AWSTemplateFormatVersion: '2010-09-09'

Parameters:
  BucketName:
    Type: String
    Description: "The name for the S3 bucket to be used for public website hosting (must be globally unique)"
    Default: "naputo-blog-public"

Resources:

  WebsiteBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref BucketName
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: error.html

  WebsiteBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref WebsiteBucket
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Sid: AllowCodePipelineUpdates
            Effect: Allow
            Principal:
              AWS: !GetAtt CodePipelineRole.Arn
            Action:
              - s3:PutObject
              - s3:DeleteObject
            Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*"

  CodePipelineRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - codepipeline.amazonaws.com
            Action:
              - sts:AssumeRole
      Policies:
        - PolicyName: CodePipelinePolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              # Permissions for accessing the artifacts bucket
              - Effect: Allow
                Action:
                  - s3:GetObject
                  - s3:PutObject
                  - s3:GetBucketLocation
                  - s3:GetBucketVersioning
                Resource:
                  - "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket"
                  - "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket/*"
              # Permissions for CloudFormation actions
              - Effect: Allow
                Action:
                  - cloudformation:CreateStack
                  - cloudformation:DeleteStack
                  - cloudformation:UpdateStack
                  - cloudformation:DescribeStacks
                  - cloudformation:DescribeStackEvents
                  - cloudformation:ValidateTemplate
                Resource: "*"
              # Permissions for CodeBuild (if used)
              - Effect: Allow
                Action:
                  - codebuild:StartBuild
                  - codebuild:BatchGetBuilds
                Resource: "*"

  MyBlogPipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      PipelineType: V2
      ArtifactStore:
        Type: S3
        Location: "codebuild-ap-northeast-1-692859919890-input-bucket"
      RoleArn: !GetAtt CodePipelineRole.Arn
      Stages:
        - Name: Source
          Actions:
            - Name: S3Source
              ActionTypeId:
                Category: Source
                Owner: AWS
                Provider: S3
                Version: "1"
              OutputArtifacts:
                - Name: SourceArtifact
              Configuration:
                S3Bucket: naputo-blog-source
                S3ObjectKey: source.zip
              RunOrder: 1
        - Name: Build
          Actions:
            - Name: CodeBuild
              ActionTypeId:
                Category: Build
                Owner: AWS
                Provider: CodeBuild
                Version: "1"
              Configuration:
                ProjectName: "MyBlogCodeBuildProject" 
              OutputArtifacts:
                - Name: BuildArtifact
              InputArtifacts:
                - Name: SourceArtifact
              RunOrder: 1
        - Name: Deploy
          Actions:
            - Name: S3Deploy
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Provider: S3
                Version: "1"
              InputArtifacts:
                - Name: BuildArtifact
              Configuration:
                BucketName: !Ref WebsiteBucket
                Extract: 'true'
              RunOrder: 1