Skip to content

Instantly share code, notes, and snippets.

@thijsdev

thijsdev/sam.yml

Created July 19, 2018 15:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thijsdev/642f902c45e12f0e2303a12241b7c46b to your computer and use it in GitHub Desktop.
Save thijsdev/642f902c45e12f0e2303a12241b7c46b to your computer and use it in GitHub Desktop.
Download ZIP
Sam
Raw
sam.yml
AWSTemplateFormatVersion: "2010-09-09"
Transform: 'AWS::Serverless-2016-10-31'
Description: API to create and delete trial servers and accounts.
Globals:
Function:
Runtime: python3.6
MemorySize: 512
Timeout: 3
VpcConfig:
SecurityGroupIds:
- !Ref LambdaSecurityGroupId
SubnetIds: !Split
- ','
- Fn::ImportValue: private-subnets
Resources:
LambdaSecurityGroupId:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 'stackstate trial lambda'
Tags:
- Key: Name
Value: 'stackstate lambda'
VpcId: !ImportValue vpc
CreateSlot:
Type: 'AWS::Serverless::Function'
Properties:
Handler: api.index.create_slot
Environment:
Variables:
Foo: Bar
CodeUri: py-lambda-package.zip
Description: create_slot
Policies:
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ssm:GetParameters
- dynamodb:*
Resource:
- 'arn:aws:ssm:eu-west-1:705170121922:parameter/simple-ad/*'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Counters'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Trials'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Trials/index/Trial*'
- Effect: Allow
Action:
- cloudformation:CreateStack
Resource:
- 'arn:aws:cloudformation:eu-west-1:705170121922:stack/stackstate-trial*'
- Effect: Allow
Action:
- iam:PassRole
Resource:
- !GetAtt CFRole.Arn
- Effect: Allow
Action:
- s3:*
Resource:
- 'arn:aws:s3:::stackstate-trial-templates/*'
- Effect: Allow
Action:
- ec2:DescribeNetworkInterfaces
- ec2:CreateNetworkInterface
- ec2:DeleteNetworkInterface
Resource:
- "*"
Events:
Api:
Type: Api
Properties:
Path: /create-slot
Method: POST
RestApiId: !Ref RestApi
DeleteSlot:
Type: 'AWS::Serverless::Function'
Properties:
Handler: api.index.delete_slot
Environment:
Variables:
Foo: Bar
CodeUri: py-lambda-package.zip
Description: delete_slot
Policies:
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ssm:GetParameters
- dynamodb:*
Resource:
- 'arn:aws:ssm:eu-west-1:705170121922:parameter/simple-ad/*'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Counters'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Trials'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Trials/index/Trial*'
- Effect: Allow
Action:
- cloudformation:DeleteStack
Resource:
- 'arn:aws:cloudformation:eu-west-1:705170121922:stack/stackstate-trial*'
- Effect: Allow
Action:
- ec2:DescribeNetworkInterfaces
- ec2:CreateNetworkInterface
- ec2:DeleteNetworkInterface
Resource:
- "*"
Events:
Api:
Type: Api
Properties:
Path: /delete-slot/{slot_id}
Method: POST
RestApiId: !Ref RestApi
CheckSlots:
Type: 'AWS::Serverless::Function'
Properties:
Handler: api.index.check_slots
Environment:
Variables:
Foo: Bar
CodeUri: py-lambda-package.zip
Description: check_slots
Policies:
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ssm:GetParameters
- dynamodb:*
Resource:
- 'arn:aws:ssm:eu-west-1:705170121922:parameter/simple-ad/*'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Counters'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Trials'
- 'arn:aws:dynamodb:eu-west-1:705170121922:table/Trials/index/Trial*'
- Effect: Allow
Action:
- ec2:DescribeNetworkInterfaces
- ec2:CreateNetworkInterface
- ec2:DeleteNetworkInterface
Resource:
- "*"
Events:
CheckWebsiteScheduledEvent:
Type: Schedule
Properties:
Schedule: rate(5 minutes)
CFRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: 'cf-role'
Path: /platform/
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: 'cloudformation.amazonaws.com'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
ApiKey:
Type: "AWS::ApiGateway::ApiKey"
DependsOn:
- "RestApi"
- "CreateSlot"
- "RestApiProdStage"
Properties:
Name: "stackstate-trial-api-key"
Description: "CloudFormation API Key V1"
Enabled: "true"
StageKeys:
- RestApiId: !Ref RestApi
StageName: "Prod"
RestApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
DefinitionBody:
swagger: '2.0'
info:
version: '2018-07-19'
title: dev-sam-sigv4-seed
paths:
"/create-slot":
POST:
x-amazon-apigateway-integration:
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${CreateSlot.Arn}/invocations
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
responses: {}
security:
- api_key: []
"/delete-slot/{slot_id}":
DELETE:
x-amazon-apigateway-integration:
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${DeleteSlot.Arn}/invocations
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
responses: {}
security:
- api_key: []
securityDefinitions:
api_key:
type: "apiKey"
name: "x-api-key"
in: "header"
UsagePlan:
DependsOn:
- "RestApiProdStage"
Type: "AWS::ApiGateway::UsagePlan"
Properties:
ApiStages:
- ApiId: !Ref RestApi
Stage: "Prod"
Description: "Production"
UsagePlanKey:
Type: "AWS::ApiGateway::UsagePlanKey"
Properties:
KeyId: !Ref ApiKey
KeyType: API_KEY
UsagePlanId: !Ref UsagePlan
Outputs:
ServiceEndpoint:
Description: URL of the service endpoint
Value:
Fn::Join:
- ''
- - https://
- !Ref RestApi
- ".execute-api."
- !Ref AWS::Region
- "."
- !Ref AWS::URLSuffix
- "/"
- !Ref RestApiProdStage
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment