AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: SAM Template for Simple Online Bookstore API Parameters: AuroraVPCStackName: Description: Name of the Aurora Database VPC Cloudformation stack Type: String AuroraDBSecretName: Description: Name of the Secrets Manager secret which containers the Aurora Database details Type: String AuroraRDSProxyStackName: Description: Name of the RDS Proxy Cloudformation stack Type: String SimpleBookstoreDBSchemaStackName: Description: Name of the Simple Bookstore DB schema Cloudformation stack Type: String # More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst Globals: Function: Timeout: 30 Resources: BooksLambdaFunction: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: books/ Handler: main.lambda_handler Runtime: python3.8 Layers: - {'Fn::ImportValue': !Sub '${SimpleBookstoreDBSchemaStackName}-DBSchemaLambdaLayerArn'} Role: !GetAtt LambdaRole.Arn VpcConfig: SecurityGroupIds: !Split [',', {'Fn::ImportValue': !Sub '${AuroraVPCStackName}-SecretRotationLambdaSecurityGroup'}] SubnetIds: !Split [',', {'Fn::ImportValue': !Sub '${AuroraVPCStackName}-SubnetsPrivate'}] Environment: Variables: AURORA_DB_SECRET_NAME: !Ref AuroraDBSecretName AURORA_DB_PROXY_ENDPOINT: Fn::ImportValue: !Sub '${AuroraRDSProxyStackName}-SOBRDSProxyEndpoint' Events: ListBooks: Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api Properties: Path: /book Method: get AddBook: Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api Properties: Path: /book Method: put ReviewsLambdaFunction: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: reviews/ Handler: main.lambda_handler Runtime: python3.8 Layers: - {'Fn::ImportValue': !Sub '${SimpleBookstoreDBSchemaStackName}-DBSchemaLambdaLayerArn'} Role: !GetAtt LambdaRole.Arn VpcConfig: SecurityGroupIds: !Split [',', {'Fn::ImportValue': !Sub '${AuroraVPCStackName}-SecretRotationLambdaSecurityGroup'}] SubnetIds: !Split [',', {'Fn::ImportValue': !Sub '${AuroraVPCStackName}-SubnetsPrivate'}] Environment: Variables: AURORA_DB_SECRET_NAME: !Ref AuroraDBSecretName AURORA_DB_PROXY_ENDPOINT: Fn::ImportValue: !Sub '${AuroraRDSProxyStackName}-SOBRDSProxyEndpoint' Events: ListReviews: Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api Properties: Path: /review Method: get AddBook: Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api Properties: Path: /review Method: put # Lambda function role LambdaRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: sts:AssumeRole Path: / Policies: - PolicyName: create-schema-lambda-policy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - secretsmanager:GetSecretValue - secretsmanager:PutResourcePolicy - secretsmanager:PutSecretValue - secretsmanager:DeleteSecret - secretsmanager:DescribeSecret - secretsmanager:TagResource - secretsmanager:CreateSecret - secretsmanager:ListSecrets - secretsmanager:GetRandomPassword Resource: !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${AuroraDBSecretName}*" ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole Outputs: BooksLambdaFunction: Description: Simple Online Bookstore database schema Lambda Arn Value: !Ref BooksLambdaFunction Export: Name: !Sub '${AWS::StackName}-BooksLambdaArn' ReviewsLambdaFunction: Description: Simple Online Bookstore database schema Lambda Arn Value: !Ref ReviewsLambdaFunction Export: Name: !Sub '${AWS::StackName}-ReviewsLambdaArn' BookstoreAPIEndpoint: Description: Simple Online Bookstore API Endpoint # ServerlessRestApi and ServerlessRestApiProdStage are implicit resources created by SAM and referenced here Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/${ServerlessRestApiProdStage}" Export: Name: !Sub '${AWS::StackName}-BookstoreAPIEndpoint'