add forgot endpoint

id.saladeaula.digital/template.yaml

@@ -2,7 +2,7 @@ AWSTemplateFormatVersion: 2010-09-09
 Transform: AWS::Serverless-2016-10-31
 
 Parameters:
-  OAuth2Table:
+  UserTable:
     Type: String
     Default: betaeducacao-prod-users_d2o3r5gmm4it7j
 
@@ -23,7 +23,7 @@ Globals:
         POWERTOOLS_LOGGER_LOG_EVENT: true
         DYNAMODB_PARTITION_KEY: id
         DYNAMODB_SORT_KEY: sk
-        OAUTH2_TABLE: !Ref OAuth2Table
+        USER_TABLE: !Ref UserTable
         ISSUER: https://id.saladeaula.digital
 
 Resources:
@@ -32,6 +32,11 @@ Resources:
     Properties:
       RetentionInDays: 90
 
+  EventLog:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      RetentionInDays: 90
+
   HttpApi:
     Type: AWS::Serverless::HttpApi
     Properties:
@@ -129,6 +134,34 @@ Resources:
             Method: GET
             ApiId: !Ref HttpApi
 
+  EventSendForgotEmailFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: events.send_forgot_email.lambda_handler
+      LoggingConfig:
+        LogGroup: !Ref EventLog
+      Policies:
+        - Version: 2012-10-17
+          Statement:
+            - Effect: Allow
+              Action:
+                - ses:SendRawEmail
+              Resource:
+                - !Sub arn:aws:ses:${AWS::Region}:${AWS::AccountId}:identity/eduseg.com.br
+                - !Sub arn:aws:ses:${AWS::Region}:${AWS::AccountId}:configuration-set/tracking
+      Events:
+        DynamoDBEvent:
+          Type: EventBridgeRule
+          Properties:
+            Pattern:
+              resources: [!Ref UserTable]
+              detail-type: [INSERT]
+              detail:
+                new_image:
+                  id: [PASSWORD_RESET]
+                  sk:
+                    - prefix: CODE#
+
 Outputs:
   HttpApiUrl:
     Description: URL of your API endpoint