-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathanghammarad.template.yaml
91 lines (85 loc) · 2.21 KB
/
anghammarad.template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Anghammarad Lambda and SNS topic
Parameters:
ArtifactBucket:
Description: S3 bucket containing the Lambda's artifact
Type: String
ArtifactLocation:
Description: S3 path to the Lambda's artifact
Type: String
ConfigBucket:
Description: S3 bucket containing the configuration
Type: String
Stage:
Description: Application stage (e.g. PROD, CODE)
Type: String
AllowedValues:
- PROD
- CODE
- DEV
AllowedAWSAccountIDs:
Description: List of whitelisted account ids
Type: CommaDelimitedList
Mappings:
Constants:
Stack:
Value: deploy
App:
Value: anghammarad
Resources:
ProcessorFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub anghammarad-${Stage}
Description: !Sub Process Anghammarad ${Stage} notifications
Policies:
- Statement:
- Effect: Allow
Action:
- ses:SendEmail
Resource: "*"
- Statement:
- Effect: Allow
Action:
- s3:GetObject
Resource: !Sub arn:aws:s3:::${ConfigBucket}/*
Handler: com.gu.anghammarad.Lambda::handleRequest
Runtime: java8
MemorySize: 512
Timeout: 30
CodeUri:
Bucket: !Ref ArtifactBucket
Key: !Ref ArtifactLocation
Events:
Notification:
Type: SNS
Properties:
Topic: !Ref NotificationTopic
Environment:
Variables:
Stage: !Ref Stage
Tags:
Stack: !FindInMap [ Constants, Stack, Value ]
App: !FindInMap [ Constants, App, Value ]
Stage: !Ref Stage
NotificationTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName: !Sub Anghammarad ${Stage} notification topic
NotificationTopicPolicy:
Type: "AWS::SNS::TopicPolicy"
Properties:
PolicyDocument:
Statement:
- Effect: Allow
Action:
- SNS:Publish
Principal:
AWS: !Ref AllowedAWSAccountIDs
Resource: "*"
Topics:
- !Ref NotificationTopic
Outputs:
TopicName:
Value: !GetAtt NotificationTopic.TopicName