AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Serverless patterns - Amazon API Gateway REST API with a Client Certificate

Globals:
  Function:
    Runtime: nodejs14.x
    CodeUri: src/

Resources:
  
  # REST API
  AppApi:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Name: apigw-client-certificate
      Description: Client Certificate REST API demo

  # GET Method
  RootMethodGet:
    Type: AWS::ApiGateway::Method
    Properties:
      RestApiId: !Ref AppApi
      ResourceId: !GetAtt AppApi.RootResourceId
      HttpMethod: GET
      AuthorizationType: NONE
      Integration:
        Type: AWS_PROXY
        IntegrationHttpMethod: POST
        Uri: !Join ['', ['arn:aws:apigateway:', !Ref AWS::Region, ':lambda:path/2015-03-31/functions/', !GetAtt AppFunction.Arn, '/invocations']]

  # Dummy function
  AppFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: app.handler

  # Permission to allow Lambda invocation from API Gateway
  AppFunctionPermission:
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName: !Ref AppFunction
      Action: lambda:InvokeFunction
      Principal: apigateway.amazonaws.com
      SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AppApi}/*/GET/

  ClientCertificate:
    Type: AWS::ApiGateway::ClientCertificate
    Properties: 
      Description: apigw-client-certificate

  Deployment:
    Type: AWS::ApiGateway::Deployment
    DependsOn:
    - RootMethodGet
    Properties:
      RestApiId: !Ref AppApi
  
  Stage:  
    Type: AWS::ApiGateway::Stage
    Properties:
      StageName: Prod
      RestApiId: !Ref AppApi
      DeploymentId: !Ref Deployment
      ClientCertificateId: !Ref ClientCertificate

Outputs:

  # API Gateway endpoint to be used during tests
  AppApiEndpoint:
    Description: API Endpoint
    Value: !Sub "https://${AppApi}.execute-api.${AWS::Region}.amazonaws.com/Prod"