maguzzi/lambda-invalidate.yaml

## lambda-invalidate.yaml
AWSTemplateFormatVersion: "2010-09-09"

Description: Lambda action cloudfront cache invalidation stack

Parameters:
  Stage:
    Type: String
    AllowedValues:
      - dev
      - prod
  CloudformationExportVar:
    Type: String
  ZipDate:
    Type: String

Resources:
  LambdaActionInvalidateCloudfrontDistribution:
    Properties:
      Runtime: python3.8
      Handler: index.lambda_handler
      Code:
        S3Bucket: "lambda-artifacts-bucket-maguzzi"
        S3Key: !Join [ "", [ "lambda-cloudfront-invalidate-", !Ref Stage, "-", !Ref ZipDate ,".zip"] ]
      Role: !GetAtt LambdaActionInvalidateCloudfrontDistributionRole.Arn
      Environment:
        Variables:
          CLOUDFRONT_DISTRIBUTION_ID:
            Fn::ImportValue:
              !Ref CloudformationExportVar

    Type: "AWS::Lambda::Function"

  LambdaActionInvalidateCloudfrontDistributionRole:
    Type: "AWS::IAM::Role"
    Properties:
      RoleName: !Join [ "-", [ "InvalidateCloudfrontDistributionRole", !Ref Stage ] ]
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: InvalidateCloudfrontDistributionPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - cloudfront:CreateInvalidation
                  - codepipeline:PutJobFailureResult
                  - codepipeline:PutJobSuccessResult
                Resource: "*"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"

Outputs:
  LambdaActionInvalidateCloudfrontDistributionOutput:
    Value: !Ref LambdaActionInvalidateCloudfrontDistribution
    Description: "Name of the created Lambda Action Invalidate Cloudfront Distribution"
    Export:
      Name: !Join ["-",[!Sub "${AWS::StackName}-LambdaName",!Ref Stage]]
	AWSTemplateFormatVersion: "2010-09-09"

	Description: Lambda action cloudfront cache invalidation stack

	Parameters:
	Stage:
	Type: String
	AllowedValues:
	- dev
	- prod
	CloudformationExportVar:
	Type: String
	ZipDate:
	Type: String

	Resources:
	LambdaActionInvalidateCloudfrontDistribution:
	Properties:
	Runtime: python3.8
	Handler: index.lambda_handler
	Code:
	S3Bucket: "lambda-artifacts-bucket-maguzzi"
	S3Key: !Join [ "", [ "lambda-cloudfront-invalidate-", !Ref Stage, "-", !Ref ZipDate ,".zip"] ]
	Role: !GetAtt LambdaActionInvalidateCloudfrontDistributionRole.Arn
	Environment:
	Variables:
	CLOUDFRONT_DISTRIBUTION_ID:
	Fn::ImportValue:
	!Ref CloudformationExportVar

	Type: "AWS::Lambda::Function"

	LambdaActionInvalidateCloudfrontDistributionRole:
	Type: "AWS::IAM::Role"
	Properties:
	RoleName: !Join [ "-", [ "InvalidateCloudfrontDistributionRole", !Ref Stage ] ]
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- lambda.amazonaws.com
	Action: "sts:AssumeRole"
	Policies:
	- PolicyName: InvalidateCloudfrontDistributionPolicy
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action:
	- cloudfront:CreateInvalidation
	- codepipeline:PutJobFailureResult
	- codepipeline:PutJobSuccessResult
	Resource: "*"
	ManagedPolicyArns:
	- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"

	Outputs:
	LambdaActionInvalidateCloudfrontDistributionOutput:
	Value: !Ref LambdaActionInvalidateCloudfrontDistribution
	Description: "Name of the created Lambda Action Invalidate Cloudfront Distribution"
	Export:
	Name: !Join ["-",[!Sub "${AWS::StackName}-LambdaName",!Ref Stage]]