Parameters:
  MQBrokerUser:
    Description: The user to access the Amazon MQ broker.
    Type: String
    Default: testBrokerUser
    MinLength: 2
    ConstraintDescription: The Amazon MQ broker user is required !
  MQBrokerPassword:
    Description: The password to access the Amazon MQ broker. Min 12 characters
    Type: String
    Default: testBrokerPassword
    MinLength: 12
    ConstraintDescription: The Amazon MQ broker password is required !
    NoEcho: true
  PreCreatedVpc:
    Type: String
  PreCreatedSubnetTwo:
    Type: String
  MQBrokerUserSecretName2:
    Type: String
  PreCreatedInternetGateway:
    Type: String
  MQBrokerName2:
    Description: The name of MQ Broker
    Type: String
    Default: TestMQBroker2

Resources:
  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Ref: PreCreatedVpc

  Route:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId:
        Ref: RouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId:
        Ref: PreCreatedInternetGateway

  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId:
        Ref: PreCreatedSubnetTwo
      RouteTableId:
        Ref: RouteTable

  MQSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Limits security group ingress and egress traffic for the Amazon
        MQ instance
      VpcId:
        Ref: PreCreatedVpc
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 8162
        ToPort: 8162
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 61617
        ToPort: 61617
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 5671
        ToPort: 5671
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 61614
        ToPort: 61614
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 8883
        ToPort: 8883
        CidrIp: 0.0.0.0/0

  MyMqBroker:
    Properties:
      BrokerName:
        Ref: MQBrokerName2
      DeploymentMode: SINGLE_INSTANCE
      EngineType: ACTIVEMQ
      EngineVersion: 5.15.12
      HostInstanceType: mq.t3.micro
      Logs:
        Audit: true
        General: true
      PubliclyAccessible: true
      AutoMinorVersionUpgrade: false
      SecurityGroups:
      - Ref: MQSecurityGroup
      SubnetIds:
      - Ref: PreCreatedSubnetTwo
      Users:
      - ConsoleAccess: true
        Groups:
        - admin
        Username:
          Ref: MQBrokerUser
        Password:
          Ref: MQBrokerPassword
    Type: AWS::AmazonMQ::Broker

  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Runtime: nodejs14.x
      Handler: index.handler
      CodeUri: s3://bucket/key
      Events:
        MyMqEvent:
          Type: MQ
          Properties:
            Broker:
              Fn::GetAtt: MyMqBroker.Arn
            Queues:
            - TestQueue
            SourceAccessConfigurations:
            - Type: BASIC_AUTH
              URI:
                Ref: MQBrokerUserSecret

  MQBrokerUserSecret:
    Type: AWS::SecretsManager::Secret
    Properties:
      Name:
        Ref: MQBrokerUserSecretName2
      SecretString:
        Fn::Sub: '{"username":"${MQBrokerUser}","password":"${MQBrokerPassword}"}'
      Description: SecretsManager Secret for broker user and password
Metadata:
  SamTransformTest: true