Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.

Resources:
  testVPC:
    Type: AWS::EC2::VPC
    Properties:
     CidrBlock: 10.0.0.0/16
     Tags:
        - Key: Name
          Value: test-VPC

  testIGW:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: test-IGW

  testIGWAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref testIGW
      VpcId: !Ref testVPC

  testPublicRT:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref testVPC
      Tags:
        - Key: Name
          Value: test-Public-RT

  DefaultPublicRoute:
    Type: AWS::EC2::Route
    DependsOn: testIGWAttachment
    Properties:
      RouteTableId: !Ref testPublicRT
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref testIGW

  testPrivateRT:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref testVPC
      Tags:
        - Key: Name
          Value: test-Private-RT

  testPublicSN:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref testVPC
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      CidrBlock: 10.0.0.0/24
      Tags:
        - Key: Name
          Value: test-Public-SN

  testPrivateSN:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref testVPC
      AvailabilityZone: !Select [ 2, !GetAZs '' ]
      CidrBlock: 10.0.1.0/24
      Tags:
        - Key: Name
          Value: test-Private-SN

  testPublicSNRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref testPublicRT
      SubnetId: !Ref testPublicSN

  testPrivateSNRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref testPrivateRT
      SubnetId: !Ref testPrivateSN

  testSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22
      VpcId: !Ref testVPC
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '80'
        ToPort: '80'
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: '22'
        ToPort: '22'
        CidrIp: 0.0.0.0/0

  testPublicEC2:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      ImageId: ami-03b42693dc6a7dc35
      KeyName: !Ref KeyName
      Tags:
        - Key: Name
          Value: test-Public-EC2
      NetworkInterfaces:
        - DeviceIndex: 0
          SubnetId: !Ref testPublicSN
          GroupSet:
          - !Ref testSecurityGroup
          AssociatePublicIpAddress: true

  testPrivateEC2:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      ImageId: ami-03b42693dc6a7dc35
      KeyName: !Ref KeyName
      Tags:
        - Key: Name
          Value: test-Private-EC2
      NetworkInterfaces:
        - DeviceIndex: 0
          SubnetId: !Ref testPrivateSN
          GroupSet:
          - !Ref testSecurityGroup
      UserData:
        Fn::Base64:
          !Sub |
            #!/bin/bash
            (
            echo "asd123"
            echo "asd123"
            ) | passwd --stdin root
            sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
            sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
            service sshd restart