---
AWSTemplateFormatVersion: "2010-09-09"

Description: Prod AppDynamics server (single instance only)

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          default: Instance Configuration
        Parameters:
          - InstanceType
          - AmiId
          - KeyPair

    ParameterLabels:
      InstanceType:
        default: Instance Type
      AmiId:
        default: AMI ID
      KeyPair:
        default: SSH Key Pair

Parameters:
  KeyPair:
    Type: AWS::EC2::KeyPair::KeyName
    Description: EC2 Keypair to use for SSH
    Default: <redacted>
  InstanceType:
    Type: String
    Description: EC2 instance type
    Default: m4.xlarge
  AmiId:
    Type: String
    Description: AMI ID to use for instance
    Default: <redacted>

Resources:
  AlbSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: AppD Alb Security Group
      VpcId: vpc-<redacted>
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0
  Ec2SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: AppD Controller Security Group
      VpcId: vpc-<redacted>
      SecurityGroupIngress:
        - IpProtocol: '-1'
          SourceSecurityGroupId: !Ref AlbSecurityGroup
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: sg-<redacted>
        - IpProtocol: '-1'
          CidrIp: 10.0.0.0/8
        - IpProtocol: '-1'
          CidrIp: 172.16.0.0/12
        - IpProtocol: '-1'
          CidrIp: 192.168.0.0/16
      Tags:
        - Key: Name
          Value: !Ref AWS::StackName
        - Key: st:owner
          Value: Frode
        - Key: st:application
          Value: AppDynamics
        - Key: st:environment
          Value: prod

  ApplicationLoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Scheme: internal
      Type: application
      Subnets:
        - subnet-<redacted>
        - subnet-<redacted>
      SecurityGroups:
        - !Ref AlbSecurityGroup
        - !Ref Ec2SecurityGroup
      Tags:
        - Key: Name
          Value: !Ref AWS::StackName
        - Key: st:owner
          Value: Frode
        - Key: st:application
          Value: AppDynamics
        - Key: st:environment
          Value: prod

  HttpsTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      Name: prod-appd
      Port: 443
      Protocol: HTTPS
      VpcId: vpc-<redacted>
      TargetType: instance
      Targets:
        - Id: !Ref EC2Instance
          Port: 8181
      HealthCheckPath: /
      Matcher:
        HttpCode: 200-399

  ALBHTTPSListener:
    Type : AWS::ElasticLoadBalancingV2::Listener
    Properties:
      Certificates:
      - CertificateArn: arn:aws:acm:us-east-1:<redacted>:certificate/<redacted>
      DefaultActions:
        - Type: forward
          TargetGroupArn:
            Ref: HttpsTargetGroup
      LoadBalancerArn:
        Ref: ApplicationLoadBalancer
      Port: 443
      Protocol: HTTPS

  EC2Instance:
    Type: AWS::EC2::Instance
    DependsOn:
      - ApplicationLoadBalancer
    Properties:
      ImageId:
        Ref: AmiId
      SecurityGroupIds:
        - Ref: Ec2SecurityGroup
      InstanceType:
        Ref: InstanceType
      IamInstanceProfile: AppdynamicsInstance
      InstanceInitiatedShutdownBehavior: stop
      KeyName:
        Ref: KeyPair
      SubnetId: subnet-<redacted>
      UserData: IyEvYmluL2Jhc2ggLXgNCm1vdW50IC91c3IvbG9jYWwvQXBwRHluYW1pY3MNCnJtIC1yZiAvdXNyL2xvY2FsL0FwcER5bmFtaWNzL3BsYXRmb3JtL3Byb2R1Y3QvY29udHJvbGxlci9hcHBzZXJ2ZXIvZ2xhc3NmaXNoL2RvbWFpbnMvZG9tYWluMS9nZW5lcmF0ZWQvKg0Kcm0gLXJmIC91c3IvbG9jYWwvQXBwRHluYW1pY3MvcGxhdGZvcm0vcHJvZHVjdC9jb250cm9sbGVyL2FwcHNlcnZlci9nbGFzc2Zpc2gvZG9tYWlucy9kb21haW4xL29zZ2ktY2FjaGUvKg0KZXhwb3J0IFBBVEg9Ii91c3IvbG9jYWwvc2JpbjovdXNyL2xvY2FsL2JpbjovdXNyL3NiaW46L3Vzci9iaW46L3NiaW46L2JpbjovdXNyL2dhbWVzOi91c3IvbG9jYWwvZ2FtZXM6L3NuYXAvYmluOi91c3IvbG9jYWwvQXBwRHluYW1pY3MvcGxhdGZvcm0vcHJvZHVjdC9jb250cm9sbGVyL2JpbjovdXNyL2xvY2FsL0FwcER5bmFtaWNzL3BsYXRmb3JtL3Byb2R1Y3QvY29udHJvbGxlci9hcHBzZXJ2ZXIvYmluOi91c3IvbG9jYWwvQXBwRHluYW1pY3MvcGxhdGZvcm0vcHJvZHVjdC9jb250cm9sbGVyL2FwcHNlcnZlci9tcS9iaW46L3Vzci9sb2NhbC9BcHBEeW5hbWljcy9wbGF0Zm9ybS9wbGF0Zm9ybS1hZG1pbi9iaW46L3Vzci9sb2NhbC9BcHBEeW5hbWljcy9wbGF0Zm9ybS9wcm9kdWN0L2NvbnRyb2xsZXIvYXBwc2VydmVyL2dsYXNzZmlzaC9iaW46LiINCmV4cG9ydCBJTVFfSkFWQUhPTUU9IklNUV9KQVZBSE9NRT0vdXNyL2xvY2FsL0FwcER5bmFtaWNzL3BsYXRmb3JtL3Byb2R1Y3QvanJlLzEuOC4wXzE2MiINCi91c3IvbG9jYWwvQXBwRHluYW1pY3MvcGxhdGZvcm0vcHJvZHVjdC9jb250cm9sbGVyL2Jpbi9zdGFydENvbnRyb2xsZXIuc2g=
      Tags:
        - Key: Name
          Value: !Ref AWS::StackName
        - Key: st:owner
          Value: Frode
        - Key: st:application
          Value: AppDynamics Prod
        - Key: st:environment
          Value: prod
        - Key: dd
          Value: 'false'

  EC2RecoveryAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmDescription: Trigger a recovery when instance status check fails for 15
        consecutive minutes.
      Namespace: AWS/EC2
      MetricName: StatusCheckFailed_System
      Statistic: Minimum
      Period: 60
      EvaluationPeriods: 15
      ComparisonOperator: GreaterThanThreshold
      Threshold: '0'
      AlarmActions:
        - !Sub "arn:aws:automate:${AWS::Region}:ec2:recover"
      Dimensions:
      - Name: InstanceId
        Value:
          Ref: EC2Instance

  Route53Dns:
    Type: AWS::Route53::RecordSet
    Properties:
      Comment: DNS Record to ALB endpoint
      HostedZoneId: <redacted>
      Type: A
      Name: appdtest.us.<redacted>
      AliasTarget:
        DNSName: !GetAtt ApplicationLoadBalancer.DNSName
        HostedZoneId: !GetAtt ApplicationLoadBalancer.CanonicalHostedZoneID

  Route53IntDns:
    Type: AWS::Route53::RecordSet
    Properties:
      Comment: DNS Record for AppD agent endpoint
      HostedZoneId: <redacted>
      Type: A
      TTL: 30
      Name: appdinttest.us.<redacted>
      ResourceRecords:
        - !GetAtt EC2Instance.PrivateIp