# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

AWSTemplateFormatVersion: '2010-09-09'

Description: 'Sample Lambda function with API Gateway Integration'
###
### CloudFormation Metadata
###

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label: 
        default: Parameter Definition
      Parameters:
      - pLambdaFunctionName
      - pApiGatewayName
      - pVPCSecurityGroup
      - pVPCSubnet
    ParameterLabels:
      pLambdaFunctionName:
        default: Lambda Function Name
      pApiGatewayName:
        default: API Gateway Name
      pVPCSecurityGroup:
        default: Security Group Name
      pVPCSubnet:
        default: Subnet Name
      
###
### Template input parameters
###

Parameters:
  pLambdaFunctionName:
    Type: String
    AllowedPattern: ^[a-zA-Z0-9-\-_.]{3,63}
    Description: Name of the Lambda Function
  pApiGatewayName:
    Type: String
    AllowedPattern: ^[a-zA-Z0-9-\-_.]{3,63}
    Description: Name of API Gateway
  pVPCSecurityGroup:
    Type: AWS::EC2::SecurityGroup::Id
    Description: Select VPC Security Group
  pVPCSubnet:
    Type: AWS::EC2::Subnet::Id
    Description: Select Subnet under VPC 
  
###
### Template Resources
###

Resources:
# API Gateway resource 
  ApiGatewayRestApi:
    Type: AWS::ApiGateway::RestApi
    Properties:
      ApiKeySourceType: HEADER
      Description: An API Gateway with a Lambda Integration
      EndpointConfiguration:
        Types:
          - EDGE
      Name: !Ref pApiGatewayName

  ApiGatewayResource:
    Type: AWS::ApiGateway::Resource
    Properties:
      ParentId: !GetAtt ApiGatewayRestApi.RootResourceId
      PathPart: 'lambda'
      RestApiId: !Ref ApiGatewayRestApi

# Sample API Gateway post method
  ApiGatewayMethod:
    Type: AWS::ApiGateway::Method
    Properties:
      ApiKeyRequired: false
      AuthorizationType: NONE
      HttpMethod: POST
      Integration:
        ConnectionType: INTERNET
        Credentials: !GetAtt ApiGatewayIamRole.Arn
        IntegrationHttpMethod: POST
        PassthroughBehavior: WHEN_NO_MATCH
        TimeoutInMillis: 29000
        Type: AWS_PROXY
        Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction.Arn}/invocations'
      OperationName: 'lambda'
      ResourceId: !Ref ApiGatewayResource
      RestApiId: !Ref ApiGatewayRestApi

  ApiGatewayModel:
    Type: AWS::ApiGateway::Model
    Properties:
      ContentType: 'application/json'
      RestApiId: !Ref ApiGatewayRestApi
      Schema: {}

  ApiGatewayStage:
    Type: AWS::ApiGateway::Stage
    Properties:
      DeploymentId: !Ref ApiGatewayDeployment
      Description: Lambda API Stage v0
      RestApiId: !Ref ApiGatewayRestApi
      StageName: 'v0'

  ApiGatewayDeployment:
    Type: AWS::ApiGateway::Deployment
    DependsOn: ApiGatewayMethod
    Properties:
      Description: Lambda API Deployment
      RestApiId: !Ref ApiGatewayRestApi

# API Gateway permission
  ApiGatewayIamRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Sid: ''
            Effect: 'Allow'
            Principal:
              Service:
                - 'apigateway.amazonaws.com'
            Action:
              - 'sts:AssumeRole'
      Path: '/'
      Policies:
        - PolicyName: LambdaAccess
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: 'Allow'
                Action: 'lambda:InvokeFunction'
                Resource: !GetAtt LambdaFunction.Arn

# Lambda Function with Sample inline code
  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        ZipFile: |
          def handler(event, context):
            response = {
              'isBase64Encoded': False,
              'statusCode': 200,
              'headers': {},
              'multiValueHeaders': {},
              'body': 'Hello, World! from Lambda Function with API Gateway'
            }
            return response          
      Description: AWS Lambda function
      FunctionName: !Ref pLambdaFunctionName
      VpcConfig:
        SecurityGroupIds: 
          - Ref: pVPCSecurityGroup
        SubnetIds:
          - Ref: pVPCSubnet
      Handler: index.handler
      MemorySize: 256
      ReservedConcurrentExecutions: 100
      Role: !GetAtt LambdaIamRole.Arn
      Runtime: python3.8
      Timeout: 60

# Lambda Function IAM permission
  LambdaIamRole:
    Type: AWS::IAM::Role
    Properties:
      ManagedPolicyArns:
       - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: 'Allow'
            Principal:
              Service:
                - 'lambda.amazonaws.com'
            Action:
              - 'sts:AssumeRole'
      Path: '/'
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:PutLogEvents
              Resource: arn:aws:logs:*:*:*
Outputs:
  apiGatewayInvokeURL:
    Value: !Sub https://${ApiGatewayRestApi}.execute-api.${AWS::Region}.amazonaws.com/${ApiGatewayStage}/lambda