{
   "AWSTemplateFormatVersion":"2010-09-09",
   "Transform":"AWS::Serverless-2016-10-31",
   "Description":"Dynamically create friendly URLs for your EMR web interfaces using CloudWatch Events, Lambda and Route53 Private Hosted Zones",
   "Resources":{
      "lambdaExecutionRole":{
         "Type":"AWS::IAM::Role",
         "Properties":{
            "AssumeRolePolicyDocument":{
               "Version":"2012-10-17",
               "Statement":[
                  {
                     "Sid":"",
                     "Effect":"Allow",
                     "Principal":{
                        "Service":"lambda.amazonaws.com"
                     },
                     "Action":"sts:AssumeRole"
                  }
               ]
            }
         }
      },
      "logGroup":{
         "Type":"AWS::Logs::LogGroup",
         "Properties":{
            "LogGroupName":{
               "Fn::Sub":"/aws/lambda/${DnsSetterLambda}"
            }
         }
      },
      "lambdaExecutionPolicy":{
         "Type":"AWS::IAM::ManagedPolicy",
         "Properties":{
            "Description":"Managed policy for lambda function",
            "Roles":[
               {
                  "Ref":"lambdaExecutionRole"
               }
            ],
            "PolicyDocument":{
               "Version":"2012-10-17",
               "Statement":[
                  {
                     "Effect":"Allow",
                     "Action":[
                        "ec2:DescribeVpcAttribute",
                        "ec2:DescribeSubnets"
                     ],
                     "Resource":"*"
                  },
                  {
                     "Effect":"Allow",
                     "Action":[
                        "elasticmapreduce:DescribeCluster"
                     ],
                     "Resource":"*"
                  },
                  {
                     "Effect":"Allow",
                     "Action":[
                        "logs:CreateLogStream",
                        "logs:PutLogEvents"
                     ],
                     "Resource":{
                        "Fn::Sub":"arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroup}:*"
                     }
                  },
                  {
                     "Effect":"Allow",
                     "Action":[
                        "route53:ListHostedZones",
                        "route53:ListHostedZonesByName"
                     ],
                     "Resource":[
                        "*"
                     ]
                  },
                  {
                     "Effect":"Allow",
                     "Action":[
                        "route53:ChangeResourceRecordSets",
                        "route53:GetHostedZone",
                        "route53:ListResourceRecordSets"
                     ],
                     "Resource":[
                        "arn:aws:route53:::hostedzone/*"
                     ]
                  }
               ]
            }
         }
      },
      "DnsSetterLambda":{
         "Type":"AWS::Serverless::Function",
         "Properties":{
            "Handler":"emr-dns-setter.lambda_handler",
            "Runtime":"python2.7",
            "CodeUri":"s3://aws-bigdata-blog/artifacts/emr-dns-setter/emr-dns-setter.py.zip",
            "Description":"Create Private Hosted Zone record for EMR cluster",
            "Timeout":90,
            "Role":{
               "Fn::GetAtt":[
                  "lambdaExecutionRole",
                  "Arn"
               ]
            },
            "Events":{
               "CloudWatchEventDNS":{
                  "Type":"CloudWatchEvent",
                  "Properties":{
                     "Pattern":{
                        "source":[
                           "aws.emr"
                        ],
                        "detail-type":[
                           "EMR Cluster State Change"
                        ]
                     }
                  }
               }
            }
         }
      }
   },
   "Outputs":{

   }
}