatVersion: '2010-09-09'
Description: This template deploys Liquidware Stratsphere UX from the AWS Marketplace.
  It configures a EBS Lifecycle for backup and sets up an EC2 Recover Instance as
  well since this is currently a single node solution. **WARNING** This template creates
  EC2 instances and related resources. You will be billed for the AWS resources used
  if you create a stack from this template.
Metadata:
  AWSAMIRegionMap:
    Filters:
      LIQUIDWARESTRATUXHUBHVM:
        name: Liquidware Stratusphere Hub (v6.*) ????????*
        owner-alias: aws-marketplace
        product-code.type: marketplace
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Network Configuration
      Parameters:
      - VPCID
      - PrivateSubnet1ID
      - PrivateSubnet2ID
    - Label:
        default: Stratsphere UX EC2 Configuration
      Parameters:
      - KeyPairName
      - StratUXInstanceType
    - Label:
        default: AWS Quick Start Configuration
      Parameters:
      - QSS3BucketName
      - QSS3BucketRegion
      - QSS3KeyPrefix
    - Label:
        default: Snapshot Configuration
      Parameters:
      - RetentionTime
      - ScheduleTime
      - ScheduleInterval
    ParameterLabels:
      KeyPairName:
        default: Key Pair Name
      PrivateSubnet1ID:
        default: Private Subnet 1 ID
      PrivateSubnet2ID:
        default: Private Subnet 2 ID
      QSS3BucketName:
        default: Quick Start S3 Bucket Name
      QSS3BucketRegion:
        default: Quick Start S3 bucket region
      QSS3KeyPrefix:
        default: Quick Start S3 Key Prefix
      S3BucketName:
        default: S3 Bucket Name
      VPCID:
        default: VPC ID
      RetentionTime:
        default: Number of snapshots you want to keep
      ScheduleTime:
        default: The time the Data Lifecycle Policy will start within an hour
      ScheduleInterval:
        default: This is the interval between snaphots, only valid options are 12
          or 24
Parameters:
  KeyPairName:
    Description: Name of an existing EC2 key pair. All instances will launch with
      this key pair.
    Type: AWS::EC2::KeyPair::KeyName
  PrivateSubnet1ID:
    Description: ID of private subnet 1 in Availability Zone 1 for the Workload (e.g.,
      subnet-a0246dcd)
    Type: AWS::EC2::Subnet::Id
  PrivateSubnet2ID:
    Description: ID of private subnet 2 in Availability Zone 2 for the Workload (e.g.,
      subnet-b1f432cd)
    Type: AWS::EC2::Subnet::Id
  QSS3BucketName:
    AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
    Default: aws-quickstart
    Description: S3 bucket name for the Quick Start assets. This string can include
      numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
      or end with a hyphen (-).
    Type: String
  QSS3BucketRegion:
    Default: 'us-east-1'
    Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.'
    Type: String
  QSS3KeyPrefix:
    AllowedPattern: ^[0-9a-zA-Z-/]*$
    Default: quickstart-liquidware-stratusphereux/
    Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
      can include numbers, lowercase letters, uppercase letters, hyphens (-), and
      forward slash (/).
    Type: String
  RetentionTime:
    Default: 7
    Description: Number of Snapshots to retain, this will also depend on Schedule
      Interval. For Example if you want to retain 7 Days of snapshots with 24 Hour
      interval this value will be 7 but 12 hours interval it will be 14.
    Type: Number
  ScheduleTime:
    Default: 00:00
    Description: The time the snapshot will occur, within one hour.
    Type: String
  ScheduleInterval:
    Default: 24
    Description: Interval in Hours between snapshots, must be a number and only 12
      and 24 are valid options.
    Type: Number
  VPCID:
    Description: ID of your existing VPC for deployment
    Type: AWS::EC2::VPC::Id
  VPCCIDR:
    AllowedPattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
    Default: 10.0.0.0/16
    Description: CIDR block for the VPC must be in the form x.x.x.x/16-28
    Type: String
  StratUXInstanceType:
    AllowedValues:
    - m4.large
    - m4.xlarge
    - m4.2xlarge
    - m4.4xlarge
    - m4.10xlarge
    - m5.large
    - m5.xlarge
    - m5.2xlarge
    - m5.4xlarge
    - m5.12xlarge
    - c4.large
    - c4.xlarge
    - c4.2xlarge
    - c4.4xlarge
    - c4.8xlarge
    - c5.large
    - c5.xlarge
    - c5.2xlarge
    - c5.4xlarge
    - c5.9xlarge
    - r5.large
    - r5.xlarge
    - r5.2xlarge
    - r5.4xlarge
    - r5.12xlarge
    - r4.large
    - r4.xlarge
    - r4.2xlarge
    - r4.4xlarge
    - r4.8xlarge
    Default: m4.xlarge
    Description: Type of EC2 instance for the Workload instances. Must contain valid
      instance type
    Type: String
Rules:
  KeyPairsNotEmpty:
    Assertions:
    - Assert:
        Fn::Not:
        - Fn::EachMemberEquals:
          - Fn::RefAll: AWS::EC2::KeyPair::KeyName
          - ''
      AssertDescription: All key pair parameters must not be empty
  SubnetsInVPC:
    Assertions:
    - Assert:
        Fn::EachMemberIn:
        - Fn::ValueOfAll:
          - AWS::EC2::Subnet::Id
          - VpcId
        - Fn::RefAll: AWS::EC2::VPC::Id
      AssertDescription: All subnets must in the VPC
Mappings:
  AWSAMIRegionMap:
    AMI:
      LIQUIDWARESTRATUXHUBHVM: Liquidware Stratusphere Hub (v6.1.2) 20190128-8491b2e5-a03f-4c7f-9a11-5433e8203794-ami-0a1e1fa403411a069.4
    ap-northeast-1:
      LIQUIDWARESTRATUXHUBHVM: ami-002ca311f1a123645
    ap-northeast-2:
      LIQUIDWARESTRATUXHUBHVM: ami-0a293a7d5e4502170
    ap-south-1:
      LIQUIDWARESTRATUXHUBHVM: ami-0251bbe61ed4fe14a
    ap-southeast-1:
      LIQUIDWARESTRATUXHUBHVM: ami-076e966c502bceae9
    ap-southeast-2:
      LIQUIDWARESTRATUXHUBHVM: ami-04ba7c4eb6bd8e4d9
    ca-central-1:
      LIQUIDWARESTRATUXHUBHVM: ami-0e51002267cb50cb1
    eu-central-1:
      LIQUIDWARESTRATUXHUBHVM: ami-015b4b9edc6366d25
    eu-west-1:
      LIQUIDWARESTRATUXHUBHVM: ami-05f8a8ab1dcdcc0b6
    eu-west-2:
      LIQUIDWARESTRATUXHUBHVM: ami-039410199d7c56e07
    eu-west-3:
      LIQUIDWARESTRATUXHUBHVM: ami-086a9d7a982d43a23
    sa-east-1:
      LIQUIDWARESTRATUXHUBHVM: ami-0dcdcba8079634927
    us-east-1:
      LIQUIDWARESTRATUXHUBHVM: ami-0296838f186c71267
    us-east-2:
      LIQUIDWARESTRATUXHUBHVM: ami-079595497bb3821d6
    us-west-1:
      LIQUIDWARESTRATUXHUBHVM: ami-0012b4bd7bf57591b
    us-west-2:
      LIQUIDWARESTRATUXHUBHVM: ami-0fd30b76bc867bcce
Conditions:
  UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart']
Resources:
  StratUXDLMPolicy:
    Type: AWS::DLM::LifecyclePolicy
    Properties:
      Description: !Sub DLM Schedule Created for ${AWS::StackName} by Quick Start
      State: ENABLED
      ExecutionRoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/AWSDataLifecycleManagerDefaultRole
      PolicyDetails:
        ResourceTypes:
        - VOLUME
        TargetTags:
        - Key: QS-DLM-Policy
          Value: !Ref AWS::StackName
        Schedules:
        - Name: !Sub ${AWS::StackName} DLM Schedule
          TagsToAdd:
          - Key: type
            Value: DailySnapshot
          CreateRule:
            Interval: !Ref ScheduleInterval
            IntervalUnit: HOURS
            Times:
            - !Ref ScheduleTime
          RetainRule:
            Count: !Ref RetentionTime
          CopyTags: true
  StratUXRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - ec2.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: /
      Policies:
      - PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Action:
            - s3:GetObject
            Resource:
              !Sub
                - arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}*
                - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
            Effect: Allow
        PolicyName: aws-quick-start-s3-policy
  StratUXProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
      - Ref: StratUXRole
  StratUXSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow access to the Workload instances
      VpcId:
        Ref: VPCID
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '443'
        ToPort: '443'
        CidrIp:
          Ref: VPCCIDR
      - IpProtocol: tcp
        FromPort: '22'
        ToPort: '22'
        CidrIp:
          Ref: VPCCIDR
  StratUXInstance:
    Type: AWS::EC2::Instance
    Properties:
      IamInstanceProfile:
        Ref: StratUXProfile
      ImageId:
        !FindInMap
        - AWSAMIRegionMap
        - !Ref AWS::Region
        - LIQUIDWARESTRATUXHUBHVM
      InstanceType: !Ref StratUXInstanceType
      KeyName: !Ref KeyPairName
      SecurityGroupIds:
      - !Ref StratUXSecurityGroup
      SubnetId: !Ref PrivateSubnet1ID
      Tags:
      - Key: Name
        Value: StratusphereUX
      - Key: QS-DLM-Policy
        Value: !Ref AWS::StackName
  StratUXAlarmInstanceRecovery:
    DependsOn: StratUXInstance
    Type: AWS::CloudWatch::Alarm
    Properties:
      ActionsEnabled: true
      AlarmDescription: Trigger a recovery when instance status check fails for 10
        consecutive minutes.
      Namespace: AWS/EC2
      MetricName: StatusCheckFailed_System
      Statistic: Minimum
      Period: 60
      EvaluationPeriods: 10
      ComparisonOperator: GreaterThanThreshold
      Threshold: 0
      AlarmActions:
      - Fn::Join:
        - ''
        - - 'arn:aws:automate:'
          - !Ref AWS::Region
          - :ec2:recover
      Dimensions:
      - Name: InstanceId
        Value: !Ref StratUXInstance
Outputs:
  StratusphereUXDNS:
    Description: StratusphereUX Private DNS Name
    Value:
      Fn::GetAtt:
      - StratUXInstance
      - PrivateDnsName
  StratusphereUXIP:
    Description: StratusphereUX Private IP
    Value:
      Fn::GetAtt:
      - StratUXInstance
      - PrivateIp
...