theneverstill/template.yaml

## template.yaml
# ----
# CloudFormation yaml for S3 bucket + Lambda trigger
# ----
Parameters:
  UserProfileArtifactS3BucketName:
    Type: String
    Description: The name of the S3 bucket that contains the user profile images.
  UserProfileLambdaFunctionName:
    Type: String
    Description: The name of the image optimizer S3 trigger lambda function.
  UserProfileLambdaFunctionArchiveS3BucketName:
    Type: String
    Description: The name of the S3 bucket that contains the archive of the image optimizer S3 trigger lambda function. Assumes Stratus already has a bucket for this purpose.
  UserProfileLambdaFunctionArchiveS3KeyName:
    Type: String
    Description: The name of the S3 key that contains the archive of the image optimizer S3 trigger lambda function. Assumes Stratus already has a bucket for this purpose.

Resources:
  UserProfileManagerS3:
    Type: AWS::S3::Bucket
    DependsOn: UserProfileManagerLambdaInvokePermission
    Properties:
      BucketName: !Ref UserProfileArtifactS3BucketName
      NotificationConfiguration:
        LambdaConfigurations:
          - Event: s3:ObjectCreated:Put
            Filter:
              S3Key:
                Rules:
                  - Name: prefix
                    Value: "original/"
            Function: !GetAtt UserProfileManagerLambdaFunction.Arn

  UserProfileManagerLambdaInvokePermission:
    Type: AWS::Lambda::Permission
    DependsOn: UserProfileManagerLambdaFunction
    Properties:
      FunctionName:
        Fn::GetAtt:
          - UserProfileManagerLambdaFunction
          - Arn
      Action: lambda:InvokeFunction
      Principal: s3.amazonaws.com
      SourceArn:
        Fn::Sub: arn:aws:s3:::${UserProfileArtifactS3BucketName}

  UserProfileManagerLambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Policies:
        - PolicyName: allowLogging
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - logs:*
              Resource: arn:aws:logs:*:*:*
        - PolicyName: crudObjects
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - s3:GetObject
              - s3:DeleteObject
              - s3:PutObject
              Resource:  !Sub 'arn:aws:s3:::${UserProfileArtifactS3BucketName}/*'

  UserProfileManagerLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Ref UserProfileLambdaFunctionName
      Handler: index.handler
      Code:
        S3Bucket: !Ref UserProfileLambdaFunctionArchiveS3BucketName
        S3Key: !Ref UserProfileLambdaFunctionArchiveS3KeyName
      Role: !GetAtt UserProfileManagerLambdaExecutionRole.Arn
      Runtime: nodejs16.x
      Timeout: 300
      MemorySize: 256

# ----
# CloudFormation yaml for optional dedicated RDS
# ----

Parameters:
  DedicatedRdsSecurityGroup:
    Type: String
    Description: The security group for the dedicated rds. Assumes Stratus already has a VPC and SG dedicated for this purpose.
  DedicatedRdsMasterUsername:
    Type: String
    Description: The master username for the dedicated rds.
  DedicatedRdsMasterUserSecretKmsKeyId:
    Type: String
    Description: The KMS Key Id of the key that contains the master user secret for the dedicated rds.

Resources:
  DedicatedRds:
    Type: AWS::RDS::DBInstance
    Properties:
      DBSecurityGroups:
        - !Ref DedicatedRdsSecurityGroup
      AllocatedStorage: '5'
      DBInstanceClass: db.t4g
      Engine: MySQL
      MasterUsername: !Ref DedicatedRdsMasterUsername
      ManageMasterUserPassword: true
      MasterUserSecret:
        KmsKeyId: !Ref DedicatedRdsMasterUserSecretKmsKeyId
    DeletionPolicy: Snapshot
	# ----
	# CloudFormation yaml for S3 bucket + Lambda trigger
	# ----
	Parameters:
	UserProfileArtifactS3BucketName:
	Type: String
	Description: The name of the S3 bucket that contains the user profile images.
	UserProfileLambdaFunctionName:
	Type: String
	Description: The name of the image optimizer S3 trigger lambda function.
	UserProfileLambdaFunctionArchiveS3BucketName:
	Type: String
	Description: The name of the S3 bucket that contains the archive of the image optimizer S3 trigger lambda function. Assumes Stratus already has a bucket for this purpose.
	UserProfileLambdaFunctionArchiveS3KeyName:
	Type: String
	Description: The name of the S3 key that contains the archive of the image optimizer S3 trigger lambda function. Assumes Stratus already has a bucket for this purpose.

	Resources:
	UserProfileManagerS3:
	Type: AWS::S3::Bucket
	DependsOn: UserProfileManagerLambdaInvokePermission
	Properties:
	BucketName: !Ref UserProfileArtifactS3BucketName
	NotificationConfiguration:
	LambdaConfigurations:
	- Event: s3:ObjectCreated:Put
	Filter:
	S3Key:
	Rules:
	- Name: prefix
	Value: "original/"
	Function: !GetAtt UserProfileManagerLambdaFunction.Arn

	UserProfileManagerLambdaInvokePermission:
	Type: AWS::Lambda::Permission
	DependsOn: UserProfileManagerLambdaFunction
	Properties:
	FunctionName:
	Fn::GetAtt:
	- UserProfileManagerLambdaFunction
	- Arn
	Action: lambda:InvokeFunction
	Principal: s3.amazonaws.com
	SourceArn:
	Fn::Sub: arn:aws:s3:::${UserProfileArtifactS3BucketName}

	UserProfileManagerLambdaExecutionRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- lambda.amazonaws.com
	Action:
	- sts:AssumeRole
	Policies:
	- PolicyName: allowLogging
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- logs:*
	Resource: arn:aws:logs:::*
	- PolicyName: crudObjects
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- s3:GetObject
	- s3:DeleteObject
	- s3:PutObject
	Resource: !Sub 'arn:aws:s3:::${UserProfileArtifactS3BucketName}/*'

	UserProfileManagerLambdaFunction:
	Type: AWS::Lambda::Function
	Properties:
	FunctionName: !Ref UserProfileLambdaFunctionName
	Handler: index.handler
	Code:
	S3Bucket: !Ref UserProfileLambdaFunctionArchiveS3BucketName
	S3Key: !Ref UserProfileLambdaFunctionArchiveS3KeyName
	Role: !GetAtt UserProfileManagerLambdaExecutionRole.Arn
	Runtime: nodejs16.x
	Timeout: 300
	MemorySize: 256

	# ----
	# CloudFormation yaml for optional dedicated RDS
	# ----

	Parameters:
	DedicatedRdsSecurityGroup:
	Type: String
	Description: The security group for the dedicated rds. Assumes Stratus already has a VPC and SG dedicated for this purpose.
	DedicatedRdsMasterUsername:
	Type: String
	Description: The master username for the dedicated rds.
	DedicatedRdsMasterUserSecretKmsKeyId:
	Type: String
	Description: The KMS Key Id of the key that contains the master user secret for the dedicated rds.

	Resources:
	DedicatedRds:
	Type: AWS::RDS::DBInstance
	Properties:
	DBSecurityGroups:
	- !Ref DedicatedRdsSecurityGroup
	AllocatedStorage: '5'
	DBInstanceClass: db.t4g
	Engine: MySQL
	MasterUsername: !Ref DedicatedRdsMasterUsername
	ManageMasterUserPassword: true
	MasterUserSecret:
	KmsKeyId: !Ref DedicatedRdsMasterUserSecretKmsKeyId
	DeletionPolicy: Snapshot