Created
February 12, 2023 10:55
-
-
Save jonesy1234/8f7f4049d407b9c955843db0bd7cd3ab to your computer and use it in GitHub Desktop.
github-webhook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Transform: AWS::Serverless-2016-10-31 | |
Description: > | |
github-webhook | |
Amazon EventBridge Inbound webhooks using lambda fURLs CFN Template. | |
Parameters: | |
GithubWebhookSecret: | |
Type: String | |
Description: Github webhook secret | |
NoEcho: true | |
AllowedPattern: ".+" | |
EventBusName: | |
Type: String | |
Description: EventBridge event bus name | |
Default: default | |
LambdaInvocationThreshold: | |
Type: String | |
Description: Innovation Alarm Threshold for number of events in a 5 minute period. | |
Default: 2000 | |
Resources: | |
WebhookSecretsManager: | |
Type: AWS::SecretsManager::Secret | |
Properties: | |
Name: !Sub WebhookSecret-${AWS::StackName} | |
Description: Secrets Manager for storing Webhook Secret | |
SecretString: !Ref GithubWebhookSecret | |
LambdaInvocationsAlarm: | |
Type: AWS::CloudWatch::Alarm | |
Properties: | |
AlarmDescription: !Sub Alarm for ${AWS::StackName} - InboundWebhook Lambda for traffic spikes | |
AlarmName: !Sub InboundWebhook-Lambda-Invocation-Alarm-${AWS::StackName} | |
MetricName: Invocations | |
Namespace: AWS/Lambda | |
Statistic: Sum | |
Period: "300" | |
EvaluationPeriods: "2" | |
Threshold: !Ref LambdaInvocationThreshold | |
Dimensions: | |
- Name: FunctionName | |
Value: !Ref WebhookFunction | |
ComparisonOperator: GreaterThanThreshold | |
WebhookFunction: | |
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction | |
DependsOn: WebhookSecretsManager | |
Properties: | |
FunctionName: !Sub [ | |
"InboundWebhook-Lambda-${ID}", | |
ID: !Select [2, !Split ["/", !Ref AWS::StackId]], | |
] # Append the stack UUID | |
CodeUri: | |
Bucket: !Sub "eventbridge-inbound-webhook-templates-prod-${AWS::Region}" | |
Key: "lambda-templates/github-lambdasrc.zip" | |
Handler: app.lambda_handler | |
Runtime: python3.8 | |
ReservedConcurrentExecutions: 10 | |
Environment: | |
Variables: | |
GITHUB_WEBHOOK_SECRET_ARN: !Ref WebhookSecretsManager | |
EVENT_BUS_NAME: !Ref EventBusName | |
MemorySize: 128 | |
Timeout: 100 | |
FunctionUrlConfig: | |
AuthType: NONE | |
Policies: | |
- EventBridgePutEventsPolicy: | |
EventBusName: !Ref EventBusName | |
- Version: "2012-10-17" | |
Statement: | |
- Effect: Allow | |
Action: | |
- secretsmanager:DescribeSecret | |
- secretsmanager:GetSecretValue | |
Resource: !Ref WebhookSecretsManager | |
Outputs: | |
FunctionUrlEndpoint: | |
Description: "Webhhook Function URL Endpoint" | |
Value: !GetAtt WebhookFunctionUrl.FunctionUrl | |
LambdaFunctionName: | |
Value: !Ref WebhookFunction | |
LambdaFunctionARN: | |
Description: Lambda function ARN. | |
Value: !GetAtt WebhookFunction.Arn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment