AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: SAM Template for QuoteService

# This is an example SAM template for the purpose of this project.
# When deploying such infrastructure in production environment,
# we strongly encourage you to follow these best practices for improved security and resiliency
# - Enable access loggin on API Gateway
#   See: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html)
# - Ensure that AWS Lambda function is configured for function-level concurrent execution limit
#   See: https://docs.aws.amazon.com/lambda/latest/dg/lambda-concurrency.html
#        https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html
# - Check encryption settings for Lambda environment variable
#   See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars-encryption.html
# - Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)
#   See: https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq
# - Ensure that AWS Lambda function is configured inside a VPC when it needs to access private resources
#   See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
#   Code Example: https://github.com/swift-server/swift-aws-lambda-runtime/tree/main/Examples/ServiceLifecycle%2BPostgres
     
Globals:
  Function:
    Timeout: 60
    CodeUri: .
    Handler: swift.bootstrap
    Runtime: provided.al2
    MemorySize: 128
    Architectures:
      - arm64

Resources:
  # QuoteService Lambda function
  QuoteService:
    Type: AWS::Serverless::Function
    Properties:
      Environment:
        Variables:
          # by default, AWS Lambda runtime produces no log
          # use `LOG_LEVEL: debug` for for lifecycle and event handling information
          # use `LOG_LEVEL: trace` for detailed input event information
          LOG_LEVEL: trace
                
      Events:
        # pass through all HTTP verbs and paths
        Api:
          Type: HttpApi
          Properties:
            ApiId: !Ref MyProtectedApi
            Path: /{proxy+}
            Method: ANY

    Metadata:
      BuildMethod: makefile

  # Lambda authorizer function
  LambdaAuthorizer:
    Type: AWS::Serverless::Function
    Properties:
      Timeout: 29  # max 29 seconds for Lambda authorizers
      Environment:
        Variables:
          # by default, AWS Lambda runtime produces no log
          # use `LOG_LEVEL: debug` for for lifecycle and event handling information
          # use `LOG_LEVEL: trace` for detailed input event information
          LOG_LEVEL: trace
    Metadata:
      BuildMethod: makefile

  # The API Gateway
  MyProtectedApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      Auth:
        DefaultAuthorizer: MyLambdaAuthorizer
        Authorizers:
          MyLambdaAuthorizer:
            FunctionArn: !GetAtt LambdaAuthorizer.Arn
            Identity:
              Headers:
                - Authorization
            AuthorizerPayloadFormatVersion: "2.0"
            EnableSimpleResponses: true

  # Give the API Gateway permissions to invoke the Lambda authorizer
  AuthorizerPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !Ref LambdaAuthorizer
      Principal: apigateway.amazonaws.com
      SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MyProtectedApi}/*

# print API endpoint
Outputs:
  SwiftAPIEndpoint:
    Description: "API Gateway endpoint URL for your application"
    Value: !Sub "https://${MyProtectedApi}.execute-api.${AWS::Region}.amazonaws.com"