AWSTemplateFormatVersion: 2010-09-09
Description: Template to start the nlu search blog

Resources:
  CodeRepository:
    Type: AWS::SageMaker::CodeRepository
    Properties:
      GitConfig:
          RepositoryUrl: https://github.com/aws-samples/amazon-sagemaker-nlu-search

  NotebookInstance:
    Type: AWS::SageMaker::NotebookInstance
    Properties:
      InstanceType: ml.t3.medium
      RoleArn: !GetAtt Role.Arn
      DefaultCodeRepository: !GetAtt CodeRepository.CodeRepositoryName

  Role:
    Type: AWS::IAM::Role
    Properties:
      Policies:
        - PolicyName: CustomNotebookAccess
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - "es:ESHttp*"
                Resource:
                  - !Sub arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/*
              - Effect: Allow
                Action:
                  - "s3:GetObject"
                  - "s3:PutObject"
                  - "s3:DeleteObject"
                  - "s3:PutObjectAcl"
                Resource:
                  - !Sub arn:aws:s3:::${s3BucketTraining}/*
                  - !Sub arn:aws:s3:::${s3BucketHosting}/*
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonSageMakerFullAccess
        - arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess
        - arn:aws:iam::aws:policy/TranslateReadOnly
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
              - sagemaker.amazonaws.com
            Action:
              - 'sts:AssumeRole'

  s3BucketTraining:
    Type: AWS::S3::Bucket
    Properties:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: "AES256"
      VersioningConfiguration:
        Status: Enabled

  s3BucketHosting:
    Type: AWS::S3::Bucket
    Properties:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: "AES256"
      VersioningConfiguration:
        Status: Enabled
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: error.html

  Domain:
    Type: AWS::Elasticsearch::Domain
    Properties:
      AccessPolicies:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              AWS: !Ref AWS::AccountId
            Action: 'es:*'
            Resource: !Sub arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/*/*
      ElasticsearchVersion: 7.7
      ElasticsearchClusterConfig:
        InstanceType: "t2.small.elasticsearch"
      EBSOptions:
        EBSEnabled: True
        VolumeSize: 10
        VolumeType: gp2


Outputs:
  esHostName:
    Description: Elasticsearch hostname
    Value: !GetAtt Domain.DomainEndpoint

  esDomainName:
    Description: Elasticsearch domain name
    Value: !Ref Domain

  s3BucketTraining:
    Description: S3 bucket name for training
    Value: !Ref s3BucketTraining

  s3BucketHostingBucketName:
    Description: S3 bucket name for frontend hosting
    Value: !Ref s3BucketHosting

  S3BucketSecureURL:
    Value: !Join
      - ''
      - - 'https://'
        - !GetAtt
          - s3BucketHosting
          - DomainName
    Description: Name of S3 bucket to hold website content

  SageMakerNotebookURL:
    Description: SageMaker Notebook Instance
    Value: !Join
      - ''
      - - 'https://console.aws.amazon.com/sagemaker/home?region=us-east-1#/notebook-instances/openNotebook/'
        - !GetAtt NotebookInstance.NotebookInstanceName
        - '?view=classic'