Init

.gitignore

@@ -0,0 +1 @@
+**/*.DS_Store

01_Description/description.txt

@@ -0,0 +1 @@
+This is a default description made by Grapse.

03_Parameters/bucket_name.json

@@ -0,0 +1,6 @@
+{
+	"EmailRestingPlace": {
+		"Description": "The S3 bucket name where the emails will be stored when they come through AWS SES.",
+		"Type": "String"
+	}
+}

03_Parameters/code_pipeline_bucket_name.json

@@ -0,0 +1,6 @@
+{
+	"CodePipelineBucketName": {
+		"Description": "The S3 bucket name where CodePipeline will store the artifacts (this is needed only by CP to work, and pass task results to the next stage).",
+		"Type": "String"
+	}
+}

03_Parameters/github_token.json

@@ -0,0 +1,6 @@
+{
+	"GitHubToken": {
+		"Description": "You need to create a Personal access tokens (https://github.com/settings/tokens) for CodePipeline to have access to the GitHub repo despite it being public.",
+		"Type": "String"
+	}
+}

07_Resources/Repos/converter/Lambda/lambda.json

@@ -0,0 +1,19 @@
+{
+	"LambdaEmailConverter": {
+		"Type": "AWS::Lambda::Function",
+		"Description": "This Lambda converts raw emails files in to HTML and TEXT ones.",
+		"Properties": {
+			"FunctionName": "0x4447-s3-email-converter",
+			"Code": {
+				"ZipFile": { "Fn::Join": ["", [
+					"exports.handler = async (event) => {return true;};"
+				]]}
+			},
+			"Handler": "index.handler",
+			"MemorySize": 128,
+			"Role": { "Fn::GetAtt": ["LambdaEmailConverterRole", "Arn"] },
+			"Runtime": "nodejs8.10",
+			"Timeout": 60
+		}
+	}
+}

07_Resources/Repos/converter/Lambda/permission.json

@@ -0,0 +1,10 @@
+{
+	"S3ConverterPermission": {
+		"Type": "AWS::Lambda::Permission",
+		"Properties": {
+			"Action": "lambda:invokeFunction",
+			"FunctionName": { "Ref": "LambdaEmailConverter" },
+			"Principal": "s3.amazonaws.com"
+		}
+	}
+}

07_Resources/Repos/converter/Lambda/policy.json

@@ -0,0 +1,26 @@
+{
+	"LambdaEmailConverterPolicy": {
+		"Type": "AWS::IAM::Policy",
+		"Properties": {
+			"PolicyName": "SESAccess",
+			"Roles": [
+				{ "Ref": "LambdaEmailConverterRole" }
+			],
+			"PolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Action": "ses:SendRawEmail",
+						"Resource": "*"
+					},
+					{
+						"Effect": "Allow",
+						"Action": "s3:*",
+						"Resource": { "Fn::Sub": "arn:aws:s3:::${S3Email}" }
+					}
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/converter/Lambda/role.json

@@ -0,0 +1,23 @@
+{
+	"LambdaEmailConverterRole": {
+		"Type": "AWS::IAM::Role",
+		"Properties": {
+			"RoleName": "0x4447_s3_email_lambda_converter",
+			"AssumeRolePolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Principal": {
+							"Service": "lambda.amazonaws.com"
+						},
+						"Action": "sts:AssumeRole"
+					}
+				]
+			},
+			"ManagedPolicyArns": [
+				"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+			]
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/01_Install/Policies/cloud_watch_log.json

@@ -0,0 +1,28 @@
+{
+	"CodeBuildSetupPolicyCWL": {
+		"Type": "AWS::IAM::Policy",
+		"Properties": {
+			"Roles": [
+				{ "Ref": "CodeBuildInstallRole" }
+			],
+			"PolicyName": "cloud_watch_log_access",
+			"PolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Action": [
+							"logs:CreateLogGroup",
+							"logs:CreateLogStream",
+							"logs:PutLogEvents"
+						],
+						"Resource": [
+							{ "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound_install" },
+							{ "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound_install:*" }
+						]
+					}
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/01_Install/Policies/s3.json

@@ -0,0 +1,21 @@
+{
+	"CodeBuildSetupPolicyS3": {
+		"Type": "AWS::IAM::Policy",
+		"Properties": {
+			"Roles": [
+				{ "Ref": "CodeBuildInstallRole" }
+			],
+			"PolicyName": "s3_access",
+			"PolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Action": "s3:*",
+						"Resource": { "Fn::Sub": "arn:aws:s3:::${S3Code}/*"}
+					}
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/01_Install/code_build.json

@@ -0,0 +1,25 @@
+	 {
+	"CodeBuildInstall": {
+		"Type": "AWS::CodeBuild::Project",
+		"Properties": {
+			"Name": "0x4447_s3_email_inbound_install",
+			"ServiceRole": { "Fn::GetAtt": ["CodeBuildInstallRole", "Arn"] },
+			"TimeoutInMinutes": 60,
+			"Source": {
+				"Type": "CODEPIPELINE",
+				"BuildSpec": "buildspec-setup.yml"
+			},
+			"Artifacts": {
+				"Type": "CODEPIPELINE"
+			},
+			"Environment": {
+				"Type": "LINUX_CONTAINER",
+				"ComputeType": "BUILD_GENERAL1_SMALL",
+				"Image": "aws/codebuild/nodejs:8.11.0",
+				"EnvironmentVariables": [
+					{ "Name": "STAGE", "Type": "PLAINTEXT", "Value": "production" }
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/01_Install/role.json

@@ -0,0 +1,20 @@
+{
+	"CodeBuildInstallRole": {
+		"Type": "AWS::IAM::Role",
+		"Properties": {
+			"RoleName": "0x4447_s3_email_codebuild_install",
+			"AssumeRolePolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Principal": {
+							"Service": "codebuild.amazonaws.com"
+						},
+						"Action": "sts:AssumeRole"
+					}
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/02_Deploy/Policies/cloud_watch_logs.json

@@ -0,0 +1,28 @@
+{
+	"CodeBuildDeployPolicyCWL": {
+		"Type": "AWS::IAM::Policy",
+		"Properties": {
+			"Roles": [
+				{ "Ref": "CodeBuildDeployRole" }
+			],
+			"PolicyName": "cloud_watch_log_access",
+			"PolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Action": [
+							"logs:CreateLogGroup",
+							"logs:CreateLogStream",
+							"logs:PutLogEvents"
+						],
+						"Resource": [
+							{ "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound_deploy" },
+							{ "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound_deploy:*" }
+						]
+					}
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/02_Deploy/Policies/s3.json

@@ -0,0 +1,21 @@
+{
+	"CodeBuildDeployPolicyS3": {
+		"Type": "AWS::IAM::Policy",
+		"Properties": {
+			"Roles": [
+				{ "Ref": "CodeBuildDeployRole" }
+			],
+			"PolicyName": "s3_access",
+			"PolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Action": "s3:*",
+						"Resource": { "Fn::Sub": "arn:aws:s3:::${S3Code}/*"}
+					}
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/02_Deploy/Policies/update.json

@@ -0,0 +1,21 @@
+{
+	"CodeBuildDeployPolicyLambdaUpdate": {
+		"Type": "AWS::IAM::Policy",
+		"Properties": {
+			"Roles": [
+				{ "Ref": "CodeBuildDeployRole" }
+			],
+			"PolicyName": "update_lambda_code",
+			"PolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Action": "lambda:UpdateFunctionCode",
+						"Resource": { "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailInbound}"}
+					}
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/02_Deploy/code_build.json

@@ -0,0 +1,26 @@
+ {
+	"CodeBuildDeploy": {
+		"Type": "AWS::CodeBuild::Project",
+		"Properties": {
+			"Name": "0x4447_s3_email_inbound_deploy",
+			"ServiceRole": { "Fn::GetAtt": ["CodeBuildDeployRole", "Arn"] },
+			"TimeoutInMinutes": 60,
+			"Source": {
+				"Type": "CODEPIPELINE",
+				"BuildSpec": "buildspec-deploy.yml"
+			},
+			"Artifacts": {
+				"Type": "CODEPIPELINE"
+			},
+			"Environment": {
+				"Type": "LINUX_CONTAINER",
+				"ComputeType": "BUILD_GENERAL1_SMALL",
+				"Image": "aws/codebuild/nodejs:8.11.0",
+				"EnvironmentVariables": [
+					{ "Name": "STAGE", "Type": "PLAINTEXT", "Value": "production" },
+					{ "Name": "FUNCTION_NAME", "Type": "PLAINTEXT", "Value": { "Ref": "LambdaEmailInbound" } }
+				]
+			}
+		}
+	}
+}

07_Resources/Repos/inbound/CodeBuild/02_Deploy/role.json

@@ -0,0 +1,20 @@
+{
+	"CodeBuildDeployRole": {
+		"Type": "AWS::IAM::Role",
+		"Properties": {
+			"RoleName": "0x4447_s3_email_codebuild_deploy",
+			"AssumeRolePolicyDocument": {
+				"Version": "2012-10-17",
+				"Statement": [
+					{
+						"Effect": "Allow",
+						"Principal": {
+							"Service": "codebuild.amazonaws.com"
+						},
+						"Action": "sts:AssumeRole"
+					}
+				]
+			}
+		}
+	}
+}