237 lines
No EOL
6.9 KiB
Text
237 lines
No EOL
6.9 KiB
Text
{
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Resources": {
|
|
"ReferenceDB": {
|
|
"Type": "AWS::DynamoDB::Table",
|
|
"Properties": {
|
|
"AttributeDefinitions": [
|
|
{
|
|
"AttributeName": "key",
|
|
"AttributeType": "S"
|
|
}
|
|
],
|
|
"KeySchema": [
|
|
{
|
|
"AttributeName": "key",
|
|
"KeyType": "HASH"
|
|
}
|
|
],
|
|
"ProvisionedThroughput": {
|
|
"ReadCapacityUnits": 1,
|
|
"WriteCapacityUnits": 1
|
|
},
|
|
"TableName": { "Fn::Join": [ "-", [ { "Ref" : "AWS::StackName" }, "reference" ] ] }
|
|
}
|
|
},
|
|
"RoleBasePolicy": {
|
|
"Type": "AWS::IAM::ManagedPolicy",
|
|
"Properties": {
|
|
"Description" : { "Fn::Join": [ " ", [ "Base policy for all Lambda function roles in", { "Ref" : "AWS::StackName" }, "." ] ] },
|
|
"PolicyDocument" : {
|
|
"Version" : "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"logs:CreateLogGroup",
|
|
"logs:CreateLogStream",
|
|
"logs:PutLogEvents"
|
|
],
|
|
"Resource": "arn:aws:logs:*:*:*"
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"dynamodb:GetItem",
|
|
"dynamodb:PutItem",
|
|
"dynamodb:Scan"
|
|
],
|
|
"Resource": { "Fn::Join": [ "", [ "arn:aws:dynamodb:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" } , ":table/", { "Ref": "ReferenceDB" } ] ] }
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"DynamoDBPutItemsFunctionRole": {
|
|
"Type": "AWS::IAM::Role",
|
|
"Properties": {
|
|
"AssumeRolePolicyDocument": {
|
|
"Version" : "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": [ "lambda.amazonaws.com" ]
|
|
},
|
|
"Action": [ "sts:AssumeRole" ]
|
|
}
|
|
]
|
|
},
|
|
"ManagedPolicyArns": [
|
|
{ "Ref": "RoleBasePolicy" }
|
|
],
|
|
"Policies": [
|
|
{
|
|
"PolicyName": "DBWriter",
|
|
"PolicyDocument": {
|
|
"Version" : "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"dynamodb:DeleteItem",
|
|
"dynamodb:DescribeTable",
|
|
"dynamodb:PutItem"
|
|
],
|
|
"Resource": { "Fn::Join": [ "", [ "arn:aws:dynamodb:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" } , ":table/*" ] ] }
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"DynamoDBPutItemsFunction": {
|
|
"Type": "AWS::Lambda::Function",
|
|
"Properties": {
|
|
"Code": {
|
|
"S3Bucket": "com.gilt.public.backoffice",
|
|
"S3Key": "lambda_functions/cloudformation-helpers.zip"
|
|
},
|
|
"Description": "Used to populate a DynamoDB database from CloudFormation",
|
|
"Handler": "aws/dynamo.putItems",
|
|
"Role": {"Fn::GetAtt" : [ "DynamoDBPutItemsFunctionRole", "Arn" ] },
|
|
"Runtime": "nodejs",
|
|
"Timeout": 30
|
|
},
|
|
"DependsOn": [
|
|
"DynamoDBPutItemsFunctionRole"
|
|
]
|
|
},
|
|
"S3PutObjectFunctionRole": {
|
|
"Type": "AWS::IAM::Role",
|
|
"Properties": {
|
|
"AssumeRolePolicyDocument": {
|
|
"Version" : "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": [ "lambda.amazonaws.com" ]
|
|
},
|
|
"Action": [ "sts:AssumeRole" ]
|
|
}
|
|
]
|
|
},
|
|
"ManagedPolicyArns": [
|
|
{ "Ref": "RoleBasePolicy" }
|
|
],
|
|
"Policies": [
|
|
{
|
|
"PolicyName": "S3Writer",
|
|
"PolicyDocument": {
|
|
"Version" : "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"s3:DeleteObject",
|
|
"s3:ListBucket",
|
|
"s3:PutObject"
|
|
],
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"S3PutObjectFunction": {
|
|
"Type": "AWS::Lambda::Function",
|
|
"Properties": {
|
|
"Code": {
|
|
"S3Bucket": "com.gilt.public.backoffice",
|
|
"S3Key": "lambda_functions/cloudformation-helpers.zip"
|
|
},
|
|
"Description": "Used to put objects into S3.",
|
|
"Handler": "aws/s3.putObject",
|
|
"Role": {"Fn::GetAtt" : [ "S3PutObjectFunctionRole", "Arn" ] },
|
|
"Runtime": "nodejs",
|
|
"Timeout": 30
|
|
},
|
|
"DependsOn": [
|
|
"S3PutObjectFunctionRole"
|
|
]
|
|
},
|
|
"SnsSubscribeFunctionRole": {
|
|
"Type": "AWS::IAM::Role",
|
|
"Properties": {
|
|
"AssumeRolePolicyDocument": {
|
|
"Version" : "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": [ "lambda.amazonaws.com" ]
|
|
},
|
|
"Action": [ "sts:AssumeRole" ]
|
|
}
|
|
]
|
|
},
|
|
"ManagedPolicyArns": [
|
|
{ "Ref": "RoleBasePolicy" }
|
|
],
|
|
"Policies": [
|
|
{
|
|
"PolicyName": "SNSSubscriber",
|
|
"PolicyDocument": {
|
|
"Version" : "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"sns:subscribe",
|
|
"sns:unsubscribe"
|
|
],
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"SnsSubscribeFunction": {
|
|
"Type": "AWS::Lambda::Function",
|
|
"Properties": {
|
|
"Code": {
|
|
"S3Bucket": "com.gilt.public.backoffice",
|
|
"S3Key": "lambda_functions/cloudformation-helpers.zip"
|
|
},
|
|
"Description": "Used to subscribe to existing SNS topics.",
|
|
"Handler": "aws/sns.subscribe",
|
|
"Role": {"Fn::GetAtt" : [ "SnsSubscribeFunctionRole", "Arn" ] },
|
|
"Runtime": "nodejs",
|
|
"Timeout": 30
|
|
},
|
|
"DependsOn": [
|
|
"SnsSubscribeFunctionRole"
|
|
]
|
|
}
|
|
},
|
|
"Outputs": {
|
|
"DynamoDBPutItemsFunctionArn": {
|
|
"Description": "The ARN of the DynamoDBPutItemsFunction, for use in other CloudFormation templates.",
|
|
"Value": { "Fn::GetAtt" : ["DynamoDBPutItemsFunction", "Arn"] }
|
|
},
|
|
"SnsSubscribeFunctionArn": {
|
|
"Description": "The ARN of the SnsSubscribeFunction, for use in other CloudFormation templates.",
|
|
"Value": { "Fn::GetAtt" : ["SnsSubscribeFunction", "Arn"] }
|
|
},
|
|
"S3PutObjectFunctionArn": {
|
|
"Description": "The ARN of the S3PutObjectFunction, for use in other CloudFormation templates.",
|
|
"Value": { "Fn::GetAtt" : ["S3PutObjectFunction", "Arn"] }
|
|
}
|
|
}
|
|
} |