AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
  IaC Network Tester Application

Metadata:
  AWS::ServerlessRepo::Application:
    Name: aws-iac-network-tester
    Description: AWS IaC Network Tester is an opensource tool that can help you test the network reachability of resources deployed via Infrastructure as Code. It can be used for infrastructure deployed directly via AWS Console, CLI or SDK or via a Continuous Integration and Continuous Deployment pipeline. It will be deployed on your AWS Account and is powered by Step Functions that identify the routes to test and check for network reachability using the VPC Rechability Analyzer.
    Author: Ozioma Uzoegwu
    SpdxLicenseId: Apache-2.0
    LicenseUrl: LICENSE.txt
    ReadmeUrl: README.md
    Labels: ["IaC", "Network Tester", "VPC Rechability Analyzer"]
    HomePageUrl: https://github.com/aws-samples/aws-iac-network-tester
    SemanticVersion: 0.0.1
    SourceCodeUrl: https://github.com/aws-samples/aws-iac-network-tester

Globals:
  Function:
    Timeout: 300

Resources:
  NetworkTestStateMachine:
    Type: AWS::Serverless::StateMachine
    Properties:
      DefinitionUri: statemachine/network-test.json
      DefinitionSubstitutions:
        RetrievePathToTestFunctionArn: !GetAtt RetrievePathToTestFunction.Arn
        CheckNetworkTestStatusFunctionArn: !GetAtt CheckNetworkTestStatusFunction.Arn
        TestDurationIteratorFunctionArn: !GetAtt TestDurationIteratorFunction.Arn
        StartNetworkTestFunctionArn: !GetAtt StartNetworkTestFunction.Arn
        DeleteTestResourcesFunctionArn: !GetAtt DeleteTestResourcesFunction.Arn
      Tracing:
        Enabled: True
      Policies:
        - LambdaInvokePolicy:
            FunctionName: !Ref RetrievePathToTestFunction
        - LambdaInvokePolicy:
            FunctionName: !Ref CheckNetworkTestStatusFunction
        - LambdaInvokePolicy:
            FunctionName: !Ref TestDurationIteratorFunction
        - LambdaInvokePolicy:
            FunctionName: !Ref StartNetworkTestFunction
        - LambdaInvokePolicy:
            FunctionName: !Ref DeleteTestResourcesFunction

  RetrievePathToTestFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: retrieve_path_to_test/
      Handler: app.lambda_handler
      Runtime: python3.7
      Policies:
        - CloudFormationDescribeStacksPolicy: {}
        - Statement:
            - Sid: CloudFormationDescribeStackResourcePolicy
              Effect: Allow
              Action:
                - cloudformation:DescribeStackResource
              Resource: "*"

  StartNetworkTestFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: start_network_test/
      Handler: app.lambda_handler
      Runtime: python3.7
      Policies:
        - CloudFormationDescribeStacksPolicy: {}
        - Statement:
            - Sid: StartNetworkInsightAnalysisPolicy
              Effect: Allow
              Action:
                - "*"
              Resource: "*"

  CheckNetworkTestStatusFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: check_network_test/
      Handler: app.lambda_handler
      Runtime: python3.7
      Policies:
        - Statement:
            - Sid: DescribeNetworkInsightsAnalysesPolicy
              Effect: Allow
              Action:
                - ec2:DescribeNetworkInsightsAnalyses
              Resource: "*"

  TestDurationIteratorFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: test_duration_iterator/
      Handler: app.lambda_handler
      Runtime: python3.7

  DeleteTestResourcesFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: delete_test_resources/
      Handler: app.lambda_handler
      Runtime: python3.7
      Policies:
        - Statement:
            - Sid: DeleteNetworkAnalysisPolicy
              Effect: Allow
              Action:
                - "*"
              Resource: "*"
Outputs:
  IaCNetworkTesterStateMachineArn:
    Value: !GetAtt NetworkTestStateMachine.Arn