AWSTemplateFormatVersion: '2010-09-09' Parameters: S3Bucket: Description: Bucket containing the node.js packages Type: String S3Key: Description: Key containing the node.js packages Type: String SecurityGroupId: Description: the SG this function should run in to have connectivity to MySQL Type: String SubnetId: Description: the Subnet this function should run in to have connectivity to MySQL Type: String Resources: LambdaRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: / Policies: - PolicyName: CloudwatchLogs PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*" - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - Effect: Allow Action: - secretsmanager:GetSecretValue Resource: - !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:*" ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole LambdaUDFFunction: Type: "AWS::Lambda::Function" Properties: FunctionName: f-mysql-lookup-nodejs-varchar-varchar-varchar-varchar Role: !GetAtt 'LambdaRole.Arn' Handler: index.handler Runtime: nodejs14.x VpcConfig: SecurityGroupIds: - !Ref SecurityGroupId SubnetIds: - !Ref SubnetId Timeout: 300 Code: S3Bucket: !Ref S3Bucket S3Key: !Ref S3Key