{ "AWSTemplateFormatVersion": "2010-09-09", "Transform": "AWS::Serverless-2016-10-31", "Description": "", "Parameters": { "TablePhoto":{ "Type": "AWS::SSM::Parameter::Value", "Default": "/ImageRecognition/AppOptions/TablePhoto" }, "StateMachineArn":{ "Type": "AWS::SSM::Parameter::Value", "Default": "/ImageRecognition/AppOptions/StateMachineArn" }, "CloudFrontDomain":{ "Type": "AWS::SSM::Parameter::Value", "Default": "/ImageRecognition/AWS/CloudFrontDomain" } }, "Resources": { "PhotoStorageBucket": { "Type": "AWS::S3::Bucket", "Description": "", "DeletionPolicy": "Retain", "Properties": { "CorsConfiguration": { "CorsRules": [ { "AllowedHeaders": [ "*" ], "AllowedMethods": [ "GET","PUT" ], "AllowedOrigins": [ {"Ref": "CloudFrontDomain"} ], "ExposedHeaders": [ "" ] } ] } } }, "ProcessRawImageFunctionDLQ": { "Type": "AWS::SQS::Queue", "Description": "Creates a dead letter queue to which failed Lambda function invocations will be posted. You can use this in conjunction with the mock .NET Lambda test tool in Visual Studio, Visual Studio Code or Visual Studio for Mac to debug the failed invocation locally with the same inputs.", "Properties": {} }, "S3Trigger": { "Type": "AWS::Serverless::Function", "Description" : "massages JSON of extracted image metadata", "Properties": { "Tracing": "Active", "Role": { "Fn::GetAtt": ["LambdaRole", "Arn"] }, "Environment": { "Variables": { "PHOTO_TABLE": {"Ref": "TablePhoto"}, "STATE_MACHINE_ARN": {"Ref": "StateMachineArn"} } }, "Handler": "bootstrap", "MemorySize": 1024, "Timeout": 60, "CodeUri": "./s3Trigger.zip", "Runtime":"provided.al2", "Architectures": ["x86_64"], "DeadLetterQueue": { "Type": "SQS", "TargetArn": { "Fn::GetAtt": [ "ProcessRawImageFunctionDLQ", "Arn" ] } }, "Events":{ "CreatePhotoEvent":{ "Type": "S3", "Properties": { "Bucket": {"Ref": "PhotoStorageBucket"}, "Events": "s3:ObjectCreated:*", "Filter": { "S3Key": { "Rules": [{ "Name" : "prefix", "Value" : "private/uploads"}] } } } } } } }, "LambdaRole": { "Type": "AWS::IAM::Role", "Description" : "", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] } } ] }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess", "arn:aws:iam::aws:policy/AmazonSQSFullAccess", "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess", "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" ] } }, "ParameterPhotoStorageBucket": { "Type": "AWS::SSM::Parameter", "Description": "Stores the name of the S3 storage bucket to Parameter Store.", "Properties": { "Type": "String", "Value": { "Ref": "PhotoStorageBucket" }, "Name": "/ImageRecognition/AppOptions/PhotoStorageBucket" } } } }