/
template.yaml
145 lines (134 loc) · 3.6 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: Notification of purchase information with EventBridge.
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
BucketName:
Description: S3 Bucket name
Type: String
Default: eventbridge-item-store
Region:
Description: Region
Type: String
Default: ap-southeast-2
SenderEmail:
Description: Email Address of the sender
Type: String
Default: verifiedEmail
Resources:
PurchaseInputRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: 'sts:AssumeRole'
Path: /
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
Policies:
- PolicyName: S3Policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 's3:PutObject'
Resource: !Sub "arn:aws:s3:::${BucketName}/*"
PurchaseProcessRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: 'sts:AssumeRole'
Path: /
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
Policies:
- PolicyName: SESPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "ses:SendEmail"
Resource: "*"
- PolicyName: ReadPurchasePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "s3:GetObject"
Resource: !Sub "arn:aws:s3:::${BucketName}/*"
api:
Type: AWS::Serverless::Api
Properties:
StageName: api
TracingEnabled: true
OpenApiVersion: 3.0.2
PurchaseDataInput:
Type: AWS::Serverless::Function
Properties:
Description: Function that takes in the customer info and writes into S3 bucket.
Handler: purchase_input.handler
Runtime: nodejs12.x
Role: !GetAtt PurchaseInputRole.Arn
CodeUri: .
Policies:
- AWSLambdaBasicExecutionRole
- AWSLambdaReadOnlyAccess
Events:
Input:
Type: Api
Properties:
RestApiId: !Ref api
Path: /purchase
Method: POST
Environment:
Variables:
BucketName:
Ref: BucketName
PurchaseDataProcess:
Type: AWS::Lambda::Function
Properties:
Description: Function that is called by EventBridge.
Handler: purchase_process.handler
Runtime: nodejs12.x
Role: !GetAtt PurchaseProcessRole.Arn
Code: .
Timeout: 10
Environment:
Variables:
SenderEmail: !Ref SenderEmail
Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
TransactionEventBridge:
Type: AWS::Events::Rule
Properties:
EventPattern:
source:
- aws.s3
detail-type:
- AWS API Call via CloudTrail
detail:
eventSource:
- s3.amazonaws.com
eventName:
- PutObject
requestParameters:
bucketName:
- eventbridge-item-store
Targets:
-
Id: EventBridgePurchaseProcessTarget
Arn: !GetAtt PurchaseDataProcess.Arn