AWSTemplateFormatVersion: "2010-09-09"
Description: "SSM Parameter for Backup and Recovery with AWS Backup target OUs, Regions, Accounts, and Automation"
Parameters:
  TargetHomeAccount:
    Description: Target home account for Backup and Recovery with AWS Backup solution
    Type: String
  TargetGlobalRegion:
    Description: Target region for global resources for Backup and Recovery with AWS Backup solution
    Type: String
  TargetRegions:
    Description: List of target regions for Backup and Recovery with AWS Backup solution
    Type: String
  TargetOUs:
    Description: List of target OUs for Backup and Recovery with AWS Backup solution for standard plan(s)
    Type: String
  CentralBackupVaultArn:
    Description: The AWS Backup Central Vault Account where secondary backups will be stored
    Type: String
  OrgManagementAccount:
    Description: The AWS Organizations Management account where backup policies will be administered
    Type: String

  # Customer Specific Tags - Example
  BusinessUnit:
    Description: Business Unit Name
    Type: String
    MinLength: '1'
    MaxLength: '255'
    AllowedValues:
      - Marketing
      - Engineering
      - R&D
    ConstraintDescription: Must be a valid business unit
    Default: Engineering
  CostCenter:
    Description: Cost Center for AWS Services
    Type: String
    MinLength: '1'
    MaxLength: '255'
    Default: '00000'
  Environment:
    Description: Environment
    Type: String
    AllowedValues:
      - development
      - qa
      - production
    ConstraintDescription: Must be a valid environment.
    Default: development
  ApplicationOwner:
    Description: Email address of application owner
    Type: String
    Default: someone@example.com
  Application:
    Description: Application Name
    Type: String
    Default: Backup and Recovery with AWS Backup



Resources:
  AWSBackupBucket:
    Type: AWS::SSM::Parameter
    Properties:
      Description: !Sub "Target home account for Backup and Recovery with AWS Backup solution"
      Name: "/backup/bucket"
      Type: String
      Value:
        Fn::ImportValue: "aws-backup-s3-bucket-name"
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner


  AWSBackupOrgManagementAccount:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "Target home account for Backup and Recovery with AWS Backup solution"
      Name: "/backup/org-management-account"
      Type: String
      Value: !Ref OrgManagementAccount
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner

  AWSBackupTargetHomeAccount:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "Target home account for Backup and Recovery with AWS Backup solution"
      Name: "/backup/home-account"
      Type: String
      Value: !Ref AWS::AccountId
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner

  AWSBackupCentralVaultArn:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "The ARN of a centralized AWS Backup Vault that will be the secondary store for all AWS Backups.  The defined organization backup policy plans will copy_to this vault."
      Name: "/backup/central-vault-arn"
      Type: String
      Value: !Ref CentralBackupVaultArn
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner

  AWSBackupTargetGlobalRegion:
    Type: AWS::SSM::Parameter
    Properties:
      Description: !Sub "Target region for global resources for Backup and Recovery with AWS Backup solution"
      Name: "/backup/target/global-region"
      Type: String
      Value: !Ref AWS::Region
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner

  AWSBackupTargetRegions:
    Type: AWS::SSM::Parameter
    Properties:
      Description: !Sub "Target regions Backup and Recovery with AWS Backup solution"
      Name: "/backup/target/regions"
      Type: StringList
      Value: !Ref TargetRegions
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner

  AWSBackupTargetOUs:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "Target OUs Backup and Recovery with AWS Backup solution"
      Name: "/backup/target/organizational-units"
      Type: StringList
      Value: !Ref TargetOUs
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner

  AWSBackupLambdaDeploymentBucket:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "S3 Bucket for Lambda function deployments"
      Name: "/backup/lambda/bucket-prefix"
      Type: String
      Value: "lambda-deployment-bucket"
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner


  AWSBackupLambdaBackupOrgPolicyManagerDeployedObjectVersion:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "Lambda function deployed package name"
      Name: "/backup/lambda/aws-backup-backuporgpolicymanager/deployed-package"
      Type: String
      Value: "none"
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner

  AWSBackupLambdaBackupOrgPolicyManagerDeployedHash:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "Lambda function current deployed hash tracking"
      Name: "/backup/lambda/aws-backup-backuporgpolicymanager/deployed-hash"
      Type: String
      Value: "none"
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner


  AWSBackupLambdaTagOnRestoreDeployedObjectVersion:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "Lambda function deployed package name"
      Name: "/backup/lambda/aws-backup-tagonrestore/deployed-package"
      Type: String
      Value: "none"
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner

  AWSBackupLambdaTagOnRestoreDeployedHash:
    Type: AWS::SSM::Parameter
    Properties:
      Description: "Lambda function current deployed hash tracking"
      Name: "/backup/lambda/aws-backup-tagonrestore/deployed-hash"
      Type: String
      Value: "none"
      Tags:
        Application: !Ref Application
        BusinessUnit: !Ref BusinessUnit
        CostCenter: !Ref CostCenter
        Environment: !Ref Environment
        ApplicationOwner: !Ref ApplicationOwner