AWSTemplateFormatVersion: '2010-09-09'
Description: VPN Server on AWS.

Parameters:
  VPNUsername:
    Description: Username
    Type: String
    MinLength: 4
    MaxLength: 255
    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
    ConstraintDescription: enter username.
  VPNPassword:
    NoEcho: true
    Description: Password
    Type: String
    MinLength: 8
    MaxLength: 255
    ConstraintDescription: paswword at least 8 symbols

Mappings:
  AWSRegionAmazon2AMI:
    us-east-1:
      HVM64: ami-0fc61db8544a617ed
    us-east-2: 
      HVM64: ami-0e01ce4ee18447327
    us-west-1:
      HVM64: ami-09a7fe78668f1e2c0
    us-west-2:
      HVM64: ami-0ce21b51cb31a48b8
    eu-west-1:
      HVM64: ami-04d5cc9b88f9d1d39
    eu-west-2:
      HVM64: ami-0cb790308f7591fa6
    eu-west-3:
      HVM64: ami-07eda9385feb1e969
    eu-central-1:
      HVM64: ami-0ec1ba09723e5bfac
    eu-north-1:
      HVM64: ami-0f630db6194a81ad0
    ap-northeast-1:
      HVM64: ami-052652af12b58691f
    ap-northeast-2:
      HVM64: ami-0db78afd3d150fc18
    ap-southeast-1:
      HVM64: ami-0cbc6aae997c6538a
    ap-southeast-2:
      HVM64: ami-08fdde86b93accf1c
    ap-south-1:
      HVM64: ami-03b5297d565ef30a6
    sa-east-1:
      HVM64: ami-0b032e878a66c3b68
    ca-central-1:
      HVM64: ami-0bf54ac1b628cf143


Resources:
  VPNServerInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId:
        Fn::FindInMap:
          - AWSRegionAmazon2AMI
          - Ref: AWS::Region
          - HVM64
      InstanceType: t2.micro
      SecurityGroups:
        - Ref: VPNSecurityGroup
      Tags:
        - Key: Name
          Value:
            Ref: AWS::StackName
      UserData:
        Fn::Base64: !Join
          - '#'
          - - !Sub |
              #!/bin/sh
              amazon-linux-extras install epel
              yum update -y
              YOUR_USERNAME=${VPNUsername}
              YOUR_PASSWORD=${VPNPassword}

              yum install ppp pptp pptpd pptp-setup -y
              echo "localip 10.0.0.1" >> /etc/pptpd.conf
              echo "remoteip 10.0.0.100-200" >> /etc/pptpd.conf
              echo "$YOUR_USERNAME pptpd $YOUR_PASSWORD *" >> /etc/ppp/chap-secrets
              echo "ms-dns 8.8.8.8" >> /etc/ppp/pptpd-options
              echo "ms-dns 1.1.1.1" >> /etc/ppp/pptpd-options
              service pptpd restart

              echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
              sysctl -p
              iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

  VPNSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: VPN Security Groups
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '1723'
          ToPort: '1723'
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: '1723'
          ToPort: '1723'
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: '1701'
          ToPort: '1701'
          CidrIp: 0.0.0.0/0
Outputs:
  VPNServerAddress:
    Description: VPN IP
    Value:
      Fn::GetAtt:
        - VPNServerInstance
        - PublicIp