AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Bucket processing writing to same bucket, using metadata to avoid recursion.

Parameters:
  SourceBucketName:
    Type: String

Resources:
  ## S3 bucket
  SourceBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref SourceBucketName

  # Enforce HTTPS only access to S3 bucket #
  BucketForImagePolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref SourceBucket
      PolicyDocument:
        Statement:
        - Action: s3:*
          Effect: Deny
          Principal: "*"
          Resource:
          - !Sub "arn:aws:s3:::${SourceBucket}/*"
          - !Sub "arn:aws:s3:::${SourceBucket}"
          Condition:
            Bool:
              aws:SecureTransport: false

  ## Lambda function
  S3ProcessorFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/
      Handler: app.handler
      Runtime: nodejs14.x
      MemorySize: 128
      Policies:
        - S3CrudPolicy:
            BucketName: !Ref SourceBucketName
      Environment:
        Variables:
          DestinationBucketName: !Ref SourceBucketName
      Events:
        FileUpload:
          Type: S3
          Properties:
            Bucket: !Ref SourceBucket
            Events: s3:ObjectCreated:*
            Filter:
              S3Key:
                Rules:
                  - Name: suffix
                    Value: '.txt'
Outputs:
  SourceBucketName:
    Value: !Ref SourceBucketName
    Description: Source bucket
  FunctionArn:
    Value: !Ref S3ProcessorFunction
    Description: S3ProcessorFunction function ARN