# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

AWSTemplateFormatVersion: '2010-09-09'

Description: 'Sample Lambda function deployment with functions URL'
###
### CloudFormation Metadata
###

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label: 
        default: Parameter Definition
      Parameters:
      - pLambdaFunctionName
      - pVPCSecurityGroup
      - pVPCSubnet
    ParameterLabels:
      pLambdaFunctionName:
        default: Lambda Function Name
      pVPCSecurityGroup:
        default: Security Group Name
      pVPCSubnet:
        default: Subnet Name

###
### Template input parameters
###

Parameters:
  pLambdaFunctionName:
    Type: String
    AllowedPattern: ^[a-zA-Z0-9-\-_.]{3,63}
    Description: Name of the Lambda Function
  pVPCSecurityGroup:
    Type: AWS::EC2::SecurityGroup::Id
    Description: Select VPC Security Group
  pVPCSubnet:
    Type: AWS::EC2::Subnet::Id
    Description: Select Subnet under VPC 


Resources:

# Lambda Function with Sample inline code
  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        ZipFile: |
          def handler(event, context):
            response = {
              'isBase64Encoded': False,
              'statusCode': 200,
              'headers': {},
              'multiValueHeaders': {},
              'body': 'Hello, World! from Lambda Function with functions URL'
            }
            return response          
      Description: AWS Lambda function
      FunctionName: !Ref pLambdaFunctionName
      #Best practice to attach VPC, but to access url from internet please comment this VPCConfig section
      VpcConfig:
        SecurityGroupIds: 
          - Ref: pVPCSecurityGroup
        SubnetIds:
          - Ref: pVPCSubnet
      Handler: index.handler
      MemorySize: 256
      ReservedConcurrentExecutions: 100
      Role: !GetAtt LambdaIamRole.Arn
      Runtime: python3.8
      Timeout: 60
#Lambda Function URL creation resource
  LambdaFunctionUrl:
    Type: AWS::Lambda::Url
    Properties:
      TargetFunctionArn: !Ref LambdaFunction
      AuthType: NONE
  LambdaIamRole:
    Type: AWS::IAM::Role
    Properties:
      ManagedPolicyArns:
       - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: 'Allow'
            Principal:
              Service:
                - 'lambda.amazonaws.com'
            Action:
              - 'sts:AssumeRole'
      Path: '/'
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:PutLogEvents
              Resource: arn:aws:logs:*:*:*
Outputs:
  FunctionUrl:
   Description: Lambda Function Url
   Value: !GetAtt LambdaFunctionUrl.FunctionUrl