#!/bin/bash

# A script to create a simple API Gateway REST API with a Lambda proxy integration.

# --- Configuration ---
REGION="us-east-1"
API_NAME="MyLambdaProxyAPI"
LAMBDA_FUNCTION_NAME="ApiGatewayHelloWorld"
IAM_ROLE_NAME="ApiGatewayLambdaRole"
LAMBDA_CODE_FILE="hello_world_lambda.py"
ZIP_FILE="function.zip"
STAGE_NAME="dev"

# --- 1. Create IAM Role for Lambda ---
echo "Creating IAM Role for Lambda..."
TRUST_POLICY_JSON=$(cat <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": { "Service": "lambda.amazonaws.com" },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
)
ROLE_ARN=$(aws iam create-role \
  --role-name $IAM_ROLE_NAME \
  --assume-role-policy-document "$TRUST_POLICY_JSON" \
  --query 'Role.Arn' --output text)

# Attach the basic Lambda execution policy
aws iam attach-role-policy \
  --role-name $IAM_ROLE_NAME \
  --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

echo "IAM Role created with ARN: $ROLE_ARN"
echo "Waiting for IAM role to propagate..."
sleep 10

# --- 2. Create Lambda Function ---
echo "Packaging and creating Lambda function..."
zip $ZIP_FILE $LAMBDA_CODE_FILE

LAMBDA_ARN=$(aws lambda create-function \
  --function-name $LAMBDA_FUNCTION_NAME \
  --runtime python3.9 \
  --zip-file fileb://$ZIP_FILE \
  --handler hello_world_lambda.lambda_handler \
  --role $ROLE_ARN \
  --query 'FunctionArn' --output text)

rm $ZIP_FILE
echo "Lambda function created with ARN: $LAMBDA_ARN"

# --- 3. Create API Gateway REST API ---
echo "Creating API Gateway REST API..."
API_ID=$(aws apigateway create-rest-api \
  --name $API_NAME \
  --description "A simple Lambda proxy API" \
  --query 'id' --output text)
echo "API Gateway created with ID: $API_ID"

# Get the root resource ID
ROOT_RESOURCE_ID=$(aws apigateway get-resources \
  --rest-api-id $API_ID \
  --query 'items[?path==`/`].id' --output text)

# --- 4. Create a Resource and Method ---
echo "Creating API resource and method..."
RESOURCE_ID=$(aws apigateway create-resource \
  --rest-api-id $API_ID \
  --parent-id $ROOT_RESOURCE_ID \
  --path-part "hello" \
  --query 'id' --output text)

aws apigateway put-method \
  --rest-api-id $API_ID \
  --resource-id $RESOURCE_ID \
  --http-method GET \
  --authorization-type "NONE"

# --- 5. Set up Lambda Proxy Integration ---
echo "Setting up Lambda proxy integration..."
# The URI for the integration
INTEGRATION_URI="arn:aws:apigateway:$REGION:lambda:path/2015-03-31/functions/$LAMBDA_ARN/invocations"

aws apigateway put-integration \
  --rest-api-id $API_ID \
  --resource-id $RESOURCE_ID \
  --http-method GET \
  --type AWS_PROXY \
  --integration-http-method POST \
  --uri $INTEGRATION_URI

# --- 6. Grant API Gateway Permission to Invoke Lambda ---
echo "Granting API Gateway permission to invoke Lambda..."
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
SOURCE_ARN="arn:aws:execute-api:$REGION:$ACCOUNT_ID:$API_ID/*/*/*"

aws lambda add-permission \
  --function-name $LAMBDA_FUNCTION_NAME \
  --statement-id "APIGatewayInvokePermission" \
  --action "lambda:InvokeFunction" \
  --principal apigateway.amazonaws.com \
  --source-arn "$SOURCE_ARN"

# --- 7. Deploy the API ---
echo "Deploying the API to stage '$STAGE_NAME'..."
aws apigateway create-deployment \
  --rest-api-id $API_ID \
  --stage-name $STAGE_NAME

# --- 8. Output API Endpoint URL ---
API_URL="https://$API_ID.execute-api.$REGION.amazonaws.com/$STAGE_NAME/hello"
echo "--- API Gateway setup complete! ---"
echo "API Endpoint URL: $API_URL"