Last active
June 3, 2021 14:57
-
-
Save peter-sereda/526ce23e367f1a3d4407c22ae2e9892f to your computer and use it in GitHub Desktop.
Sad example of how verbose and messy Amplify and Cloudformation template files are. This 300 lines long piece of code is just an example of a descriptor for a tiny Lambda function listening to messages in SQS queue. Also keep in mind source code of the lambda itself on top of this as well as several other small config files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Lambda Function resource stack creation using Amplify CLI", | |
"Parameters": { | |
"CloudWatchRule": { | |
"Type": "String", | |
"Default": "NONE", | |
"Description": " Schedule Expression" | |
}, | |
"env": { | |
"Type": "String" | |
}, | |
"someparam": { | |
"Type": "String", | |
"Default": "someparamdefault" | |
}, | |
"myqueueName": { | |
"Type": "String", | |
"Default": "myqueueName" | |
}, | |
"deploymentBucketName": { | |
"Type": "String" | |
}, | |
"s3Key": { | |
"Type": "String" | |
}, | |
"myqueueArn": { | |
"Type": "String", | |
"Default": "myqueueArn" | |
} | |
}, | |
"Conditions": { | |
"ShouldNotCreateEnvResources": { | |
"Fn::Equals": [ | |
{ | |
"Ref": "env" | |
}, | |
"NONE" | |
] | |
} | |
}, | |
"Resources": { | |
"LambdaFunction": { | |
"Type": "AWS::Lambda::Function", | |
"Metadata": { | |
"aws:asset:path": "./src", | |
"aws:asset:property": "Code" | |
}, | |
"Properties": { | |
"Handler": "myLambdaModule.handler", | |
"FunctionName": { | |
"Fn::If": [ | |
"ShouldNotCreateEnvResources", | |
"myqueueName", | |
{ | |
"Fn::Join": [ | |
"", | |
[ | |
"myqueueName", | |
"-", | |
{ | |
"Ref": "env" | |
} | |
] | |
] | |
} | |
] | |
}, | |
"Environment": { | |
"Variables": { | |
"ENV": { | |
"Ref": "env" | |
}, | |
"REGION": { | |
"Ref": "AWS::Region" | |
}, | |
"MY_LAMBDA_PARAM_ENV_VARIABLE": { | |
"Ref": "someparam" | |
} | |
} | |
}, | |
"Role": { | |
"Fn::GetAtt": [ | |
"LambdaExecutionRole", | |
"Arn" | |
] | |
}, | |
"Runtime": "nodejs14.x", | |
"MemorySize": 256, | |
"Layers": [], | |
"Code": { | |
"S3Bucket": { | |
"Ref": "deploymentBucketName" | |
}, | |
"S3Key": { | |
"Ref": "s3Key" | |
} | |
}, | |
"Timeout": "240" | |
} | |
}, | |
"LambdaExecutionRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"RoleName": { | |
"Fn::If": [ | |
"ShouldNotCreateEnvResources", | |
"lambadSqsHandlerRoleName2c24c2", | |
{ | |
"Fn::Join": [ | |
"", | |
[ | |
"lambadSqsHandlerRoleName2c24c2", | |
"-", | |
{ | |
"Ref": "env" | |
} | |
] | |
] | |
} | |
] | |
}, | |
"AssumeRolePolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Principal": { | |
"Service": [ | |
"lambda.amazonaws.com" | |
] | |
}, | |
"Action": [ | |
"sts:AssumeRole" | |
] | |
} | |
] | |
} | |
} | |
}, | |
"LambdaFunctionEventSourceMapping": { | |
"DependsOn": [ | |
"lambdaexecutionpolicy" | |
], | |
"Type": "AWS::Lambda::EventSourceMapping", | |
"Properties": { | |
"EventSourceArn": { | |
"Ref": "myqueueArn" | |
}, | |
"FunctionName": { | |
"Ref": "LambdaFunction" | |
}, | |
"BatchSize": 1 | |
} | |
}, | |
"lambdaexecutionpolicy": { | |
"DependsOn": [ | |
"LambdaExecutionRole" | |
], | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "lambda-execution-policy", | |
"Roles": [ | |
{ | |
"Ref": "LambdaExecutionRole" | |
} | |
], | |
"PolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Resource": { | |
"Fn::Sub": [ | |
"arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", | |
{ | |
"region": { | |
"Ref": "AWS::Region" | |
}, | |
"account": { | |
"Ref": "AWS::AccountId" | |
}, | |
"lambda": { | |
"Ref": "LambdaFunction" | |
} | |
} | |
] | |
} | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"sqs:ReceiveMessage", | |
"sqs:DeleteMessage", | |
"sqs:GetQueueAttributes" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"secretsmanager:CreateSecret", | |
"secretsmanager:Describe*", | |
"secretsmanager:Get*", | |
"secretsmanager:List*" | |
], | |
"Resource": { | |
"Fn::Sub": [ | |
"arn:aws:secretsmanager:${region}:${account}:secret:*", | |
{ | |
"region": { | |
"Ref": "AWS::Region" | |
}, | |
"account": { | |
"Ref": "AWS::AccountId" | |
}, | |
"lambda": { | |
"Ref": "LambdaFunction" | |
} | |
} | |
] | |
} | |
} | |
] | |
} | |
} | |
}, | |
"AmplifyResourcesPolicy": { | |
"DependsOn": [ | |
"LambdaExecutionRole" | |
], | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "amplify-lambda-execution-policy", | |
"Roles": [ | |
{ | |
"Ref": "LambdaExecutionRole" | |
} | |
], | |
"PolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"dynamodb:Put*", | |
"dynamodb:Create*", | |
"dynamodb:BatchWriteItem", | |
"dynamodb:Get*", | |
"dynamodb:BatchGetItem", | |
"dynamodb:List*", | |
"dynamodb:Describe*", | |
"dynamodb:Scan", | |
"dynamodb:Query", | |
"dynamodb:Update*", | |
"dynamodb:RestoreTable*", | |
"dynamodb:Delete*" | |
], | |
"Resource": [ | |
{ | |
"Ref": "storagemyprojectdbArn" | |
}, | |
{ | |
"Fn::Join": [ | |
"/", | |
[ | |
{ | |
"Ref": "storagemyprojectdbArn" | |
}, | |
"index/*" | |
] | |
] | |
} | |
] | |
} | |
] | |
} | |
} | |
} | |
}, | |
"Outputs": { | |
"Name": { | |
"Value": { | |
"Ref": "LambdaFunction" | |
} | |
}, | |
"Arn": { | |
"Value": { | |
"Fn::GetAtt": [ | |
"LambdaFunction", | |
"Arn" | |
] | |
} | |
}, | |
"Region": { | |
"Value": { | |
"Ref": "AWS::Region" | |
} | |
}, | |
"LambdaExecutionRole": { | |
"Value": { | |
"Ref": "LambdaExecutionRole" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment