-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yml
290 lines (273 loc) · 8.51 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
Description: ACE Serverless Demo Application
Transform:
- AWS::Serverless-2016-10-31
Parameters:
AppName:
Type: String
Description: Application name
AppNamespace:
Type: String
Description: Globally unique namespace, used to, e.g., prefix S3 buckets.
AppEnv:
Type: String
Default: sandbox
AllowedValues:
- sandbox
- dev
- staging
- prod
Description: Environment/stage of the application.
ModeratorEmail:
Type: String
Description: Email address of a person who is authorized to approve image uploads.
AllowedImageLabels:
Type: String
Description: Comma-separated list of image labels that are used for bypassing image moderation.
Resources:
ServerlessDemoSourceFiles:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub ${AppNamespace}.awsserverlessdemo.${AppEnv}.files.source
ServerlessDemoOutputFiles:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub ${AppNamespace}.awsserverlessdemo.${AppEnv}.files.output
ImageModerationTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: ImageModerationTopic
DisplayName: ImageModerationTopic
Subscription:
- Protocol: email
Endpoint: !Ref ModeratorEmail
ServerlessDemoApi:
Type: AWS::Serverless::HttpApi
Properties:
Description: A demo API for serverless workflows
HelloWorldFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/functions/hello-world
Handler: index.handler
Architectures:
- arm64
Runtime: nodejs16.x
MemorySize: 128
Timeout: 60
Description: A Lambda function that returns a static string.
Policies:
- AWSLambdaBasicExecutionRole
Events:
HelloWorld:
Type: HttpApi
Properties:
ApiId: !Ref ServerlessDemoApi
Path: /hello-world
Method: get
Metadata:
BuildMethod: esbuild
LatestApiFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/functions/latest-api
Handler: index.handler
Architectures:
- arm64
Runtime: nodejs16.x
MemorySize: 128
Timeout: 60
Description: Retrieve info about the latest image processing result.
Environment:
Variables:
OUTPUT_BUCKET: !Ref ServerlessDemoOutputFiles
Policies:
- AWSLambdaBasicExecutionRole
- S3ReadPolicy:
BucketName: !Ref ServerlessDemoOutputFiles
Events:
Images:
Type: HttpApi
Properties:
ApiId: !Ref ServerlessDemoApi
Path: /images/latest
Method: get
Metadata:
BuildMethod: esbuild
ModeratorApiFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/functions/moderator-api
Handler: index.handler
Architectures:
- arm64
Runtime: nodejs16.x
MemorySize: 128
Timeout: 60
Description: Retrieve and approve / reject images that are being uploaded.
Environment:
Variables:
MODERATOR_ACTIVITY_ARN: !Ref ImageModerationActivity
Policies:
- AWSLambdaBasicExecutionRole
- Statement:
- Effect: Allow
Action:
- states:GetActivityTask
- states:SendTaskSuccess
- states:SendTaskFailure
Resource: !Ref ImageModerationActivity
Events:
Moderator:
Type: HttpApi
Properties:
ApiId: !Ref ServerlessDemoApi
Path: /images/moderator
Method: get
Metadata:
BuildMethod: esbuild
UploadTriggerFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/functions/upload-trigger
Handler: index.handler
Architectures:
- arm64
Runtime: nodejs16.x
MemorySize: 128
Timeout: 60
Description: Listener for new S3 objects that triggers the image upload workflow
Environment:
Variables:
STATE_MACHINE_ARN: !Ref ImageUploadWorkflow
Policies:
- AWSLambdaBasicExecutionRole
- StepFunctionsExecutionPolicy:
StateMachineName: !GetAtt ImageUploadWorkflow.Name
Events:
ImageUploadEvent:
Type: S3
Properties:
Bucket: !Ref ServerlessDemoSourceFiles
Events: s3:ObjectCreated:*
Metadata:
BuildMethod: esbuild
BypassModerationDeciderFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/functions/bypass-moderation-decider
Handler: index.handler
Architectures:
- arm64
Runtime: nodejs16.x
MemorySize: 128
Timeout: 60
Description: Determine if image moderation is needed.
Environment:
Variables:
ALLOWED_LABELS: !Ref AllowedImageLabels
Policies:
- AWSLambdaBasicExecutionRole
Metadata:
BuildMethod: esbuild
ImageGrayscalerFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/functions/image-grayscaler
Handler: index.handler
Architectures:
- arm64
Runtime: nodejs16.x
MemorySize: 1536
Timeout: 60
Description: Generate a grayscale image.
Environment:
Variables:
OUTPUT_BUCKET: !Ref ServerlessDemoOutputFiles
Policies:
- AWSLambdaBasicExecutionRole
- S3ReadPolicy:
BucketName: !Sub ${AppNamespace}.awsserverlessdemo.${AppEnv}.files.source
- S3WritePolicy:
BucketName: !Sub ${AppNamespace}.awsserverlessdemo.${AppEnv}.files.output
Metadata:
BuildMethod: esbuild
ImageThumbnailerFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/functions/image-thumbnailer
Handler: index.handler
Architectures:
- arm64
Runtime: nodejs16.x
MemorySize: 1536
Timeout: 60
Description: Create a thumbnail image.
Environment:
Variables:
OUTPUT_BUCKET: !Ref ServerlessDemoOutputFiles
Policies:
- AWSLambdaBasicExecutionRole
- S3ReadPolicy:
BucketName: !Sub ${AppNamespace}.awsserverlessdemo.${AppEnv}.files.source
- S3WritePolicy:
BucketName: !Sub ${AppNamespace}.awsserverlessdemo.${AppEnv}.files.output
Metadata:
BuildMethod: esbuild
ImageTransformationSummaryFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/functions/image-transformation-summary
Handler: index.handler
Architectures:
- arm64
Runtime: nodejs16.x
MemorySize: 128
Timeout: 60
Description: Publisher function
Environment:
Variables:
OUTPUT_BUCKET: !Ref ServerlessDemoOutputFiles
Policies:
- AWSLambdaBasicExecutionRole
Metadata:
BuildMethod: esbuild
ImageModerationActivity:
Type: AWS::StepFunctions::Activity
Properties:
Name: ImageModerationActivity
ImageUploadWorkflow:
Type: AWS::Serverless::StateMachine
Properties:
Name: ImageUploadWorkflow
Type: STANDARD
DefinitionUri: src/state-machine/image-upload-workflow.json
DefinitionSubstitutions:
BypassModerationDeciderFunctionArn: !GetAtt BypassModerationDeciderFunction.Arn
ImageModerationTopicArn: !Ref ImageModerationTopic
ImageModerationActivityArn: !Ref ImageModerationActivity
ImageGrayscalerFunctionArn: !GetAtt ImageGrayscalerFunction.Arn
ImageThumbnailerFunctionArn: !GetAtt ImageThumbnailerFunction.Arn
ImageTransformationSummaryFunctionArn: !GetAtt ImageTransformationSummaryFunction.Arn
OutputBucketName: !Ref ServerlessDemoOutputFiles
Policies:
- RekognitionDetectOnlyPolicy: { }
- S3CrudPolicy:
BucketName: !Sub ${AppNamespace}.awsserverlessdemo.${AppEnv}.files.source
- S3WritePolicy:
BucketName: !Ref ServerlessDemoOutputFiles
- SNSPublishMessagePolicy:
TopicName: !GetAtt ImageModerationTopic.TopicName
- LambdaInvokePolicy:
FunctionName: !Ref BypassModerationDeciderFunction
- LambdaInvokePolicy:
FunctionName: !Ref ImageGrayscalerFunction
- LambdaInvokePolicy:
FunctionName: !Ref ImageThumbnailerFunction
- LambdaInvokePolicy:
FunctionName: !Ref ImageTransformationSummaryFunction
Tracing:
Enabled: true
Outputs:
ServerlessDemoApiURL:
Description: "API endpoint URL"
Value: !Sub "https://${ServerlessDemoApi}.execute-api.${AWS::Region}.amazonaws.com/"