AWSTemplateFormatVersion: "2010-09-09"

Description: "Service Catalog: DynamoDB Table Reference Architecture Template. This template builds an AWS DynamoDB table. (fdp-1qj64b3i8)"

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          default: Primary Key
        Parameters:
          - PartitionKey
          - PartitionKeyType
          - SortKey
          - SortKeyType
      - Label:
          default: DynamoDB Table Configuration
        Parameters:
          - TableName
          - ReadCapacityUnits
          - WriteCapacityUnits
          - KMSMasterKeyId
          - PointInTimeRecoveryEnabled
          - StreamViewType
      - Label:
          default: Logging Configuration
        Parameters:
          - EnableDataPlaneLogging
          - TrailS3BucketName
          - TrailS3KeyPrefix
          - TrailEventsType

Parameters:
  TableName:
    Description: "REQUIRED: A name for the table"
    Type: String
    MinLength: 3
    MaxLength: 255
    AllowedPattern: "[a-zA-Z0-9_.-]+"
  ReadCapacityUnits:
    Description: "The desired minimum number of consistent reads"
    Type: Number
    Default: 5
    MinValue: 5
    MaxValue: 10000
    ConstraintDescription: must be between 5 and 10000
  WriteCapacityUnits:
    Description: "The desired minimum number of consistent writes"
    Type: Number
    Default: 5
    MinValue: 5
    MaxValue: 10000
    ConstraintDescription: must be between 5 and 10000
  PartitionKey:
    Description: "The name of the partition key for the table"
    Type: String
  PartitionKeyType:
    Description: "The data type of the partition key"
    Type: String
    Default: String
    AllowedValues:
      - String
      - Number
      - Binary
  SortKey:
    Description: "The name of the sort key for the table"
    Type: String
  SortKeyType:
    Description: "The data type of the sort key"
    Type: String
    Default: String
    AllowedValues:
      - String
      - Number
      - Binary
  KMSMasterKeyId:
    Description: "The AWS KMS customer master key (CMK) that should be used for the AWS KMS encryption. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB customer master key alias/aws/dynamodb"
    Type: String
  StreamViewType:
    Description: "When an item in the table is modified, StreamViewType determines what information is written to the stream for this table"
    Type: String
    Default: DISABLED
    AllowedValues:
      - DISABLED
      - KEYS_ONLY
      - NEW_IMAGE
      - OLD_IMAGE
      - NEW_AND_OLD_IMAGES
  PointInTimeRecoveryEnabled:
    Description: "Should the point in time recovery be enabled (true) or disabled (false) on the table?"
    Type: String
    Default: false
    AllowedValues:
      - true
      - false
  EnableDataPlaneLogging:
    Description: "Should the CloudTrail logs for data-plane operations be captured?"
    Type: String
    Default: false
    AllowedValues:
      - true
      - false
  TrailS3BucketName:
    Description: "The name of the Amazon S3 bucket designated for publishing log files"
    Type: String
    ConstraintDescription: "must be an existing Amazon S3 bucket"
  TrailS3KeyPrefix:
    Description: "The Amazon S3 key prefix that comes after the name of the bucket designated for log file delivery"
    Type: String
  TrailEventsType:
    Description: "Specify if you want your trail to log read-only events, write-only events, or all"
    Type: String
    AllowedValues:
      - All
      - ReadOnly
      - WriteOnly
    Default: All

Mappings:
  AttributeTypeMap:
    DataType:
      String: S
      Number: N
      Binary: B

Conditions:
  EnableStream: !Not [!Equals [!Ref StreamViewType, "DISABLED"]]
  EnableDataPlaneLogging: !Equals [!Ref EnableDataPlaneLogging, "true"]
  KMSMasterKeyIdProvided: !Not [!Equals [!Ref KMSMasterKeyId, ""]]

Resources:
  StandardDynamoDBTable:
    Type: AWS::DynamoDB::Table
    Properties:
      AttributeDefinitions:
        - AttributeName: !Ref PartitionKey
          AttributeType:
            !FindInMap [AttributeTypeMap, DataType, !Ref PartitionKeyType]
        - AttributeName: !Ref SortKey
          AttributeType:
            !FindInMap [AttributeTypeMap, DataType, !Ref SortKeyType]
      KeySchema:
        - AttributeName: !Ref PartitionKey
          KeyType: HASH
        - AttributeName: !Ref SortKey
          KeyType: RANGE
      ProvisionedThroughput:
        ReadCapacityUnits: !Ref ReadCapacityUnits
        WriteCapacityUnits: !Ref WriteCapacityUnits
      TableName: !Ref TableName
      SSESpecification:
        KMSMasterKeyId:
          !If [
            KMSMasterKeyIdProvided,
            !Ref KMSMasterKeyId,
            "alias/aws/dynamodb",
          ]
        SSEEnabled: true
        SSEType: KMS
      StreamSpecification:
        !If [
          EnableStream,
          StreamViewType: !Ref StreamViewType,
          !Ref "AWS::NoValue",
        ]
      PointInTimeRecoverySpecification:
        PointInTimeRecoveryEnabled: !Ref PointInTimeRecoveryEnabled

  StandardDynamoDBCloudTrail:
    Type: AWS::CloudTrail::Trail
    Condition: EnableDataPlaneLogging
    Properties:
      IsLogging: true
      S3BucketName: !Ref TrailS3BucketName
      S3KeyPrefix: !Ref TrailS3KeyPrefix
      EventSelectors:
        - IncludeManagementEvents: false
          DataResources:
            - Type: AWS::DynamoDB::Table
              Values:
                - !GetAtt StandardDynamoDBTable.Arn
          ReadWriteType: !Ref TrailEventsType

Outputs:
  DynamoDB:
    Value: !Ref StandardDynamoDBTable
    Export:
      Name: !Sub ${AWS::StackName}-DynamoDB
  DynamoDBArn:
    Value: !GetAtt StandardDynamoDBTable.Arn
    Export:
      Name: !Sub ${AWS::StackName}-DynamoDBArn