AWSTemplateFormatVersion: '2010-09-09'
Description: (AWS Heidi) Ingestion stack to put events in dynamoDB 
Parameters:
  DynamoDBArn:
    Type: String
    Description: DDB arn
  EventHealthBusArn:
    Type: String
    Description: EventHealthBusArn
  SageMakerEndpoint:
    Type: String
    Description: Sagemaker endpoint for summarization model
  targetLang:
    Type: String
    Description: Target language code(e.g. for English, en )
  costSelected:
    Type: String
    Description: Do you want to include estimated last month cost for the impacted service?(leave empty for no)
  EventHealthBucket:
    Type: String
    Description: S3 Bucket for ingestion lambda source code 

Resources:
  EventHealthLambdaForDDBRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "EventHealthLambdaForDDBRole-${AWS::AccountId}-${AWS::Region}"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole 
      Policies:
        - PolicyName: cloudwatch-logs-access
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: "*"
        - PolicyName: AwshealtheventDDB-access
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - dynamodb:*
                Resource: !Ref DynamoDBArn
        - PolicyName: DescribeAccounts-Access
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - organizations:DescribeAccount
                Resource: "*"
        - PolicyName: AwshealtheventSendEvent-access
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - "events:PutEvents"
                Resource: !Ref EventHealthBusArn
        - PolicyName: Translate
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - translate:TranslateText
                Resource: "*"
        - !If
          - SageMakerEndpoint
          - PolicyName: SagemakerModelAccess
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
                - Effect: Allow
                  Action:
                    - "sagemaker:InvokeEndpoint"
                    - "sagemaker:InvokeEndpointAsync"
                  Resource: !Ref SageMakerEndpoint
          - !Ref "AWS::NoValue"
        - !If
          - costSelected
          - PolicyName: CEAccess
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
                - Effect: Allow
                  Action:
                    - "ce:GetCostAndUsage"
                  Resource: "*"
          - !Ref "AWS::NoValue"       

  EventHealthLambdaForDDB:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref EventHealthBucket
        S3Key: "lambda-source-code/lambda.zip"
      Handler: ingestion_lambda.aws_health
      Runtime: python3.8
      Timeout: 60
      Role: !GetAtt EventHealthLambdaForDDBRole.Arn
      Environment:
        Variables:
          DynamoDBName: !Select [1, !Split ["/", !Ref DynamoDBArn]]
          SageMakerEndpoint: !Ref SageMakerEndpoint
          targetLang: !Ref targetLang
          costSelected: !Ref costSelected
  
  EventHealthtRuleEventHealthBus:
    Type: "AWS::Events::Rule"
    Properties:
      Name: !Sub EventHealthtRuleEventHealthBus-${AWS::AccountId}-${AWS::Region}
      Description: "Event Health bus rule for aws.health events"
      EventBusName: !Select [1, !Split ["/", !Ref EventHealthBusArn]]
      EventPattern:
        source:
          - "aws.health"
          - "awshealthtest"
      Targets:
        - Arn: !GetAtt EventHealthLambdaForDDB.Arn
          Id: "LambaasTarget"

  EventHealthLambdaForDDBPermissions:
    Type: "AWS::Lambda::Permission"
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt EventHealthLambdaForDDB.Arn
      Principal: events.amazonaws.com
      SourceArn: !GetAtt EventHealthtRuleEventHealthBus.Arn
  
  EventHealthLambdaRunTest:              
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref EventHealthBucket
        S3Key: "lambda-source-code/lambda.zip"
      Handler: inject_testdata_lambda.lambda_handler
      Runtime: python3.8
      Timeout: 10
      Role: !GetAtt EventHealthLambdaForDDBRole.Arn
      Environment:
        Variables:
          EventHealthBusName: !Select [1, !Split ["/", !Ref EventHealthBusArn]]

  MyLambdaInvoker:
    Type: AWS::CloudFormation::CustomResource
    DependsOn: EventHealthtRuleEventHealthBus
    Properties:
      ServiceToken: !GetAtt EventHealthLambdaRunTest.Arn

Outputs:
  EventHealthLambdaForDDBRole:
    Value: !GetAtt EventHealthLambdaForDDBRole.Arn
    Export:
      Name: EventHealthLambdaForDDBRole
  EventHealthLambdaForDDB:
    Value: !GetAtt EventHealthLambdaForDDB.Arn
    Export:
      Name: EventHealthLambdaForDDB
  EventHealthtRuleEventHealthBus:
    Value: !GetAtt EventHealthtRuleEventHealthBus.Arn
    Export:
      Name: EventHealthtRuleEventHealthBus

Conditions:
  SageMakerEndpoint: !Not [!Equals [!Ref SageMakerEndpoint, ""]]
  costSelected: !Not [!Equals [!Ref costSelected, ""]]