AWSTemplateFormatVersion: 2010-09-09
Description: VPC and Subnet definitions for Strapi + ELB project.
Resources:
  PublicVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "172.31.0.0/16"
      EnableDnsHostnames: true
      EnableDnsSupport: true
  ELBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-ELBSecurityGroup"
      GroupDescription: Security group for the Elastic Load Balancer.
        This permits inbound 80/443 from any IP, to 80/443 to the
        Auto Scaling security group.
      VpcId: !Ref PublicVPC
  ELBSecurityGroupIngressHttp:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: Ingress for ELBSecurityGroup for HTTP.
      GroupId: !Ref ELBSecurityGroup
      IpProtocol: tcp
      FromPort: 80
      ToPort: 80
      CidrIp: 0.0.0.0/0
  ELBSecurityGroupIngressHttps:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: Ingress for ELBSecurityGroup for HTTPS.
      GroupId: !Ref ELBSecurityGroup
      IpProtocol: tcp
      FromPort: 443
      ToPort: 443
      CidrIp: 0.0.0.0/0
  ELBSecurityGroupEgressHttp:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      Description: Egress for ELBSecurityGroup for HTTP.
      GroupId: !Ref ELBSecurityGroup
      IpProtocol: tcp
      FromPort: 80
      ToPort: 80
      SourceSecurityGroupId: !Ref ASSecurityGroup
  ELBSecurityGroupEgressHttps:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      Description: Egress for ELBSecurityGroup for HTTPS.
      GroupId: !Ref ELBSecurityGroup
      IpProtocol: tcp
      FromPort: 443
      ToPort: 443
      SourceSecurityGroupId: !Ref ASSecurityGroup
  ASSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-ASSecurityGroup"
      GroupDescription: Security group for the Auto Scaler. This security group
        will be applied to any EC2 instances that the Auto Scaler creates. This
        group permits inbound 80/443 from the Elastic Load Balancer security
        group.
      VpcId: !Ref PublicVPC
  ASSecurityGroupIngressHttp:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: Ingress for ASSecurityGroup for HTTP.
      GroupId: !Ref ASSecurityGroup
      IpProtocol: tcp
      FromPort: 80
      ToPort: 80
      SourceSecurityGroupId: !Ref ELBSecurityGroup
  ASSecurityGroupIngressHttps:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: Ingress for ASSecurityGroup for HTTPS.
      GroupId: !Ref ASSecurityGroup
      IpProtocol: tcp
      FromPort: 443
      ToPort: 443
      SourceSecurityGroupId: !Ref ELBSecurityGroup
  PublicSubnet0:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone:
        Fn::Select:
          - 0
          - Fn::GetAZs: !Ref "AWS::Region"
      VpcId: !Ref PublicVPC
      CidrBlock: 172.31.0.0/20
      MapPublicIpOnLaunch: true
  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone:
        Fn::Select:
          - 1
          - Fn::GetAZs: !Ref "AWS::Region"
      VpcId: !Ref PublicVPC
      CidrBlock: 172.31.16.0/20
      MapPublicIpOnLaunch: true
  PublicSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone:
        Fn::Select:
          - 2
          - Fn::GetAZs: !Ref "AWS::Region"
      VpcId: !Ref PublicVPC
      CidrBlock: 172.31.32.0/20
      MapPublicIpOnLaunch: true
  InternetGateway:
    Type: AWS::EC2::InternetGateway
  InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref PublicVPC
      InternetGatewayId: !Ref InternetGateway
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref PublicVPC
  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: InternetGatewayAttachment
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  PublicSubnet0RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet0
      RouteTableId: !Ref PublicRouteTable
  PublicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet1
      RouteTableId: !Ref PublicRouteTable
  PublicSubnet2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet2
      RouteTableId: !Ref PublicRouteTable
Outputs:
  PublicVPCID:
    Description: The VPC for the environment.
    Value: !Ref PublicVPC
    Export:
      Name: !Sub "${AWS::StackName}-PublicVPC"
  ELBSecurityGroupOutput:
    Description: ELB Security Group
    Value: !Ref ELBSecurityGroup
    Export:
      Name: !Sub "${AWS::StackName}-ELBSecurityGroup"
  ASSecurityGroupOutput:
    Description: AS Security Group
    Value: !Ref ASSecurityGroup
    Export:
      Name: !Sub "${AWS::StackName}-ASSecurityGroup"
  # PublicVPCIDDefaultSecurityGroup:
  #   Description: The VPC default security group.
  #   Value: !GetAtt PublicVPC.DefaultSecurityGroup
  #   Export:
  #     Name: !Sub "${AWS::StackName}-PublicVPCIDDefaultSecurityGroup"
  PublicSubnet0ID:
    Description: The public subnet 0.
    Value: !Ref PublicSubnet0
    Export:
      Name: !Sub "${AWS::StackName}-PublicSubnet0"
  PublicSubnet1ID:
    Description: The public subnet 1.
    Value: !Ref PublicSubnet1
    Export:
      Name: !Sub "${AWS::StackName}-PublicSubnet1"
  PublicSubnet2ID:
    Description: The public subnet 2.
    Value: !Ref PublicSubnet2
    Export:
      Name: !Sub "${AWS::StackName}-PublicSubnet2"