AWSTemplateFormatVersion: 2010-09-09 Parameters: bulkloadNeptuneEndpoint: Type: String bulkloadNeptuneData: Type: String bulkloadNeptuneIAMRole: Type: String Description: IAM Role ARN for bulk load role bulkloadNeptuneSecurityGroup: Type: AWS::EC2::SecurityGroup::Id bulkloadSubnet1: Type: AWS::EC2::Subnet::Id bulkloadBucket: Type: String Mappings: Constants: S3Keys: NeptuneLoaderCode: identity-resolution/functions/NeptuneLoader.zip PythonLambdaLayer: identity-resolution/functions/PythonLambdaLayer.zip Resources: bulkloadNeptuneLoader: DependsOn: - bulkloadNeptuneLoaderLambdaRoleCloudWatchStream - bulkloadNeptuneLoaderLambdaRoleCloudWatchGroup - bulkloadNeptuneLoaderLambdaRoleEC2 - bulkloadNeptuneLoaderLambdaRole Type: "Custom::NeptuneLoader" Properties: ServiceToken: Fn::GetAtt: [ bulkloadNeptuneLoaderLambda, Arn] bulkloadNeptuneLoaderLambdaRoleCloudWatchStream: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - logs:CreateLogStream - logs:PutLogEvents Effect: Allow Resource: !Join [ "", [ "arn:aws:logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId" , ":log-group:/aws/lambda/", !Ref bulkloadNeptuneLoaderLambda, ":*" ]] Version: '2012-10-17' PolicyName: bulkloadNeptuneLoaderLambdaRoleCloudWatchStream Roles: - Ref: bulkloadNeptuneLoaderLambdaRole bulkloadNeptuneLoaderLambdaRoleCloudWatchGroup: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - logs:CreateLogGroup Effect: Allow Resource: !Join [ "", [ "arn:aws:logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId" , ":*" ]] Version: '2012-10-17' PolicyName: bulkloadNeptuneLoaderLambdaRoleCloudWatchGroup Roles: - Ref: bulkloadNeptuneLoaderLambdaRole bulkloadNeptuneLoaderLambdaRoleEC2: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - ec2:CreateNetworkInterface - ec2:DescribeNetworkInterfaces - ec2:DeleteNetworkInterface - ec2:DetachNetworkInterface Effect: Allow Resource: "*" Version: '2012-10-17' PolicyName: bulkloadNeptuneLoaderLambdaRoleEC2 Roles: - Ref: bulkloadNeptuneLoaderLambdaRole bulkloadNeptuneLoaderLambda: DependsOn: - bulkloadNeptuneLoaderLambdaRoleEC2 Type: AWS::Lambda::Function Properties: Code: S3Bucket: Ref: bulkloadBucket S3Key: !FindInMap - Constants - S3Keys - NeptuneLoaderCode Description: 'Lambda function to load data into Neptune instance.' Environment: Variables: neptunedb: Ref: bulkloadNeptuneEndpoint neptuneloads3path: Ref: bulkloadNeptuneData region: Ref: "AWS::Region" s3loadiamrole: Ref: bulkloadNeptuneIAMRole Handler: lambda_function.lambda_handler MemorySize: 128 Layers: - !Ref PythonLambdaLayer Role: Fn::GetAtt: [ bulkloadNeptuneLoaderLambdaRole, Arn ] Runtime: python3.9 Timeout: 180 VpcConfig: SecurityGroupIds: - Ref: bulkloadNeptuneSecurityGroup SubnetIds: - Ref: bulkloadSubnet1 bulkloadNeptuneLoaderLambdaRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' - 'arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess' AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com Version: '2012-10-17' Path: / PythonLambdaLayer: Type: "AWS::Lambda::LayerVersion" Properties: CompatibleRuntimes: - python3.9 - python3.8 Content: S3Bucket: Ref: bulkloadBucket S3Key: !FindInMap - Constants - S3Keys - PythonLambdaLayer