--- AWSTemplateFormatVersion: '2010-09-09' Description: ServiceCatalog Resource template for Serverless application (fdp-1p5rtpglk) Parameters: LambdaName: Type: String LambdaStage: Type: String Description: test, dev, prod, ... S3Bucket: Type: String S3Key: Type: String Description: The full key of the lambda package path in S3 without the bucket name. Handler: Type: String Default: wsgi.handler Runtime: Type: String Default: python3.7 AllowedValues: - nodejs12.x - nodejs14.x - java8 - java11 - python2.7 - python3.8 - python3.7 - python3.6 - dotnetcore2.1 - go1.x - ruby2.5 MemorySize: Type: Number Default: 1024 Timeout: Type: Number Default: 6 CustomDomainName: Type: String Description: (optional) Custom Domain Name Default: "" CustomDomainAcmCertificateId: Type: String Description: (optional) ID of the ACM Certificate to use for the Custom Domain Name Default: "" DesiredBasePath: Type: String Description: (optional) Base Path for Custom Domains Default: "" EnvironmentVariablesJson: Type: String Default: "{}" Description: (optional) Pass environment variables to the Lambda function. This has to be a JSON escaped string. LambdaLayers: Type: CommaDelimitedList Description: "(optional) list of lambda layers for the function" Default: "" LambdaVersionSHA256: Type: String Default: '' VpcSecurityGroups: Type: CommaDelimitedList Description: (optional) The list of security group ids of the VPC that needs to be accessed. Default: "" VpcSubnetIds: Type: CommaDelimitedList Description: (optional) The list of subnet Ids within the VPC that needs access to. Default: "" Conditions: UsingVPC: !And - !Not [ !Equals [ !Join [ "", !Ref VpcSubnetIds ], "" ] ] - !Not [ !Equals [ !Join [ "", !Ref VpcSecurityGroups ], "" ] ] HasLayers: !Not [ !Equals [ !Join [ "", !Ref LambdaLayers ], "" ] ] UsingCustomDomain: !And - !Not [ !Equals [ !Ref CustomDomainName, "" ] ] - !Not [ !Equals [ !Ref CustomDomainAcmCertificateId, "" ] ] Resources: AppLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: Fn::Sub: "/aws/lambda/${LambdaName}" IamRoleLambdaExecution: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: Fn::Sub: "${LambdaStage}-${LambdaName}-lambda" PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - ec2:CreateNetworkInterface - ec2:DeleteNetworkInterface - ec2:DescribeNetworkInterfaces Resource: - "*" - Effect: Allow Action: - logs:CreateLogStream Resource: - Fn::Sub: arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${LambdaName}:* - Effect: Allow Action: - logs:PutLogEvents Resource: - Fn::Sub: arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${LambdaName}:*:* Path: "/" RoleName: Fn::Sub: "${LambdaName}-${LambdaStage}-${AWS::Region}-lambdaRole" AppLambdaFunction: Type: AWS::Lambda::Function Properties: Code: S3Bucket: Ref: S3Bucket S3Key: Ref: S3Key FunctionName: Fn::Sub: "${LambdaName}" Handler: Ref: Handler MemorySize: Ref: MemorySize Role: Fn::GetAtt: - IamRoleLambdaExecution - Arn Runtime: Ref: Runtime Timeout: Ref: Timeout VpcConfig: !If - UsingVPC - SecurityGroupIds: !Ref VpcSecurityGroups SubnetIds: !Ref VpcSubnetIds - !Ref "AWS::NoValue" Layers: !If [ HasLayers, !Ref LambdaLayers, !Ref "AWS::NoValue" ] DependsOn: - AppLogGroup - IamRoleLambdaExecution ApiGatewayRestApi: Type: AWS::ApiGateway::RestApi Properties: Name: Fn::Sub: "${LambdaStage}-${LambdaName}" EndpointConfiguration: Types: - EDGE ApiGatewayResourceProxyVar: Type: AWS::ApiGateway::Resource Properties: ParentId: Fn::GetAtt: - ApiGatewayRestApi - RootResourceId PathPart: "{proxy+}" RestApiId: Ref: ApiGatewayRestApi ApiGatewayMethodAny: Type: AWS::ApiGateway::Method Properties: HttpMethod: ANY RequestParameters: {} ResourceId: Fn::GetAtt: - ApiGatewayRestApi - RootResourceId RestApiId: Ref: ApiGatewayRestApi ApiKeyRequired: false AuthorizationType: NONE Integration: IntegrationHttpMethod: POST Type: AWS_PROXY Uri: Fn::Sub: - arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaarn}/invocations - lambdaarn: Fn::GetAtt: - AppLambdaFunction - Arn MethodResponses: [] ApiGatewayMethodProxyVarAny: Type: AWS::ApiGateway::Method Properties: HttpMethod: ANY RequestParameters: {} ResourceId: Ref: ApiGatewayResourceProxyVar RestApiId: Ref: ApiGatewayRestApi ApiKeyRequired: false AuthorizationType: NONE Integration: IntegrationHttpMethod: POST Type: AWS_PROXY Uri: Fn::Sub: - arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaarn}/invocations - lambdaarn: Fn::GetAtt: - AppLambdaFunction - Arn MethodResponses: [] ApiGatewayDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ApiGatewayRestApi StageName: Ref: LambdaStage DependsOn: - ApiGatewayMethodAny - ApiGatewayMethodProxyVarAny CustomDomain: Type: AWS::ApiGateway::DomainName Condition: UsingCustomDomain Properties: DomainName: !Ref CustomDomainName EndpointConfiguration: Types: - EDGE RegionalCertificateArn: !Ref "AWS::NoValue" CertificateArn: !Sub "arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/${CustomDomainAcmCertificateId}" CustomDomainBasePathMapping: Type: AWS::ApiGateway::BasePathMapping Condition: UsingCustomDomain Properties: BasePath: !Ref DesiredBasePath DomainName: !Ref CustomDomainName RestApiId: !Ref ApiGatewayRestApi Stage: !Ref LambdaStage DependsOn: - ApiGatewayDeployment - CustomDomain AppLambdaPermissionApiGateway: Type: AWS::Lambda::Permission Properties: FunctionName: Fn::GetAtt: - AppLambdaFunction - Arn Action: lambda:InvokeFunction Principal: Fn::Sub: apigateway.${AWS::URLSuffix} SourceArn: Fn::Sub: arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayRestApi}/*/* Outputs: ServiceEndpoint: Description: URL of the service endpoint Value: Fn::Sub: https://${ApiGatewayRestApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}/${LambdaStage} Export: Name: Fn::Sub: "${LambdaName}-ServiceEndpoint"