# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
#
# Template for AWS Example Solution
#
AWSTemplateFormatVersion: 2010-09-09

Description: (%%SOLUTION_ID%%) - AWS Example Solution %%VERSION%% - Main Template

Parameters:
  # Sample parameter 1
  Param1:
    Description: Parameter 1.
    Type: String

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Section 1
      Parameters:
      - Param1
    ParameterLabels:
      Param1:
        default: Parameter #1

Mappings:
  MetricsMap:
    Send-Data:
      SendAnonymousData: "Yes" # change to 'No' if needed

  SourceCode:
    General:
      S3Bucket: "%%BUCKET_NAME%%"
      KeyPrefix: "%%SOLUTION_NAME%%/%%VERSION%%"

  AWSSDK:
    UserAgent:
      Extra: "AWSSOLUTION/%%SOLUTION_ID%%/%%VERSION%%"

Resources:
  #
  # Hello Function
  # [HelloFunction, HelloFunctionRole]
  #
  HelloFunction:
    Type: AWS::Lambda::Function
    Properties:
      Description: Example Solution - Lambda function to send greetings
      Environment:
        Variables:
          LOG_LEVEL: 'INFO' # change to WARN, ERROR or DEBUG as needed
          AWS_SDK_USER_AGENT_EXTRA: !FindInMap ["AWSSDK", "UserAgent", "Extra"]
      Handler: index.handler
      Role: !GetAtt HelloFunctionRole.Arn
      Code:
        S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]]
        S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"],  "example-function-js.zip"]]
      Runtime: nodejs12.x
      Timeout: 300

  HelloFunctionRole:
    Type: AWS::IAM::Role
    Metadata:
      cfn_nag:
        rules_to_suppress:
        - id: W11
          reason: Override the IAM role to allow support:* for logs:PutLogEvents resource on its permissions policy
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service: lambda.amazonaws.com
          Action: sts:AssumeRole
      Path: /
      Policies:
      - PolicyName: !Sub Hello-Function-Policy-${AWS::StackName}-${AWS::Region}
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            Resource: !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*

Outputs:
  HelloFunction:
    Description: Ref value of HelloFunction
    Value: !Ref 'HelloFunction'