HeatTemplateFormatVersion: '2012-12-12'
Description: 'Heat Engine and API'
Parameters:
  KeyName: 
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
    Type: String
    Default: default
  InstanceType:
    Description: Use this flavor
    Type: String
    Default: bm.small
  HeatUser:
    Description: Heat database username.
    Type: String
    Default: heat
  HeatEngineImage:
    Type: String
  HeatApiImage:
    Type: String
  RabbitMQHost:
    Description: Host for RabbitMQ
    Type: String
  RabbitMQPassword:
    Description: Password for RabbitMQ
    Type: String
  ApiGroupSize:
    Description: How many API nodes to run
    Type: Integer
    Default: 1
  AvailabilityZones:
    Type: List
    Default: [ 1 ]
Resources:
  EngineAccessPolicy:
    Type: OS::Heat::AccessPolicy
    Properties:
      AllowedResources: [ HeatEngine ]
  EngineUser:
    Type: AWS::IAM::User
    Properties:
      Policies: [ { Ref: EngineAccessPolicy } ]
  EngineKey:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName:
        Ref: EngineUser
  ApiAccessPolicy:
    Type: OS::Heat::AccessPolicy
    Properties:
      AllowedResources: [ HeatAPI, HeatAPILaunch ]
  ApiUser:
    Type: AWS::IAM::User
    Properties:
      Policies: [ { Ref: ApiAccessPolicy } ]
  ApiKey:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName:
        Ref: ApiUser
  HeatAPILaunch:
    Type: AWS::AutoScaling::LaunchConfiguration
    Metadata:
      OpenStack::ImageBuilder::Elements: [ heat-api ]
      heat:
        rpc_backend: heat.openstack.common.rpc.impl_kombu
        rabbit:
          host: {Ref: RabbitMQHost}
          password: {Ref: RabbitMQPassword}
        access_key_id:
          Ref: ApiKey
        secret_key:
          Fn::GetAtt: [ ApiKey, SecretAccessKey ]
        stack:
          name: {Ref: 'AWS::StackName'}
          region: {Ref: 'AWS::Region'}
        refresh:
          - resource: HeatAPILaunch
    Properties:
      ImageId:
        {Ref: HeatApiImage}
      InstanceType: {Ref: InstanceType}
      KeyName: {Ref: KeyName}
  HeatAPI:
    Type: OS::Heat::InstanceGroup
    Properties:
      LaunchConfiguration: {Ref: HeatApiLaunch}
      Size: {Ref: ApiGroupSize}
      AvailabilityZones: {Ref: AvailabilityZones}
  HeatEngine:
    Type: AWS::EC2::Instance
    Properties:
      ImageId:
        {Ref: HeatEngineImage}
    Metadata:
      OpenStack::Role: stateful
      OpenStack::ImageBuilder::Elements: [ heat-engine ]
      heat:
        rpc_backend: heat.openstack.common.rpc.impl_kombu
        rabbit:
          host: {Ref: RabbitMQHost}
          password: {Ref: RabbitMQPassword}
        access_key_id:
          Ref: EngineKey
        secret_key:
          Fn::GetAtt: [ EngineKey, SecretAccessKey ]
        stack:
          name: {Ref: 'AWS::StackName'}
          region: {Ref: 'AWS::Region'}
        refresh:
          - resource: HeatEngine