AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  eventbridge-integration-solution-aws-archival

  (qs-1qon1a2uk)

Metadata:
  AWS::ServerlessRepo::Application:
    Name: Amazon-EventBridge-Integration-Solution-Amazon-Kinesis-Data-Firehose-Amazon-S3
    Description: This application demonstrates an integration with Amazon Kinesis Data Firehose and Amazon S3 for Amazon EventBridge SaaS Partner Integrations
    Author: AWS Quick Start
    LicenseUrl: LICENSE
    ReadmeUrl: README.md
    Labels: ['amazon', 'eventbridge', 'integration', 'solution', 'kinesis', 'data', 'firehose', 's3']
    HomePageUrl: https://aws.amazon.com/quickstart/eventbridge/aws-archival/
    SemanticVersion: 0.1.5
    SourceCodeUrl: https://github.com/aws-quickstart/eventbridge-integration-solution-aws-archival
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Amazon EventBridge Integration Solution
      Parameters:
      - EventSourceName
    - Label:
        default: Amazon Kinesis Data Firehose
      Parameters:
      - DeliveryStreamName
    - Label:
        default: Amazon S3
      Parameters:
      - BucketName
    ParameterLabels:
      EventSourceName:
        default: Event Source Name
      DeliveryStreamName:
        default: Delivery Stream Name
      BucketName:
        default: Bucket Name

Parameters:
  EventSourceName:
    Type: String
    AllowedPattern: aws\.partner(/[\.\-_A-Za-z0-9]+){2,}
    MinLength: 1
    MaxLength: 256
    Description: Name of the Amazon EventBridge SaaS Partner Event Source to associate with an Event Bus. For example, aws.partner/example.com/1234567890/test-event-source.
  DeliveryStreamName:
    Type: String
    AllowedPattern: '[a-zA-Z0-9_.-]+'
    MinLength: 1
    MaxLength: 64
    Description: Name of the Amazon Kinesis Data Firehose Delivery Stream to create
  BucketName:
    Type: String
    Default: ''
    AllowedPattern: '[a-zA-Z0-9.-]*'
    MaxLength: 63
    Description: Name of the Amazon S3 Bucket to create. Leave blank for an automatically generated name.

Conditions:
  AutoGenerateBucketName:
    !Equals [ !Ref BucketName, '' ]

Resources:
  EventBridgeEventBus:
    Type: AWS::Events::EventBus
    Properties:
      EventSourceName: !Ref EventSourceName
      Name: !Ref EventSourceName

  EventBridgeRule:
    Type: AWS::Events::Rule
    Properties:
      Description: catch-all rule for event bus
      EventBusName: !Ref EventBridgeEventBus
      EventPattern:
        account:
        - !Ref AWS::AccountId
      Name: catch-all-rule
      State: ENABLED
      Targets:
      - Arn: !GetAtt KinesisDataFirehoseDeliveryStream.Arn
        Id: kinesis-firehose-delivery-stream
        RoleArn: !GetAtt EventBridgeKinesisDataFirehoseTargetRole.Arn

  EventBridgeKinesisDataFirehoseTargetRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - events.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: /
      Policies:
      - PolicyName: eventbridge-to-kinesis-firehose-policy
        PolicyDocument:
          Version: 2012-10-17
          Statement:
          - Effect: Allow
            Action:
            - firehose:PutRecord
            Resource:
            - !GetAtt KinesisDataFirehoseDeliveryStream.Arn

  KinesisDataFirehoseRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - firehose.amazonaws.com
          Action:
          - sts:AssumeRole
          Condition:
            StringEquals:
              sts:ExternalId: !Ref AWS::AccountId
      Path: /
      Policies:
      - PolicyName: kinesis-firehose-policy
        PolicyDocument:
          Version: 2012-10-17
          Statement:
          - Effect: Allow
            Action:
            - s3:AbortMultipartUpload
            - s3:GetBucketLocation
            - s3:GetObject
            - s3:ListBucket
            - s3:ListBucketMultipartUploads
            - s3:PutObject
            Resource:
            - !Sub ${S3Bucket.Arn}
            - !Sub ${S3Bucket.Arn}/*

  KinesisDataFirehoseDeliveryStream:
    Type: AWS::KinesisFirehose::DeliveryStream
    Properties:
      DeliveryStreamName: !Ref DeliveryStreamName
      DeliveryStreamType: DirectPut
      S3DestinationConfiguration:
        BucketARN: !GetAtt S3Bucket.Arn
        BufferingHints:
          IntervalInSeconds: 60
          SizeInMBs: 1
        CloudWatchLoggingOptions:
          Enabled: false
          # LogGroupName:
          # LogStreamName:
        CompressionFormat: UNCOMPRESSED
        RoleARN: !GetAtt KinesisDataFirehoseRole.Arn

  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private
      BucketEncryption:
        ServerSideEncryptionConfiguration:
        - ServerSideEncryptionByDefault:
            SSEAlgorithm: AES256
      BucketName:
        !If [ AutoGenerateBucketName, !Ref 'AWS::NoValue', !Ref BucketName ]
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true

Outputs:
  EventBridgeRule:
    Description: "EventBridge Rule ARN"
    Value: !GetAtt EventBridgeRule.Arn
  EventBridgeKinesisDataFirehoseTargetRole:
    Description: "EventBridge Kinesis Data Firehose Target IAM Role"
    Value: !GetAtt EventBridgeKinesisDataFirehoseTargetRole.Arn
  KinesisDataFirehoseDeliveryStream:
    Description: "Kinesis Data Firehose Delivery Stream ARN"
    Value: !GetAtt KinesisDataFirehoseDeliveryStream.Arn
  KinesisDataFirehoseRole:
    Description: "Kinesis Data Firehose Delivery Stream IAM Role"
    Value: !GetAtt KinesisDataFirehoseRole.Arn
  S3Bucket:
    Description: "S3 Bucket ARN"
    Value: !GetAtt S3Bucket.Arn