Last active
July 8, 2020 23:32
-
-
Save diondree/f9509bdb70a83b30d19a13b965e5e667 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Lambda resource stack creation using Amplify CLI", | |
"Parameters": { | |
"CloudWatchRule": { | |
"Type": "String", | |
"Default": "NONE", | |
"Description": " Schedule Expression" | |
}, | |
"env": { | |
"Type": "String" | |
}, | |
"authdpportalb4b5d85fUserPoolId": { | |
"Type": "String", | |
"Default": "authdpportalb4b5d85fUserPoolId" | |
} | |
}, | |
"Conditions": { | |
"ShouldNotCreateEnvResources": { | |
"Fn::Equals": [ | |
{ | |
"Ref": "env" | |
}, | |
"NONE" | |
] | |
} | |
}, | |
"Resources": { | |
"LambdaFunction": { | |
"Type": "AWS::Lambda::Function", | |
"Metadata": { | |
"aws:asset:path": "./src", | |
"aws:asset:property": "Code" | |
}, | |
"Properties": { | |
"Handler": "index.handler", | |
"FunctionName": { | |
"Fn::If": [ | |
"ShouldNotCreateEnvResources", | |
"postUserSignUp", | |
{ | |
"Fn::Join": [ | |
"", | |
[ | |
"postUserSignUp", | |
"-", | |
{ | |
"Ref": "env" | |
} | |
] | |
] | |
} | |
] | |
}, | |
"VpcConfig": { | |
"SecurityGroupIds": ["sg-0a27f813858a654c4"], | |
"SubnetIds": [ | |
"subnet-0d43113e71a256616", | |
"subnet-030b7ec259264ab4e", | |
"subnet-0510905eab3add2b3" | |
] | |
}, | |
"Environment": { | |
"Variables": { | |
"ENV": { | |
"Ref": "env" | |
}, | |
"REGION": { | |
"Ref": "AWS::Region" | |
}, | |
"AUTH_DPPORTALB4B5D85F_USERPOOLID": { | |
"Ref": "authdpportalb4b5d85fUserPoolId" | |
}, | |
"SECRET_NAME": "rds-db-credentials/cluster-KT72YRCZ7NERNPGM7JKAXA32XM/postsignuplambda" | |
} | |
}, | |
"Role": { | |
"Fn::GetAtt": ["LambdaExecutionRole", "Arn"] | |
}, | |
"Runtime": "nodejs12.x", | |
"Timeout": "25", | |
"Code": { | |
"S3Bucket": "amplify-dpportal-dev-102359-deployment", | |
"S3Key": "amplify-builds/postUserSignUp-324d68636d4831792b66-build.zip" | |
} | |
} | |
}, | |
"LambdaExecutionRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"RoleName": { | |
"Fn::If": [ | |
"ShouldNotCreateEnvResources", | |
"dpportalLambdaRole95023132", | |
{ | |
"Fn::Join": [ | |
"", | |
[ | |
"dpportalLambdaRole95023132", | |
"-", | |
{ | |
"Ref": "env" | |
} | |
] | |
] | |
} | |
] | |
}, | |
"AssumeRolePolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Principal": { | |
"Service": ["lambda.amazonaws.com"] | |
}, | |
"Action": ["sts:AssumeRole"] | |
} | |
] | |
} | |
} | |
}, | |
"lambdaexecutionpolicy": { | |
"DependsOn": ["LambdaExecutionRole"], | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "lambda-execution-policy", | |
"Roles": [ | |
{ | |
"Ref": "LambdaExecutionRole" | |
} | |
], | |
"PolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"], | |
"Resource": { | |
"Fn::Sub": [ | |
"arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", | |
{ | |
"region": { | |
"Ref": "AWS::Region" | |
}, | |
"account": { | |
"Ref": "AWS::AccountId" | |
}, | |
"lambda": { | |
"Ref": "LambdaFunction" | |
} | |
} | |
] | |
} | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": ["ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces"], | |
"Resource": "*" | |
} | |
] | |
} | |
} | |
}, | |
"AmplifyResourcesPolicy": { | |
"DependsOn": ["LambdaExecutionRole"], | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "amplify-lambda-execution-policy", | |
"Roles": [ | |
{ | |
"Ref": "LambdaExecutionRole" | |
} | |
], | |
"PolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"cognito-identity:Describe*", | |
"cognito-identity:Get*", | |
"cognito-identity:List*", | |
"cognito-idp:Describe*", | |
"cognito-idp:AdminGetDevice", | |
"cognito-idp:AdminGetUser", | |
"cognito-idp:AdminList*", | |
"cognito-idp:List*", | |
"cognito-sync:Describe*", | |
"cognito-sync:Get*", | |
"cognito-sync:List*", | |
"iam:ListOpenIdConnectProviders", | |
"iam:ListRoles", | |
"sns:ListPlatformApplications" | |
], | |
"Resource": [ | |
{ | |
"Fn::Join": [ | |
"", | |
[ | |
"arn:aws:cognito-idp:", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
":", | |
{ | |
"Ref": "AWS::AccountId" | |
}, | |
":userpool/", | |
{ | |
"Ref": "authdpportalb4b5d85fUserPoolId" | |
} | |
] | |
] | |
} | |
] | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DeleteNetworkInterface" | |
], | |
"Resource": "*" | |
} | |
] | |
} | |
} | |
} | |
}, | |
"Outputs": { | |
"Name": { | |
"Value": { | |
"Ref": "LambdaFunction" | |
} | |
}, | |
"Arn": { | |
"Value": { | |
"Fn::GetAtt": ["LambdaFunction", "Arn"] | |
} | |
}, | |
"Region": { | |
"Value": { | |
"Ref": "AWS::Region" | |
} | |
}, | |
"LambdaExecutionRole": { | |
"Value": { | |
"Ref": "LambdaExecutionRole" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment