{
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "Template that defines a configuration resource for adding items to a DynamoDB config table",

  "Parameters": {
    "ConfigTable": {
      "Description": "Name of the DynamoDB table where config values should be stored",
      "Type": "String"
    }
  },

  "Resources" : {
    "AddConfigSetting": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Handler": "index.handler",
        "Role": { "Fn::GetAtt" : ["AddConfigExecutionRole", "Arn"] },
        "Code": {
          "ZipFile":  { "Fn::Join": ["", [
            "var response = require('cfn-response');",
            "var AWS = require('aws-sdk');",
            "var dynamodb = new AWS.DynamoDB();",

            "exports.handler = function(event, context) {",
            "    console.log('REQUEST RECEIVED:\\n', JSON.stringify(event));",
            "    var env = event.ResourceProperties.Environment;",
            "    var configKey = event.ResourceProperties.Key;",
            "    var configValue = event.ResourceProperties.Value;",

            "    if (event.RequestType == 'Delete') {",
            "        dynamodb.updateItem({",
            "            TableName: \"", {"Ref": "ConfigTable"} , "\",",
            "            Key: { Environment: { S: env } },",
            "            UpdateExpression: \"REMOVE \" + configKey",
            "          },",
            "          function(err, data){",
            "            if(err) { console.log(JSON.stringify(err)); }",
            "            response.send(event, context, response.SUCCESS);",
            "        });",
            "        return;",
            "    } else {",
            "        var param = {",
            "          TableName: '", {"Ref": "ConfigTable"} , "',",
            "          Key: { Environment: { S: env } },",
            "          UpdateExpression: 'SET ' + configKey + ' = :newVal',",
            "          ExpressionAttributeValues: { ':newVal': { 'S': configValue } }",
            "        };",
            "        console.log(JSON.stringify(param));",
            "        dynamodb.updateItem(param,",
            "          function(err, data){",
            "            if(err) { console.log(JSON.stringify(err)); response.send(event, context, response.FAILED, err); }",
            "            else { response.send(event, context, response.SUCCESS); }",
            "          });",
            "    }",
            "};"
          ]]}
        },
        "Runtime": "nodejs6.10",
        "Timeout": "30"
      }
    },

    "AddConfigExecutionRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Principal": {"Service": ["lambda.amazonaws.com"]},
              "Action": ["sts:AssumeRole"]
          }]
        },
        "Path": "/",
        "Policies": [{
          "PolicyName": "root",
          "PolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [{
                "Effect": "Allow",
                "Action": ["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],
                "Resource": "arn:aws:logs:*:*:*"
            },
            {
                "Sid": "Stmt1453132818000",
                "Effect": "Allow",
                "Action": [
                    "dynamodb:UpdateItem"
                ],
                "Resource": {
                  "Fn::Join": ["", ["arn:aws:dynamodb:", {
                      "Ref": "AWS::Region"
                    },
                    ":", {
                      "Ref": "AWS::AccountId"
                    },
                    ":table/", {
                      "Ref": "ConfigTable"
                    }
                  ]]
                }
            }]
          }
        }]
      }
    }
  },

  "Outputs" : {
    "ServiceToken": {
      "Value": { "Fn::GetAtt": ["AddConfigSetting", "Arn"]}
    }
  }
}