-
Notifications
You must be signed in to change notification settings - Fork 0
/
canvas-live-events.cfn.yaml
129 lines (122 loc) · 3.72 KB
/
canvas-live-events.cfn.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
AWSTemplateFormatVersion: "2010-09-09"
Metadata:
Generator: "former2"
Description: ""
Parameters:
Project:
Type: "String"
Default: "CHANGEME"
Organization:
Type: "String"
Default: "CHANGEME"
Resources:
S3Bucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Sub "${Organization}-${Project}-canvas-events"
AccessControl: Private
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
Tags:
-
Key: "project"
Value: !Ref Project
BucketEncryption:
ServerSideEncryptionConfiguration:
-
ServerSideEncryptionByDefault:
SSEAlgorithm: "AES256"
BucketKeyEnabled: false
SQSQueuePolicy:
Type: "AWS::SQS::QueuePolicy"
Properties:
PolicyDocument: !Sub |
{
"Version":"2008-10-17",
"Id":"__default_policy_ID",
"Statement":[
{
"Sid":"__owner_statement",
"Effect":"Allow",
"Principal":{
"AWS":"arn:aws:iam::${AWS::AccountId}:root"
},
"Action":"SQS:*",
"Resource":"${SQSQueue.Arn}"
},
{
"Sid":"__sender_statement",
"Effect":"Allow",
"Principal":{
"AWS":"arn:aws:iam::636161780776:root"
},
"Action":"SQS:SendMessage",
"Resource":"${SQSQueue.Arn}"
}
]
}
Queues:
- !Sub "https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/${SQSQueue.QueueName}"
SQSQueue:
Type: "AWS::SQS::Queue"
Properties:
DelaySeconds: "0"
MaximumMessageSize: "262144"
MessageRetentionPeriod: "345600"
ReceiveMessageWaitTimeSeconds: "0"
Tags:
-
Key: "project"
Value: !Ref Project
VisibilityTimeout: "30"
QueueName: !Sub "canvas-live-events-${Project}-${Organization}"
IAMRole:
Type: "AWS::IAM::Role"
Properties:
Path: "/"
RoleName: "CanvasLiveEventsLambdaRole"
AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}"
MaxSessionDuration: 3600
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
- "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
Description: "Allows Lambda functions to call AWS services on your behalf."
Tags:
-
Key: "project"
Value: !Ref Project
LambdaFunction:
Type: "AWS::Lambda::Function"
Properties:
Description: ""
Environment:
Variables:
DEST_BUCKET: !Sub "${Organization}-${Project}-canvas-events"
FunctionName: "CanvasLiveEventLambda"
Handler: "net.unicon.CanvasLiveEventsLambda::handleRequest"
Architectures:
- "x86_64"
Code:
S3Bucket: "canvas-integration-lambdas"
S3Key: "1.0.0/CanvasLiveEventsLambda-1.0.0.jar"
MemorySize: 512
Role: !GetAtt IAMRole.Arn
Runtime: "java11"
Tags:
-
Key: "project"
Value: !Ref Project
Timeout: 15
TracingConfig:
Mode: "PassThrough"
LambdaEventSourceMapping:
Type: "AWS::Lambda::EventSourceMapping"
Properties:
BatchSize: 2
EventSourceArn: !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:canvas-live-events-${Project}-${Organization}"
FunctionName: !GetAtt LambdaFunction.Arn
Enabled: true
MaximumBatchingWindowInSeconds: 0