AWSTemplateFormatVersion: "2010-09-09"
Description: "Cloud Bank - Configuration"
Parameters:
  S3BucketAssets:
    Type: String
    Description: Bucket name that contains assests.
  CustomerPortalS3Bucket:
    Type: String
    Description: Bucket name that contains static web site of Customer Portal.
  AgentPortalS3Bucket:
    Type: String
    Description: Bucket name that contains static web site of Agent Portal.
  CustomerPortalUrl:
    Type: String
    Description: URL of the Customer Portal Website Domain (Cloudfront Domain).
  AgentPortalUrl:
    Type: String
    Description: URL of the Agent Portal Website Domain (Cloudfront Domain).
  CognitoIdentityPoolId:
    Type: String
    Description: Cognito Identity Pool Id
  CognitoUserPoolId:
    Type: String
    Description: Cognito Identity Pool Id URL
  CognitoDomain:
    Type: String
  CognitoCustomerPortalClientId:
    Type: String
    Description: Cognito Identity Customer Portal App Client Id
  CognitoAgentPortalClientId:
    Type: String
    Description: Cognito Identity Agent Portal App Client Id    
  ApiGatewayEndpoint:
    Type: String
    Description: API Gateway Endpoint URL
  ConnectInstanceId:
    Type: String
    Description: Connect Instance Id
  ConnectChatFlowId:
    Type: String
    Description: Connect Contact Flow Id
  KinesisStreamName:
    Type: String
    Description: Kinesis Stream Name
  PinpointAppId:
    Type: String
    Description: PinPoint Application ID

Resources:
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: "/"
      Policies:
        - PolicyName: CloudWatchLogsPermissions
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - logs:*
                Resource: arn:aws:logs:*:*:*
        - PolicyName: CustomerPortalS3BucketPermissions
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - s3:PutObject
                Resource:
                  - !Sub "arn:aws:s3:::${CustomerPortalS3Bucket}/*"
                  - !Sub "arn:aws:s3:::${AgentPortalS3Bucket}/*"

  crhelperLayer:
    Type: AWS::Lambda::LayerVersion
    Properties:
      CompatibleRuntimes:
        - python3.7
      Content:
        S3Bucket: !Ref S3BucketAssets
        S3Key: lambda-functions/crhelperLambdaLayer.zip
      Description: CloudFormation Custom Resource Helper
      LayerName: cr-helper
      LicenseInfo: MIT                   

  CustomerPortalCreateConfigFile:
    Type: AWS::Lambda::Function
    Properties:
      Role: !GetAtt LambdaExecutionRole.Arn
      Runtime: "python3.7"
      Timeout: 60
      Description: "Create web site JSON config file"
      Handler: "lambda_function.lambda_handler"
      Code:
        S3Bucket: !Ref S3BucketAssets
        S3Key: "lambda-functions/createConfigFile.zip"
      Layers:
        - {Ref: crhelperLayer}    

  CustomResourceCustomerPortalCreateConfigFile:
    Type: "Custom::CustomerPortalCreateConfigFile"
    Properties:
      ServiceToken: !GetAtt "CustomerPortalCreateConfigFile.Arn"
      siteBucketName: !Ref CustomerPortalS3Bucket
      region: !Ref "AWS::Region"
      siteUrl: !Ref CustomerPortalUrl
      cognitoIdentityPoolId: !Ref CognitoIdentityPoolId
      cognitoUserPoolId: !Ref CognitoUserPoolId
      cognitoDomain: !Ref CognitoDomain
      cognitoClientId: !Ref CognitoCustomerPortalClientId
      apiGatewayEndpoint: !Ref ApiGatewayEndpoint
      connectInstanceId: !Ref ConnectInstanceId
      connectContactFlowId: !Ref ConnectChatFlowId
      kinesisStreamName: !Ref KinesisStreamName
      pinPointAppId: !Ref PinpointAppId

  AgentPortalCreateConfigFile:
    Type: AWS::Lambda::Function
    Properties:
      Role: !GetAtt LambdaExecutionRole.Arn
      Runtime: "python3.7"
      Timeout: 60
      Description: "Create web site JSON config file"
      Handler: "lambda_function.lambda_handler"
      Code:
        S3Bucket: !Ref S3BucketAssets
        S3Key: "lambda-functions/createConfigFile.zip"
      Layers:
        - {Ref: crhelperLayer}    

  CustomResourceAgentPortalCreateConfigFile:
    Type: "Custom::AgentPortalCreateConfigFile"
    Properties:
      ServiceToken: !GetAtt "AgentPortalCreateConfigFile.Arn"
      siteBucketName: !Ref AgentPortalS3Bucket
      region: !Ref "AWS::Region"
      siteUrl: !Ref AgentPortalUrl
      cognitoIdentityPoolId: !Ref CognitoIdentityPoolId
      cognitoUserPoolId: !Ref CognitoUserPoolId
      cognitoDomain: !Ref CognitoDomain
      cognitoClientId: !Ref CognitoAgentPortalClientId
      apiGatewayEndpoint: !Ref ApiGatewayEndpoint
      connectInstanceId: !Ref ConnectInstanceId
      connectContactFlowId: !Ref ConnectChatFlowId
      kinesisStreamName: !Ref KinesisStreamName
      pinPointAppId: !Ref PinpointAppId