/
template-export.yml
135 lines (135 loc) · 3.58 KB
/
template-export.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
AWSTemplateFormatVersion: 2010-09-09
Transform:
- AWS::Serverless-2016-10-31
- AWS::CodeStar
Parameters:
ProjectId:
Type: String
Description: CodeStar projectId used to associate new resources to team members
CodeDeployRole:
Type: String
Description: IAM role to allow AWS CodeDeploy to manage deployment of AWS Lambda
functions
Stage:
Type: String
Description: The name for a project pipeline stage, such as Staging or Prod, for
which resources are provisioned and deployed.
Default: ''
Mappings:
TagsMap:
Tags:
Center: TECH
Team: DS
ProjectName: Prototype Validation Server Infrastructure
ProjectCode: 102213-0001-001-00003
Name: validation-server-backend
Globals:
Function:
AutoPublishAlias: live
DeploymentPreference:
Enabled: true
Type: AllAtOnce
Role:
Ref: CodeDeployRole
Tags:
Center:
Fn::FindInMap:
- TagsMap
- Tags
- Center
Tech-Team:
Fn::FindInMap:
- TagsMap
- Tags
- Team
Project-Name:
Fn::FindInMap:
- TagsMap
- Tags
- ProjectName
Project-Code:
Fn::FindInMap:
- TagsMap
- Tags
- ProjectCode
Name:
Fn::FindInMap:
- TagsMap
- Tags
- Name
Resources:
QueryFunction:
Type: AWS::Serverless::Function
Properties:
EventInvokeConfig:
MaximumRetryAttempts: 0
FunctionName: validation-server-engine
PackageType: Image
ImageConfig:
Command:
- index.handler
Timeout: 300
MemorySize: 256
Role:
Fn::GetAtt:
- LambdaExecutionRole
- Arn
ImageUri: 672001523455.dkr.ecr.us-east-1.amazonaws.com/validation-server-engine:queryfunction-3fe62b273d28-python3.8-v1
Metadata:
Dockerfile: Dockerfile
DockerContext: ./src
DockerTag: python3.8-v1
LambdaExecutionRole:
Description: Creating service role in IAM for AWS Lambda
Type: AWS::IAM::Role
Properties:
RoleName:
Fn::Sub: validation-server-engine-role
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
- PolicyName:
Fn::Sub: validation-server-engine-policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- s3:ListBucket
Resource:
- arn:aws:s3:::ui-validation-server
- Effect: Allow
Action:
- s3:GetObject
Resource:
- arn:aws:s3:::ui-validation-server/*
- Effect: Allow
Action:
- ecr:BatchGetImage
- ecr:GetDownloadUrlForLayer
Resource:
- arn:aws:ecr:::repository/validation-server-engine
- arn:aws:ecr:::repository/validation-server-engine/*
- Effect: Allow
Action:
- kms:Decrypt
Resource:
- arn:aws:kms:::key/8910e308-71bf-4951-9cc3-193b515631c3
- Effect: Allow
Action:
- secretsmanager:GetSecretValue
Resource:
- Fn::Sub: arn:aws:secretsmanager:us-east-1:672001523455:secret:validation-server-backend-UGy5Ro
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- arn:aws:logs:*:*:*