---
AWSTemplateFormatVersion: '2010-09-09'

Description: >
   From the blog post, Visualize your Amazon Lookout for Metrics Anomaly Results, this script will
   create the Amazon QuickSight Athena Data Source.

Parameters:

  QuickSightUserName:
    Description: >
      Enter your Amazon QuickSight username. This is the user account created in QuickSight and may
      be different than your AWS Console username.
    Type: String
  
  QuickSightAccountRegion:
    Description: >
      Enter your Amazon QuickSight Account Region Code (e.g. us-east-1 or eu-west-2). This is the region specified 
      in the initial QuickSight setup, where accounts are maintained. It may be different than the region you 
      in which you are currently building.
    Type: String
    AllowedValues: # Available QuickSight Regions from: https://docs.aws.amazon.com/general/latest/gr/quicksight.html
      - ap-northeast-1
      - ap-northeast-2
      - ap-south-1
      - ap-southeast-1
      - ap-southeast-2
      - ca-central-1
      - eu-central-1
      - eu-west-1
      - eu-west-2
      - sa-east-1
      - us-east-1
      - us-east-2
      - us-gov-west-1
      - us-west-2

Metadata:

  AWS::CloudFormation::Interface:

    ParameterGroups:
    
      - Label: 
          default: "Amazon QuickSight Configuration"
        Parameters:
          - QuickSightUserName
          - QuickSightAccountRegion

    ParameterLabels:

      QuickSightUserName: 
        default: "Amazon QuickSight Username:"

      QuickSightAccountRegion: 
        default: "Amazon QuickSight Account Management Region:"

Resources:

  L4MQuickSightWorkGroup:
    Type: AWS::Athena::WorkGroup
    Properties:
      Name: L4MQuickSightWorkGroup
      Description: Workgroup for QuickSight
      RecursiveDeleteOption: true
      State: ENABLED
      WorkGroupConfiguration:
        EnforceWorkGroupConfiguration: false
        PublishCloudWatchMetricsEnabled: false
        RequesterPaysEnabled: true
        ResultConfiguration:
          OutputLocation: 
            Fn::Sub:
                - 's3://${BucketName}/athena-output'
                - BucketName: !ImportValue L4MS3BucketName

  L4MQuickSightDataSource:
    Type: AWS::QuickSight::DataSource
    Properties: 
      AwsAccountId: !Ref AWS::AccountId
      DataSourceId: 'L4MQuickSightDataSource'
      Name: L4MQuickSightDataSource
      Type: 'ATHENA'
      DataSourceParameters:
        AthenaParameters:
            WorkGroup: L4MQuickSightWorkGroup
      Permissions:
        - Principal: !Sub 'arn:${AWS::Partition}:quicksight:${QuickSightAccountRegion}:${AWS::AccountId}:user/default/${QuickSightUserName}'
          Actions:
            - 'quicksight:DescribeDataSource'
            - 'quicksight:DescribeDataSourcePermissions'
            - 'quicksight:UpdateDataSource'
            - 'quicksight:UpdateDataSourcePermissions'
            - 'quicksight:DeleteDataSource'
            - 'quicksight:PassDataSource'
Outputs:

  L4MQuickSightDataSourceArn:
    Description: 'L4M QuickSight DataSource ARN'
    Value: !GetAtt L4MQuickSightDataSource.Arn
    Export:
        Name: 'L4MQuickSightDataSourceArn'

  L4MQuickSightPrincipalArn:
      Description: 'L4M QuickSight Permissions Principal ARN'
      Value: !Sub 'arn:${AWS::Partition}:quicksight:${QuickSightAccountRegion}:${AWS::AccountId}:user/default/${QuickSightUserName}'
      Export:
         Name: 'L4MQuickSightPrincipalArn'