AWSTemplateFormatVersion: '2010-09-09'
Description:
  This template deploys 3 Security Groups used for StarWind VSAN EC2 instnace. (qs-1sgqsed2j)
Metadata:
  cfn-lint:
    config:
      ignore_checks:
        - W9006
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: General configuration
      Parameters:
      - VPCID
      - ParentStackName
      - RDPSGID
    ParameterLabels:
      VPCID:
        default: VPC ID
      ParentStackName:
        default: Parent CloudFormation Stack Name
      RDPSGID:
        default: RDP instnace(s) security group
Parameters:
  VPCID:
    Description: ID of your existing VPC for deployment.
    Type: AWS::EC2::VPC::Id
  ParentStackName:
    Type: String
    Default: ""
    Description: Parent Stack Name to tag the instance with. Used in Automation.
  RDPSGID:
    Description: ID of your Remote Desktop instance(s) security group.
    Type: AWS::EC2::SecurityGroup::Id
Resources:
  ManagementENISG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "Managment ENI SG"
      VpcId: !Ref VPCID
      Tags:
        - Key: qs-sw-vsan:parent-stack-name
          Value: !Ref ParentStackName
  ManagementEniAllowManagementCommunicationRule:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: StarWind Management console connection
      GroupId: !GetAtt ManagementENISG.GroupId
      IpProtocol: tcp
      SourceSecurityGroupId: !GetAtt ManagementENISG.GroupId
      FromPort: 3260
      ToPort: 3261
  ManagementEniAllowRDPCommunicationRule:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: RDP access
      GroupId: !GetAtt ManagementENISG.GroupId
      IpProtocol: tcp
      SourceSecurityGroupId: !Ref RDPSGID
      FromPort: 3389
      ToPort: 3389
  SyncronizationENISG:
      Type: AWS::EC2::SecurityGroup
      Properties:
        GroupDescription: "Syncronization ENI SG"
        VpcId: !Ref VPCID
        Tags:
          - Key: qs-sw-vsan:parent-stack-name
            Value: !Ref ParentStackName
  SyncEniAllowStarWindCommunicationRule:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: StarWind Management console connection
      GroupId: !GetAtt SyncronizationENISG.GroupId
      IpProtocol: tcp
      SourceSecurityGroupId: !GetAtt SyncronizationENISG.GroupId
      FromPort: 3261
      ToPort: 3261
  SyncEniAllowSyncCommunicationRule:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: StarWind Sync/Heartbeat
      GroupId: !GetAtt SyncronizationENISG.GroupId
      IpProtocol: tcp
      SourceSecurityGroupId: !GetAtt SyncronizationENISG.GroupId
      FromPort: 3260
      ToPort: 3260
  ISCSIENISG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "iSCSI ENI SG"
      VpcId: !Ref VPCID
      Tags:
        - Key: qs-sw-vsan:parent-stack-name
          Value: !Ref ParentStackName
  IscsiEniAllowIscsiRule:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: StarWind iSCSI connection from clients
      GroupId: !GetAtt ISCSIENISG.GroupId
      IpProtocol: tcp
      SourceSecurityGroupId: !GetAtt ISCSIENISG.GroupId
      FromPort: 3260
      ToPort: 3261
Outputs:
  ManagementENISGId:
    Value: !GetAtt ManagementENISG.GroupId
  SyncronizationENISGId:
    Value: !GetAtt SyncronizationENISG.GroupId
  ISCSIENISGId:
    Value: !GetAtt ISCSIENISG.GroupId