AWSTemplateFormatVersion: "2010-09-09"
Description: Template for creating the DynamoDB tables, roles, and reporter user for fdbk DynamoDB plugin
Parameters:
  TopicsTableName:
    Type: String
    Default: fdbk_topics
    Description: TableName for the topics table
  DataTableName:
    Type: String
    Default: fdbk_data
    Description: TableName for the data table
  ReporterUserName:
    Type: String
    Default: fdbk_reporter
    Description: UserName for the reporter user
Resources:
  TopicsTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName:
        Ref: TopicsTableName
      AttributeDefinitions:
      - AttributeName: id
        AttributeType: S
      KeySchema:
      - AttributeName: id
        KeyType: HASH
      BillingMode: PAY_PER_REQUEST
  DataTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName:
        Ref: DataTableName
      AttributeDefinitions:
      - AttributeName: topic_id
        AttributeType: S
      - AttributeName: timestamp
        AttributeType: S
      KeySchema:
      - AttributeName: topic_id
        KeyType: HASH
      - AttributeName: timestamp
        KeyType: RANGE
      BillingMode: PAY_PER_REQUEST
  TopicsGetPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: FdbkTopicsGet
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          Effect: Allow
          Action:
          - dynamodb:DescribeTable
          - dynamodb:GetItem
          - dynamodb:Query
          - dynamodb:Scan
          Resource:
          - !GetAtt TopicsTable.Arn
  DataGetPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: FdbkDataGet
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          Effect: Allow
          Action:
          - dynamodb:DescribeTable
          - dynamodb:GetItem
          - dynamodb:Query
          - dynamodb:Scan
          Resource:
          - !GetAtt DataTable.Arn
  DataPutPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: FdbkDataPut
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          Effect: Allow
          Action:
          - dynamodb:DescribeTable
          - dynamodb:PutItem
          Resource:
          - !GetAtt DataTable.Arn
  ReporterUser:
    Type: AWS::IAM::User
    Properties:
      UserName:
        Ref: ReporterUserName
      ManagedPolicyArns:
      - !Ref TopicsGetPolicy
      - !Ref DataPutPolicy
  ReaderRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: FdbkReaderLambda
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          Effect: Allow
          Principal:
            Service: lambda.amazonaws.com
          Action: sts:AssumeRole
      ManagedPolicyArns:
      - !Ref TopicsGetPolicy
      - !Ref DataGetPolicy
      Policies:
      - PolicyName: LambdaLogging
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
            Effect: Allow
            Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            Resource: arn:*:logs:*:*:*