# Copyright (C) 2014 Serverworks Co.,Ltd. All rights reserved.
AWSTemplateFormatVersion: "2010-09-09"
Description: "SecurityGroups"
Parameters:
  VPCId:
    Description: "Required. Select which VPC create VPC Endpoint."
    MinLength: 1
    Type: "AWS::EC2::VPC::Id"
  SubnetId1:
    Description: "Required. Select which Subnet create VPC Endpoint."
    MinLength: 1
    Type: "AWS::EC2::Subnet::Id"
  SubnetId2:
    Description: "Required. Select which Subnet create VPC Endpoint."
    MinLength: 1
    Type: "AWS::EC2::Subnet::Id"
  ClientSecurityGroupId:
    Description: "Required. Select WorkSpace's SecurityGroup."
    MinLength: 1
    Type: "AWS::EC2::SecurityGroup::Id"
Resources:
  VPCEndpointSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    DeletionPolicy: "Delete"
    Properties:
      GroupDescription: "for REC VPC Endpoint"
      GroupName: "endpoint-essrec-sg"
      Tags:
        - Key: "Name"
          Value: "endpoint-essrec-sg"
      VpcId: !Sub ${VPCId}
  VPCEndpointSecurityGroupIngress0:
    Type: "AWS::EC2::SecurityGroupIngress"
    DeletionPolicy: "Delete"
    Properties:
      GroupId: !Ref VPCEndpointSecurityGroup
      Description: "for REC Agent"
      IpProtocol: "tcp"
      FromPort: "5520"
      SourceSecurityGroupId: !Sub ${ClientSecurityGroupId}
      ToPort: "5520"
  VPCEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties: 
      SecurityGroupIds:
        - !Ref VPCEndpointSecurityGroup
      ServiceName: "com.amazonaws.vpce.ap-northeast-1.vpce-svc-0d35679a1468649b7"
      SubnetIds: 
        - !Sub ${SubnetId1}
        - !Sub ${SubnetId2}
      VpcEndpointType: "Interface"
      VpcId: !Sub ${VPCId}