AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  {{ cookiecutter.project_name }}

  Sample SAM Template for {{ cookiecutter.project_name }}

Globals:
  Function:
    Timeout: 3

Resources:
  EfsLambdaVpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
  EfsLambdaSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "EFS + Lambda on SAM Security Group"
      VpcId: !Ref EfsLambdaVpc
      SecurityGroupEgress:
        - CidrIp: "0.0.0.0/0"
          FromPort: 0
          ToPort: 65535
          IpProtocol: tcp
      SecurityGroupIngress:
        - CidrIp: "0.0.0.0/0"
          FromPort: 0
          ToPort: 65535
          IpProtocol: tcp
  EfsLambdaSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref EfsLambdaVpc
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      MapPublicIpOnLaunch: false
      CidrBlock: "10.0.0.0/24"
  EfsLambdaSubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref EfsLambdaVpc
      AvailabilityZone: !Select [ 1, !GetAZs '' ]
      MapPublicIpOnLaunch: false
      CidrBlock: "10.0.1.0/24"
  EfsFileSystem:
    Type: AWS::EFS::FileSystem
  MountTargetA:
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref EfsFileSystem
      SubnetId: !Ref EfsLambdaSubnetA
      SecurityGroups:
        - !Ref EfsLambdaSecurityGroup
  MountTargetB:
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref EfsFileSystem
      SubnetId: !Ref EfsLambdaSubnetB
      SecurityGroups:
        - !Ref EfsLambdaSecurityGroup
  AccessPoint:
    Type: AWS::EFS::AccessPoint
    Properties:
      FileSystemId: !Ref EfsFileSystem
      PosixUser:
        Gid: "1000"
        Uid: "1000"
      RootDirectory:
        Path: "/lambda"
        CreationInfo:
          OwnerGid: "1000"
          OwnerUid: "1000"
          Permissions: "755"
  HelloEfsFunction:
    Type: AWS::Serverless::Function
    DependsOn:
      - MountTargetA
      - MountTargetB
    Properties:
      CodeUri: hello_efs/
      Handler: app.lambda_handler
      Runtime: python3.11
      {%- if cookiecutter.architectures.value != []%}
      Architectures:
      {%- for arch in cookiecutter.architectures.value %}
        - {{arch}}
      {%- endfor %}
      {%- endif %}
      Policies:
        - EFSWriteAccessPolicy:
            FileSystem: !Ref EfsFileSystem
            AccessPoint: !Ref AccessPoint
      VpcConfig:
        SecurityGroupIds:
          - !Ref EfsLambdaSecurityGroup
        SubnetIds:
          - !Ref EfsLambdaSubnetA
          - !Ref EfsLambdaSubnetB
      FileSystemConfigs:
        - Arn: !GetAtt AccessPoint.Arn
          LocalMountPath: /mnt/lambda
      Events:
        HelloWorld:
          Type: Api
          Properties:
            Path: /hello
            Method: get

Outputs:
  HelloEfsApi:
    Description: "API Gateway endpoint URL for Prod stage for Hello EFS function"
    Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/hello/"