AWSTemplateFormatVersion: "2010-09-09"
Description: Jenkins load balancing stack
Parameters:
  environment:
    Type: String
    Description: Name of the environment
    Default: production
  release:
    Type: String
    Description: Name of the release name of the stack version to use.
    Default: production
    AllowedValues: ['develop', 'production']
    ConstraintDescription: "Must be a possible release version."
  PublicSubnets:
    Description: The public subnets for the ALB to run in.
    Type: String
  PortalCertificate:
    Description: Arn of AWS Certificate
    Type: String
  VpcId:
    Description: ID of the VPC
    Type: AWS::EC2::VPC::Id

Resources:

  #-- Application Load Balancer --#
  PublicALB:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Type: application
      LoadBalancerAttributes:
        - Key: deletion_protection.enabled
          Value: false
        - Key: idle_timeout.timeout_seconds
          Value: 60
      Scheme: internet-facing
      SecurityGroups:
        - !Ref AlbSecurityGroup
      Subnets: !Split [",", !Ref PublicSubnets]
      Tags:
        - Key: Name
          Value: !Sub "Jenkins-${environment}-ALB"
        - Key: environment
          Value: !Ref environment

  AlbSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: ECS Allowed Ports
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: "443"
          ToPort: "443"
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: "80"
          ToPort: "80"
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: "0"
          ToPort: "65535"
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: "0"
          ToPort: "65535"
          CidrIp: 0.0.0.0/0

  # Target group for admin portal port
  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 30
      HealthCheckProtocol: HTTP
      HealthCheckTimeoutSeconds: 15
      HealthyThresholdCount: 2
      UnhealthyThresholdCount: 2
      Matcher:
        HttpCode: '200'
      HealthCheckPath: '/api/health'
      Port: 3000
      Protocol: HTTP
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: '20'
      VpcId: !Ref 'VpcId'
      Tags:
        - Key: Name
          Value: !Sub 'jenkins-${release}'

  # HTTPS for Admin Portal
  AlbListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      Certificates:
        - CertificateArn: !Ref PortalCertificate
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref TargetGroup
      LoadBalancerArn: !Ref PublicALB
      Port: 443
      Protocol: HTTPS

  # Redirect HTTP -> HTTPS
  RedirectAlbListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
      - Type: redirect
        RedirectConfig:
          Protocol: HTTPS
          Port: 443
          Host: '#{host}'
          Path: '/#{path}'
          Query: '#{query}'
          StatusCode: HTTP_301
      LoadBalancerArn: !Ref PublicALB
      Port: 80
      Protocol: HTTP

Outputs:
  AdminPortalTargetGroup:
    Description: ""
    Value: !Ref TargetGroup
  PublicAlbDnsName:
    Description: ""
    Value: !GetAtt PublicALB.DNSName