AWSTemplateFormatVersion: "2010-09-09"
Description: "Lambda function to invoke the step functions."
Parameters:
  paramLambdaFunctionName:
    Type: "String"
    AllowedPattern: "^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$"
    Default: makeshift-aws-blog-invoke-step-functions-lambda
    AllowedValues: ["makeshift-aws-blog-invoke-step-functions-lambda"]

Resources:
  LambdaExecutionRole:
    Type: "AWS::IAM::Role"
    Properties:
      RoleName: "makeshift-aws-blog-iam-role-api"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Action:
              - "sts:AssumeRole"
            Effect: "Allow"
            Principal:
              Service:
                - "lambda.amazonaws.com"
      Policies:
        - PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Action:
                  - "logs:CreateLogGroup"
                  - "logs:CreateLogStream"
                  - "logs:PutLogEvents"
                Effect: "Allow"
                Resource:
                  - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${paramLambdaFunctionName}:*"
          PolicyName: "makeshift-aws-blog-iam-policy"
        - PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Action:
                  - "states:StartExecution"
                Effect: "Allow"
                Resource: !Sub 'arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:makeshift-demo-state-machine'
          PolicyName: "makeshift-aws-blog-state-function-policy"
        - PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Action:
                  - "ssm:GetParameter"
                Effect: "Allow"
                Resource:
                  - "*"
                Condition:
                  ForAllValues:StringEquals:
                    "ssm:resourceTag/created-by": "makeshift-demo"
          PolicyName: "makeshift-lambda-ssm-iam-policy"
  #LambdaLogGroup:
  #    Type: "AWS::Logs::LogGroup"
  ##    Properties:
  #      LogGroupName: !Sub "/aws/lambda/${paramLambdaFunctionName}"
  #      RetentionInDays: 90

  StartAnalyticsJobLambda:
    Type: "AWS::Lambda::Function"
    DependsOn: LambdaExecutionRole
    Properties:
      FunctionName: !Ref "paramLambdaFunctionName"
      Code:
        S3Bucket: !Sub 'makeshift-demo-${AWS::Region}-${AWS::AccountId}'
        S3Key: "makeshift-lambdas.jar"
      Description: "Invoke Step Functions."
      Handler: "com.dataanalytics.awsblogs.InvokeStepFunctionsLambda::handleRequest"
      MemorySize: 256
      Role: !GetAtt "LambdaExecutionRole.Arn"
      Runtime: "java8"
      Timeout: 300
      Environment:
        Variables:
          StateMachineArn: !Sub 'arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:makeshift-demo-state-machine'

Outputs:
  StartAnalyticsJobLambdaArn:
    Description: "The Invoke Step Functions Lambda Arn"
    Value: !GetAtt StartAnalyticsJobLambda.Arn
    Export:
      Name: "StartAnalyticsJobLambdaArn"

  StartAnalyticsJobLambdaName:
    Description: "The Invoke Step Functions Lambda Arn"
    Value: !Ref StartAnalyticsJobLambda
    Export:
      Name: "StartAnalyticsJobLambdaName"

  LambdaExecutionRoleArn:
    Description: "The Lambda execution role Arn"
    Value: !GetAtt LambdaExecutionRole.Arn
    Export:
        Name: "ApiLambdaExecutionRoleArn"