# Sample code, software libraries, command line tools, proofs of concept, templates, or other related technology are provided as AWS Content or Third-Party Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content or Third-Party Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content or Third-Party Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content or Third-Party Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

AWSTemplateFormatVersion: '2010-09-09'
Description: 'CloudFormation template for geth-lighthouse EC2 instance with VPC'

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsHostnames: true
      EnableDnsSupport: true
      Tags:
        - Key: Name
          Value: geth-lighthouse-vpc

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: geth-lighthouse-igw

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: false
      AvailabilityZone: !Select [0, !GetAZs '']
      Tags:
        - Key: Name
          Value: geth-lighthouse-public-subnet

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: geth-lighthouse-public-rt

  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref PublicRouteTable

  GethLighthouseSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: "Ethereum node security group"
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 18.206.107.24/29
        - IpProtocol: tcp
          FromPort: 30303
          ToPort: 30303
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: 30303
          ToPort: 30303
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: 30304
          ToPort: 30304
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 9000
          ToPort: 9000
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: 9000
          ToPort: 9000
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: 9001
          ToPort: 9001
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 30303
          ToPort: 30303
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: 30303
          ToPort: 30303
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: 30304
          ToPort: 30304
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 9000
          ToPort: 9000
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: 9000
          ToPort: 9000
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: 9001
          ToPort: 9001
          CidrIp: 0.0.0.0/0

  GethLighthouseInstance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: ami-0c4e709339fa8521a
      InstanceType: i8g.2xlarge
      NetworkInterfaces:
        - AssociatePublicIpAddress: true
          DeviceIndex: 0
          SubnetId: !Ref PublicSubnet
          GroupSet:
            - !Ref GethLighthouseSecurityGroup
      BlockDeviceMappings:
        - DeviceName: /dev/sda1
          Ebs:
            VolumeSize: 100
            VolumeType: io2
            Iops: 100000
      Tags:
        - Key: Name
          Value: geth-lighthouse-i8g.2xlarge
      UserData: 
        Fn::Base64: !Sub |
          #!/bin/bash
          DEVICE_NAME=$(lsblk | grep 1.7T | cut -d\  -f 1)
          DEVICE=/dev/$DEVICE_NAME
          MOUNT_POINT="/data"
          echo "Creating mount point $MOUNT_POINT"
          mkdir -p "$MOUNT_POINT"
          echo "Formatting $DEVICE with xfs"
          mkfs.xfs "$DEVICE"
          echo "Mounting device $DEVICE to $MOUNT_POINT"
          mount "$DEVICE" "$MOUNT_POINT"
          echo "Changing ownership of $MOUNT_POINT"
          chown ubuntu:ubuntu "$MOUNT_POINT"
          echo "Adding entry to /etc/fstab for persistent mount across reboots"
          echo "$DEVICE $MOUNT_POINT xfs defaults,nofail 0 2" >> /etc/fstab

Outputs:
  VpcId:
    Description: VPC ID
    Value: !Ref VPC
  PublicSubnetId:
    Description: Public Subnet ID
    Value: !Ref PublicSubnet
  InstanceId:
    Description: EC2 Instance ID
    Value: !Ref GethLighthouseInstance