# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: AWS DRS Accelerator - Lambda function for plan automation API operations used by frontend interface Globals: Function: Timeout: 3 Tracing: Active # Api: # TracingEnabled: True Parameters: Memory: Description: Memory to allocate to Lambda function Type: Number Default: 128 env: Type: String Default: NONE Resources: LambdaFunction: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: src/ Handler: index.handler Runtime: nodejs14.x MemorySize: !Ref Memory Layers: [] Timeout: 25 Architectures: - x86_64 FunctionName: !Sub "drs-plan-automation-api-${env}" Environment: Variables: ENV: Ref: env DRS_STATE_MACHINE_ARN: Fn::ImportValue: !Sub "drs-plan-automation-state-machine-arn-${env}" DRS_ACCOUNTS_TABLE_NAME: Fn::ImportValue: !Sub "drs-plan-automation-accounts-table-name-${env}" DRS_TABLE_NAME: Fn::ImportValue: !Sub "drs-plan-automation-applications-table-name-${env}" DRS_EXECUTION_TABLE_NAME: Fn::ImportValue: !Sub "drs-plan-automation-plan-execution-table-name-${env}" DRS_RESULTS_TABLE_NAME: Fn::ImportValue: !Sub "drs-plan-automation-plan-results-table-name-${env}" Role: Fn::GetAtt: - LambdaExecutionRole - Arn LambdaExecutionRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "drs-plan-automation-api-lambda-${env}" AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole lambdaexecutionpolicy: Type: AWS::IAM::Policy Properties: PolicyName: !Sub "drs-plan-automation-api-lambda-policy-${env}" Roles: - Ref: LambdaExecutionRole PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: Fn::Sub: - arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:* - region: Ref: AWS::Region account: Ref: AWS::AccountId lambda: Ref: LambdaFunction - Action: - states:StartExecution Resource: - Fn::ImportValue: !Sub "drs-plan-automation-state-machine-arn-${env}" Effect: Allow - Effect: Allow Action: - dynamodb:DescribeTable - dynamodb:GetItem - dynamodb:Query - dynamodb:Scan - dynamodb:PutItem - dynamodb:UpdateItem - dynamodb:DeleteItem Resource: - Fn::ImportValue: !Sub "drs-plan-automation-accounts-table-arn-${env}" - Fn::Join: - "/" - - Fn::ImportValue: !Sub "drs-plan-automation-accounts-table-arn-${env}" - index/* - Fn::ImportValue: !Sub "drs-plan-automation-applications-table-arn-${env}" - Fn::Join: - "/" - - Fn::ImportValue: !Sub "drs-plan-automation-applications-table-arn-${env}" - index/* - Fn::ImportValue: !Sub "drs-plan-automation-plan-execution-table-arn-${env}" - Fn::Join: - "/" - - Fn::ImportValue: !Sub "drs-plan-automation-plan-execution-table-arn-${env}" - index/* - Fn::ImportValue: !Sub "drs-plan-automation-plan-results-table-arn-${env}" - Fn::Join: - "/" - - Fn::ImportValue: !Sub "drs-plan-automation-plan-results-table-arn-${env}" - index/* Outputs: LambdaFunctionName: Value: !Ref LambdaFunction Description: "drs-plan-automation - API Lambda Function Name" Export: Name: !Sub "drs-plan-automation-lambda-api-name-${env}" LambdaFunctionArn: Value: !GetAtt LambdaFunction.Arn Description: "drs-plan-automation - API Lambda Function Arn" Export: Name: !Sub "drs-plan-automation-lambda-api-arn-${env}"