AWSTemplateFormatVersion: 2010-09-09
Description: Removes NAT Gateway entries from serverside Route table from both the AZ

Parameters:
  PrimaryPrivateServerSubnetRouteTableID:
    Type: String
  SecondaryPrivateServerSubnetRouteTableID:
    Type: String

Resources:
  LambdaDeleteRouteRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Path: /
      Policies:
        - PolicyName: !Sub delete-route-primary-${AWS::StackName}
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - ec2:DeleteRoute
                Resource:
                  - !Sub "arn:aws:ec2:*:*:route-table/${PrimaryPrivateServerSubnetRouteTableID}"
        - PolicyName: !Sub delete-route-secondary-${AWS::StackName}
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - ec2:DeleteRoute
                Resource:
                  - !Sub "arn:aws:ec2:*:*:route-table/${SecondaryPrivateServerSubnetRouteTableID}"

  DeleteRouteFunction:
    Type: AWS::Lambda::Function
    Properties:
      Description: Delete NAT GW entry from the server side routing tables in both the AZs
      Handler: index.handler
      MemorySize: 128
      Role: !GetAtt LambdaDeleteRouteRole.Arn
      Runtime: python3.6
      Timeout: 30
      Code:
        ZipFile: |
          import json
          import cfnresponse
          import logging
          import boto3
          def handler(event, context):
            response_data = {}
            response_status = cfnresponse.FAILED
            logging.info('Received event: {}'.format(json.dumps(event)))
            if event['RequestType'] == 'Create':
              try:
                client = boto3.client('ec2')
                response = client.delete_route(DestinationCidrBlock='0.0.0.0/0', RouteTableId=event['ResourceProperties']['PrimaryPrivateServerSubnetRouteTableID'])
                logging.info("Delete Primary Server NATGW Response: {}".format(str(response)))
                response = client.delete_route(DestinationCidrBlock='0.0.0.0/0', RouteTableId=event['ResourceProperties']['SecondaryPrivateServerSubnetRouteTableID'])
                logging.info("Delete Secondary Server NATGW Response: {}".format(str(response)))
                response_status = cfnresponse.SUCCESS
              except Exception as e:
                logging.error('failed to delete route: {}'.format(str(e)))
                response_status = cfnresponse.FAILED
              finally:
                cfnresponse.send(event, context, response_status, response_data)
            else:
              response_status = cfnresponse.SUCCESS
              cfnresponse.send(event, context, response_status, response_data)

  DeleteServerNATGWRoute:
    Type: Custom::CIDR2GatewayIP
    Properties:
      ServiceToken: !GetAtt DeleteRouteFunction.Arn
      PrimaryPrivateServerSubnetRouteTableID: !Ref PrimaryPrivateServerSubnetRouteTableID
      SecondaryPrivateServerSubnetRouteTableID: !Ref SecondaryPrivateServerSubnetRouteTableID