---
AWSTemplateFormatVersion: 2010-09-09
Parameters:

    DisplayName:
        Type: String
        Default: lc-classified-resource
        Description: Name for this service; used in the code repository and pipeline names
    Environment:
      Description: Environment
      Type: String
      Default: dev
      AllowedValues:
      - dev
      - dev2
      - rec
      - rec2
      - prod
    TagBloc:
      Description: Tag bloc metier
      Type: String
      Default: classified
    TagApp:
      Description: Tag application
      Type: String
      Default: lcpab
    TagComp:
      Description: Tag composant
      Type: String
      Default: classified

Resources:
    LcClassifiedLambdaRole:
      Type: AWS::IAM::Role
      Properties:
        Path: /
        RoleName: !Sub 'lc-classified-lambda-role-${Environment}'
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action: sts:AssumeRole
        ManagedPolicyArns:
          - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess
          - arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess
        Policies:
        - PolicyName: !Join ['-', [!Ref DisplayName, "ses-policy", !Ref Environment]]
          PolicyDocument:
            Statement:
              - Effect: Allow
                Action:
                  - ses:SendRawEmail
                  - ses:SendEmail
                Resource:
                  - '*'