AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Docker Container Lambda Function

Globals:
  Function:
    Timeout: 10

Parameters:
  DeployECROnly:
    Type: String
    Default: "false"
    AllowedValues: ["true", "false"]
    Description: If true, only deploys the ECR repository

Conditions:
  DeployFullStack: !Equals [!Ref DeployECROnly, "false"]

Resources:

  HelloWorldRepository:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName: hello-world
      ImageScanningConfiguration:
        ScanOnPush: true

  HelloWorldFunctionRole:
    Condition: DeployFullStack
    Type: AWS::IAM::Role
    Properties: 
      AssumeRolePolicyDocument: 
        Version: "2012-10-17"
        Statement: 
          - Effect: "Allow"
            Principal: 
              Service: 
                - "lambda.amazonaws.com"
            Action: 
              - "sts:AssumeRole"
      Policies:
        - PolicyName: HelloWorldFunctionAccess
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: 
                  - "secretsmanager:GetSecretValue"
                Resource: 
                  - "arn:aws:secretsmanager:us-west-1:003525187774:secret:*"
      ManagedPolicyArns:
      # - arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
        - arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs

  HelloWorldFunction:
    Condition: DeployFullStack
    Type: AWS::Serverless::Function
    Properties:
      PackageType: Image
      ImageUri: !Sub "${HelloWorldRepository.RepositoryUri}:latest"
#     ImageUri: !Sub "${HelloWorldRepository.RepositoryUri}@sha256:c195f0c7d0bb2a5bdf408f149f4cf558e3376128a4887b5cd0a6fb2196992bf3"
      Role: !GetAtt HelloWorldFunctionRole.Arn
      Environment:
        Variables:
          PORT: 8000
      Architectures:
        - x86_64
      FunctionUrlConfig:
        AuthType: NONE
        Cors:
          AllowOrigins:
            - '*'

  HelloWorldFunctionPermission:
    Condition: DeployFullStack
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName: !Ref HelloWorldFunction
      Action: lambda:InvokeFunctionUrl
      Principal: '*'
      FunctionUrlAuthType: NONE

Outputs:
  HelloWorldRepositoryUri:
    Description: ECR Repository URI
    Value: !GetAtt HelloWorldRepository.RepositoryUri
  HelloWorldFunctionName:
    Condition: DeployFullStack
    Description: Lambda Function Name
    Value: !Ref HelloWorldFunction

# Error: Requested attribute FunctionUrl does not exist in schema for AWS::Lambda::Function
# HelloWorldFunctionUrl:
#   Condition: DeployFullStack
#   Description: "The URL of the Lambda Function"
#   Value: !GetAtt HelloWorldFunction.FunctionUrl