Skip to content

Instantly share code, notes, and snippets.

@jquass

jquass/4_1_2_kickstart.yml Secret

Created April 11, 2023 14:03
Show Gist options
  • Save jquass/20b8b8ea779728a795cdfc2c315e845b to your computer and use it in GitHub Desktop.
Save jquass/20b8b8ea779728a795cdfc2c315e845b to your computer and use it in GitHub Desktop.
Download ZIP
4_1_2_kickstart.yml
Raw
4_1_2_kickstart.yml
AWSTemplateFormatVersion: '2010-09-09'
Description: Mastodon on AWS
Parameters:
DomainName:
Description: The domain name for the Mastodon instance (e.g. social.cloudonaut.io)
Type: String
SecretKeyBase:
Description: Mastodon config SECRET_KEY_BASE (README explains how to gennerate
the secret)
Type: String
NoEcho: true
OtpSecret:
Description: Mastodon config OTP_SECRET (README explains how to gennerate the
secret)
Type: String
NoEcho: true
VapidPrivateKey:
Description: Mastodon config VAPID_PRIVATE_KEY (README explains how to gennerate
the key)
Type: String
NoEcho: true
VapidPublicKey:
Description: Mastodon config VAPID_PUBLIC_KEY (README explains how to gennerate
the key)
Type: String
NoEcho: true
Spot:
Description: Reduce costs and decrease availability by running on Fargate Spot?
Type: String
Default: true
AllowedValues:
- true
- false
AlertingHttpsEndpoint:
Description: Send infrastructure alarms and notifications to this HTTPS endpoint.
(optional)
Type: String
Default: ''
AlertingEmail:
Description: Send infrastructure alarms and notifications to this email address.
(optional)
Type: String
Default: ''
DatabaseAllocatedStorage:
Description: Provisioned storage for MySQL database (RDS)
Type: String
Default: '5'
Resources:
Alerting:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
HttpsEndpoint:
Ref: AlertingHttpsEndpoint
Email:
Ref: AlertingEmail
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/bb25315db98353a3d0ee920383fcf41f.template
Key:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
AliasName: ''
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/08045067565895d23a4b4fa47ee66870.template
Secret:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
KmsKeyModule:
Fn::GetAtt:
- Key
- Outputs.StackName
Description: Database password for Mastodon on AWS
CharactersToExclude: '"@/\'
PasswordLength: 30
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/19f2f47723b74267bec8f1ff82c0508d.template
HostedZone:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
Name:
Ref: DomainName
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/369ea5b32e3bcb94d153cde2903d60ab.template
Vpc:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
ClassB: 0
NumberOfAvailabilityZones: 2
S3Endpoint: true
DynamoDBEndpoint: true
FlowLog: reject-only
FlowLogRetentionInDays: 14
NatGateways: false
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/d9306812f0b4190bc044fcb6bba68266.template
ClientSg:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/25b0546b4bb148dde1059393c09a1008.template
Bucket:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
Access: CloudFrontRead
Versioning: 'false'
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/81dd1a7734943407662ba884615029b1.template
CloudFront:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
OriginBucketModule:
Fn::GetAtt:
- Bucket
- Outputs.StackName
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/101adbf59794ab7a723685b60ecd8324.template
Cache:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
ClientSgModule:
Fn::GetAtt:
- ClientSg
- Outputs.StackName
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
KmsKeyModule:
Fn::GetAtt:
- Key
- Outputs.StackName
EngineVersion: 5.0.6
CacheNodeType: cache.t4g.micro
TransitEncryption: 'false'
AuthToken: ''
SnapshotRetentionLimit: '35'
SnapshotName: ''
NumShards: '1'
NumReplicas: '0'
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/cbd918d6953c5f64f556cd969e415b3e.template
Database:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
ClientSgModule:
Fn::GetAtt:
- ClientSg
- Outputs.StackName
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
KmsKeyModule:
Fn::GetAtt:
- Key
- Outputs.StackName
SecretModule:
Fn::GetAtt:
- Secret
- Outputs.StackName
DBAllocatedStorage:
Ref: DatabaseAllocatedStorage
DBInstanceClass: db.t4g.micro
DBName: mastodon
DBBackupRetentionPeriod: '30'
DBMasterUsername: mastodon
DBMultiAZ: 'false'
EngineVersion: '14.5'
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/90f6f6b0175104c2983da54d3840cf1d.template
Cluster:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/fae57f7dd124d2017a71d8b8f43aea04.template
WebService:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
ClusterModule:
Fn::GetAtt:
- Cluster
- Outputs.StackName
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
TargetModule:
Fn::GetAtt:
- Target
- Outputs.StackName
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
ClientSgModule1:
Fn::GetAtt:
- ClientSg
- Outputs.StackName
ManagedPolicyArns:
Ref: S3Policy
AppImage: mastodon/mastodon:v4.1.2
AppCommand: bash,-c,bundle exec rails db:migrate && bundle exec rails s -p
3000
AppPort: '3000'
AppEnvironment1Key: LOCAL_DOMAIN
AppEnvironment1Value:
Ref: DomainName
AppEnvironment2Key: REDIS_HOST
AppEnvironment2Value:
Fn::GetAtt:
- Cache
- Outputs.DnsName
AppEnvironment3Key: DB_PASS
AppEnvironment3SecretModule:
Fn::GetAtt:
- Secret
- Outputs.StackName
AppEnvironment4Key: ES_ENABLED
AppEnvironment4Value: 'false'
AppEnvironment4SecretModule: ''
AppEnvironment5Key: SECRET_KEY_BASE
AppEnvironment5Value:
Ref: SecretKeyBase
AppEnvironment5SecretModule: ''
AppEnvironment6Key: OTP_SECRET
AppEnvironment6Value:
Ref: OtpSecret
AppEnvironment7Key: VAPID_PRIVATE_KEY
AppEnvironment7Value:
Ref: VapidPrivateKey
AppEnvironment8Key: VAPID_PUBLIC_KEY
AppEnvironment8Value:
Ref: VapidPublicKey
AppEnvironment9Key: S3_ENABLED
AppEnvironment9Value: 'true'
AppEnvironment10Key: S3_BUCKET
AppEnvironment10Value:
Fn::GetAtt:
- Bucket
- Outputs.Name
AppEnvironment11Key: DB_NAME
AppEnvironment11Value: mastodon
AppEnvironment12Key: DB_USER
AppEnvironment12Value: mastodon
AppEnvironment13Key: DB_HOST
AppEnvironment13Value:
Fn::GetAtt:
- Database
- Outputs.DnsName
AppEnvironment14Key: RAILS_ENV
AppEnvironment14Value: production
AppEnvironment15Key: SMTP_SERVER
AppEnvironment15Value:
Fn::Sub: email-smtp.${AWS::Region}.amazonaws.com
AppEnvironment16Key: SMTP_PORT
AppEnvironment16Value: '587'
AppEnvironment17Key: SMTP_LOGIN
AppEnvironment17Value:
Ref: EmailUserAccessKey
AppEnvironment18Key: SMTP_PASSWORD
AppEnvironment18Value:
Fn::GetAtt:
- SmtpPasswordConverter
- SmtpPassword
AppEnvironment19Key: SMTP_FROM_ADDRESS
AppEnvironment19Value:
Fn::Sub: noreply@${DomainName}
AppEnvironment20Key: S3_REGION
AppEnvironment20Value:
Ref: AWS::Region
AppEnvironment21Key: S3_ALIAS_HOST
AppEnvironment21Value:
Fn::GetAtt:
- CloudFront
- Outputs.DistributionDomainName
AppEnvironment22Key: S3_PERMISSION
AppEnvironment22Value: private
Cpu: '0.5'
Memory: '1'
DesiredCount: '1'
MaxCapacity: '1'
MinCapacity: '1'
LogsRetentionInDays: '14'
SubnetsReach: Public
AutoScaling: 'false'
HealthCheckGracePeriodSeconds: '60'
Spot:
Ref: Spot
CpuArchitecture: X86_64
OperatingSystemFamily: LINUX
ExecuteCommand: true
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/76f6b76d113845619c7428d55aeb4357.template
StreamingApiService:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
ClusterModule:
Fn::GetAtt:
- Cluster
- Outputs.StackName
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
TargetModule:
Fn::GetAtt:
- StreamingApiTarget
- Outputs.StackName
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
ClientSgModule1:
Fn::GetAtt:
- ClientSg
- Outputs.StackName
ManagedPolicyArns:
Ref: S3Policy
AppImage: mastodon/mastodon:v4.1.2
AppCommand: bash,-c,node ./streaming
AppPort: '4000'
AppEnvironment1Key: LOCAL_DOMAIN
AppEnvironment1Value:
Ref: DomainName
AppEnvironment2Key: REDIS_HOST
AppEnvironment2Value:
Fn::GetAtt:
- Cache
- Outputs.DnsName
AppEnvironment3Key: DB_PASS
AppEnvironment3SecretModule:
Fn::GetAtt:
- Secret
- Outputs.StackName
AppEnvironment4Key: ES_ENABLED
AppEnvironment4Value: 'false'
AppEnvironment4SecretModule: ''
AppEnvironment5Key: SECRET_KEY_BASE
AppEnvironment5Value:
Ref: SecretKeyBase
AppEnvironment5SecretModule: ''
AppEnvironment6Key: OTP_SECRET
AppEnvironment6Value:
Ref: OtpSecret
AppEnvironment7Key: VAPID_PRIVATE_KEY
AppEnvironment7Value:
Ref: VapidPrivateKey
AppEnvironment8Key: VAPID_PUBLIC_KEY
AppEnvironment8Value:
Ref: VapidPublicKey
AppEnvironment9Key: S3_ENABLED
AppEnvironment9Value: 'true'
AppEnvironment10Key: S3_BUCKET
AppEnvironment10Value:
Fn::GetAtt:
- Bucket
- Outputs.Name
AppEnvironment11Key: DB_NAME
AppEnvironment11Value: mastodon
AppEnvironment12Key: DB_USER
AppEnvironment12Value: mastodon
AppEnvironment13Key: DB_HOST
AppEnvironment13Value:
Fn::GetAtt:
- Database
- Outputs.DnsName
AppEnvironment14Key: RAILS_ENV
AppEnvironment14Value: production
AppEnvironment15Key: SMTP_SERVER
AppEnvironment15Value:
Fn::Sub: email-smtp.${AWS::Region}.amazonaws.com
AppEnvironment16Key: SMTP_PORT
AppEnvironment16Value: '587'
AppEnvironment17Key: SMTP_LOGIN
AppEnvironment17Value:
Ref: EmailUserAccessKey
AppEnvironment18Key: SMTP_PASSWORD
AppEnvironment18Value:
Fn::GetAtt:
- SmtpPasswordConverter
- SmtpPassword
AppEnvironment19Key: SMTP_FROM_ADDRESS
AppEnvironment19Value:
Fn::Sub: noreply@${DomainName}
AppEnvironment20Key: S3_REGION
AppEnvironment20Value:
Ref: AWS::Region
AppEnvironment21Key: S3_ALIAS_HOST
AppEnvironment21Value:
Fn::GetAtt:
- CloudFront
- Outputs.DistributionDomainName
AppEnvironment22Key: S3_PERMISSION
AppEnvironment22Value: private
Cpu: '0.25'
Memory: '0.5'
DesiredCount: '1'
MaxCapacity: '1'
MinCapacity: '1'
LogsRetentionInDays: '14'
SubnetsReach: Public
AutoScaling: 'false'
HealthCheckGracePeriodSeconds: '60'
Spot:
Ref: Spot
CpuArchitecture: X86_64
OperatingSystemFamily: LINUX
ExecuteCommand: true
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/76f6b76d113845619c7428d55aeb4357.template
SidekiqService:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
ClusterModule:
Fn::GetAtt:
- Cluster
- Outputs.StackName
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
ClientSgModule1:
Fn::GetAtt:
- ClientSg
- Outputs.StackName
ManagedPolicyArns:
Ref: S3Policy
AppImage: mastodon/mastodon:v4.1.2
AppCommand: bash,-c,bundle exec sidekiq
AppEnvironment1Key: LOCAL_DOMAIN
AppEnvironment1Value:
Ref: DomainName
AppEnvironment2Key: REDIS_HOST
AppEnvironment2Value:
Fn::GetAtt:
- Cache
- Outputs.DnsName
AppEnvironment3Key: DB_PASS
AppEnvironment3SecretModule:
Fn::GetAtt:
- Secret
- Outputs.StackName
AppEnvironment4Key: ES_ENABLED
AppEnvironment4Value: 'false'
AppEnvironment4SecretModule: ''
AppEnvironment5Key: SECRET_KEY_BASE
AppEnvironment5Value:
Ref: SecretKeyBase
AppEnvironment5SecretModule: ''
AppEnvironment6Key: OTP_SECRET
AppEnvironment6Value:
Ref: OtpSecret
AppEnvironment7Key: VAPID_PRIVATE_KEY
AppEnvironment7Value:
Ref: VapidPrivateKey
AppEnvironment8Key: VAPID_PUBLIC_KEY
AppEnvironment8Value:
Ref: VapidPublicKey
AppEnvironment9Key: S3_ENABLED
AppEnvironment9Value: 'true'
AppEnvironment10Key: S3_BUCKET
AppEnvironment10Value:
Fn::GetAtt:
- Bucket
- Outputs.Name
AppEnvironment11Key: DB_NAME
AppEnvironment11Value: mastodon
AppEnvironment12Key: DB_USER
AppEnvironment12Value: mastodon
AppEnvironment13Key: DB_HOST
AppEnvironment13Value:
Fn::GetAtt:
- Database
- Outputs.DnsName
AppEnvironment14Key: RAILS_ENV
AppEnvironment14Value: production
AppEnvironment15Key: SMTP_SERVER
AppEnvironment15Value:
Fn::Sub: email-smtp.${AWS::Region}.amazonaws.com
AppEnvironment16Key: SMTP_PORT
AppEnvironment16Value: '587'
AppEnvironment17Key: SMTP_LOGIN
AppEnvironment17Value:
Ref: EmailUserAccessKey
AppEnvironment18Key: SMTP_PASSWORD
AppEnvironment18Value:
Fn::GetAtt:
- SmtpPasswordConverter
- SmtpPassword
AppEnvironment19Key: SMTP_FROM_ADDRESS
AppEnvironment19Value:
Fn::Sub: noreply@${DomainName}
AppEnvironment20Key: S3_REGION
AppEnvironment20Value:
Ref: AWS::Region
AppEnvironment21Key: S3_ALIAS_HOST
AppEnvironment21Value:
Fn::GetAtt:
- CloudFront
- Outputs.DistributionDomainName
AppEnvironment22Key: S3_PERMISSION
AppEnvironment22Value: private
Cpu: '0.25'
Memory: '1'
DesiredCount: '1'
MaxCapacity: '1'
MinCapacity: '1'
LogsRetentionInDays: '14'
SubnetsReach: Public
AutoScaling: 'false'
HealthCheckGracePeriodSeconds: '60'
Spot:
Ref: Spot
CpuArchitecture: X86_64
OperatingSystemFamily: LINUX
ExecuteCommand: true
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/76f6b76d113845619c7428d55aeb4357.template
AlbAccessLogBucket:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
Access: ElbAccessLogWrite
Versioning: 'false'
ExpirationInDays: '14'
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/81dd1a7734943407662ba884615029b1.template
Alb:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
BucketModule:
Fn::GetAtt:
- AlbAccessLogBucket
- Outputs.StackName
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
Scheme: internet-facing
IdleTimeoutInSeconds: '60'
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/019c64cd88283500bd1046f6667fd3da.template
AlbListener:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
AlbModule:
Fn::GetAtt:
- Alb
- Outputs.StackName
Port: '443'
CertificateArn:
Fn::GetAtt:
- Certificate
- Outputs.Arn
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/60d376baf9df177ef409a6cbbc9844cd.template
HttpListener:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
AlbModule:
Fn::GetAtt:
- Alb
- Outputs.StackName
Port: '80'
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/60d376baf9df177ef409a6cbbc9844cd.template
Redirect:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
AlbListenerModule:
Fn::GetAtt:
- HttpListener
- Outputs.StackName
RedirectPort: '443'
Priority: '1'
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/cb8719b3126c24164e7f50a144ae6d70.template
Target:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
AlbModule:
Fn::GetAtt:
- Alb
- Outputs.StackName
AlbListenerModule:
Fn::GetAtt:
- AlbListener
- Outputs.StackName
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
HealthCheckPath: /health
Priority: 3
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/24cf8ac2cb4ef96915ed55c63019e1eb.template
StreamingApiTarget:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
AlbModule:
Fn::GetAtt:
- Alb
- Outputs.StackName
AlbListenerModule:
Fn::GetAtt:
- AlbListener
- Outputs.StackName
VpcModule:
Fn::GetAtt:
- Vpc
- Outputs.StackName
AlertingModule:
Fn::GetAtt:
- Alerting
- Outputs.StackName
HealthCheckPath: /api/v1/streaming/health
PathPattern: /api/v1/streaming/*
Priority: 2
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/24cf8ac2cb4ef96915ed55c63019e1eb.template
Certificate:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
HostedZoneModule:
Fn::GetAtt:
- HostedZone
- Outputs.StackName
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/a511f8593b7d394e9bc0060224f63264.template
Record:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
HostedZoneModule:
Fn::GetAtt:
- HostedZone
- Outputs.StackName
LoadBalancerModule:
Fn::GetAtt:
- Alb
- Outputs.StackName
SubDomainNameWithDot: ''
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/845bd72ad5102ba5fcc43072100f2c23.template
S3Policy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Accessing S3 bucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: s3:*
Resource:
Fn::Split:
- ','
- Fn::GetAtt:
- Bucket
- Outputs.IamResources
EmailIdentity:
Type: AWS::SES::EmailIdentity
Properties:
DkimAttributes:
SigningEnabled: true
EmailIdentity:
Ref: DomainName
Dkim1Record:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId:
Fn::GetAtt:
- HostedZone
- Outputs.Id
Name:
Fn::GetAtt:
- EmailIdentity
- DkimDNSTokenName1
ResourceRecords:
- Fn::GetAtt:
- EmailIdentity
- DkimDNSTokenValue1
TTL: 300
Type: CNAME
Dkim2Record:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId:
Fn::GetAtt:
- HostedZone
- Outputs.Id
Name:
Fn::GetAtt:
- EmailIdentity
- DkimDNSTokenName2
ResourceRecords:
- Fn::GetAtt:
- EmailIdentity
- DkimDNSTokenValue2
TTL: 300
Type: CNAME
Dkim3Record:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId:
Fn::GetAtt:
- HostedZone
- Outputs.Id
Name:
Fn::GetAtt:
- EmailIdentity
- DkimDNSTokenName3
ResourceRecords:
- Fn::GetAtt:
- EmailIdentity
- DkimDNSTokenValue3
TTL: 300
Type: CNAME
EmailUser:
Type: AWS::IAM::User
Properties:
Policies:
- PolicyName: ses
PolicyDocument:
Statement:
- Effect: Allow
Action: ses:SendRawEmail
Resource: '*'
EmailUserAccessKey:
Type: AWS::IAM::AccessKey
Properties:
Serial: 1
Status: Active
UserName:
Ref: EmailUser
LambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
LambdaPolicy:
Type: AWS::IAM::Policy
Properties:
Roles:
- Ref: LambdaRole
PolicyName: lambda
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
Fn::GetAtt:
- LambdaLogGroup
- Arn
SmtpPasswordConverterLamdaFunction:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: "'use strict';\nconst response = require('cfn-response');\nconst\
\ buffer = require('buffer');\nconst crypto = require('crypto');\n\nfunction\
\ sign(key, message) {\n const hmac = crypto.createHmac('sha256', buffer.Buffer.from(key.map((a)\
\ => a.charCodeAt(0)))).update(message);\n return hmac.digest('binary').toString().split('');\n\
};\n\nfunction calculateSesSmtpPassword(secretAccessKey, region) {\n const\
\ date = '11111111';\n const service = 'ses';\n const terminal = 'aws4_request';\n\
\ const message = 'SendRawEmail';\n const version = [0x04];\n let signature\
\ = sign(`AWS4${secretAccessKey}`.split(''), date);\n signature = sign(signature,\
\ region);\n signature = sign(signature, service);\n signature = sign(signature,\
\ terminal);\n signature = sign(signature, message);\n const signatureAndVersion\
\ = version.slice();\n signature.forEach((a) => signatureAndVersion.push(a.charCodeAt(0)));\n\
\ return buffer.Buffer.from(signatureAndVersion).toString('base64');\n\
};\n\nexports.handler = (event, context, cb) => {\n const key = event.ResourceProperties.SecretAccessKey;\n\
\ const region = event.ResourceProperties.Region;\n if (event.RequestType\
\ === 'Delete') {\n response.send(event, context, response.SUCCESS, {});\n\
\ } else if (event.RequestType === 'Create') {\n response.send(event,\
\ context, response.SUCCESS, {SmtpPassword: calculateSesSmtpPassword(key,\
\ region)});\n } else if (event.RequestType === 'Update') {\n response.send(event,\
\ context, response.SUCCESS, {SmtpPassword: calculateSesSmtpPassword(key,\
\ region)});\n } else {\n response.send(event, context, response.FAILED,\
\ {});\n }\n};\n"
Handler: index.handler
MemorySize: 128
Role:
Fn::GetAtt:
- LambdaRole
- Arn
Runtime: nodejs16.x
Timeout: 60
LambdaLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName:
Fn::Sub: /aws/lambda/${SmtpPasswordConverterLamdaFunction}
RetentionInDays: 14
SmtpPasswordConverter:
Type: Custom::SmtpPasswordConverter
DependsOn:
- LambdaLogGroup
- LambdaPolicy
Version: '1.0'
Properties:
SecretAccessKey:
Fn::GetAtt:
- EmailUserAccessKey
- SecretAccessKey
Region:
Ref: AWS::Region
ServiceToken:
Fn::GetAtt:
- SmtpPasswordConverterLamdaFunction
- Arn
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment