# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
AWSTemplateFormatVersion: '2010-09-09'
Description: "The CodeBuild Project for building and deploying lambda functions for API"
Parameters:
Application:
Description: Application Name
Type: String
Default: drs-plan-automation
StackName:
Description: Stack Name
Type: String
env:
Type: String
Resources:
CodeBuildBuildAndDeployLambdaApi:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub "BuildAndDeployLambdaApi-${env}"
Description: "Build and deploy DRS Plan Automation Lambda API"
ServiceRole: !GetAtt CodeBuildBuildAndDeployLambdaApiExecutionRole.Arn
Artifacts:
Type: CODEPIPELINE
EncryptionKey:
Fn::ImportValue: "drs-kms-key-arn"
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: public.ecr.aws/sam/build-nodejs14.x
EnvironmentVariables:
- Name: drs_s3_bucket_name
Value:
Fn::ImportValue: "drs-s3-bucket-name"
- Name: drs_plan_automation_lambda_api_stack_name
Value: !Ref StackName
- Name: env
Value: !Ref env
Source:
Type: CODEPIPELINE
BuildSpec: !Sub "cfn/codebuild/BuildAndDeployLambdaApi/buildspec-buildanddeploy-${env}.yml"
TimeoutInMinutes: 10
Tags:
- Key: Application
Value: !Ref Application
CodeBuildBuildAndDeployLambdaApiExecutionRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- "codebuild.amazonaws.com"
Action: ['sts:AssumeRole']
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
Policies:
- PolicyName: "TestTemplates-Policy"
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 'kms:Encrypt'
- 'kms:Decrypt'
- 'kms:ReEncrypt*'
- 'kms:GenerateDataKey*'
- 'kms:DescribeKey'
Resource:
Fn::ImportValue: "drs-kms-key-arn"
Effect: Allow
Tags:
- Key: Application
Value: !Ref Application