# This is the SAM template that represents the architecture of your serverless application
# https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-template-basics.html

# The AWSTemplateFormatVersion identifies the capabilities of the template
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/format-version-structure.html
AWSTemplateFormatVersion: 2010-09-09
Description: >-
  Lambda-S3 starter project

# Transform section specifies one or more macros that AWS CloudFormation uses to process your template
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html
Transform: AWS::Serverless-2016-10-31

# Shared configuration for all resources, more in
# https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    # The PermissionsBoundary allows users to safely develop with their function's permissions constrained
    # to their current application. All the functions and roles in this application have to include it and
    # it has to be manually updated when you add resources to your application.
    # More information in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
    PermissionsBoundary: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/${AppId}-${AWS::Region}-PermissionsBoundary'

Parameters:
  AppId:
    Type: String

# Resources declares the AWS resources that you want to include in the stack
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html
Resources:
  # Each Lambda function is defined by properties:
  # https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction

  # This is a Lambda function config associated with the source code: s3-json-logger.js
  s3JsonLoggerFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./
      Handler: src/handlers/s3-json-logger.s3JsonLoggerHandler
      Runtime: nodejs18.x
      Description: A Lambda function that logs a json file sent to S3 bucket.
      MemorySize: 128
      Timeout: 60
      Policies:
        # Give Read Permissions to the S3 Bucket
        - S3ReadPolicy:
            BucketName: !Sub aws-${AWS::Region}-${AWS::AccountId}-${AppId}-simpleappbucket
      Events:
        simpleappbucketEvent:
          Type: S3
          Properties:
            Bucket: !Ref simpleappbucket
            Events: s3:ObjectCreated:*
            Filter:
              S3Key:
                Rules:
                  - Name: suffix
                    Value: ".json"
  simpleappbucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub aws-${AWS::Region}-${AWS::AccountId}-${AppId}-simpleappbucket
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256