{
   "Description": "Launch an EC2 instance from an AMI specified in SSM parameter.",
   "Parameters": {
      "VpcId": {
         "Type": "AWS::EC2::VPC::Id",
         "Description": "VpcId of your existing Virtual Private Cloud (VPC)",
         "ConstraintDescription": "VPC Id of an existing Virtual Private Cloud."
      },
      "Subnet": {
         "Type": "AWS::EC2::Subnet::Id",
         "Description": "The Subnet in the Virtual Private Cloud (VPC)",
         "ConstraintDescription": "A SubnetId in the selected Virtual Private Cloud."
      },
      "AMIID":{
        "Description":"AMI-ID",
          "Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
          "Default":"AMI_ID_TO_REPLACE",
      "ConstraintDescription": "Must supply the SSM parameter id in which AMI-ID is stored."
      },
      "KeyPair": {
         "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
         "Type": "AWS::EC2::KeyPair::KeyName",
         "ConstraintDescription": "Name of an existing EC2 KeyPair."
      },
      "SSHLocation": {
         "Description": "CIDR block from which SSH access will be allowed",
         "Type": "String",
         "MinLength": "9",
         "MaxLength": "18",
         "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
         "ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x."
      },
      "InstanceType": {
         "Description": "EC2 instance type",
         "Type": "String",
         "Default": "t2.medium",
         "AllowedValues": [
            "t2.micro",
            "t2.small",
            "t2.medium",
            "m4.large",
            "m4.xlarge",
            "m4.2xlarge",
            "m4.4xlarge",
            "m4.10xlarge"
         ],
         "ConstraintDescription": "must be a valid EC2 instance type."
      }
   }, 
   "Resources": {
      "SecGroup": {
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
          "GroupDescription": "Security group for EC2 instance",
          "SecurityGroupIngress": [
             {
                "IpProtocol": "tcp",
                "FromPort": "22",
                "ToPort": "22",
                "CidrIp": { "Ref": "SSHLocation" }
             }              
          ],
          "VpcId": { "Ref": "VpcId" }
       }
      },
      "MyEc2Instance": {
         "Type": "AWS::EC2::Instance",
         "Properties": {
            "KeyName": { "Ref": "KeyPair" },
            "ImageId": {"Ref":"AMIID"},
            "InstanceType": { "Ref":"InstanceType"},
            "SubnetId": {"Ref": "Subnet"},
            "SecurityGroupIds": [ { "Ref": "SecGroup" } ]
         }
      }
   },
   "Outputs": {
      "PublicIp": {
         "Description": "The Public Ip Address",
         "Value":{
            "Fn::GetAtt":[
               "MyEc2Instance",
               "PublicIp"
            ]
         }
      }          
   },
   "AWSTemplateFormatVersion": "2010-09-09"
}