AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: SAP NetWeaver ABAP Monitoring sap-monitor-<SID>

Globals:
  Function:
    Timeout: 60

Metadata:
  AWS::ServerlessRepo::Application:
    Name: sap-monitor
    Description: Amazon CloudWatch Monitoring for SAP NetWeaver ABAP-based environments.
    Author: mtoerpe
    SpdxLicenseId: Apache-2.0
    LicenseUrl: LICENSE
    ReadmeUrl: README.md
    Labels: ['sap', 'netweaver', 'monitoring', 'cloudwatch']
    HomePageUrl: https://github.com/aws-samples/amazon-cloudwatch-monitor-for-sap-netweaver
    SemanticVersion: 1.0.73
    SourceCodeUrl: https://github.com/aws-samples/amazon-cloudwatch-monitor-for-sap-netweaver
  AWS::CloudFormation::Interface: 
    ParameterGroups: 
      - 
        Label: 
          default: "Network Configuration"
        Parameters: 
          - SubnetParameter
          - SecurityGroupParameter
      - 
        Label: 
          default: "SAP Configuration"
        Parameters: 
          - SAPSIDParameter
          - SAPHostParameter
          - SAPInstanceIDParameter
          - SAPClientParameter
          - SAPRFC0UserParameter
          - SAPRFC1PasswordParameter
    ParameterLabels: 
      SubnetParameter: 
        default: "Which VPC Subnet(s) should this be deployed to?"
      SecurityGroupParameter: 
        default: "Which Security Groups should be applied?"

Parameters: 
  SubnetParameter: 
    Type: "List<AWS::EC2::Subnet::Id>"
    Description: Provide Subnet(s) IDs, separate by comma
  SecurityGroupParameter: 
    Type: "List<AWS::EC2::SecurityGroup::Id>"
    Description: Provide Security Group(s) IDs, separate by comma
  LayerVersionParameter: 
    Type: String
    Description: Provide <sapjco> Lambda layer version
    Default: "1"
  ScheduleParameter: 
    Type: Number
    Description: Schedule /SDF/SMON job automatically (true = 1, false = 0)
    Default: 1
    MinValue: 0
    MaxValue: 1
  SAPSIDParameter: 
    Type: String
    Description: Provide SAP System ID (used as namespace/identification only)
    MinLength: 3
    MaxLength: 3
  SAPHostParameter: 
    Type: String
    Description: Provide Hostname/IP-Address of Primary Application Server
  SAPInstanceIDParameter: 
    Type: String
    Description: Provide SAP Instance Number
    MinLength: 2
    MaxLength: 2
  SAPClientParameter: 
    Type: String
    Description: Provide SAP Client
    Default: '000'
    MinLength: 3
    MaxLength: 3
  SAPRFC0UserParameter: 
    Type: String
    Description: Provide RFC User
  SAPRFC1PasswordParameter: 
    Type: String
    Description: Provide RFC Password
    NoEcho: true

Resources:
  SecretsManager:
    Type: AWS::SecretsManager::Secret
    Properties:
      Name:
        !Sub
        - sap-monitor-${SID}
        - { SID: !Ref SAPSIDParameter }
      Description:
        !Sub
          - Secret for SAP Monitoring <${SID}>
          - { SID: !Ref SAPSIDParameter }
      SecretString:
        !Sub
          - "{      
            \"name\":\"${SID}\",
            \"host\":\"${HOST}\",
            \"sys_id\":\"${INSTANCEID}\",
            \"client\":\"${CLIENT}\",
            \"user\":\"${USER}\",
            \"password\": \"${PASSWORD}\",
            \"language\":\"en\",
            \"/SDF/SMON_DESC\":\"AWSCW\",
            \"/SDF/SMON_SCHEDULE\":${SCHED},
            \"/SDF/SMON_FREQUENCY\": 30,
            \"/SDF/SMON_ENQUEUE\": 1,
            \"we02\": 0
            }"
          - { SID: !Ref SAPSIDParameter, HOST: !Ref SAPHostParameter, INSTANCEID: !Ref SAPInstanceIDParameter, CLIENT: !Ref SAPClientParameter, USER: !Ref SAPRFC0UserParameter, PASSWORD: !Ref SAPRFC1PasswordParameter,  SCHED: !Ref ScheduleParameter }
      Tags:
        -
          Key: AppName
          Value: SAPMONITOR
  ScheduledRule:
    Type: 'AWS::Events::Rule'
    Properties:
      Name: #sap-monitor-SID
        !Sub
            - sap-monitor-${SID}
            - { SID: !Ref SAPSIDParameter }
      Description: #Scheduler for SAP Monitoring <SID>
        !Sub
            - Scheduler for SAP Monitoring <${SID}>
            - { SID: !Ref SAPSIDParameter }
      ScheduleExpression: rate(1 minute)
      State: DISABLED
      Targets:
        - Arn: 
            'Fn::GetAtt':
              - CWLambdaFunction
              - Arn
          Id: latest
  PermissionForEventsToInvokeLambda:
    Type: 'AWS::Lambda::Permission'
    Properties:
      FunctionName: 
        'Fn::GetAtt':
          - CWLambdaFunction
          - Arn
      Action: 'lambda:InvokeFunction'
      Principal: events.amazonaws.com
      SourceArn:
        'Fn::GetAtt':
          - ScheduledRule
          - Arn
  CWLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: code
      Layers: 
          - !Sub 
            - arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:sapjco:${LLY}
            - { LLY: !Ref LayerVersionParameter }
      Handler: init::handleRequest
      FunctionName: 
        !Sub
          - sap-monitor-${SID}
          - { SID: !Ref SAPSIDParameter }
      Description: #SAP Monitoring for <SID>
        !Sub
          - SAP Monitoring for <${SID}>
          - { SID: !Ref SAPSIDParameter }
      Runtime: java11
      MemorySize: 512
      Timeout: 120
      VpcConfig:
        SecurityGroupIds:
          !Ref SecurityGroupParameter
        SubnetIds:
          !Ref SubnetParameter
      Environment:
        Variables:
          SECRET: 
            !Sub
              - sap-monitor-${SID}
              - { SID: !Ref SAPSIDParameter }
      Policies:
        - Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Action:
                - 'secretsmanager:GetSecretValue'
              Resource:
                !Ref SecretsManager
            - Effect: Allow
              Action:
                - 'cloudwatch:PutMetricData'
              Resource: '*'
      Tags:
        AppName: SAPMONITOR

Outputs:
  CWLambdaFunction:
    Description: "SAP Monitor Lambda Function ARN"
    Value: !GetAtt CWLambdaFunction.Arn