jonesy1234/gist:8f7f4049d407b9c955843db0bd7cd3ab

## gistfile1.txt
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
  github-webhook

  Amazon EventBridge Inbound webhooks using lambda fURLs CFN Template.

Parameters:
  GithubWebhookSecret:
    Type: String
    Description: Github webhook secret
    NoEcho: true
    AllowedPattern: ".+"

  EventBusName:
    Type: String
    Description: EventBridge event bus name
    Default: default

  LambdaInvocationThreshold:
    Type: String
    Description: Innovation Alarm Threshold for number of events in a 5 minute period.
    Default: 2000

Resources:
  WebhookSecretsManager:
    Type: AWS::SecretsManager::Secret
    Properties:
      Name: !Sub WebhookSecret-${AWS::StackName}
      Description: Secrets Manager for storing Webhook Secret
      SecretString: !Ref GithubWebhookSecret

  LambdaInvocationsAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmDescription: !Sub Alarm for ${AWS::StackName} - InboundWebhook Lambda for traffic spikes
      AlarmName: !Sub InboundWebhook-Lambda-Invocation-Alarm-${AWS::StackName}
      MetricName: Invocations
      Namespace: AWS/Lambda
      Statistic: Sum
      Period: "300"
      EvaluationPeriods: "2"
      Threshold: !Ref LambdaInvocationThreshold
      Dimensions:
        - Name: FunctionName
          Value: !Ref WebhookFunction
      ComparisonOperator: GreaterThanThreshold

  WebhookFunction:
    Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
    DependsOn: WebhookSecretsManager
    Properties:
      FunctionName: !Sub [
          "InboundWebhook-Lambda-${ID}",
          ID: !Select [2, !Split ["/", !Ref AWS::StackId]],
        ] # Append the stack UUID
      CodeUri:
        Bucket: !Sub "eventbridge-inbound-webhook-templates-prod-${AWS::Region}"
        Key: "lambda-templates/github-lambdasrc.zip"
      Handler: app.lambda_handler
      Runtime: python3.8
      ReservedConcurrentExecutions: 10
      Environment:
        Variables:
          GITHUB_WEBHOOK_SECRET_ARN: !Ref WebhookSecretsManager
          EVENT_BUS_NAME: !Ref EventBusName
      MemorySize: 128
      Timeout: 100
      FunctionUrlConfig:
        AuthType: NONE
      Policies:
        - EventBridgePutEventsPolicy:
            EventBusName: !Ref EventBusName
        - Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Action:
                - secretsmanager:DescribeSecret
                - secretsmanager:GetSecretValue
              Resource: !Ref WebhookSecretsManager

Outputs:
  FunctionUrlEndpoint:
    Description: "Webhhook Function URL Endpoint"
    Value: !GetAtt WebhookFunctionUrl.FunctionUrl

  LambdaFunctionName:
    Value: !Ref WebhookFunction

  LambdaFunctionARN:
    Description: Lambda function ARN.
    Value: !GetAtt WebhookFunction.Arn
	AWSTemplateFormatVersion: "2010-09-09"
	Transform: AWS::Serverless-2016-10-31
	Description: >
	github-webhook

	Amazon EventBridge Inbound webhooks using lambda fURLs CFN Template.

	Parameters:
	GithubWebhookSecret:
	Type: String
	Description: Github webhook secret
	NoEcho: true
	AllowedPattern: ".+"

	EventBusName:
	Type: String
	Description: EventBridge event bus name
	Default: default

	LambdaInvocationThreshold:
	Type: String
	Description: Innovation Alarm Threshold for number of events in a 5 minute period.
	Default: 2000

	Resources:
	WebhookSecretsManager:
	Type: AWS::SecretsManager::Secret
	Properties:
	Name: !Sub WebhookSecret-${AWS::StackName}
	Description: Secrets Manager for storing Webhook Secret
	SecretString: !Ref GithubWebhookSecret

	LambdaInvocationsAlarm:
	Type: AWS::CloudWatch::Alarm
	Properties:
	AlarmDescription: !Sub Alarm for ${AWS::StackName} - InboundWebhook Lambda for traffic spikes
	AlarmName: !Sub InboundWebhook-Lambda-Invocation-Alarm-${AWS::StackName}
	MetricName: Invocations
	Namespace: AWS/Lambda
	Statistic: Sum
	Period: "300"
	EvaluationPeriods: "2"
	Threshold: !Ref LambdaInvocationThreshold
	Dimensions:
	- Name: FunctionName
	Value: !Ref WebhookFunction
	ComparisonOperator: GreaterThanThreshold

	WebhookFunction:
	Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
	DependsOn: WebhookSecretsManager
	Properties:
	FunctionName: !Sub [
	"InboundWebhook-Lambda-${ID}",
	ID: !Select [2, !Split ["/", !Ref AWS::StackId]],
	] # Append the stack UUID
	CodeUri:
	Bucket: !Sub "eventbridge-inbound-webhook-templates-prod-${AWS::Region}"
	Key: "lambda-templates/github-lambdasrc.zip"
	Handler: app.lambda_handler
	Runtime: python3.8
	ReservedConcurrentExecutions: 10
	Environment:
	Variables:
	GITHUB_WEBHOOK_SECRET_ARN: !Ref WebhookSecretsManager
	EVENT_BUS_NAME: !Ref EventBusName
	MemorySize: 128
	Timeout: 100
	FunctionUrlConfig:
	AuthType: NONE
	Policies:
	- EventBridgePutEventsPolicy:
	EventBusName: !Ref EventBusName
	- Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action:
	- secretsmanager:DescribeSecret
	- secretsmanager:GetSecretValue
	Resource: !Ref WebhookSecretsManager

	Outputs:
	FunctionUrlEndpoint:
	Description: "Webhhook Function URL Endpoint"
	Value: !GetAtt WebhookFunctionUrl.FunctionUrl

	LambdaFunctionName:
	Value: !Ref WebhookFunction

	LambdaFunctionARN:
	Description: Lambda function ARN.
	Value: !GetAtt WebhookFunction.Arn