AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple VPC with one public subnet and one instance"

Parameters:
  KeyName:
    Type:         AWS::EC2::KeyPair::KeyName
    Description:  Name of an existing EC2 KeyPair to enable SSH access to the instance
  VPCCIDR:
    Type:         String
    Description:  VPC address range
    Default:      10.15.0.0/16
  PublicSubnetCIDR:
    Type:         String
    Description:  Public Subnet in VPC
    Default:      10.15.1.0/24
  CompanyWANIP:
    Type:         String
    Description:  Company WANIP - Format x.x.x.x/32
    Default:      162.158.134.60/32


Resources:

  ## Infrastructure. VPC, Subnet, InternetGateway, Routes

  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref VPCCIDR
      InstanceTenancy: default
      Tags:
        - Key: Name
          Value: Simple VPC

  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: !Ref PublicSubnetCIDR
      Tags:
        - Key: Name
          Value: Public

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: Simple VPC

  InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: Public

  RouteAttachment:
    Type: AWS::EC2::Route
    DependsOn:
      - InternetGatewayAttachment
      - RouteTable
    Properties:
      RouteTableId: !Ref RouteTable
      DestinationCidrBlock: "0.0.0.0/0"
      GatewayId: !Ref InternetGateway

  VPCRouteSubnet:
    Type: AWS::EC2::SubnetRouteTableAssociation
    DependsOn:  RouteTable
    Properties:
      RouteTableId: !Ref RouteTable
      SubnetId:     !Ref PublicSubnet

  ## security groups

  RDPSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref VPC
      GroupName:        "Basic RDP access from the office"
      GroupDescription: RDP-from-office
      SecurityGroupEgress:
        - CidrIp:     0.0.0.0/0
          IpProtocol: "-1"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort:   3389
          ToPort:     3389
          CidrIp:     !Ref CompanyWANIP

  WindowsInstance:
    Type: "AWS::EC2::Instance"
    Properties:
      ImageId: "ami-0a174bb076b94a327"
      KeyName: !Ref KeyName
      Tags:
        - Key: Name
          Value: Windows Server
      InstanceType: "t3.medium"
      Tenancy: "default"
      Monitoring: true
      DisableApiTermination: false
      InstanceInitiatedShutdownBehavior: "stop"
      CreditSpecification:
        CPUCredits: "unlimited"
      EbsOptimized: true
      BlockDeviceMappings:
        -
          DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 80
            DeleteOnTermination: true
            VolumeType: "gp2"
      NetworkInterfaces:
        -
          DeviceIndex: 0
          Description: "Primary network interface"
          AssociatePublicIpAddress: true
          DeleteOnTermination: true
          SubnetId: !Ref PublicSubnet
          Ipv6AddressCount: 0
          GroupSet:
            - !Ref RDPSecurityGroup