Untitled

---
Description: "BC Workbench Setup"
Parameters:
  UserName:
    Type: String
    Description: Enter workbench username.
  WorkbenchSecurityGroupIDS:
    Type: "List<AWS::EC2::SecurityGroup::Id>"
    Description: Enter Security group ids for this workbench.
  WorkbenchSubnetIDS:
    Type: "List<AWS::EC2::Subnet::Id>"
    Description: Enter Subnet IDs for this workbench.
  SaltedPassword:
    Type: String
    Description: Enter salted password for new user.
Resources:
  BCHTTPListener:
    Type: "AWS::ElasticLoadBalancingV2::Listener"
    Properties:
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref BCHTTPTargetGroup
      LoadBalancerArn: !Ref ALB
      Port: 80
      Protocol: HTTP
  BCHTTPTargetGroup:
    Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
    Properties:
      HealthCheckIntervalSeconds: 30
      HealthCheckPath: "/"
      HealthCheckPort: "traffic-port"
      HealthCheckProtocol: "HTTP"
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 5
      Matcher:
        HttpCode: 301
      Name: ${UserName}-bc-http
      Port: 80
      Protocol: HTTP
      Tags:
        - Key: Department
          Value: development
        - Key: chaos
          Value: dev
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 300
        - Key: stickiness.enabled
          Value: false
      Targets:
        - Id: !Ref Workbench
          Port: 80
      TargetType: instance
      UnhealthyThresholdCount: 2
      VpcId: vpc-891ad7ed
  BCHTTPSListener:
    Type: "AWS::ElasticLoadBalancingV2::Listener"
    Properties:
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref BCHTTPSTargetGroup
      LoadBalancerArn: !Ref ALB
      Port: 443
      Protocol: HTTPS
      Certificates:
        - CertificateArn: "arn:aws:acm:us-east-1:687433828854:certificate/0a3d771d-440a-49cb-8617-0fe7f4e28a17"
      SslPolicy: "ELBSecurityPolicy-2016-08"
  BCHTTPSTargetGroup:
    Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
    Properties:
      HealthCheckIntervalSeconds: 30
      HealthCheckPath: "/"
      HealthCheckPort: "traffic-port"
      HealthCheckProtocol: "HTTP"
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 5
      Matcher:
        HttpCode: 200
      Name: ${UserName}-bc-https
      Port: 443
      Protocol: HTTPS
      Tags:
        - Key: Department
          Value: development
        - Key: chaos
          Value: dev
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 300
        - Key: stickiness.enabled
          Value: false
      Targets:
        - Id: !Ref Workbench
          Port: 443
      TargetType: instance
      UnhealthyThresholdCount: 2
      VpcId: vpc-891ad7ed
  APIRule:
    Type: "AWS::ElasticLoadBalancingV2::ListenerRule"
    Properties:
      Actions:
        - Type: forward
          TargetGroupArn: !Ref APITargetGroup
      Conditions:
        - Field: path-pattern
          Values:
            - "/api/*"
      ListenerArn: !Ref BCHTTPSListener
      Priority: 1000
  APITargetGroup:
    Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
    Properties:
      HealthCheckIntervalSeconds: 30
      HealthCheckPath: "/api/"
      HealthCheckPort: "traffic-port"
      HealthCheckProtocol: "HTTP"
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 5
      Matcher:
        HttpCode: 200
      Name: ${UserName}-bc-api
      Port: 5000
      Protocol: HTTP
      Tags:
        - Key: Department
          Value: development
        - Key: chaos
          Value: dev
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 300
        - Key: stickiness.enabled
          Value: false
      Targets:
        - Id: !Ref Workbench
          Port: 5000
      TargetType: instance
      UnhealthyThresholdCount: 2
      VpcId: vpc-891ad7ed
  ALB:
    Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
    Properties:
      LoadBalancerAttributes:
        - Key: idle_timeout.timeout_seconds
          Value: 60
      Name: ${UserName}-workbench
      Scheme: internet-facing
      SecurityGroups: !Ref WorkbenchSecurityGroupIDS
      Subnets: !Ref WorkbenchSubnetIDS
      Tags:
        - Key: Department
          Value: development
        - Key: chaos
          Value: dev
      Type: application
      IpAddressType: ipv4
  Workbench:
    Type: "AWS::EC2::Instance"
    Properties:
      AvailabilityZone: "us-east-1c" ## This might need to be variable in the future
      IamInstanceProfile: "BC_Sandbox"
      ImageId: ami-80861296
      KeyName: sheetzam
      InstanceType: t2.medium
      SecurityGroupIds: !Ref WorkbenchSecurityGroupIDS
      SubnetId: "subnet-ffcee3a6"
      BlockDeviceMappings:
        - DeviceName: /dev/sda1
          Ebs:
            VolumeSize: 50
      Tags:
        - Key: Name
          Value: ${UserName}-bc-workbench
        - Key: Department
          Value: development
        - Key: chaos
          Value: dev
        - Key: ghe
          Value: dev-vm
      UserData:
        Fn::Base64:
          !Sub |
            #!/bin/bash -xe
            apt-get update
            debconf-set-selections <<< \"postfix postfix/mailname string dev.inspire.com\"
            debconf-set-selections <<< \"postfix postfix/main_mailer_type string 'Internet Site'\"
            DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -yq -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold'
            apt-get install -y redis-tools mutt exuberant-ctags git build-essential tree tmux docker-compose mysql-client python-pip docker.io
            useradd -m -p ${SaltedPassword} -s /bin/bash ${UserName}
            adduser ${UserName} sudo; adduser ${UserName} docker
            mkdir -p /home/${UserName}/.ssh
            cp /home/ubuntu/.ssh/authorized_keys /home/${UserName}/.ssh/authorized_keys
            chown -R ${UserName}:${UserName} /home/${UserName}/.ssh
            sudo -u ${UserName} pip install awscli --upgrade --user