Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
186 lines (162 sloc) 5.17 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: A {{ __name__ }} implementation.
Metadata:
CommitHash: {{ git['hash'] }}
CommitDescription: {{ git['message'] }}
AnyUncommittedChanges?: {{ git['uncommitted'] }}
Parameters:
ScheduleExpression:
Type: String
Default: {{ dn_stack['schedule_expression'] }}
Description: How often to invoke the {{ __name__ }} function
Resources:
# The function itself.
LambdaFunction:
Type: AWS::Lambda::Function
Metadata:
Comment: {{ dn_stack['description'] }}
DependsOn: [ LambdaFunctionExecutionRole ]
Properties:
Code:
ZipFile:
"Fn::Join":
- "\n"
- - "def handler(event, context):"
- " print('This is a no-op; will be overwritten later.')"
Role: { "Fn::GetAtt": [ LambdaFunctionExecutionRole, Arn ] }
Timeout: {{ dn_stack['timeout'] }}
Handler: index.handler
Runtime: python2.7
MemorySize: {{ dn_stack['memory_size'] }}
# The IAM role that the lambda function will execute under.
LambdaFunctionExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: [ lambda.amazonaws.com ]
Action:
- sts:AssumeRole
Path: /
Policies:
- PolicyName: WriteLogsToCloudWatch
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: "arn:aws:logs:*:*:*"
- PolicyName: PublishToSNSTopic
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: [ "sns:Publish" ]
Resource: { Ref : NotificationTopic }
- PolicyName: ReadWriteDynamoResultTable
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:Query
Resource:
"Fn::Join":
- ":"
- - "arn"
- "aws"
- "dynamodb"
- { "Ref": "AWS::Region" }
- { "Ref" : "AWS::AccountId" }
- "Fn::Join":
- "/"
- - "table"
- { "Ref" : "ResultTable" }
# Unused.
# ManagedPolicyArns:
# - arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
# Permits the events service to invoke the service.
LambdaPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
SourceArn:
"Fn::GetAtt": [ ScheduledRule, Arn ]
FunctionName: { "Fn::GetAtt": [ LambdaFunction, Arn ] }
Principal: events.amazonaws.com
# The cron rule for the execution.
ScheduledRule:
Type: AWS::Events::Rule
Properties:
Description: ScheduledRule for the LambdaFunction
ScheduleExpression: { Ref : ScheduleExpression }
State: ENABLED
Targets:
- Arn: { "Fn::GetAtt": [ LambdaFunction, Arn ] }
Id: ScheduledRule
# The SNS topic to publish events to.
NotificationTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName: {{ dn_stack['display_name'] }}
{% for sub in dn_stack.get('subscriptions', []) %}
{% if loop.first %}
Subscription:
{% endif %}
- Endpoint: {{ sub['endpoint'] }}
Protocol: {{ sub['protocol'] }}
{% endfor %}
# DynamoDB table for caching results.
ResultTable:
Type: AWS::DynamoDB::Table
DeletionPolicy: Retain
Properties:
AttributeDefinitions:
- AttributeName: TargetId
AttributeType: S
- AttributeName: Timestamp
AttributeType: S
KeySchema:
- AttributeName: TargetId
KeyType: HASH
- AttributeName: Timestamp
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 10
WriteCapacityUnits: 10
# GlobalSecondaryIndexes:
# - IndexName: myGSI
# KeySchema:
# - AttributeName: IsNormal
# KeyType: HASH
# - AttributeName: SiteName
# KeyType: RANGE
# Projection:
# NonKeyAttributes:
# - CheckTimestamp
# ProjectionType: INCLUDE
# ProvisionedThroughput:
# ReadCapacityUnits: 5
# WriteCapacityUnits: 5
Outputs:
LambdaFunction:
Value: { Ref : LambdaFunction }
LambdaFunctionARN:
Value: { "Fn::GetAtt": [ LambdaFunction, Arn ] }
LambdaFunctionExecutionRole:
Value: { Ref : LambdaFunctionExecutionRole }
LambdaFunctionExecutionRoleARN:
Value: { "Fn::GetAtt": [ LambdaFunctionExecutionRole, Arn ] }
ResultTable:
Value: { Ref : ResultTable }
SnsTopic:
Value: { Ref : NotificationTopic }