AWSTemplateFormatVersion: 2010-09-09
Parameters:
  VpcId: 
    Type: AWS::EC2::VPC::Id
    Description: VpcId of your existing Virtual Private Cloud (VPC)
    ConstraintDescription: must be the VPC Id of an existing Virtual Private Cloud.

  SubnetId:
    Type: AWS::EC2::Subnet::Id
    Description: SubnetId of an existing public subnet (for the primary network) in selected Virtual Private Cloud (VPC)
    ConstraintDescription: must be an existing public subnet in the selected Virtual Private Cloud.

  EC2InstanceType :
    Description : Rapticore Server EC2 instance type
    Type : String
    Default : t3.medium
    ConstraintDescription : must be a valid EC2 instance type.
    AllowedValues: [t3.medium, t3.large, t3.2xlarge, c3.large, c3.xlarge, c3.2xlarge, c3.4xlarge, c4.large, c4.xlarge, c4.2xlarge, c4.4xlarge, c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5a.large, c5a.xlarge, c5a.2xlarge, c5a.4xlarge]

Resources:
  #####
  # Network resources
  #####
  RapticoreSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Enable HTTP access
      VpcId: !Ref VpcId
      Tags:
        - Key: Name
          Value: Rapticore-Freemium-Security-Group
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 6100
          ToPort: 6100
          CidrIp: 0.0.0.0/0

  #####
  # EC2 resources
  #####
  EC2InstanceProfileRoleForRapticore:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              Service:
                - "ec2.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Description: !Sub 'Rapticore Freemium EC2 IAM Role Deployment'
      Policies:
        - PolicyDocument:
            Statement:
              - Action:
                  - iam:ListRole*
                  - ec2:DescribeRegions
                  - iam:GetRole*
                Effect: Allow
                Resource: '*'
                Sid: AllowIamEc2ReadyOnly
              - Action: sts:AssumeRole
                Effect: Allow
                Resource: 'arn:aws:iam::*:role/rapticore*'
                Sid: EC2AssumeRole
          PolicyName: RapticoreEc2Policy
      RoleName: !Sub 'RapticoreFreemiumEc2IAMRole'

  EC2InstanceProfileForRapticore:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Roles:
        - !Ref EC2InstanceProfileRoleForRapticore

  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      IamInstanceProfile: !Ref EC2InstanceProfileForRapticore
      ImageId: ami-0470ba3588e7e1db7
      InstanceType: !Ref EC2InstanceType
      SecurityGroupIds:
        - !Ref RapticoreSecurityGroup
      SubnetId: !Ref SubnetId
      Tags:
        - Key: Name
          Value: Rapticore-Freemium

Outputs:
  URL:
    Value: !Join [ "", [ "https://", !GetAtt EC2Instance.PublicDnsName ] ] 
    Description: Rapticore Freemium URL
  EC2InstanceId:
    Description: Instance ID of the launched EC2 instance
    Value:  !Ref EC2Instance
    Export:
      Name: EC2InstanceId