{
  "schemaVersion": "0.3",
  "assumeRole": "{{ AutomationAssumeRole }}",
  "description": "Disable Termination Protection of Instance",
  "parameters": {
    "InstanceId": {
      "type": "String",
      "description": "(Required) The ID of the instance."
    },
    "LambdaAssumeRole": {
      "default": "",
      "type": "String",
      "description": "(Optional) The ARN of the role assumed by lambda"
    },
    "AutomationAssumeRole": {
      "default": "",
      "type": "String",
      "description": "(Optional) The ARN of the role that allows Automation to perform the actions on your behalf. "
    }
  },
  "mainSteps": [
    {
      "action": "aws:createStack",
      "inputs": {
        "StackName": "DisableProtectionInstanceStack{{automation:EXECUTION_ID}}",
        "TemplateBody": "AWSTemplateFormatVersion: '2010-09-09'\nConditions:\n  LambdaAssumeRoleNotSpecified:\n    Fn::Or:\n    - Fn::Equals:\n      - {Ref: LambdaRoleArn}\n      - ''\n    - Fn::Equals:\n      - {Ref: LambdaRoleArn}\n      - undefined\nDescription: Automation Stack for Disable Termination Protection of Instance\nParameters:\n  LambdaName: {Description: 'The lambda function name\n\n      ', Type: String}\n  LambdaRoleArn: {Default: '', Description: 'The ARN of the role that allows Lambda\n      created by Automation to perform the action on your behalf\n\n      ', Type: String}\nResources:\n  LambdaRole:\n    Condition: LambdaAssumeRoleNotSpecified\n    Properties:\n      AssumeRolePolicyDocument:\n        Statement:\n        - Action: ['sts:AssumeRole']\n          Effect: Allow\n          Principal:\n            Service: [lambda.amazonaws.com]\n        Version: '2012-10-17'\n      Path: /\n      Policies:\n      - PolicyDocument:\n          Statement:\n            Action: ['ec2:ModifyInstanceAttribute']\n            Effect: Allow\n            Resource: '*'\n          Version: '2012-10-17'\n        PolicyName: OffProtectInstanceLambdaPolicy\n    Type: AWS::IAM::Role\n  DisableProtectEC2Lambda:\n    Properties:\n      Code: {ZipFile: \"import boto3\\n\\n\\ndef handler(event, context):\\n\\tinstance_id\\\n          \\ = event[\\\"InstanceId\\\"]\\n\\tec2 = boto3.resource('ec2')\\n\\tinstance = ec2.Instance(instance_id)\\n\\\n          \\n\\tinstance.modify_attribute(DisableApiTermination={\\n\\\n          \\t\\t'Value': True\\n\\t})\\n\\n\\t# print \\\"\\\n          Now eabled\\\"\\n\"}\n      FunctionName: {Ref: LambdaName}\n      Handler: index.handler\n      MemorySize: 128\n      Role:\n        Fn::If:\n        - LambdaAssumeRoleNotSpecified\n        - Fn::GetAtt: [LambdaRole, Arn]\n        - {Ref: LambdaRoleArn}\n      Runtime: python2.7\n      Timeout: 60\n    Type: AWS::Lambda::Function\n",
        "Parameters": [
          {
            "ParameterValue": "{{LambdaAssumeRole}}",
            "ParameterKey": "LambdaRoleArn"
          },
          {
            "ParameterValue": "DisableProtectEC2Lambda-{{automation:EXECUTION_ID}}",
            "ParameterKey": "LambdaName"
          }
        ],
        "Capabilities": [
          "CAPABILITY_IAM"
        ]
      },
      "name": "createDocumentStack"
    },
    {
      "action": "aws:invokeLambdaFunction",
      "inputs": {
        "FunctionName": "DisableProtectEC2Lambda-{{automation:EXECUTION_ID}}",
        "Payload": "{\"InstanceId\": \"{{InstanceId}}\"}"
      },
      "name": "DisableProtectionInstance"
    },
    {
      "action": "aws:deleteStack",
      "inputs": {
        "StackName": "DisableProtectionInstanceStack{{automation:EXECUTION_ID}}"
      },
      "name": "deleteCloudFormationTemplate"
    }
  ]
}