Parameters:
  Mail:
    Type: String
    Description: Mail to send findings to
  SeverityThreshold:
    Type: Number
    Default: 7
    Description: Minimum severity to send the finding through mail
Resources:
  KMSCMKKeyC8FEE721:
    Type: AWS::KMS::Key
    Properties:
      KeyPolicy:
        Statement:
          - Action: kms:*
            Effect: Allow
            Principal:
              AWS:
                Fn::Join:
                  - ""
                  - - "arn:"
                    - Ref: AWS::Partition
                    - ":iam::"
                    - Ref: AWS::AccountId
                    - :root
            Resource: "*"
          - Action:
              - kms:Decrypt
              - kms:GenerateDataKey*
            Effect: Allow
            Principal:
              Service:
                - events.amazonaws.com
                - sns.amazonaws.com
            Resource: "*"
        Version: "2012-10-17"
      Description: KMS CMK Key to Encrypt SNS Topics
      EnableKeyRotation: true
    UpdateReplacePolicy: Retain
    DeletionPolicy: Retain
  SnsTopic2C1570A4:
    Type: AWS::SNS::Topic
    Properties:
      KmsMasterKeyId:
        Fn::GetAtt:
          - KMSCMKKeyC8FEE721
          - Arn
      TopicName: Guardduty-to-mail
  SnsTopicTokenSubscription1D5A46B4F:
    Type: AWS::SNS::Subscription
    Properties:
      Protocol: email
      TopicArn:
        Ref: SnsTopic2C1570A4
      Endpoint:
        Ref: Mail
  TopicPolicyA24B096F:
    Type: AWS::SNS::TopicPolicy
    Properties:
      PolicyDocument:
        Statement:
          - Action: sns:Publish
            Condition:
              Bool:
                aws:SecureTransport: false
            Effect: Deny
            Principal:
              AWS: "*"
            Resource:
              Ref: SnsTopic2C1570A4
            Sid: "0"
          - Action: sns:Publish
            Effect: Allow
            Principal:
              Service: events.amazonaws.com
            Resource:
              Ref: SnsTopic2C1570A4
            Sid: "1"
        Version: "2012-10-17"
      Topics:
        - Ref: SnsTopic2C1570A4
  EBruletoSNS:
    Type: AWS::Events::Rule
    Properties:
      Description: Forwards GuardDuty findings to SNS
      EventBusName: default
      EventPattern:
        source:
          - aws.guardduty
        detail-type:
          - GuardDuty Finding
        detail:
          severity:
            - numeric:
                - ">="
                - Ref: SeverityThreshold
      Targets:
        - Arn:
            Ref: SnsTopic2C1570A4
          Id: to-sns
          InputTransformer:
            InputPathsMap:
              severity: $.detail.severity
              Finding_ID: $.detail.id
              Finding_Type: $.detail.type
              region: $.region
              Finding_description: $.detail.description
            InputTemplate: |
              
              "You have a severity <severity> GuardDuty finding type <Finding_Type> in the <region> region."
              "Finding Description:"
              "<Finding_description>."
              "For more details open the GuardDuty console at https://console.aws.amazon.com/guardduty/home?region=<region>#/findings?search=id%3D<Finding_ID> "