{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description" : "AWSMP::41a2b8af-4e81-4903-8ca0-ba34a14f0d77::ec43cfc0-6455-4355-9115-9a8b17b3a052--Creates an EC2 instance in VPC with Jaspersoft for AWS configured for easy access to RDS and Redshift data sources",

  "Metadata" : {
    "AWS::CloudFormation::Interface" : {
      "ParameterGroups" : [{
        "Label" : {"default" : "Amazon EC2 Configuration"},
        "Parameters" : ["InstanceType","KeyName"]
      },{
        "Label" : {"default" : "Network Configuration"},
        "Parameters" : ["VpcId","SubnetId","EnablePublicIp"]
      },{
        "Label" : {"default" : "Security"},
        "Parameters" : ["SecuredIp"]
      }]
    }
  },
  "Parameters" : {
    "KeyName" : {
      "Description" : "Name of an existing EC2 KeyPair in the region, to enable SSH access to the instance.",
      "Type" : "AWS::EC2::KeyPair::KeyName",
      "MinLength": "1",
      "MaxLength": "64",
      "AllowedPattern" : "[-_ a-zA-Z0-9]*",
      "ConstraintDescription" : "Must be the name of an existing key pair.  It can contain only alphanumeric characters, spaces, dashes and underscores."
    },
    "InstanceType" : {
      "Description" : "Select instance type from the drop-down",
      "Type" : "String",
      "Default" : "m3.large",
      "AllowedValues" : [ "m3.medium","m3.large","m3.xlarge","m4.large","m4.xlarge","m4.2xlarge","m4.4xlarge","m4.10xlarge","r3.xlarge","r3.2xlarge","c4.xlarge"],
      "ConstraintDescription" : "Must be valid EC2 instance type."
    },
    "VpcId" : {
      "Type" : "AWS::EC2::VPC::Id",
      "Description" : "VpcId of your existing Virtual Private Cloud (VPC)",
      "MinLength": "1",
      "MaxLength": "64"

    },
    "SubnetId" : {
      "Type" : "AWS::EC2::Subnet::Id",
      "Description" : "SubnetId of an existing subnet in your Virtual Private Cloud (VPC)",
      "MinLength": "1",
      "MaxLength": "64"
    },
    "EnablePublicIp" : {
       "Type" : "String",
       "Description": "Assign Public IP address to Instance (true or false)",
       "Default": "true",
       "AllowedValues" : ["true","false"],
       "ConstraintDescription": "Value must be true or false"
    },
    "SecuredIp" : {
      "Description" : "IP/Mask which will be allowed for SSH access. (i.e. 192.168.0.1/32 for a single ip or 0.0.0.0/0  for everyone)",
      "Type" : "String",
      "AllowedPattern" : "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$",
      "ConstraintDescription" : "Secured ip must be valid IPv4 CIRD address for example 1.2.3.4/32"
    }
  },
  "Conditions": {
     "PublicIpEnabled" : {"Fn::Equals" : [{"Ref" : "EnablePublicIp"}, "true"] }
  },

  "Mappings" : {
    "AWSRegionAMI" : {
      "us-east-1"      : { "64" : "ami-3c73eb2a"},
      "us-west-1"      : { "64" : "ami-3fad895f"},
      "us-west-2"      : { "64" : "ami-eb46d98b"},
      "eu-central-1"   : { "64" : "ami-dab06cb5"},
      "eu-west-1"      : { "64" : "ami-81cecfe7"},
      "ap-southeast-1" : { "64" : "ami-9bf14af8"},
      "ap-southeast-2" : { "64" : "ami-be1810dd"},
      "ap-northeast-1" : { "64" : "ami-25c0eb42"},
      "ap-northeast-2" : { "64" : "ami-725d8f1c"},
      "sa-east-1"      : { "64" : "ami-6e81ec02"}
    }
  },
  "Resources": {
    "JRSecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupDescription" : "for Jaspersoft BI v6.3" ,
        "SecurityGroupIngress" : [ 
          { "IpProtocol" : "tcp", "FromPort" : "80",  "ToPort" : "80",  "CidrIp" : "0.0.0.0/0"},
          { "IpProtocol" : "tcp", "FromPort" : "22",  "ToPort" : "22",  "CidrIp" : { "Ref" : "SecuredIp" }}
        ],
        "VpcId" : { "Ref" : "VpcId" }
      }
    },
    "JRSEC2Instance": {
      "Type": "AWS::EC2::Instance",
      "Version": "6.3-2016-07-06",
      "Properties": {
        "ImageId": {"Fn::FindInMap" : [ "AWSRegionAMI", { "Ref" : "AWS::Region" }, "64" ]},
        "InstanceType": { "Ref" : "InstanceType" },
        "KeyName" : { "Ref" : "KeyName" },
        "Monitoring": "false",
        "DisableApiTermination": "false",
        "IamInstanceProfile": { "Ref": "JRSInstanceProfile" },
        "NetworkInterfaces" : [{
          "GroupSet"                 : [{ "Fn::GetAtt": ["JRSecurityGroup", "GroupId"]}],
          "AssociatePublicIpAddress" : { "Ref" : "EnablePublicIp"},
          "DeviceIndex"              : "0",
          "DeleteOnTermination"      : "true",
          "SubnetId"                 : { "Ref" : "SubnetId" }
        }]
      }
    },
    "JRSInstanceRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [{
            "Effect": "Allow",
            "Principal": { "Service": [ "ec2.amazonaws.com" ] },
          "Action": [ "sts:AssumeRole" ]
          }]
        },
        "Path": "/"
      }
    },
    "JRSRolePolicies": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "JRSRolePolicy",
        "PolicyDocument": {
          "Statement": [{
            "Effect": "Allow",
            "Action": [ 
              "rds:Describe*",
              "rds:AuthorizeDBSecurityGroupIngress",
              "rds:CreateDBSecurityGroup",
              "rds:RevokeDBSecurityGroupIngress",
              "rds:ModifyDBInstance",
              "redshift:Describe*",
              "redshift:AuthorizeClusterSecurityGroupIngress",
              "redshift:CreateClusterSecurityGroup",
              "redshift:RevokeClusterSecurityGroupIngress",
              "redshift:ModifyCluster",
              "ec2:DescribeSecurityGroups",
              "ec2:AuthorizeSecurityGroupIngress",
              "ec2:CreateSecurityGroup",
              "ec2:RevokeSecurityGroupIngress"
            ],
            "Resource": "*"
          }]
        },
        "Roles": [ { "Ref": "JRSInstanceRole" } ]
      }
    },
    "JRSInstanceProfile": {
      "Type": "AWS::IAM::InstanceProfile",
      "Properties": {
        "Path": "/",
        "Roles": [ { "Ref": "JRSInstanceRole" } ]
      }
    }
  },
  
  "Outputs" : {
    "InstanceName" : {
      "Value" : { "Ref" : "JRSEC2Instance" },
      "Description" : "Jaspersoft JasperReports Server Pro for AWS Instance"
    },
    "GettingStartedInternalURL" : {
      "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "JRSEC2Instance", "PrivateDnsName" ]} ]] },
      "Description" : "Initial Instance Welcome Page URL accessible from inside of VPC"
    },
    "GettingStartedInternalIpURL" : {
      "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "JRSEC2Instance", "PrivateIp" ]} ]] },
      "Description" : "Initial Instance Welcome Page URL accessible from inside of VPC by IP Address"
    },
    "GettingStartedPublicURL" : {
      "Value" : { "Fn::If" : [ "PublicIpEnabled",{ "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "JRSEC2Instance", "PublicDnsName" ]} ]] },"Public IP not enabled"]},
      "Description" : "Initial Instance Welcome Page URL accessible from outside of VPC"
    },
    "GettingStartedPublicIpURL" : {
      "Value" : { "Fn::If" : [ "PublicIpEnabled",{ "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "JRSEC2Instance", "PublicIp" ]} ]] },"Public IP not enabled"]},
      "Description" : "Initial Instance Welcome Page URL accessible from outside of VPC by IP Address"
    },
    "Login" : {
      "Value" : "superuser",
      "Description" : "Master user name"
    },
    "Password" : {
      "Value" :  { "Ref" : "JRSEC2Instance" },
      "Description" : "Initial master user password"
    }
  }
}