AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > Template for secrets-creator-secrets-manager # More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst Globals: Function: Timeout: 5 Resources: SecretsCreatorFunction: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: secrets-creator/ Handler: secrets-creator Runtime: go1.x Tracing: Active # https://docs.aws.amazon.com/lambda/latest/dg/lambda-x-ray.html Policies: - AWSXrayWriteOnlyAccess - AWSLambdaBasicExecutionRole - Statement: - Sid: SecretsManagerCreateSecretPolicy Effect: Allow Action: - secretsmanager:CreateSecret Resource: '*' Events: CatchAll: Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api Properties: Path: /createsecret Method: POST Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object Variables: PARAM1: VALUE Outputs: # ServerlessRestApi is an implicit API created out of Events key under Serverless::Function # Find out more about other implicit resources you can reference within SAM # https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api SecretsCreatorAPI: Description: "API Gateway endpoint URL for Secrets Creator Lambda Function" Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/createsecret/" SecretsCreatorFunction: Description: "Secrets Creator Lambda Function ARN" Value: !GetAtt SecretsCreatorFunction.Arn SecretsCreatorFunctionIamRole: Description: "Implicit IAM Role created for Secrets Creator Lambda Function" Value: !GetAtt SecretsCreatorFunctionRole.Arn