AWSTemplateFormatVersion: '2010-09-09'
Description: This template uses an existing VPC infrastructure for a multi-AZ, multi-tier
  deployment of Simphony on AWS. 
  **WARNING** This template creates Amazon EC2 instances and related resources. You will be billed for
  the AWS resources used if you create a stack from this template. (qs-1rikb0jlg)
Metadata:
  QuickStartDocumentation:
    EntrypointName: "Parameters for launch into an existing VPC"
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Network configuration
      Parameters:
      - VPCID
      - PrivateSubnet1ID
      - PrivateSubnet2ID
      - PublicSubnet1ID
      - PublicSubnet2ID
      - RemoteAccessCIDR
    - Label:
        default: Simphony environment configuration
      Parameters:
      - EnvironmentSize
      - KeyPairName
      - StackPrefix
      - PuppetServerFQDN      
    - Label:
        default: Backup configuration
      Parameters:
      - DLMCrossRegionCopy
    - Label:
        default: AWS Quick Start configuration
      Parameters:
      - QSS3BucketName
      - QSS3BucketRegion
      - QSS3KeyPrefix
    ParameterLabels:
      PrivateSubnet1ID:
        default: Private subnet 1 ID
      PrivateSubnet2ID:
        default: Private subnet 2 ID
      PublicSubnet1ID:
        default: Public subnet 1 ID
      PublicSubnet2ID:
        default: Public subnet 2 ID
      RemoteAccessCIDR:
        default: Allowed bastion external access CIDR
      VPCID:
        default: VPC ID
      QSS3BucketName:
        default: Quick Start S3 bucket name
      QSS3BucketRegion:
        default: Quick Start S3 bucket Region
      QSS3KeyPrefix:
        default: Quick Start S3 key prefix
      EnvironmentSize:
        default: Environment size
      KeyPairName:
        default: Key pair name
      StackPrefix:
        default: Stack name prefix
      PuppetServerFQDN:
        default: Puppet server FQDN      
Parameters:
  PrivateSubnet1ID:
    Description: CIDR block for private subnet 1 located in Availability Zone 1.
    Type: 'AWS::EC2::Subnet::Id'
  PrivateSubnet2ID:
    Description: CIDR block for private subnet 2 located in Availability Zone 2.
    Type: 'AWS::EC2::Subnet::Id'
  PublicSubnet1ID:
    Description: CIDR block for the public (DMZ) subnet 1 located in Availability
      Zone 1.
    Type: 'AWS::EC2::Subnet::Id'
  PublicSubnet2ID:
    Description: CIDR block for the public (DMZ) subnet 2 located in Availability
      Zone 2.
    Type: 'AWS::EC2::Subnet::Id'
  QSS3BucketName:
    AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
    ConstraintDescription: The Quick Start bucket name can include numbers, lowercase
      letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
      (-).
    Default: aws-quickstart
    Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html.
    Type: String
  QSS3BucketRegion:
    Default: 'us-east-1'
    Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is 
    hosted. Keep the default Region unless you are customizing the template. 
    Changing this Region updates code references to point to a new Quick Start location. 
    When using your own bucket, specify the Region. 
    See https://aws-quickstart.github.io/option1.html.'
    Type: String
  QSS3KeyPrefix:
    AllowedPattern: ^[0-9a-zA-Z-/]*$
    ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters,
      uppercase letters, hyphens (-), and forward slash (/).
    Default: quickstart-skillnet-simphony/
    Description: S3 key prefix that is used to simulate a directory for your copy of the 
      Quick Start assets. Keep the default prefix unless you are customizing 
      the template. Changing this prefix updates code references to point to 
      a new Quick Start location. This prefix can include numbers, lowercase 
      letters, uppercase letters, hyphens (-), and forward slashes (/). 
      See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html 
      and https://aws-quickstart.github.io/option1.html.
    Type: String
  RemoteAccessCIDR:
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x.
    Description: CIDR IP range that is permitted to access the bastion host/Remote Desktop Gateway server. Set this value to a trusted IP range.
    Type: String
  VPCID:
    Description: CIDR block for the VPC.
    Type: 'AWS::EC2::VPC::Id'
  DLMCrossRegionCopy:
    Description: The Cross-Region to copy the EC2 instance snapshots for backup. 
    Type: String
    Default: us-east-2
  EnvironmentSize:
    Type: String
    Default: Small
    AllowedValues:
      - Small
      - Medium
      - Large
    Description: The Simphony environment size.
  KeyPairName:
    Description: EC2 key pair name.
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: Name must be existing EC2 key pair.
  StackPrefix:
    Type: String
    MinLength: "1"
    MaxLength: "20"
    AllowedPattern: "[a-zA-Z0-9]*"
    Description: The prefix name to all the associated resources in the stack.
    Default: Simphony
  PuppetServerFQDN:
    Type: String
    Default: "puppet.skillnetaws.com"
    Description: Assign Fully Qualified Domain Name (FQDN) for the Puppet server.  
Conditions:
  UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart']
Resources:
  BastionStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL:
        !Sub
          - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/linux-bastion.template.yaml'
          - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
            S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
      Parameters:
        QSS3BucketName: !Ref QSS3BucketName
        QSS3BucketRegion: !Ref QSS3BucketRegion
        QSS3KeyPrefix: !Ref QSS3KeyPrefix
        KeyPairName: !Ref KeyPairName
        PublicSubnet1ID: !Ref PublicSubnet1ID
        PublicSubnet2ID: !Ref PublicSubnet2ID
        RemoteAccessCIDR: !Ref RemoteAccessCIDR
        VPCID: !Ref VPCID
  SimphonyStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL:
        !Sub
          - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/simphony-qs-main.template.yaml'
          - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
            S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
      Parameters:
        QSS3BucketName: !Ref QSS3BucketName
        QSS3BucketRegion: !Ref QSS3BucketRegion
        QSS3KeyPrefix: !Ref QSS3KeyPrefix
        UserSpecifiedVPCId: !Ref VPCID
        Subnet1ID: !Ref PrivateSubnet1ID
        Subnet2ID: !Ref PrivateSubnet2ID
        EnvironmentSize: !Ref EnvironmentSize
        KeyPairName: !Ref KeyPairName
        StackPrefix: !Ref StackPrefix
        ProxyServer: !Join [ '' , ['http://', !GetAtt BastionStack.Outputs.EIP1, ':3128' ] ]
        PuppetServerFQDN: !Ref PuppetServerFQDN
        DLMCrossRegionCopy: !Ref DLMCrossRegionCopy