---
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  myEnvironment:
    Type: String
Conditions:
  isProduction: !Equals [!Ref myEnvironment, 'prod']
  isDevelopment: !Equals [!Ref myEnvironment, 'dev']
  isPrimary: !Equals [!Ref 'AWS::NoValue', 'us-east-1']
Resources:
  LambdaExecutionRole:
    Condition: isPrimary
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
                - ec2.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: "/"
  InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: '/'
      Roles:
      - !Ref LambdaExecutionRole
  AMIIDLookup:
    Type: AWS::Lambda::Function
    Properties:
      Handler: index.handler
      Role:
        Fn::GetAtt:
          - LambdaExecutionRole
          - Arn
      Code:
        S3Bucket: lambda-functions
        S3Key: amilookup.zip
      Runtime: nodejs4.3
      Timeout: 25
      TracingConfig:
        Mode: Active

  SubCondRefParam:
    Type: AWS::SSM::Parameter
    Properties:
      Type: String
      Value: !Sub ${LambdaExecutionRole}

  SubCondGetAttParam:
    Type: AWS::SSM::Parameter
    Properties:
      Type: String
      Value: !Sub ${LambdaExecutionRole.Arn}

Outputs:
  lambdaArn:
    Value: !GetAtt LambdaExecutionRole.Arn