AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  Blue service app for for multi-bus, multi-account-pattern

Globals:
  Function:
    Timeout: 3
    Handler: app.lambda_handler
    Runtime: python3.9
    Tags:
      pattern: multi-bus-multi-account-pattern
      
Parameters:
  EventBusName:
    Description: Name of the blue service app event bus
    Type: String
    Default: blue-service-event-bus-multi-bus

  PurpleServiceAccountNo:
    Description: Account Id Purple service event bus to add rules
    Type: String

  OrangeServiceAccountNo:
    Description: Account Id Orange service event bus to add rules
    Type: String

Resources:
  # Event bus for blue service
  BlueServiceEventBus: 
    Type: AWS::Events::EventBus
    Properties: 
        Name: !Ref EventBusName

  # Resource policy for Blue service event bus
  BlueServicePublishStatement:
    Type: AWS::Events::EventBusPolicy
    Properties:
      EventBusName: !Ref BlueServiceEventBus
      StatementId: "BlueServicePublish"
      Statement:
        Effect: "Allow"
        Principal:
          AWS: 
            - !Sub arn:aws:iam::${AWS::AccountId}:root
        Action: "events:PutEvents"
        Resource: !GetAtt BlueServiceEventBus.Arn
        Condition:
          StringEquals:
            "events:source": ["com.exampleCorp.BlueService"]

  BlueEventBusRuleCreationStatement:
    Type: AWS::Events::EventBusPolicy
    Properties:
      EventBusName: !Ref BlueServiceEventBus
      StatementId: "AllServiceRuleCreation"
      Statement:
        Effect: "Allow"
        Principal:
          AWS:
            - !Sub arn:aws:iam::${PurpleServiceAccountNo}:root
            - !Sub arn:aws:iam::${OrangeServiceAccountNo}:root
        Action:
          - "events:PutRule"
          - "events:DeleteRule"
          - "events:DescribeRule"
          - "events:DisableRule"
          - "events:EnableRule"
          - "events:PutTargets"
          - "events:RemoveTargets"
        Resource:
          - !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/${BlueServiceEventBus.Name}/*
        Condition:
          StringEqualsIfExists:
            "events:creatorAccount": "${aws:PrincipalAccount}"
            "events:source": ["com.exampleCorp.BlueService"]

  BlueServicePublisherE1:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: blue_p_e1/
      Policies:
        - Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Action:
                - events:PutEvents
              Resource: !GetAtt BlueServiceEventBus.Arn
      Environment:
        Variables:
          EVENT_BUS_ARN: !Ref BlueServiceEventBus

  BlueServiceSubscriberE2:
    Type: AWS::Serverless::Function 
    Properties:
      CodeUri: blue_s_e2/
      Events:
        BlueE2Rule:
          Type: EventBridgeRule
          Properties:
            EventBusName: !Ref BlueServiceEventBus
            Pattern:
              source:
                - com.exampleCorp.PurpleService
              detail-type:
                - Event2

  # Blue service event bus targe DLQ 
  BlueServiceEventBusDlq:
    Type: AWS::SQS::Queue

Outputs:
  BlueServiceEventBusArn:
    Description: The ARN of the Purple event bus
    Value: !GetAtt BlueServiceEventBus.Arn
  BlueServicePublisherE1:
    Description: Lambda function ARN for blue service publishing event 1
    Value: !Ref BlueServicePublisherE1
  BlueServiceSubscriberE2:
    Description: Lambda function name for purple service subscriber to event 2
    Value: !Ref BlueServiceSubscriberE2
  BlueServiceEventBusDlqUrl:
    Description: URL of the SQS Queue for rules DeadLetterConfig
    Value: !Ref BlueServiceEventBusDlq
  BlueServiceEventBusDlqArn:
    Description: ARN of the SQS Queue for rules DeadLetterConfig
    Value: !GetAtt BlueServiceEventBusDlq.Arn