{%- macro securitygroups(security_groups) -%}
{% for sg in security_groups %}
{% if security_groups[sg].existing is not defined %}
    "{{ sg }}": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "WAS Application Server(s) Security Group",
        "VpcId": "{{ vpc_id }}",
        "Tags": [
          {
            "Key": "Name",
            "Value": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "{{ sg }}" ]]}
          }
{%- if security_groups[sg].tags is defined -%}
{%- for tag in security_groups[sg].tags -%}
,
          {
            "Key": "{{ tag }}",
            "Value": "{{ security_groups[sg].tags[tag] }}"
          }{{ "\n" if loop.last else "" }}
{%- endfor -%}
{%- else -%}{{ "\n" }}
{%- endif %}
        ]
      }
    },
{% endif %}
{% endfor %}
{% for sg in security_groups %}
{% set sg_loop = loop %}
{% if security_groups[sg].ingress is defined %}
{% for rule in security_groups[sg].ingress %}
    "{{ sg }}Ingress{{ rule }}": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": { "Ref": "{{ sg }}" },
        "IpProtocol": "{{ security_groups[sg].ingress[rule].Proto }}",
        "FromPort": "{{ security_groups[sg].ingress[rule].From }}",
        "ToPort": "{{ security_groups[sg].ingress[rule].To }}",
{% if security_groups[sg].ingress[rule].Group is defined %}
        "SourceSecurityGroupId": { "Ref": "{{ security_groups[sg].ingress[rule].Group }}" }
{% elif security_groups[sg].ingress[rule].Cidr is defined %}
        "CidrIp": "{{ security_groups[sg].ingress[rule].Cidr }}"
{% endif %}
      }
    },
{% endfor %}
{% endif %}
{% endfor %}
{% for sg in security_groups %}
{% set sg_loop = loop %}
{% if security_groups[sg].egress is defined %}
{% for rule in security_groups[sg].egress %}
    "{{ sg }}Egress{{ rule }}": {
      "Type": "AWS::EC2::SecurityGroupEgress",
      "Properties": {
        "GroupId": { "Ref": "{{ sg }}" },
        "IpProtocol": "{{ security_groups[sg].egress[rule].Proto }}",
        "FromPort": "{{ security_groups[sg].egress[rule].From }}",
        "ToPort": "{{ security_groups[sg].egress[rule].To }}",
{% if security_groups[sg].egress[rule].Group is defined %}
        "DestinationSecurityGroupId": { "Ref": "{{ security_groups[sg].egress[rule].Group }}" }
{% elif security_groups[sg].egress[rule].Cidr is defined %}
        "CidrIp": "{{ security_groups[sg].egress[rule].Cidr }}"
{% endif %}
      }
    }{{ "" if loop.last and sg_loop.last else ",\n" }}
{%- endfor -%}
{%- endif -%}
{%- endfor -%}
{%- endmacro -%}



{% macro nacls(nacl_rules) -%}
{% for acl in nacl_rules %}
{% if nacl_rules[acl].existing is not defined %}
    "{{ acl }}": {
      "Type": "AWS::EC2::NetworkAcl",
      "Properties": {
        "VpcId": "{{ vpc_id }}",
        "Tags": [
          {
            "Key": "Name",
            "Value": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "{{ acl }}" ] ] }
          }
{%- if nacl_rules[acl].tags is defined -%}
{%- for tag in nacl_rules[acl].tags -%}
,
          {
            "Key": "{{ tag }}",
            "Value": "{{ nacl_rules[acl].tags[tag] }}"
          }{{ "\n" if loop.last else "" }}
{%- endfor -%}
{%- else -%}{{ "\n" }}
{%- endif %}
        ]
      }
    },
{% endif %}
{% endfor %}
{% for acl in nacl_rules %}
{% if nacl_rules[acl].ingress is defined %}
{% for rule in nacl_rules[acl].ingress %}
    "{{ acl }}Ingress{{ rule }}": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "NetworkAclId": {
          "Ref": "{{ acl }}"
        },
        "RuleNumber": "{{ nacl_rules[acl].ingress[rule].Rule }}",
        "Protocol": "{{ nacl_rules[acl].ingress[rule].Proto }}",
        "RuleAction": "{{ nacl_rules[acl].ingress[rule].Action }}",
        "Egress": "false",
{% if nacl_rules[acl].ingress[rule].From is defined %}
        "PortRange": {
          "From": "{{ nacl_rules[acl].ingress[rule].From }}",
          "To": "{{ nacl_rules[acl].ingress[rule].To }}"
        },
{% endif %}
        "CidrBlock": "{{ nacl_rules[acl].ingress[rule].Cidr }}"
      }
    },
{% endfor %}
{% endif %}
{% endfor %}
{% for acl in nacl_rules %}
{% set acl_loop = loop %}
{% if nacl_rules[acl].egress is defined %}
{% for rule in nacl_rules[acl].egress %}
    "{{ acl }}Egress{{ rule }}": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "NetworkAclId": {
          "Ref": "{{ acl }}"
        },
        "RuleNumber": "{{ nacl_rules[acl].egress[rule].Rule }}",
        "Protocol": "{{ nacl_rules[acl].egress[rule].Proto }}",
        "RuleAction": "{{ nacl_rules[acl].egress[rule].Action }}",
        "Egress": "true",
{% if nacl_rules[acl].egress[rule].From is defined %}
        "PortRange": {
          "From": "{{ nacl_rules[acl].egress[rule].From }}",
          "To": "{{ nacl_rules[acl].egress[rule].To }}"
        },
{% endif %}
        "CidrBlock": "{{ nacl_rules[acl].egress[rule].Cidr }}"
      }
    }{{ "" if loop.last and acl_loop.last else ",\n" }}
{%- endfor -%}
{%- endif -%}
{%- endfor -%}
{%- endmacro %}