AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Parameters: 
  SESSendFrom: 
    Type: String
    Description: "Email thats authorised in account for SES sending. Will not email if blank"
  SESSendTo: 
    Type: String
    Description: "List of comma emails to send to"
  SESRegion: 
    Type: String
    Default: "us-east-1"
    Description: "Region you have configured SES in (Default us-east-1)"
  S3Bucket: 
    Type: String
    Description: "S3 Bucket to store the report in"
  AccountLabel: 
    Type: String
    Default: Email
    Description: "Email or Name, default is Email"
  ListOfCostTags: 
    Type: String
    Description: "Comma seperated list of all Cost Allocation Tags"
  CurrentMonth:
    Type: String
    Description: "true | false for if current partial month included"
  DayOfMonth:
    Type: Number
    Default: 6
    Description: "DayOfMonth for Schedule, default 6 - use 12 if you want to report refunds and finalised Enterprise Support."

Resources:
  CostExplorerReportLayer:
    Type: AWS::Serverless::LayerVersion
    Properties:
      ContentUri: ../bin/layer.zip
      CompatibleRuntimes:
        - python3.8
    Metadata:
      BuildMethod: python3.8
  
  CostExplorerReport:
    Type: 'AWS::Serverless::Function'
    Properties:
      FunctionName: CostExplorerReportLambda
      Description: "Function for generating / sending monthly cost report"
      MemorySize: 256
      Timeout: 60
      Handler: lambda.main_handler
      Runtime: python3.8
      CodeUri: ../bin/lambda.zip
      Layers:
        - !Ref CostExplorerReportLayer
      Role: !GetAtt CostExplorerReportLambdaIAMRole.Arn
      Environment:
        Variables:
          S3_BUCKET: !Ref S3Bucket
          SES_SEND: !Ref SESSendTo
          SES_FROM: !Ref SESSendFrom
          SES_REGION: !Ref SESRegion
          COST_TAGS: !Ref ListOfCostTags
          ACCOUNT_LABEL: !Ref AccountLabel
          CURRENT_MONTH: !Ref CurrentMonth
          INC_SUPPORT: 'false'
          INC_TAX: 'true'
      Events:
        MonthlyEvent:
          Properties:
            Schedule: !Sub cron(0 1 ${DayOfMonth} * ? *)
          Type: Schedule
  
  CostExplorerReportLambdaIAMRole:
    Type: "AWS::IAM::Role"
    Properties:
        Path: "/"
        ManagedPolicyArns: #This policy is for Lambda invoke / logging
          - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
        Policies: 
          - 
            PolicyName: "root"
            PolicyDocument: 
              Version: "2012-10-17"
              Statement:
                -  #Policy to allow CostExplorerAPI
                  Effect: "Allow"
                  Action:
                    - ce:*
                  Resource: "*"
                -  #Policy to allow Organizations Listing
                  Effect: "Allow"
                  Action:
                    - organizations:ListAccounts
                  Resource: "*"
                - #Policy to allow SES sending
                  Effect: "Allow"
                  Action:
                    - ses:SendEmail
                    - ses:SendRawEmail
                  Resource: "*"
                - #Policy to allow storing S3 file
                  Effect: Allow
                  Action:
                    - s3:PutObject
                    - s3:PutObjectAcl
                  Resource: !Sub arn:aws:s3:::${S3Bucket}/*
        AssumeRolePolicyDocument:
          Version: "2012-10-17"
          Statement:
            -
              Sid: "AllowLambdaServiceToAssumeRole"
              Effect: "Allow"
              Action: 
                - "sts:AssumeRole"
              Principal:
                Service: 
                  - "lambda.amazonaws.com"