AWSTemplateFormatVersion: '2010-09-09'
Description: "unicorn-stock-broker - This API allows you to store transactions of your favorite unicorn stocks"
Parameters:
  FunctionSourceCodeBucketName:
    Type: String
  FunctionSourceCodeKey:
    Type: String

Outputs:
  UnicornStockBrokerApi:
    Description: API Gateway endpoint URL for Prod stage for Unicorn StockBroker function
    Value: !Sub 'https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod'
  UnicornStockBrokerFunction:
    Description: Unicorn StockBroker Lambda Function ARN
    Value: !GetAtt 'UnicornStockBrokerFunction.Arn'
  UnicornStockBrokerFunctionIamRole:
    Description: IAM Role created for Unicorn StockBroker function
    Value: !GetAtt 'UnicornStockBrokerFunction.Arn'
  UnicornStockBrokerValidationS3Bucket:
    Description: S3 Bucket for validation files
    Value: !Ref 'ValidationFilesS3Bucket'
Resources:
  ServerlessRestApiDeployment:
    Type: AWS::ApiGateway::Deployment
    Properties:
      Description: 'RestApi deployment'
      RestApiId: !Ref 'ServerlessRestApi'
      StageName: Stage
  UnicornStockBrokerFunctionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Action:
              - sts:AssumeRole
            Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies:
        - PolicyName: UnicornStockBrokerFunctionRolePolicy0
          PolicyDocument:
            Statement:
              - Action:
                  - dynamodb:GetItem
                  - dynamodb:DeleteItem
                  - dynamodb:PutItem
                  - dynamodb:Scan
                  - dynamodb:Query
                  - dynamodb:UpdateItem
                  - dynamodb:BatchWriteItem
                  - dynamodb:BatchGetItem
                  - dynamodb:DescribeTable
                  - dynamodb:ConditionCheckItem
                Effect: Allow
                Resource:
                  - !Sub
                    - arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}
                    - tableName: !Ref 'TransactionsTable'
                  - !Sub
                    - arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/index/*
                    - tableName: !Ref 'TransactionsTable'
        - PolicyName: UnicornStockBrokerFunctionRolePolicy1
          PolicyDocument:
            Statement:
              - Action:
                  - s3:GetObject
                  - s3:ListBucket
                  - s3:GetBucketLocation
                  - s3:GetObjectVersion
                  - s3:GetLifecycleConfiguration
                Effect: Allow
                Resource:
                  - !Sub
                    - arn:${AWS::Partition}:s3:::${bucketName}
                    - bucketName: !Ref 'ValidationFilesS3Bucket'
                  - !Sub
                    - arn:${AWS::Partition}:s3:::${bucketName}/*
                    - bucketName: !Ref 'ValidationFilesS3Bucket'
  ValidationFilesS3Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Delete
    Properties:
      VersioningConfiguration:
        Status: Enabled
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
  TransactionsTable:
    Type: AWS::DynamoDB::Table
    Properties:
      AttributeDefinitions:
        - AttributeName: transactionId
          AttributeType: S
      KeySchema:
        - AttributeName: transactionId
          KeyType: HASH
      BillingMode: PAY_PER_REQUEST
  UnicornStockBrokerFunctionUnicornStockBrokerEventPermissionProd:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !Ref 'UnicornStockBrokerFunction'
      Principal: apigateway.amazonaws.com
      SourceArn: !Sub
        - arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/transactions
        - __ApiId__: !Ref 'ServerlessRestApi'
          __Stage__: '*'
  UnicornStockBrokerFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref FunctionSourceCodeBucketName
        S3Key: !Ref FunctionSourceCodeKey
      Handler: org.springframework.cloud.function.adapter.aws.FunctionInvoker::handleRequest
      MemorySize: 2048
      Role: !GetAtt 'UnicornStockBrokerFunctionRole.Arn'
      Runtime: java11
      Timeout: 200
      Environment:
        Variables:
          TABLE_NAME: !Ref 'TransactionsTable'
          BUCKET_NAME: !Ref 'ValidationFilesS3Bucket'
      Architectures:
        - x86_64
  ServerlessRestApiProdStage:
    Type: AWS::ApiGateway::Stage
    Properties:
      DeploymentId: !Ref 'ServerlessRestApiDeployment'
      RestApiId: !Ref 'ServerlessRestApi'
      StageName: Prod
  ServerlessRestApi:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Body:
        info:
          version: '1.0'
          title: !Ref 'AWS::StackName'
        paths:
          /transactions:
            post:
              x-amazon-apigateway-integration:
                httpMethod: POST
                type: aws_proxy
                uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${UnicornStockBrokerFunction.Arn}/invocations'
              responses: {}
        swagger: '2.0'