-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
66 lines (60 loc) · 1.77 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
service: project-security-group-r53-healthchecks
provider:
name: aws
runtime: python3.7
region: us-west-2
stackName: project-security-group-r53-healthchecks
iamRoleStatements:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: '*'
- Effect: Allow
Action:
- ec2:DescribeSecurityGroups
- ec2:AuthorizeSecurityGroupIngress
- ec2:RevokeSecurityGroupIngress
Resource: '*'
functions:
main:
handler: main.main
environment:
region: ${opt:region, self:provider.region}
SecurityGroupId: !GetAtt R53HealthCheckSecurityGroup.GroupId
FromPort: ${self:custom.FromPort}
ToPort: ${self:custom.ToPort}
IpProtocol: ${self:custom.IpProtocol}
custom:
pythonRequirements:
dockerizePip: true
# Custom variables
FromPort: 80
ToPort: 80
IpProtocol: 'TCP'
sns_topic_amazon_ip_space_changed: arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged
plugins:
- serverless-python-requirements
resources:
Resources:
R53HealthCheckSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: Route53-HealthCheck-Cidr-Ranges
GroupDescription: Route53-HealthCheck-Cidr-Ranges
LambdaResourcePolicy:
Type: 'AWS::Lambda::Permission'
Properties:
FunctionName:
Ref: MainLambdaFunction
Principal: sns.amazonaws.com
Action: 'lambda:InvokeFunction'
SourceArn: ${self:custom.sns_topic_amazon_ip_space_changed}
SNSSubscription:
Type: "AWS::SNS::Subscription"
Properties:
Endpoint: !GetAtt MainLambdaFunction.Arn
Protocol: lambda
Region: us-east-1
TopicArn: ${self:custom.sns_topic_amazon_ip_space_changed}