cloudformation.yaml

AWSTemplateFormatVersion: 2010-09-09

Parameters:

  PrivateBucket:
    Type: String

  PublicBucket:
    Type: String

  DistributionBaseUrl:
    Type: String

  BrowseBaseUrl:
    Type: String

  DefaultResponseTopicArn:
    Type: String

  DefaultResponseTopicRegion:
    Type: String
    Default: us-east-1
    AllowedValues:
    - us-east-2
    - us-east-1
    - us-west-1
    - us-west-2
    - ap-south-1
    - ap-northeast-2
    - ap-southeast-1
    - ap-southeast-2
    - ap-northeast-1
    - ca-central-1
    - cn-north-1
    - eu-central-1
    - eu-west-1
    - eu-west-2
    - eu-west-3
    - sa-east-1

  SdsAccountNumber:
    Type: CommaDelimitedList

  CachedCmrTokenKey:
    Type: String
    Default: cached-cmr-auth-token

  CmrBaseUrl:
    Type: String
    Default: https://cmr.uat.earthdata.nasa.gov
    AllowedValues:
    - https://cmr.earthdata.nasa.gov
    - https://cmr.uat.earthdata.nasa.gov

  LaunchpadCertificateSecretArn:
    Type: String

  CmrProvider:
    Type: String

Outputs:

  JobTopic:
    Value: !Ref JobTopic

  ErrorTopic:
    Value: !Ref ErrorTopic

Resources:

  StepFunctionStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Name: !Ref AWS::StackName
        VerifyLambdaArn: !GetAtt VerifyStack.Outputs.LambdaArn
        NotifyLambdaArn: !GetAtt NotifyStack.Outputs.LambdaArn
        IngestLambdaArn: !GetAtt IngestStack.Outputs.LambdaArn
        MetadataConstructionLambdaArn: !GetAtt MetadataConstructionStack.Outputs.LambdaArn
      TemplateURL: step-function/cloudformation.yaml

  InvokeStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Name: !Sub "${AWS::StackName}-invoke"
        QueueUrl: !Ref JobQueue
        QueueArn: !GetAtt JobQueue.Arn
        StepFunctionArn: !GetAtt StepFunctionStack.Outputs.StepFunctionArn
      TemplateURL: invoke/cloudformation.yaml

  VerifyStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Name: !Sub "${AWS::StackName}-verify"
      TemplateURL: verify/cloudformation.yaml

  MetadataConstructionStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Name: !Sub "${AWS::StackName}-metadata-construction"
        PrivateBucket: !Ref PrivateBucket
        PublicBucket: !Ref PublicBucket
        AuxBucket: !Ref AuxBucket
        DistributionBaseUrl: !Ref DistributionBaseUrl
        BrowseBaseUrl: !Ref BrowseBaseUrl
      TemplateURL: metadata-construction/cloudformation.yaml

  CmrTokenStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Name: !Sub "${AWS::StackName}-cmr-token"
        TokenBucket: !Ref AuxBucket
        TokenKey: !Ref CachedCmrTokenKey
        CertificateSecretArn: !Ref LaunchpadCertificateSecretArn
      TemplateURL: cmr-token/cloudformation.yaml

  MetadataToCmrStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Name: !Sub "${AWS::StackName}-metadata-to-cmr"
        ActivityArn: !GetAtt StepFunctionStack.Outputs.CmrActivityArn
        AuxBucket: !Ref AuxBucket
        CachedCmrTokenKey: !Ref CachedCmrTokenKey
        CmrTokenLambda: !GetAtt CmrTokenStack.Outputs.LambdaName
        CmrGranuleUrl: !Sub "${CmrBaseUrl}/ingest/providers/${CmrProvider}/granules/"
      TemplateURL: metadata-to-cmr/cloudformation.yaml

  NotifyStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Name: !Sub "${AWS::StackName}-notify"
        DefaultResponseTopicArn: !Ref DefaultResponseTopicArn
        DefaultResponseTopicRegion: !Ref DefaultResponseTopicRegion
      TemplateURL: notify/cloudformation.yaml

  IngestStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Name: !Sub "${AWS::StackName}-ingest"
        PublicBucket: !Ref PublicBucket
        PrivateBucket: !Ref PrivateBucket
        AuxBucket: !Ref AuxBucket
      TemplateURL: ingest/cloudformation.yaml

  AuxBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub "${AWS::StackName}-aux"

  ErrorTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: !Sub "${AWS::StackName}-errors"

  ErrorAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "${AWS::StackName}-errors"
      AlarmDescription: Ingest failure alarm
      AlarmActions:
      - !Ref ErrorTopic
      Dimensions:
      - Name: StateMachineArn
        Value: !GetAtt StepFunctionStack.Outputs.StepFunctionArn
      MetricName: ExecutionsFailed
      Namespace: AWS/States
      ComparisonOperator: GreaterThanOrEqualToThreshold
      EvaluationPeriods: 1
      Period: 300
      Statistic: Sum
      Threshold: 1
      Unit: Count
      TreatMissingData: notBreaching

  JobQueue:
    Type: AWS::SQS::Queue
    Properties:
      QueueName: !Sub "${AWS::StackName}-jobs"
      MessageRetentionPeriod: 1209600
      VisibilityTimeout: 10

  JobTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: !Sub "${AWS::StackName}-jobs"

  JobTopicSubscription:
    Type: AWS::SNS::Subscription
    Properties:
      TopicArn: !Ref JobTopic
      Protocol: sqs
      Endpoint: !GetAtt JobQueue.Arn

  JobQueuePolicy:
    Type: AWS::SQS::QueuePolicy
    Properties:
      PolicyDocument:
        Version: 2012-10-17
        Statement:
        - Effect: Allow
          Principal:
            Service: sns.amazonaws.com
          Resource: !GetAtt JobQueue.Arn
          Action: sqs:SendMessage
          Condition:
            ArnEquals:
              "aws:SourceArn": !Ref JobTopic
      Queues:
      - !Ref JobQueue

  JobTopicPolicy:
    Type: AWS::SNS::TopicPolicy
    Properties:
      PolicyDocument:
        Version: 2012-10-17
        Statement:
        - Effect: Allow
          Principal:
            AWS: !Ref SdsAccountNumber
          Action: sns:Publish
          Resource: !Ref JobTopic
      Topics:
      - !Ref JobTopic