---
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  LambdaS3:
    Description: LambdaS3.
    Default: function.zip
    Type: String  
  StepFunctionsS3:
    Description: StepFunctionsS3.
    Default: my-state-machine-definition.json
    Type: String    
  DeployLambda:
    Description: DeployLambda.
    Default: "yes"
    Type: String
    AllowedValues:
      - "yes"
      - "no"
    ConstraintDescription: must specify yes or no.
  DeployStepfunctions:
    Description: DeployStepfunctions.
    Default: "yes"
    Type: String
    AllowedValues:
      - "yes"
      - "no"
    ConstraintDescription: must specify yes or no.    
Conditions:
  CreateLambda: !Equals 
    - !Ref DeployLambda
    - "yes"
  CreateStepfunctions: !Equals 
    - !Ref DeployStepfunctions
    - "yes"    
Resources:
  DeployBucket: 
    Type: AWS::S3::Bucket
  LambdaFunction:
    Type: 'AWS::Lambda::Function'
    Condition: CreateLambda
    Properties:
      Code:
        S3Bucket: !Ref DeployBucket
        S3Key: !Ref LambdaS3
      Handler: function.handler
      Role: !GetAtt MyLambdaRole.Arn
      Runtime: ruby2.7
  StepFunctionsStateMachine:
    Type: 'AWS::StepFunctions::StateMachine'
    Condition: CreateStepfunctions
    Properties:
      DefinitionS3Location:
        Bucket: !Ref DeployBucket
        Key: !Ref StepFunctionsS3
      RoleArn: !GetAtt StepFunctionsRole.Arn
  MyLambdaRole:
    Type: AWS::IAM::Role
    Condition: CreateLambda
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action:
              - sts:AssumeRole
      Policies:
        - PolicyName: lambda-policy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: arn:aws:logs:*:*:*
  StepFunctionsRole:
    Type: AWS::IAM::Role
    Condition: CreateStepfunctions
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: states.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: StepFunctionsPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: arn:aws:logs:*:*:*
              - Effect: Allow
                Action:
                  - lambda:InvokeFunction
                Resource: !GetAtt LambdaFunction.Arn
Outputs:
  DeployBucket:
    Value: !Ref DeployBucket
  LambdaRoleARN:
    Value: !GetAtt MyLambdaRole.Arn
    Condition: CreateLambda
  LambdaFunctionARN:
    Value: !GetAtt LambdaFunction.Arn
    Condition: CreateLambda
  LambdaFunctionName:
    Value: !Ref LambdaFunction
    Condition: CreateLambda
  StepFunctionsRoleARN:
    Value: !GetAtt StepFunctionsRole.Arn
    Condition: CreateStepfunctions
  StepFunctionsStateMachineARN:
    Value: !GetAtt StepFunctionsStateMachine.Arn
    Condition: CreateStepfunctions