{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "ReferenceDB": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "key", "AttributeType": "S" } ], "KeySchema": [ { "AttributeName": "key", "KeyType": "HASH" } ], "ProvisionedThroughput": { "ReadCapacityUnits": 1, "WriteCapacityUnits": 1 }, "TableName": { "Fn::Join": [ "-", [ { "Ref" : "AWS::StackName" }, "reference" ] ] } } }, "RoleBasePolicy": { "Type": "AWS::IAM::ManagedPolicy", "Properties": { "Description" : { "Fn::Join": [ " ", [ "Base policy for all Lambda function roles in", { "Ref" : "AWS::StackName" }, "." ] ] }, "PolicyDocument" : { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Scan" ], "Resource": { "Fn::Join": [ "", [ "arn:aws:dynamodb:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" } , ":table/", { "Ref": "ReferenceDB" } ] ] } } ] } } }, "DynamoDBPutItemsFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns": [ { "Ref": "RoleBasePolicy" } ], "Policies": [ { "PolicyName": "DBWriter", "PolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem" ], "Resource": { "Fn::Join": [ "", [ "arn:aws:dynamodb:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" } , ":table/*" ] ] } } ] } } ] } }, "DynamoDBPutItemsFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "com.gilt.public.backoffice", "S3Key": "lambda_functions/cloudformation-helpers.zip" }, "Description": "Used to populate a DynamoDB database from CloudFormation", "Handler": "cloudformation_helpers.dynamoDBPutItems", "Role": {"Fn::GetAtt" : [ "DynamoDBPutItemsFunctionRole", "Arn" ] }, "Runtime": "nodejs", "Timeout": 30 }, "DependsOn": [ "DynamoDBPutItemsFunctionRole" ] }, "S3PutObjectFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns": [ { "Ref": "RoleBasePolicy" } ], "Policies": [ { "PolicyName": "S3Writer", "PolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:PutObject" ], "Resource": "*" } ] } } ] } }, "S3PutObjectFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "com.gilt.public.backoffice", "S3Key": "lambda_functions/cloudformation-helpers.zip" }, "Description": "Used to put objects into S3.", "Handler": "aws/s3.putObject", "Role": {"Fn::GetAtt" : [ "S3PutObjectFunctionRole", "Arn" ] }, "Runtime": "nodejs", "Timeout": 30 }, "DependsOn": [ "S3PutObjectFunctionRole" ] }, "SnsSubscribeFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns": [ { "Ref": "RoleBasePolicy" } ], "Policies": [ { "PolicyName": "SNSSubscriber", "PolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:subscribe", "sns:unsubscribe" ], "Resource": "*" } ] } } ] } }, "SnsSubscribeFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "com.gilt.public.backoffice", "S3Key": "lambda_functions/cloudformation-helpers.zip" }, "Description": "Used to subscribe to existing SNS topics.", "Handler": "aws/sns.subscribe", "Role": {"Fn::GetAtt" : [ "SnsSubscribeFunctionRole", "Arn" ] }, "Runtime": "nodejs", "Timeout": 30 }, "DependsOn": [ "SnsSubscribeFunctionRole" ] } }, "Outputs": { "DynamoDBPutItemsFunctionArn": { "Description": "The ARN of the DynamoDBPutItemsFunction, for use in other CloudFormation templates.", "Value": { "Fn::GetAtt" : ["DynamoDBPutItemsFunction", "Arn"] } }, "SnsSubscribeFunctionArn": { "Description": "The ARN of the SnsSubscribeFunction, for use in other CloudFormation templates.", "Value": { "Fn::GetAtt" : ["SnsSubscribeFunction", "Arn"] } }, "S3PutObjectFunctionArn": { "Description": "The ARN of the S3PutObjectFunction, for use in other CloudFormation templates.", "Value": { "Fn::GetAtt" : ["S3PutObjectFunction", "Arn"] } } } }