/
template.yml
executable file
·187 lines (184 loc) · 5.21 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: Serverless SES Page
Parameters:
ApplicationName:
Type: String
Default: 'ServerlessSESPage'
FrontPageApiStageName:
Type: String
Default: 'ProdStage'
ReceiptRuleSetName:
Type: String
Default: 'ServerlessSESReceiptRuleSet'
ReceiptRuleName1:
Type: String
Default: 'ServerlessSESReceiptRuleS3'
ReceiptRuleName2:
Type: String
Default: 'ServerlessSESReceiptRuleLambda'
TlsPolicy:
Type: String
Default: 'Require'
EmailInfoTableName:
Type: String
Default: 'email_info'
Description: (Required) The name of the new DynamoDB to store connection identifiers for each connected clients. Minimum 3 characters
MinLength: 3
MaxLength: 50
AllowedPattern: ^[A-Za-z_]+$
ConstraintDescription: 'Required. Can be characters and underscore only. No numbers or special characters allowed.'
Resources:
EmailBucket:
Type: AWS::S3::Bucket
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref EmailBucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: AllowSESPuts
Effect: Allow
Principal:
Service: 'ses.amazonaws.com'
Action: 's3:PutObject'
Resource: !Join
- ''
- - 'arn:aws:s3:::'
- !Ref EmailBucket
- /*
Condition:
StringEquals:
aws:Referer: !Ref 'AWS::AccountId'
FrontPageApi:
Type: AWS::Serverless::Api
Properties:
Name: ServerlessSESPageApi
EndpointConfiguration: REGIONAL
StageName: !Ref FrontPageApiStageName
FrontPageFunction:
Type: AWS::Serverless::Function
Properties:
Architectures:
- arm64
FunctionName: ServerlessSESPageFrontFunction
CodeUri: bin/
Handler: bootstrap
MemorySize: 256
Runtime: provided.al2
Description: 'SES Front Function'
Environment:
Variables:
REGION: !Ref 'AWS::Region'
API_PATH: !Join [ '', [ '/', !Ref FrontPageApiStageName, '/api'] ]
Events:
FrontPageApi:
Type: Api
Properties:
Path: '/'
Method: get
RestApiId: !Ref FrontPageApi
MainFunction:
Type: AWS::Serverless::Function
Properties:
Architectures:
- arm64
FunctionName: ServerlessSESPageMainFunction
CodeUri: api/check/bin/
Handler: bootstrap
MemorySize: 256
Runtime: provided.al2
Description: 'SES API Function'
Policies:
- S3CrudPolicy:
BucketName: !Ref EmailBucket
- DynamoDBCrudPolicy:
TableName: !Ref EmailInfoTableName
Environment:
Variables:
REGION: !Ref 'AWS::Region'
BUCKET_NAME: !Ref EmailBucket
TABLE_NAME: !Ref EmailInfoTableName
Events:
FrontPageApi:
Type: Api
Properties:
Path: '/api'
Method: post
RestApiId: !Ref FrontPageApi
ReceiptFunction:
Type: AWS::Serverless::Function
Properties:
Architectures:
- arm64
FunctionName: ServerlessSESPageReceiptFunction
CodeUri: api/receipt/bin/
Handler: bootstrap
MemorySize: 256
Runtime: provided.al2
Description: 'SES Receipt Function'
Policies:
- S3CrudPolicy:
BucketName: !Ref EmailBucket
- DynamoDBCrudPolicy:
TableName: !Ref EmailInfoTableName
Environment:
Variables:
REGION: !Ref 'AWS::Region'
BUCKET_NAME: !Ref EmailBucket
TABLE_NAME: !Ref EmailInfoTableName
ReceiptFunctionPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt ReceiptFunction.Arn
Action: lambda:InvokeFunction
Principal: ses.amazonaws.com
EmailInfoTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: "file"
AttributeType: "S"
KeySchema:
- AttributeName: "file"
KeyType: "HASH"
ProvisionedThroughput:
ReadCapacityUnits: 3
WriteCapacityUnits: 3
SSESpecification:
SSEEnabled: False
TableName: !Ref EmailInfoTableName
ReceiptRuleSet:
Type: AWS::SES::ReceiptRuleSet
Properties:
RuleSetName: !Ref ReceiptRuleSetName
ReceiptRule1:
Type: AWS::SES::ReceiptRule
Properties:
RuleSetName: !Ref ReceiptRuleSetName
Rule:
Name: !Ref ReceiptRuleName1
Enabled: true
ScanEnabled: true
TlsPolicy: !Ref TlsPolicy
Actions:
- S3Action:
BucketName: !Ref EmailBucket
ReceiptRule2:
Type: AWS::SES::ReceiptRule
Properties:
RuleSetName: !Ref ReceiptRuleSetName
After: !Ref ReceiptRule1
Rule:
Name: !Ref ReceiptRuleName2
Enabled: true
ScanEnabled: true
TlsPolicy: !Ref TlsPolicy
Actions:
- LambdaAction:
FunctionArn: !GetAtt ReceiptFunction.Arn
Outputs:
APIURI:
Description: "URI"
Value: !Join [ '', [ 'https://', !Ref FrontPageApi, '.execute-api.',!Ref 'AWS::Region','.amazonaws.com/',!Ref FrontPageApiStageName,'/'] ]