AWSTemplateFormatVersion: "2010-09-09" Transform: 'AWS::Serverless-2016-10-31' Parameters: Environment: Type: String Default: dev Description: Environment name LogLevel: Type: String Default: INFO RetentionInDays: Type: Number Default: 30 Description: CloudWatch Logs retention period for Lambda functions EventBusArn: Type: AWS::SSM::Parameter::Value Description: EventBridge Event Bus ARN EventBusName: Type: AWS::SSM::Parameter::Value Description: EventBridge Event Bus Name Globals: Function: Runtime: python3.9 Architectures: - arm64 Timeout: 30 Tracing: Active Environment: Variables: ENVIRONMENT: !Ref Environment EVENT_BUS_NAME: !Ref EventBusName POWERTOOLS_SERVICE_NAME: users POWERTOOLS_TRACE_DISABLED: "false" LOG_LEVEL: !Ref LogLevel Layers: - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension-Arm64:1" Resources: ############# # USER POOL # ############# UserPool: Type: AWS::Cognito::UserPool Properties: AutoVerifiedAttributes: [email] UsernameAttributes: [email] UserPoolIdParameter: Type: AWS::SSM::Parameter Properties: Name: !Sub /ecommerce/${Environment}/users/user-pool/id Type: String Value: !Ref UserPool UserPoolArnParameter: Type: AWS::SSM::Parameter Properties: Name: !Sub /ecommerce/${Environment}/users/user-pool/arn Type: String Value: !GetAtt UserPool.Arn AdminGroup: Type: AWS::Cognito::UserPoolGroup Properties: GroupName: admin UserPoolId: !Ref UserPool ############# # FUNCTIONS # ############# SignUpFunction: Type: AWS::Serverless::Function Properties: CodeUri: src/sign_up/ Handler: main.handler Events: CognitoSignUp: Type: Cognito Properties: UserPool: !Ref UserPool Trigger: PreSignUp Policies: - arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy - Version: "2012-10-17" Statement: - Effect: Allow Action: - events:PutEvents Resource: !Ref EventBusArn Condition: StringEquals: events:source: "ecommerce.users" SignUpLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub "/aws/lambda/${SignUpFunction}" RetentionInDays: !Ref RetentionInDays