{
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "AWS CloudFormer Beta - template creation prototype application. This tool allows you to create an AWS CloudFormation template from the AWS resources in your AWS account. **Warning** This template creates a single EC2 instance in your account to run the application - you will be billed for the instance at normal AWS EC2 rates.",

  "Parameters" : {
    "AccessControl" : {
      "Description" : "The IP address range that can be used to access the CloudFormer tool. NOTE: We highly recommend that you specify a customized address range to lock down the tool.",
      "Type": "String",
      "MinLength": "9",
      "MaxLength": "18",
      "Default": "0.0.0.0/0",
      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
      "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
    }
  },

  "Mappings" : {
    "RegionMap" : {
      "us-east-1"      : { "AMI" : "ami-c421a7ac" },
      "us-west-2"      : { "AMI" : "ami-bface28f" },
      "us-west-1"      : { "AMI" : "ami-5b180c1e" },
      "eu-west-1"      : { "AMI" : "ami-889a33ff" },
      "eu-central-1"   : { "AMI" : "ami-9a142287" },
      "ap-southeast-1" : { "AMI" : "ami-ac6545fe" },
      "ap-northeast-1" : { "AMI" : "ami-5b90a35a" },
      "ap-southeast-2" : { "AMI" : "ami-07670b3d" },
      "sa-east-1"      : { "AMI" : "ami-c7ef58da" },
      "cn-north-1"     : { "AMI" : "ami-c249dbfb" },
      "us-gov-west-1"  : { "AMI" : "ami-cf1771ec" }
    },

    "RegionConfig" : {
      "us-east-1"      : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "us-west-2"      : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "us-west-1"      : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "eu-west-1"      : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "eu-central-1"   : { "InstanceType" : "t2.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "ap-southeast-1" : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "ap-northeast-1" : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "ap-southeast-2" : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "sa-east-1"      : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" },
      "cn-north-1"     : { "InstanceType" : "t2.micro", "EC2Principal" : "ec2.amazonaws.com.cn" },
      "us-gov-west-1"  : { "InstanceType" : "t1.micro", "EC2Principal" : "ec2.amazonaws.com" }
    }
  },

  "Resources" : {

    "CFNRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [{
            "Effect": "Allow",
            "Principal": { "Service": { "Fn::FindInMap" : [ "RegionConfig", {"Ref" : "AWS::Region"}, "EC2Principal"]}},
            "Action": [ "sts:AssumeRole" ]
          }]
        },
        "Path": "/"
      }
    },

    "CFNRolePolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "CloudFormerPolicy",
        "PolicyDocument": {
          "Statement": [ {
            "Effect": "Allow",
            "Action"   : [
              "autoscaling:Describe*",
              "cloudfront:List*",
              "cloudwatch:Describe*",
              "dynamodb:List*", "dynamodb:Describe*",
              "ec2:Describe*",
              "elasticloadbalancing:Describe*",
              "elasticache:Describe*",
              "rds:Describe*", "rds:List*",
              "route53:List*",
              "s3:List*", "s3:Get*", "s3:PutObject",
              "sdb:Get*", "sdb:List*",
              "sns:Get*", "sns:List*",
              "sqs:Get*", "sqs:List*"
            ],
            "Resource": "*"
          } ]
        },
        "Roles": [ { "Ref": "CFNRole" } ]
      }
    },

    "CFNInstanceProfile": {
      "Type": "AWS::IAM::InstanceProfile",
      "Properties": {
        "Path": "/",
        "Roles": [ { "Ref": "CFNRole" } ]
      }
    },

    "WebServer" : {
      "Type" : "AWS::EC2::Instance",
      "Properties" : {
        "InstanceType" : { "Fn::FindInMap" : [ "RegionConfig", {"Ref" : "AWS::Region"}, "InstanceType"]},
        "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
        "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
        "IamInstanceProfile" : { "Ref" : "CFNInstanceProfile" }
      }
    },

    "InstanceSecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupDescription" : "Enable Access via port 80",
        "SecurityGroupIngress" : [
          { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : {"Ref" : "AccessControl"}}
        ]
      }
    }
  },

  "Outputs" : {
    "URL" : {
      "Description" : "AWS CloudFormer Prototype URL. Use this endpoint to create templates from your account.",
      "Value" : { "Fn::Join" : ["", [ "http://", { "Fn::GetAtt" : [ "WebServer", "PublicDnsName" ] } ]]}
    }
  }
}