---
AWSTemplateFormatVersion: '2010-09-09'
Description: Simple CodePipeline example with CodeCommit and Approval
Parameters:
  EmailAddress:
    Description: Email Address for sending SNS notifications for CodeCommit
    Type: String
    Default: fake-email@fake-fake-fake-email.com
  RepositoryBranch:
    Description: The name of the branch for the CodeCommit repo
    Type: String
    Default: main
    AllowedPattern: "[\\x20-\\x7E]*"
    ConstraintDescription: Can contain only ASCII characters.
  CodeCommitS3Bucket:
    Description: S3 bucket that holds zip of source code for CodeCommit Repo
    Type: String
  CodeCommitS3Key:
    Description: zipfile key located in CodeCommitS3Bucket 
    Type: String
Resources:
  MySNSTopic:
    Type: AWS::SNS::Topic
    Properties:
      Subscription:
      - Endpoint:
          Ref: EmailAddress
        Protocol: email
  CodeCommitRepo:
    Type: AWS::CodeCommit::Repository
    Properties:
      RepositoryName:
        Ref: AWS::StackName
      RepositoryDescription: CodeCommit Repository for cfn_nag solution
      Code:
        S3:
          Bucket: !Ref CodeCommitS3Bucket
          Key: !Ref CodeCommitS3Key
      Triggers:
      - Name: MasterTrigger
        CustomData:
          Ref: AWS::StackName
        DestinationArn:
          Ref: MySNSTopic
        Events:
        - all
  CodePipelineRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - codepipeline.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: "/"
      Policies:
      - PolicyName: codepipeline-service
        PolicyDocument:
          Statement:
          - Action:
            - s3:GetObject
            - s3:GetObjectVersion
            - s3:GetBucketVersioning
            Resource: "*"
            Effect: Allow
          - Action:
            - s3:PutObject
            Resource:
            - arn:aws:s3:::codepipeline*
            Effect: Allow
          - Action:
            - s3:GetObject
            - s3:GetObjectVersion
            - s3:GetBucketVersioning
            - s3:PutObject
            - iam:PassRole
            Resource: "*"
            Effect: Allow
          - Action:
            - codecommit:*
            - codebuild:*
            Resource: "*"
            Effect: Allow
          Version: '2012-10-17'
  PipelineBucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
  Pipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      RoleArn: !GetAtt CodePipelineRole.Arn
      Stages:
      - Name: Source
        Actions:
        - InputArtifacts: []
          Name: Source
          ActionTypeId:
            Category: Source
            Owner: AWS
            Version: '1'
            Provider: CodeCommit
          OutputArtifacts:
          - Name: MyApp
          Configuration:
            BranchName:
              Ref: RepositoryBranch
            RepositoryName:
              Ref: AWS::StackName
          RunOrder: 1
      - Name: Deploy
        Actions:
        - Name: Deploy
          ActionTypeId:
            Category: Approval
            Owner: AWS
            Version: '1'
            Provider: Manual
          Configuration:
            ExternalEntityLink: https://mphasis.com
          RunOrder: 1
      ArtifactStore:
        Type: S3
        Location: !Ref PipelineBucket
Outputs:
  PipelineUrl:
    Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}
    Description: CodePipeline URL