# This is the SAM template that represents the architecture of your serverless application
# https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-template-basics.html

# The AWSTemplateFormatVersion identifies the capabilities of the template
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/format-version-structure.html
AWSTemplateFormatVersion: 2010-09-09
Description: >-
  Lambda-SQS starter application

# Transform section specifies one or more macros that AWS CloudFormation uses to process your template
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html
Transform: AWS::Serverless-2016-10-31

# Shared configuration for all resources, more in
# https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    # The PermissionsBoundary allows users to safely develop with their function's permissions constrained
    # to their current application. All the functions and roles in this application have to include it and
    # it has to be manually updated when you add resources to your application.
    # More information in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
    PermissionsBoundary: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/${AppId}-${AWS::Region}-PermissionsBoundary'

Parameters:
  AppId:
    Type: String

# Resources declares the AWS resources that you want to include in the stack
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html
Resources:
  # Each Lambda function is defined by properties:
  # https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction

  # This is a Lambda function config associated with the source code: sqs-payload-logger.js
  sqsPayloadLoggerFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./
      Handler: src/handlers/sqs-payload-logger.sqsPayloadLoggerHandler
      Runtime: nodejs18.x
      Description: A Lambda function that logs the payload of messages sent to an associated SQS queue.
      MemorySize: 128
      Timeout: 25 # Chosen to be less than the default SQS Visibility Timeout of 30 seconds
      Policies:
        # Give Lambda basic execution Permission to the sqsPayloadLogger
        - AWSLambdaBasicExecutionRole
      Events:
        SimpleQueueEvent:
          Type: SQS
          Properties:
            Queue: !GetAtt SimpleQueue.Arn
  # This is an SQS queue with server-side encryption enabled, and default configuration properties
  # otherwise. To learn more about the available options, see
  # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-queues.html
  SimpleQueue:
    Type: AWS::SQS::Queue
    Properties:
      KmsMasterKeyId: alias/aws/sqs