AWSTemplateFormatVersion: '2010-09-09'
Description: Canary resources for trivia site

Parameters:
  Stage:
    Type: String
    AllowedValues:
      - "test"
      - "prod"

  WebpageUrl:
    Type: String

  ApiEndpoint:
    Type: String

  SourceBucket:
    Type: String

  SourceObjectKey:
    Type: String

  NotificationsTopic:
    Type: String
    Default: reinvent-trivia-notifications

Resources:
  Canary:
    Type: AWS::Synthetics::Canary
    DependsOn:
      - CanaryResultsBucket
      - CanaryRole
      - CanaryAlarm
    Properties:
      Name: !Sub "trivia-game-${Stage}"
      ExecutionRoleArn: !GetAtt CanaryRole.Arn
      Code:
        Handler: canary.handler
        S3Bucket: !Ref SourceBucket
        S3Key: !Ref SourceObjectKey
      ArtifactS3Location: !Sub "s3://${CanaryResultsBucket}"
      RuntimeVersion: syn-nodejs-puppeteer-3.8
      Schedule:
        Expression: 'rate(5 minutes)'
        DurationInSeconds: 0
      RunConfig:
        TimeoutInSeconds: 60
        EnvironmentVariables:
          WEBPAGE_URL: !Ref WebpageUrl
          API_ENDPOINT: !Ref ApiEndpoint
      FailureRetentionPeriod: 30
      SuccessRetentionPeriod: 30
      StartCanaryAfterCreation: true

  CanaryAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "Synthetics-Alarm-trivia-game-${Stage}"
      AlarmDescription: "Synthetics alarm thresholds: 2 test failures in 10 mins"
      ActionsEnabled: true
      AlarmActions:
        - !Sub "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${NotificationsTopic}"
      MetricName: SuccessPercent
      Namespace: CloudWatchSynthetics
      Statistic: Sum
      Period: 300
      EvaluationPeriods: 2
      DatapointsToAlarm: 2
      Threshold: 0.0
      TreatMissingData: breaching
      ComparisonOperator: LessThanOrEqualToThreshold
      Dimensions:
        - Name: CanaryName
          Value: !Sub "trivia-game-${Stage}"

  CanaryResultsBucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Delete
    Properties:
      LifecycleConfiguration:
        Rules:
        - Status: Enabled
          ExpirationInDays: 31

  CanaryRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "CloudWatchSyntheticsRole-trivia-game-${Stage}"
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: /
      Policies:
      - PolicyName: !Sub "CloudWatchSyntheticsPolicy-trivia-game-${Stage}"
        PolicyDocument:
          Statement:
          - Effect: Allow
            Action:
              - "s3:PutObject"
            Resource: !Sub "arn:aws:s3:::${CanaryResultsBucket}/*"
          - Effect: Allow
            Action:
              - "logs:CreateLogStream"
              - "logs:PutLogEvents"
              - "logs:CreateLogGroup"
            Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/cwsyn-trivia-game-${Stage}-*"
          - Effect: Allow
            Action:
              - "s3:GetBucketLocation"
              - "s3:ListAllMyBuckets"
            Resource: "*"
          - Effect: Allow
            Action:
              - "cloudwatch:PutMetricData"
            Resource: "*"
            Condition:
              StringEquals:
                "cloudwatch:namespace": CloudWatchSynthetics