shu85t/Notify_RdsMaintenancePendingActions.yml

## Notify_RdsMaintenancePendingActions.yml
AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: Notify "RDS Maintenance Pending Actions"

Parameters:
  AppName:
    Type: String
    Default: NotifyRDSMaintenancePendingActions
    Description: Application Name. Use as resource prefix.
  TopicArn:
    Type: String
    Description: e.g. arn:aws:sns:ap-northeast-1:11111111:topicname

Resources:
  Function:
    Type: 'AWS::Serverless::Function'
    Properties:
      FunctionName: !Sub ${AppName}
      Handler: index.main
      Runtime: python3.9
      InlineCode: |
        import json
        import boto3
        import os

        rds = boto3.client('rds')
        sns = boto3.client('sns')
        TOPIC_ARN = os.environ["TOPIC_ARN"]

        def main(event, context):
            # Describe
            paginator = rds.get_paginator('describe_pending_maintenance_actions')
            iter = paginator.paginate()
            for res in iter:
                for action in res["PendingMaintenanceActions"]:
                    # Publish
                    message = json.dumps(action, default=str)
                    print(f"publish {TOPIC_ARN=} {message=}")
                    sns.publish(
                        TopicArn=TOPIC_ARN,
                        Subject="RDS Pending Maintenance Action",
                        Message=message
                    )

            # return
            return {
                'statusCode': 200,
                'body': "ok"
            }
      Description: 'Describe RDS PendingMaintenanceActions & Notify Actions to SNS Topic if they exist'
      MemorySize: 128
      Timeout: 20
      Role: !GetAtt IAMRole.Arn
      Environment:
        Variables:
          TOPIC_ARN: !Sub ${TopicArn}
  IAMRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: !Sub ${AppName}-role
        AssumeRolePolicyDocument:
          Version: 2012-10-17
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action: sts:AssumeRole
        ManagedPolicyArns:
          - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
  IAMPolicy:
      Type: "AWS::IAM::Policy"
      Properties:
        PolicyName: !Sub ${AppName}-policy
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: "Allow"
              Action: "sns:Publish"
              Resource:
                - !Ref TopicArn
            - Effect: "Allow"
              Action: "rds:DescribePendingMaintenanceActions"
              Resource: "*"
        Roles:
          - !Ref IAMRole
	AWSTemplateFormatVersion: '2010-09-09'
	Transform: 'AWS::Serverless-2016-10-31'
	Description: Notify "RDS Maintenance Pending Actions"

	Parameters:
	AppName:
	Type: String
	Default: NotifyRDSMaintenancePendingActions
	Description: Application Name. Use as resource prefix.
	TopicArn:
	Type: String
	Description: e.g. arn:aws:sns:ap-northeast-1:11111111:topicname

	Resources:
	Function:
	Type: 'AWS::Serverless::Function'
	Properties:
	FunctionName: !Sub ${AppName}
	Handler: index.main
	Runtime: python3.9
	InlineCode: \|
	import json
	import boto3
	import os

	rds = boto3.client('rds')
	sns = boto3.client('sns')
	TOPIC_ARN = os.environ["TOPIC_ARN"]

	def main(event, context):
	# Describe
	paginator = rds.get_paginator('describe_pending_maintenance_actions')
	iter = paginator.paginate()
	for res in iter:
	for action in res["PendingMaintenanceActions"]:
	# Publish
	message = json.dumps(action, default=str)
	print(f"publish {TOPIC_ARN=} {message=}")
	sns.publish(
	TopicArn=TOPIC_ARN,
	Subject="RDS Pending Maintenance Action",
	Message=message
	)

	# return
	return {
	'statusCode': 200,
	'body': "ok"
	}
	Description: 'Describe RDS PendingMaintenanceActions & Notify Actions to SNS Topic if they exist'
	MemorySize: 128
	Timeout: 20
	Role: !GetAtt IAMRole.Arn
	Environment:
	Variables:
	TOPIC_ARN: !Sub ${TopicArn}
	IAMRole:
	Type: AWS::IAM::Role
	Properties:
	RoleName: !Sub ${AppName}-role
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- lambda.amazonaws.com
	Action: sts:AssumeRole
	ManagedPolicyArns:
	- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
	IAMPolicy:
	Type: "AWS::IAM::Policy"
	Properties:
	PolicyName: !Sub ${AppName}-policy
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Allow"
	Action: "sns:Publish"
	Resource:
	- !Ref TopicArn
	- Effect: "Allow"
	Action: "rds:DescribePendingMaintenanceActions"
	Resource: "*"
	Roles:
	- !Ref IAMRole