AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: SAP NetWeaver ABAP Monitoring sap-monitor-<SID>
Globals:
  Function:
    Timeout: 60
Metadata:
  AWS::ServerlessRepo::Application:
    Name: sap-monitor
    Description: Amazon CloudWatch Monitoring for SAP NetWeaver ABAP-based environments.
    Author: mtoerpe
    SpdxLicenseId: Apache-2.0
    LicenseUrl: s3://sap-monitor/34400b68072d710fecd0a2940a0d1658
    ReadmeUrl: s3://sap-monitor/c84d6466a4a9a312c9d83b97a21bb366
    Labels:
    - sap
    - netweaver
    - monitoring
    - cloudwatch
    HomePageUrl: https://github.com/aws-samples/amazon-cloudwatch-monitor-for-sap-netweaver
    SemanticVersion: 1.0.73
    SourceCodeUrl: https://github.com/aws-samples/amazon-cloudwatch-monitor-for-sap-netweaver
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Network Configuration
      Parameters:
      - SubnetParameter
      - SecurityGroupParameter
    - Label:
        default: SAP Configuration
      Parameters:
      - SAPSIDParameter
      - SAPHostParameter
      - SAPInstanceIDParameter
      - SAPClientParameter
      - SAPRFC0UserParameter
      - SAPRFC1PasswordParameter
    ParameterLabels:
      SubnetParameter:
        default: Which VPC Subnet(s) should this be deployed to?
      SecurityGroupParameter:
        default: Which Security Groups should be applied?
Parameters:
  SubnetParameter:
    Type: List<AWS::EC2::Subnet::Id>
    Description: Provide Subnet(s) IDs, separate by comma
  SecurityGroupParameter:
    Type: List<AWS::EC2::SecurityGroup::Id>
    Description: Provide Security Group(s) IDs, separate by comma
  LayerVersionParameter:
    Type: String
    Description: Provide <sapjco> Lambda layer version
    Default: '1'
  ScheduleParameter:
    Type: Number
    Description: Schedule /SDF/SMON job automatically (true = 1, false = 0)
    Default: 1
    MinValue: 0
    MaxValue: 1
  SAPSIDParameter:
    Type: String
    Description: Provide SAP System ID (used as namespace/identification only)
    MinLength: 3
    MaxLength: 3
  SAPHostParameter:
    Type: String
    Description: Provide Hostname/IP-Address of Primary Application Server
  SAPInstanceIDParameter:
    Type: String
    Description: Provide SAP Instance Number
    MinLength: 2
    MaxLength: 2
  SAPClientParameter:
    Type: String
    Description: Provide SAP Client
    Default: '000'
    MinLength: 3
    MaxLength: 3
  SAPRFC0UserParameter:
    Type: String
    Description: Provide RFC User
  SAPRFC1PasswordParameter:
    Type: String
    Description: Provide RFC Password
    NoEcho: true
Resources:
  SecretsManager:
    Type: AWS::SecretsManager::Secret
    Properties:
      Name:
        Fn::Sub:
        - sap-monitor-${SID}
        - SID:
            Ref: SAPSIDParameter
      Description:
        Fn::Sub:
        - Secret for SAP Monitoring <${SID}>
        - SID:
            Ref: SAPSIDParameter
      SecretString:
        Fn::Sub:
        - '{ "name":"${SID}", "host":"${HOST}", "sys_id":"${INSTANCEID}", "client":"${CLIENT}",
          "user":"${USER}", "password": "${PASSWORD}", "language":"en", "/SDF/SMON_DESC":"AWSCW",
          "/SDF/SMON_SCHEDULE":${SCHED}, "/SDF/SMON_FREQUENCY": 30, "/SDF/SMON_ENQUEUE":
          1, "we02": 0 }'
        - SID:
            Ref: SAPSIDParameter
          HOST:
            Ref: SAPHostParameter
          INSTANCEID:
            Ref: SAPInstanceIDParameter
          CLIENT:
            Ref: SAPClientParameter
          USER:
            Ref: SAPRFC0UserParameter
          PASSWORD:
            Ref: SAPRFC1PasswordParameter
          SCHED:
            Ref: ScheduleParameter
      Tags:
      - Key: AppName
        Value: SAPMONITOR
  ScheduledRule:
    Type: AWS::Events::Rule
    Properties:
      Name:
        Fn::Sub:
        - sap-monitor-${SID}
        - SID:
            Ref: SAPSIDParameter
      Description:
        Fn::Sub:
        - Scheduler for SAP Monitoring <${SID}>
        - SID:
            Ref: SAPSIDParameter
      ScheduleExpression: rate(1 minute)
      State: DISABLED
      Targets:
      - Arn:
          Fn::GetAtt:
          - CWLambdaFunction
          - Arn
        Id: latest
  PermissionForEventsToInvokeLambda:
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName:
        Fn::GetAtt:
        - CWLambdaFunction
        - Arn
      Action: lambda:InvokeFunction
      Principal: events.amazonaws.com
      SourceArn:
        Fn::GetAtt:
        - ScheduledRule
        - Arn
  CWLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: s3://sap-monitor/c449f953007644160207c643b54bde7e
      Layers:
      - Fn::Sub:
        - arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:sapjco:${LLY}
        - LLY:
            Ref: LayerVersionParameter
      Handler: init::handleRequest
      FunctionName:
        Fn::Sub:
        - sap-monitor-${SID}
        - SID:
            Ref: SAPSIDParameter
      Description:
        Fn::Sub:
        - SAP Monitoring for <${SID}>
        - SID:
            Ref: SAPSIDParameter
      Runtime: java11
      MemorySize: 512
      Timeout: 120
      VpcConfig:
        SecurityGroupIds:
          Ref: SecurityGroupParameter
        SubnetIds:
          Ref: SubnetParameter
      Environment:
        Variables:
          SECRET:
            Fn::Sub:
            - sap-monitor-${SID}
            - SID:
                Ref: SAPSIDParameter
      Policies:
      - Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Action:
          - secretsmanager:GetSecretValue
          Resource:
            Ref: SecretsManager
        - Effect: Allow
          Action:
          - cloudwatch:PutMetricData
          Resource: '*'
      Tags:
        AppName: SAPMONITOR
Outputs:
  CWLambdaFunction:
    Description: SAP Monitor Lambda Function ARN
    Value:
      Fn::GetAtt:
      - CWLambdaFunction
      - Arn