{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description" : "AWSMP::41a2b8af-4e81-4903-8ca0-ba34a14f0d77::20d3f064-9504-4c2d-b738-941f7f1bc79c--Creates an EC2 instance with Jaspersoft for AWS configured for easy access to RDS and Redshift data sources",
  "Metadata" : {
    "AWS::CloudFormation::Interface" : {
      "ParameterGroups" : [{
        "Label" : {"default" : "Amazon EC2 Configuration"},
        "Parameters" : ["InstanceType","KeyName"]
      },{
        "Label" : {"default" : "Security"},
        "Parameters" : ["SecuredIp"]
      }]
    }
  },
  "Parameters" : {
    "KeyName" : {
      "Description" : "Name of an existing EC2 KeyPair in the region, to enable SSH access to the instance.",
      "Type" : "AWS::EC2::KeyPair::KeyName",
      "MinLength": "1",
      "MaxLength": "64",
      "AllowedPattern" : "[-_ a-zA-Z0-9]*",
      "ConstraintDescription" : "Must be the name of an existing key pair.  It can contain only alphanumeric characters, spaces, dashes and underscores."
    },
    "InstanceType" : {
      "Description" : "Select instance type from the drop-down",
      "Type" : "String",
      "Default" : "m3.large",
      "AllowedValues" : [ "m3.medium","m3.large","m3.xlarge","r3.xlarge","r3.2xlarge"],
      "ConstraintDescription" : "Must be valid EC2 instance type."
    },
    "SecuredIp" : {
        "Description" : "IP/Mask which will be allowed for SSH access. (i.e. 192.168.0.1/32 for a single ip or 0.0.0.0/0  for everyone)",
        "Type" : "String",
        "AllowedPattern" : "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$",
        "ConstraintDescription" : "Secured ip must be valid IPv4 CIRD address for example 1.2.3.4/32"

    }
  },
  "Mappings" : {
    "AWSRegionAMI" : {
      "us-east-1"      : { "64" : "ami-3c73eb2a"},
      "us-west-1"      : { "64" : "ami-3fad895f"},
      "us-west-2"      : { "64" : "ami-eb46d98b"},
      "eu-central-1"   : { "64" : "ami-dab06cb5"},
      "eu-west-1"      : { "64" : "ami-81cecfe7"},
      "ap-southeast-1" : { "64" : "ami-9bf14af8"},
      "ap-southeast-2" : { "64" : "ami-be1810dd"},
      "ap-northeast-1" : { "64" : "ami-25c0eb42"},
      "ap-northeast-2" : { "64" : "ami-725d8f1c"},
      "sa-east-1"      : { "64" : "ami-6e81ec02"}
    }
  },


  "Resources": {
    "JRSecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupDescription" : "for Jaspersoft BI v6.3" ,
        "SecurityGroupIngress" : [ 
          { "IpProtocol" : "tcp", "FromPort" : "80",  "ToPort" : "80",  "CidrIp" : "0.0.0.0/0"},
          { "IpProtocol" : "tcp", "FromPort" : "22",  "ToPort" : "22",  "CidrIp" : { "Ref" : "SecuredIp" }}
        ]
      }
    },
    "JRSEC2Instance": {
      "Type": "AWS::EC2::Instance",
      "Version": "6.3-2016-07-06",
      "Properties": {
        "ImageId":  {"Fn::FindInMap" : [ "AWSRegionAMI", { "Ref" : "AWS::Region" }, "64" ]},
        "InstanceType": { "Ref" : "InstanceType" },
        "KeyName" : { "Ref" : "KeyName" },
        "Monitoring": "false",
        "DisableApiTermination": "false",
        "SecurityGroups": [{ "Ref": "JRSecurityGroup"}],
        "IamInstanceProfile": { "Ref": "JRSInstanceProfile" }
      }
    },
    "JRSInstanceRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [{
            "Effect": "Allow",
            "Principal": { "Service": [ "ec2.amazonaws.com" ] },
          "Action": [ "sts:AssumeRole" ]
          }]
        },
        "Path": "/"
      }
    },
    "JRSRolePolicies": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "JRSRolePolicy",
        "PolicyDocument": {
          "Statement": [{
            "Effect": "Allow",
            "Action": [ 
              "rds:Describe*",
              "rds:AuthorizeDBSecurityGroupIngress",
              "rds:CreateDBSecurityGroup",
              "rds:RevokeDBSecurityGroupIngress",
              "rds:ModifyDBInstance",
              "redshift:Describe*",
              "redshift:AuthorizeClusterSecurityGroupIngress",
              "redshift:CreateClusterSecurityGroup",
              "redshift:RevokeClusterSecurityGroupIngress",
              "redshift:ModifyCluster",
              "ec2:DescribeSecurityGroups",
              "ec2:AuthorizeSecurityGroupIngress",
              "ec2:CreateSecurityGroup",
              "ec2:RevokeSecurityGroupIngress"
            ],
            "Resource": "*"
          }]
        },
        "Roles": [ { "Ref": "JRSInstanceRole" } ]
      }
    },
    "JRSInstanceProfile": {
      "Type": "AWS::IAM::InstanceProfile",
      "Properties": {
        "Path": "/",
        "Roles": [ { "Ref": "JRSInstanceRole" } ]
      }
    }
  },
  
  "Outputs" : {
    "InstanceName" : {
      "Value" : { "Ref" : "JRSEC2Instance" },
      "Description" : "Jaspersoft JasperReports Server for AWS Instance"
    },
    "GettingStartedURL" : {
      "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "JRSEC2Instance", "PublicDnsName" ]} ]] },
      "Description" : "Initial Instance Welcome Page URL"
    },
    "Login" : {
      "Value" : "superuser",
      "Description" : "Master user name"
    },
    "Password" : {
      "Value" :  { "Ref" : "JRSEC2Instance" },
      "Description" : "Initial master user password"
    }
  }
}