Last active
July 8, 2020 23:32
-
-
Save diondree/f9509bdb70a83b30d19a13b965e5e667 to your computer and use it in GitHub Desktop.
Revisions
-
diondree revised this gist
Jul 8, 2020 . 1 changed file with 252 additions and 69 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,71 +1,254 @@ { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Lambda resource stack creation using Amplify CLI", "Parameters": { "CloudWatchRule": { "Type": "String", "Default": "NONE", "Description": " Schedule Expression" }, "env": { "Type": "String" }, "authdpportalb4b5d85fUserPoolId": { "Type": "String", "Default": "authdpportalb4b5d85fUserPoolId" } }, "Conditions": { "ShouldNotCreateEnvResources": { "Fn::Equals": [ { "Ref": "env" }, "NONE" ] } }, "Resources": { "LambdaFunction": { "Type": "AWS::Lambda::Function", "Metadata": { "aws:asset:path": "./src", "aws:asset:property": "Code" }, "Properties": { "Handler": "index.handler", "FunctionName": { "Fn::If": [ "ShouldNotCreateEnvResources", "postUserSignUp", { "Fn::Join": [ "", [ "postUserSignUp", "-", { "Ref": "env" } ] ] } ] }, "VpcConfig": { "SecurityGroupIds": ["sg-0a27f813858a654c4"], "SubnetIds": [ "subnet-0d43113e71a256616", "subnet-030b7ec259264ab4e", "subnet-0510905eab3add2b3" ] }, "Environment": { "Variables": { "ENV": { "Ref": "env" }, "REGION": { "Ref": "AWS::Region" }, "AUTH_DPPORTALB4B5D85F_USERPOOLID": { "Ref": "authdpportalb4b5d85fUserPoolId" }, "SECRET_NAME": "rds-db-credentials/cluster-KT72YRCZ7NERNPGM7JKAXA32XM/postsignuplambda" } }, "Role": { "Fn::GetAtt": ["LambdaExecutionRole", "Arn"] }, "Runtime": "nodejs12.x", "Timeout": "25", "Code": { "S3Bucket": "amplify-dpportal-dev-102359-deployment", "S3Key": "amplify-builds/postUserSignUp-324d68636d4831792b66-build.zip" } } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": { "Fn::If": [ "ShouldNotCreateEnvResources", "dpportalLambdaRole95023132", { "Fn::Join": [ "", [ "dpportalLambdaRole95023132", "-", { "Ref": "env" } ] ] } ] }, "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": ["lambda.amazonaws.com"] }, "Action": ["sts:AssumeRole"] } ] } } }, "lambdaexecutionpolicy": { "DependsOn": ["LambdaExecutionRole"], "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "lambda-execution-policy", "Roles": [ { "Ref": "LambdaExecutionRole" } ], "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"], "Resource": { "Fn::Sub": [ "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", { "region": { "Ref": "AWS::Region" }, "account": { "Ref": "AWS::AccountId" }, "lambda": { "Ref": "LambdaFunction" } } ] } }, { "Effect": "Allow", "Action": ["ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces"], "Resource": "*" } ] } } }, "AmplifyResourcesPolicy": { "DependsOn": ["LambdaExecutionRole"], "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "amplify-lambda-execution-policy", "Roles": [ { "Ref": "LambdaExecutionRole" } ], "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-identity:Describe*", "cognito-identity:Get*", "cognito-identity:List*", "cognito-idp:Describe*", "cognito-idp:AdminGetDevice", "cognito-idp:AdminGetUser", "cognito-idp:AdminList*", "cognito-idp:List*", "cognito-sync:Describe*", "cognito-sync:Get*", "cognito-sync:List*", "iam:ListOpenIdConnectProviders", "iam:ListRoles", "sns:ListPlatformApplications" ], "Resource": [ { "Fn::Join": [ "", [ "arn:aws:cognito-idp:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":userpool/", { "Ref": "authdpportalb4b5d85fUserPoolId" } ] ] } ] }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface" ], "Resource": "*" } ] } } } }, "Outputs": { "Name": { "Value": { "Ref": "LambdaFunction" } }, "Arn": { "Value": { "Fn::GetAtt": ["LambdaFunction", "Arn"] } }, "Region": { "Value": { "Ref": "AWS::Region" } }, "LambdaExecutionRole": { "Value": { "Ref": "LambdaExecutionRole" } } } } -
Jul 8, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,71 @@ { "AmplifyResourcesPolicy": { "DependsOn": [ "LambdaExecutionRole" ], "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "amplify-lambda-execution-policy", "Roles": [ { "Ref": "LambdaExecutionRole" } ], "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-identity:Describe*", "cognito-identity:Get*", "cognito-identity:List*", "cognito-idp:Describe*", "cognito-idp:AdminGetDevice", "cognito-idp:AdminGetUser", "cognito-idp:AdminList*", "cognito-idp:List*", "cognito-sync:Describe*", "cognito-sync:Get*", "cognito-sync:List*", "iam:ListOpenIdConnectProviders", "iam:ListRoles", "sns:ListPlatformApplications" ], "Resource": [ { "Fn::Join": [ "", [ "arn:aws:cognito-idp:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":userpool/", { "Ref": "authdpportalb4b5d85fUserPoolId" } ] ] } ] }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface" ], "Resource": "*" } ] } } } } }