AWSTemplateFormatVersion: 2010-09-09
Description: Deploys Observability Dashboards and Event Rules to each AWS DRS Account
Parameters:
  CentralAccountId:
    Type: String
    Description: AWS Account ID For Centralized Monitoring and Observability
  DrsNotificationEventBus:
    Type: String
    Description: AWS EventBridge Bus Name in Centralized Observability Account
    Default: DrsNotificationEventBus
  DrsEventRuleShowStalledOnlyOrAll:
    Type: String
    Description: Enter StalledOnly To Show Only AWS Service Stalled DRS Agent Events or All to Show All State Changes
    AllowedValues:
      - StalledOnly
      - All
  DrsStalledAgentRule:
    Type: String
    Description: Enter ENABLED or DISABLED to set status of AWS EventBridge Rule for Stalled AWS DRS Agent Notifications
    Default: ENABLED
    AllowedValues:
      - ENABLED
      - DISABLED
  DrsFailedRecoveryRule:
    Type: String
    Description: Enter ENABLED or DISABLED to set status of AWS EventBridge Rule for AWS DRS Failed Recovery
    Default: ENABLED
    AllowedValues:
      - ENABLED
      - DISABLED
Conditions:
  AgentStalledOnlyEvents: !Equals [ !Ref DrsEventRuleShowStalledOnlyOrAll, StalledOnly]
Resources:

  DREventBridgeRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Action: sts:AssumeRole
            Effect: Allow
            Principal:
              Service: events.amazonaws.com
        Version: '2012-10-17'
      Description: Assumed to Send Events to AWS Event Bridge Rules
  DREventBridgeRolePolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyDocument:
        Statement:
          - Action:
              - 'events:PutEvents'
            Effect: Allow
            Resource: !Sub 'arn:aws:events:${AWS::Region}:${CentralAccountid}:event-bus/${DrsNotificationEventBus}'
        Version: '2012-10-17'
      PolicyName: DREventBridgeRolePolicy
      Roles:
        - !Ref 'DREventBridgeRole'

  DRAutomationEventBridgeRule:
    Type: AWS::Events::Rule
    Properties:
      Description: AWS EventBridge Rule for handling SNS Notifications of Failed DRS Server Recovery
      EventBusName: default
      State: !Ref DrsFailedRecoveryRule
      EventPattern: >-
        {
          "source": ["aws.drs"],
          "detail-type": ["DRS Source Server Launch Result"],
          "detail": {
            "state": ["RECOVERY_LAUNCH_FAILED"]
          }
        }
      Targets:
        - Arn: !Sub arn:aws:events:${AWS::Region}:${CentralAccountId}:event-bus/${DrsNotificationEventBus}
          Id: DrsRecoveryInstanceLaunchFailure
          RoleArn: !GetAtt DREventBridgeRole.Arn

  DrsStalledAgentEventBridgeRule:
    Type: AWS::Events::Rule
    Properties:
      Description: AWS EventBridge Rule for handling SNS Notifications of Stalled DRS Replication
      EventBusName: default
      State: !Ref DrsStalledAgentRule
      EventPattern: 
        !If 
          - AgentStalledOnlyEvents 
          - >-
            {
              "source": ["aws.drs"],
              "detail-type": ["DRS Source Server Data Replication Stalled Change"],
              "detail": {
                "state": ["STALLED"]
              }
            }
          - >-
            {
              "source": ["aws.drs"],
              "detail-type": ["DRS Source Server Data Replication Stalled Change"]
            }
      Targets:
        - Arn: !Sub arn:aws:events:${AWS::Region}:${DrsObservabilityAccountId}:event-bus/${DrsNotificationEventBus}
          Id: DrsAgentStalled
          RoleArn: !GetAtt DREventBridgeRole.Arn