{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Description" : "ArcGIS CloudFormation Template: Creates VPC and other networking AWS resources. **WARNING** You will be billed by AWS for the AWS resources if you create a stack from this template.",
  "Parameters" : {
    "AZs" : {
      "Type" : "List<AWS::EC2::AvailabilityZone::Name>",
      "Description" : "Select two availability zones for your VPC subnets"
    },
    "CIDR" : {
      "Description":"VPC CIDR",
      "Type" : "String", 
      "Default" : "10.0.0.0/16",
      "AllowedPattern" : "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\\/([0-9]|[1-2][0-9]|3[0-2]))?$"
    },
    "Subnet1CIDR": {
      "Description" : "CIDR block of VPC subnet 1",
      "Type" : "String",
      "Default" : "10.0.0.0/24",
      "AllowedPattern" : "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\\/([0-9]|[1-2][0-9]|3[0-2]))?$"
    },
    "Subnet2CIDR": {
      "Description" : "CIDR block of VPC subnet 2",
      "Type" : "String",
      "Default" : "10.0.1.0/24",
      "AllowedPattern" : "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\\/([0-9]|[1-2][0-9]|3[0-2]))?$"
    }
  },
  "Conditions" : {
    "CreateDHCPOptions" : {"Fn::Equals" : [{"Ref" : "AWS::Region"}, "us-east-1"]}
  },
  "Resources" : {
    "VPC" : {
      "Type" : "AWS::EC2::VPC",
      "Properties" : {
        "CidrBlock" : {"Ref": "CIDR"},
        "EnableDnsHostnames" : true,
        "Tags" : [ {
          "Key" : "Name",
          "Value" : {"Ref" : "AWS::StackName"}
        }, {
          "Key" : "Application",
          "Value" : "arcgis-vpc"
        }, {
          "Key" : "Network",
          "Value" : "Public"
        } ]
      }
    },
    "DHCPOptions" : {
      "Type" : "AWS::EC2::DHCPOptions",
      "Condition" : "CreateDHCPOptions",
      "Properties" : {
        "DomainName" : "ec2.internal",
        "DomainNameServers" : [ "AmazonProvidedDNS" ],
        "Tags" : [ { "Key" : "Name", "Value" : {"Ref" : "AWS::StackName"} } ]
      }
    },
    "VPCDHCPOptionsAssociation" : {
      "Type" : "AWS::EC2::VPCDHCPOptionsAssociation",
      "Condition" : "CreateDHCPOptions",
      "Properties" : {
        "VpcId" : {"Ref" : "VPC"},
        "DhcpOptionsId" : {"Ref" : "DHCPOptions"}
      }
    },
    "InternetGateway" : {
      "Type" : "AWS::EC2::InternetGateway",
      "Properties" : {
        "Tags" : [ {
          "Key" : "Application",
          "Value" : {"Ref" : "AWS::StackName"}
        }, {
          "Key" : "Network",
          "Value" : "Public"
        } ]
      }
    },
    "AttachGateway" : {
      "Type" : "AWS::EC2::VPCGatewayAttachment",
      "Properties" : {
        "VpcId" : {"Ref" : "VPC"},
        "InternetGatewayId" : {"Ref" : "InternetGateway"}
      }
    },
    "RouteTable" : {
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : {
        "VpcId" : {"Ref" : "VPC"},
        "Tags" : [ {
          "Key" : "Application",
          "Value" : {"Ref" : "AWS::StackName"}
        }, {
          "Key" : "Network",
          "Value" : "Public"
        } ]
      }
    },
    "Route" : {
      "Type" : "AWS::EC2::Route",
      "DependsOn" : "AttachGateway",
      "Properties" : {
        "RouteTableId" : {"Ref" : "RouteTable"},
        "DestinationCidrBlock" : "0.0.0.0/0",
        "GatewayId" : {"Ref" : "InternetGateway"}
      }
    },
    "Subnet1" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : {"Ref" : "VPC"},
        "CidrBlock" : {"Ref": "Subnet1CIDR"},
        "AvailabilityZone" : {"Fn::Select" : [ 0, {"Ref" : "AZs"} ]},
        "Tags" : [ {
          "Key" : "Name", 
          "Value" : {"Fn::Join" : ["", [{"Ref" : "AWS::StackName"}, "-subnet1"]]}
        }, {
          "Key" : "Application",
          "Value" : "arcgis-networking"
        }, {
          "Key" : "Network",
          "Value" : "Public"
        } ]
      }
    },
    "Subnet2" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : {"Ref": "VPC"},
        "CidrBlock" : {"Ref": "Subnet2CIDR"},
        "AvailabilityZone" : {"Fn::Select" : [ 1, {"Ref" : "AZs"} ]},
        "Tags" : [ {
          "Key" : "Name", 
          "Value" : {"Fn::Join" : ["", [{"Ref" : "AWS::StackName"}, "-subnet2"]]}
        }, {
          "Key" : "Application",
          "Value" : "arcgis-networking"
        }, {
          "Key" : "Network",
          "Value" : "Public"
        } ]
      }
    },
    "Subnet1RouteTableAssociation" : {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "SubnetId" : {"Ref" : "Subnet1"},
        "RouteTableId" : {"Ref" : "RouteTable"}
      }
    },
    "Subnet2RouteTableAssociation" : {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "SubnetId" : {"Ref" : "Subnet2"},
        "RouteTableId" : {"Ref" : "RouteTable" }
      }
    },
    "S3Endpoint" : {
      "Type" : "AWS::EC2::VPCEndpoint",
      "Properties" : {
        "PolicyDocument" : {
          "Version":"2012-10-17",
          "Statement":[{
            "Effect":"Allow",
            "Principal": "*",
            "Action":["s3:*"],
            "Resource":["*"]
          }]
        },
        "RouteTableIds" : [ {"Ref" : "RouteTable"} ],
        "ServiceName" : { "Fn::Join": [ "", [ "com.amazonaws.", { "Ref": "AWS::Region" }, ".s3" ] ] },
        "VpcId" : {"Ref" : "VPC"}
      }
    }
  },
  "Outputs" : {
    "VPCId" : {
      "Description" : "VPC ID",
      "Value" :  {"Ref" : "VPC"}
    },
    "Subnet1" : {
      "Description" : "Subnet 1",
      "Value" :  {"Ref" : "Subnet1"}
    },
    "Subnet2" : {
      "Description" : "Subnet 2",
      "Value" :  {"Ref" : "Subnet2"}
    }
  }
}