AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31

Metadata:
  Authors:
    Description: Yang-Xin (Eason) Cao <yangxinc@amazon.com>
  License:
    Description: 'Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0'

Parameters:
  CodeCommitRepo:
    Type: String
    Description: Enter the CodeCommit repository's name
  MainBranchName:
    Type: String
    Default: 'master'
    Description: Enter the CodeCommit repository's main branch name
  NotificationEmailAddress:
    Type: String
    Default: '<account>@<email_address>'
    Description: Enter the email to get the update.
  CodeS3BucketLocation:
    Type: String
    Default: 'codecommit-sns-publisher'
    Description: Enter the S3 bucket name of source code.
  CodeS3KeyLocation:
    Type: String
    Default: 'codecommit-sns-publisher.zip'
    Description: Enter the S3 object key of the source code.

Resources:
  SnsTopic:
    Type: 'AWS::SNS::Topic'
    Properties:
      Subscription:
        - Protocol: email
          Endpoint: !Ref NotificationEmailAddress


  SNSPublisherFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: lambda_function.lambda_handler
      Runtime: python3.6
      CodeUri:
        Bucket: !Ref CodeS3BucketLocation
        Key: !Ref CodeS3KeyLocation
      Description: CodeCommit SNS Publisher
      MemorySize: 1028
      Timeout: 300
      Environment:
        Variables:
          MAIN_BRANCH_NAME: !Ref MainBranchName
          SNS_TOPIC_ARN: !Ref SnsTopic
          REPOSITORY_NAME: !Ref CodeCommitRepo
      Policies:
        - Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Resource: '*'
              Action:
                - 'codecommit:Get*'
                - "codecommit:List*"
                - "codecommit:DescribePullRequestEvents"
                - "codecommit:GitPull"
                - "codecommit:BatchGetRepositories"
                - "codecommit:BatchGetPullRequests"
                - "codecommit:CancelUploadArchive"
            - Effect: Allow
              Resource: !Ref SnsTopic
              Action:
                - 'sns:publish'
                - 'sns:List*'
                - 'sns:Get*'
            - Effect: Allow
              Resource: !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:*'
              Action:
                - 'logs:CreateLogStream'
                - 'logs:PutLogEvents'

      Events:
        RepositoryStateChange:
          Type: CloudWatchEvent
          Properties:
            Pattern:
              source:
                - "aws.codecommit"
              detail-type:
                - "CodeCommit Repository State Change"
              resources:
                - !Sub
                  - "arn:aws:codecommit:${AWS::Region}:${AWS::AccountId}:${CodeCommitRepo}"
                  - {CodeCommitRepo: !Ref CodeCommitRepo}
              detail:
                event:
                  - "referenceCreated"
                  - "referenceUpdated"

Outputs:
    SNSPublisherFunctionArn:
      Description: "SNS Publisher Function Arn"
      Value: !GetAtt SNSPublisherFunction.Arn