AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
  SESSendFrom:
    Type: String
    Description: Email thats authorised in this account for SES sending. Will not email
      if blank
  SESSendTo:
    Type: String
    Description: List of comma seperated emails to send to
  SESRegion:
    Type: String
    Default: us-east-1
    Description: Region you have configured SES in (Default us-east-1)
  S3Bucket:
    Type: String
    Description: S3 Bucket to store the report in
  AccountLabel:
    Type: String
    Default: Email
    Description: Email or Name, default is Email
  ListOfCostTags:
    Type: String
    Description: Comma seperated list of all Cost Allocation Tags
  CurrentMonth:
    Type: String
    Description: true | false for if current partial month included
  DayOfMonth:
    Type: Number
    Default: 6
    Description: DayOfMonth for Schedule, default 6 - use 12 if you want to report
      refunds and finalised Enterprise Support.
Resources:
  CostExplorerReportLayer:
    Type: AWS::Serverless::LayerVersion
    Properties:
      ContentUri: s3://aws-cost-explorer-report-release/layer.zip
      CompatibleRuntimes:
        - python3.8
    Metadata:
      BuildMethod: python3.8

  CostExplorerReport:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: CostExplorerReportLambda
      Description: Function for generating / sending monthly cost report
      MemorySize: 256
      Timeout: 60
      Handler: lambda.main_handler
      Runtime: python3.8
      CodeUri: s3://aws-cost-explorer-report-release/lambda.zip
      Layers:
      - Ref: CostExplorerReportLayer
      Role:
        Fn::GetAtt:
        - CostExplorerReportLambdaIAMRole
        - Arn
      Environment:
        Variables:
          S3_BUCKET:
            Ref: S3Bucket
          SES_SEND:
            Ref: SESSendTo
          SES_FROM:
            Ref: SESSendFrom
          SES_REGION:
            Ref: SESRegion
          COST_TAGS:
            Ref: ListOfCostTags
          ACCOUNT_LABEL:
            Ref: AccountLabel
          CURRENT_MONTH:
            Ref: CurrentMonth
          INC_SUPPORT: 'false'
          INC_TAX: 'true'
      Events:
        MonthlyEvent:
          Properties:
            Schedule:
              Fn::Sub: cron(0 1 ${DayOfMonth} * ? *)
          Type: Schedule
  CostExplorerReportLambdaIAMRole:
    Type: AWS::IAM::Role
    Properties:
      Path: /
      ManagedPolicyArns:
      - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies:
      - PolicyName: root
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - ce:*
            Resource: '*'
          - Effect: Allow
            Action:
            - organizations:ListAccounts
            Resource: '*'
          - Effect: Allow
            Action:
            - ses:SendEmail
            - ses:SendRawEmail
            Resource: '*'
          - Effect: Allow
            Action:
            - s3:PutObject
            - s3:PutObjectAcl
            Resource:
              Fn::Sub: arn:aws:s3:::${S3Bucket}/*
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Sid: AllowLambdaServiceToAssumeRole
          Effect: Allow
          Action:
          - sts:AssumeRole
          Principal:
            Service:
            - lambda.amazonaws.com