AWSTemplateFormatVersion: 2010-09-09 Description: Create a typical serverless infrastructure comprising of API-Gateway, Lambda and DynamoDB services, exposing create and list API's. Resources: DevOpsGuruMonitoring: Type: AWS::DevOpsGuru::ResourceCollection Properties: ResourceCollectionFilter: CloudFormation: StackNames: - "*" ShopsTableMonitorOper: Type: AWS::DynamoDB::Table Properties: KeySchema: - AttributeName: name KeyType: HASH AttributeDefinitions: - AttributeName: name AttributeType: S ProvisionedThroughput: ReadCapacityUnits: 1 WriteCapacityUnits: 5 UpdateReplacePolicy: Retain DeletionPolicy: Retain LambdaServiceRoleMonitorOper: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole LambdaServiceRoleDefaultPolicyMonitorOper: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - dynamodb:BatchGetItem - dynamodb:GetRecords - dynamodb:GetShardIterator - dynamodb:Query - dynamodb:GetItem - dynamodb:Scan Effect: Allow Resource: - Fn::GetAtt: - ShopsTableMonitorOper - Arn - Ref: AWS::NoValue Version: "2012-10-17" PolicyName: LambdaServiceRoleDefaultPolicyMonitorOper Roles: - Ref: LambdaServiceRoleMonitorOper LambdaToListShops: Type: AWS::Lambda::Function Properties: Code: ZipFile: | 'use strict'; const AWS = require('aws-sdk'); const docClient = new AWS.DynamoDB.DocumentClient(); const tableName = process.env.TABLE_NAME; exports.lambda_handler = (event, context, callback) => { console.log('Received event:', JSON.stringify(event, null, 2)); var params = { TableName: tableName }; docClient.scan(params, function(err, data) { if (err) callback(err) callback(null, { statusCode: 200, body: JSON.stringify(data.Items) }); }); }; Handler: index.lambda_handler Role: Fn::GetAtt: - LambdaServiceRoleMonitorOper - Arn Runtime: nodejs12.x Environment: Variables: TABLE_NAME: Ref: ShopsTableMonitorOper FunctionName: ScanFunctionMonitorOper DependsOn: - LambdaServiceRoleDefaultPolicyMonitorOper Lambda2ServiceRoleMonitorOper: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Lambda2ServiceRoleDefaultPolicyMonitorOper: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - dynamodb:BatchGetItem - dynamodb:GetRecords - dynamodb:GetShardIterator - dynamodb:Query - dynamodb:GetItem - dynamodb:Scan - dynamodb:BatchWriteItem - dynamodb:PutItem - dynamodb:UpdateItem - dynamodb:DeleteItem Effect: Allow Resource: - Fn::GetAtt: - ShopsTableMonitorOper - Arn - Ref: AWS::NoValue Version: "2012-10-17" PolicyName: Lambda2ServiceRoleDefaultPolicyMonitorOper Roles: - Ref: Lambda2ServiceRoleMonitorOper LambdaToCreateShopEntry: Type: AWS::Lambda::Function Properties: Code: ZipFile: | 'use strict'; const AWS = require('aws-sdk'); const docClient = new AWS.DynamoDB.DocumentClient(); const tableName = process.env.TABLE_NAME; exports.lambda_handler = (event, context, callback) => { console.log('Received event:', JSON.stringify(event, null, 2)); const shop = create_shop_struct(event); var params = { TableName: tableName, Item: { name: shop.name, specialty: shop.specialty, address: shop.address, url: shop.url, description: shop.description } }; docClient.put(params, function(err, data) { if (err) callback(err) callback(null, { statusCode: 200, body: JSON.stringify(shop) }); }); }; var create_shop_struct = function(event) { const body = JSON.parse(event.body); return { name: body.name, specialty: body.specialty, address: body.address, url: body.url, description: body.description }; }; Handler: index.lambda_handler Role: Fn::GetAtt: - Lambda2ServiceRoleMonitorOper - Arn Runtime: nodejs12.x Environment: Variables: TABLE_NAME: Ref: ShopsTableMonitorOper FunctionName: CreateFunctionMonitorOper DependsOn: - Lambda2ServiceRoleDefaultPolicyMonitorOper RestApiToListShops: Type: AWS::ApiGateway::RestApi Properties: Name: ListRestApiMonitorOper RestApiToListShopsCloudWatchRoleMonitorOper: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: apigateway.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs RestApiAccountToListShopsMonitorOper: Type: AWS::ApiGateway::Account Properties: CloudWatchRoleArn: Fn::GetAtt: - RestApiToListShopsCloudWatchRoleMonitorOper - Arn DependsOn: - RestApiToListShops RestApiDeploymentToListShopsMonitorOper: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: RestApiToListShops Description: Automatically created by the RestApi construct DependsOn: - RestApiproxyMethodToListShopsMonitorOper - RestApiproxyToListShopsMonitorOper - RestApiANYRootMethodToListShopsMonitorOper RestApiDeploymentStageprodToListShopsMonitorOper: Type: AWS::ApiGateway::Stage Properties: RestApiId: Ref: RestApiToListShops DeploymentId: Ref: RestApiDeploymentToListShopsMonitorOper StageName: prod RestApiproxyToListShopsMonitorOper: Type: AWS::ApiGateway::Resource Properties: ParentId: Fn::GetAtt: - RestApiToListShops - RootResourceId PathPart: "{proxy+}" RestApiId: Ref: RestApiToListShops RestApiproxyANYApiPermissionToListShopsMonitorOper: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - LambdaToListShops - Arn Principal: apigateway.amazonaws.com SourceArn: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":execute-api:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":" - Ref: RestApiToListShops - / - Ref: RestApiDeploymentStageprodToListShopsMonitorOper - /*/* RestApiproxyANYApiPermissionTestToListShopsMonitorOper: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - LambdaToListShops - Arn Principal: apigateway.amazonaws.com SourceArn: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":execute-api:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":" - Ref: RestApiToListShops - /test-invoke-stage/*/* RestApiproxyMethodToListShopsMonitorOper: Type: AWS::ApiGateway::Method Properties: HttpMethod: ANY ResourceId: Ref: RestApiproxyToListShopsMonitorOper RestApiId: Ref: RestApiToListShops AuthorizationType: NONE Integration: IntegrationHttpMethod: POST Type: AWS_PROXY Uri: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":apigateway:" - Ref: AWS::Region - :lambda:path/2015-03-31/functions/ - Fn::GetAtt: - LambdaToListShops - Arn - /invocations RestApiANYApiPermissionToListShopsMonitorOper: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - LambdaToListShops - Arn Principal: apigateway.amazonaws.com SourceArn: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":execute-api:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":" - Ref: RestApiToListShops - / - Ref: RestApiDeploymentStageprodToListShopsMonitorOper - /*/ RestApiANYApiPermissionTestToListShopsMonitorOper: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - LambdaToListShops - Arn Principal: apigateway.amazonaws.com SourceArn: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":execute-api:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":" - Ref: RestApiToListShops - /test-invoke-stage/*/ RestApiANYRootMethodToListShopsMonitorOper: Type: AWS::ApiGateway::Method Properties: HttpMethod: ANY ResourceId: Fn::GetAtt: - RestApiToListShops - RootResourceId RestApiId: Ref: RestApiToListShops AuthorizationType: NONE Integration: IntegrationHttpMethod: POST Type: AWS_PROXY Uri: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":apigateway:" - Ref: AWS::Region - :lambda:path/2015-03-31/functions/ - Fn::GetAtt: - LambdaToListShops - Arn - /invocations RestApiToCreateShopsMonitorOper: Type: AWS::ApiGateway::RestApi Properties: Name: CreateRestApiMonitorOper RestApiToCreateShopsCloudWatchRoleMonitorOper: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: apigateway.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs RestApiAccountToCreateShopsMonitorOper: Type: AWS::ApiGateway::Account Properties: CloudWatchRoleArn: Fn::GetAtt: - RestApiToCreateShopsCloudWatchRoleMonitorOper - Arn DependsOn: - RestApiToCreateShopsMonitorOper RestApiDeploymentToCreateShopsMonitorOper: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: RestApiToCreateShopsMonitorOper Description: Automatically created by the RestApi construct DependsOn: - RestApiproxyANYMethodToCreateShopsMonitorOper - RestApiproxyToCreateShopsMonitorOper - RestApiANYMethodRootToCreateShopsMonitorOper RestApiDeploymentStageprodToCreateShopsMonitorOper: Type: AWS::ApiGateway::Stage Properties: RestApiId: Ref: RestApiToCreateShopsMonitorOper DeploymentId: Ref: RestApiDeploymentToCreateShopsMonitorOper StageName: prod RestApiproxyToCreateShopsMonitorOper: Type: AWS::ApiGateway::Resource Properties: ParentId: Fn::GetAtt: - RestApiToCreateShopsMonitorOper - RootResourceId PathPart: "{proxy+}" RestApiId: Ref: RestApiToCreateShopsMonitorOper RestApiproxyANYApiPermissionToCreateShopsMonitorOper: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - LambdaToCreateShopEntry - Arn Principal: apigateway.amazonaws.com SourceArn: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":execute-api:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":" - Ref: RestApiToCreateShopsMonitorOper - / - Ref: RestApiDeploymentStageprodToCreateShopsMonitorOper - /*/* RestApiproxyANYApiPermissionTestToCreateShopsMonitorOper: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - LambdaToCreateShopEntry - Arn Principal: apigateway.amazonaws.com SourceArn: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":execute-api:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":" - Ref: RestApiToCreateShopsMonitorOper - /test-invoke-stage/*/* RestApiproxyANYMethodToCreateShopsMonitorOper: Type: AWS::ApiGateway::Method Properties: HttpMethod: ANY ResourceId: Ref: RestApiproxyToCreateShopsMonitorOper RestApiId: Ref: RestApiToCreateShopsMonitorOper AuthorizationType: NONE Integration: IntegrationHttpMethod: POST Type: AWS_PROXY Uri: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":apigateway:" - Ref: AWS::Region - :lambda:path/2015-03-31/functions/ - Fn::GetAtt: - LambdaToCreateShopEntry - Arn - /invocations RestApiANYPermissionToCreateShopsMonitorOper: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - LambdaToCreateShopEntry - Arn Principal: apigateway.amazonaws.com SourceArn: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":execute-api:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":" - Ref: RestApiToCreateShopsMonitorOper - / - Ref: RestApiDeploymentStageprodToCreateShopsMonitorOper - /*/ RestApiANYApiPermissionTestToCreateShopsMonitorOper: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - LambdaToCreateShopEntry - Arn Principal: apigateway.amazonaws.com SourceArn: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":execute-api:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":" - Ref: RestApiToCreateShopsMonitorOper - /test-invoke-stage/*/ RestApiANYMethodRootToCreateShopsMonitorOper: Type: AWS::ApiGateway::Method Properties: HttpMethod: ANY ResourceId: Fn::GetAtt: - RestApiToCreateShopsMonitorOper - RootResourceId RestApiId: Ref: RestApiToCreateShopsMonitorOper AuthorizationType: NONE Integration: IntegrationHttpMethod: POST Type: AWS_PROXY Uri: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":apigateway:" - Ref: AWS::Region - :lambda:path/2015-03-31/functions/ - Fn::GetAtt: - LambdaToCreateShopEntry - Arn - /invocations Outputs: ListRestApiEndpointMonitorOper: Value: Fn::Join: - "" - - https:// - Ref: RestApiToListShops - .execute-api. - Ref: AWS::Region - "." - Ref: AWS::URLSuffix - / - Ref: RestApiDeploymentStageprodToListShopsMonitorOper - / Export: Name: ListRestApiEndpointMonitorOper CreateRestApiEndpointMonitorOper: Value: Fn::Join: - "" - - https:// - Ref: RestApiToCreateShopsMonitorOper - .execute-api. - Ref: AWS::Region - "." - Ref: AWS::URLSuffix - / - Ref: RestApiDeploymentStageprodToCreateShopsMonitorOper - / Export: Name: CreateRestApiEndpointMonitorOper