--- #----------------------------------------------------------------------------------------------------------------------- # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance # with the License. A copy of the License is located at # # http://www.apache.org/licenses/LICENSE-2.0 # # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions # and limitations under the License. #----------------------------------------------------------------------------------------------------------------------- AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: CDF Greengrass2 Provisioning Service Globals: Api: OpenApiVersion: 3.0.1 Parameters: ApplicationConfigurationOverride: Description: This allows you to override any application configuration. It should consists of a text-based content with a structure and syntax comprising key–value pairs for properties. Any configurations contained in this will override the configurations found and merged from the default .env files. Type: String Environment: Description: Name of environment. Used to name the created resources. Type: String MinLength: 1 TemplateSnippetS3UriBase: Description: | S3 uri of directory where template snippets are stored for the account. Type: String MinLength: 1 AuthType: Description: Authorization type to apply to the API gateway endpoints Type: String Default: None AllowedValues: - None - Private - Cognito - LambdaRequest - LambdaToken - ApiKey - IAM MinLength: 1 ApiGatewayDefinitionTemplate: Description: | Name of the API Gateway Cloudformation definition along with the authorization method to use. Use one of the provided templates to implement no auth, private, api key, lambda request, lamdba token, or Cognito auth, or modify one to meet your own authentization requirements. The template must exist within the provided TemplateSnippetS3UriBase location. Type: String MinLength: 1 VpcId: Description: ID of VPC to deploy the API into. Only required if AuthType = 'Private'. Type: String CDFSecurityGroupId: Description: ID of an existing CDF security group to deploy the API into. Only required if AuthType = 'Private'. Type: String PrivateSubNetIds: Description: Comma delimited list of private subnetIds to deploy the API into. Only required if AuthType = 'Private'. Type: CommaDelimitedList PrivateApiGatewayVPCEndpoint: Description: VPC endpoint. Only required if AuthType = 'Private'. Type: String CognitoUserPoolArn: Description: Cognito user pool arn. Only required if AuthType is set to 'Cognito'. Type: String Default: 'N/A' AuthorizerFunctionArn: Description: Lambda authorizer function arn. Only required if AuthType is set to 'LambdaRequest' or 'LambdaToken'. Type: String Default: 'N/A' ProvisionedConcurrentExecutions: Description: The no. of desired concurrent executions to provision. Set to 0 to disable. Type: Number Default: 0 ApplyAutoscaling: Description: If true, will apply auto-scaling as defined in `./cfn-autoscaling.yml' Type: String Default: false AllowedValues: - true - false MinLength: 1 EnableApiGatewayAccessLogs: Description: Enables API Gateway Access Logging, defaults to false if not specified. Type: String Default: 'false' AllowedValues: - 'true' - 'false' MinLength: 1 EnablePublishEvents: Description: Enables Publishing events to CDF EventBridge Type: String Default: 'false' AllowedValues: - 'true' - 'false' MinLength: 1 KmsKeyId: Description: The KMS key ID used to encrypt DynamoDB and SQS. Type: String ArtifactsBucket: Description: Name of S3 bucket where artifacts created during provisioning are stored. Type: String MinLength: 1 ArtifactsKeyPrefix: Description: S3 key prefix where artifacts created during provisioning are stored. Type: String Default: greengrass2/artifacts/ ProvisioningFunctionName: Description: Provisioning REST function name Type: String Default: '' AssetLibraryFunctionName: Description: Asset Library REST function name Type: String Default: '' InstallerConfigGenerators: Description: Map of installer config generator alias to lambda name. Type: String EventBridgeBusName: Description: EventBridge Bus Name Type: String CdfServiceEventBridgeSource: Description: This is used as event source when publishing events Type: String Default: com.aws.cdf.greengrass2-provisioning Conditions: DeployInVPC: !Not [!Equals [!Ref VpcId, 'N/A']] DeployWithLambdaAuth: !Or [!Equals [!Ref AuthType, 'LambdaRequest'], !Equals [!Ref AuthType, 'LambdaToken']] DeployWithProvisionedCapacity: !Not [!Equals [!Ref ProvisionedConcurrentExecutions, '0']] KmsKeyIdProvided: !Not [!Equals [!Ref KmsKeyId, '']] EnableApiGatewayAccessLogs: !Equals [!Ref EnableApiGatewayAccessLogs, 'true'] DeployWithScaling: !Equals [!Ref ApplyAutoscaling, 'true'] Resources: ApiGatewayApi: 'Fn::Transform': Name: 'AWS::Include' Parameters: Location: !Sub '${TemplateSnippetS3UriBase}${ApiGatewayDefinitionTemplate}' DependsOn: - RESTLambdaFunction ApiGatewayAuthorizerInvokeRole: Condition: DeployWithLambdaAuth 'Fn::Transform': Name: 'AWS::Include' Parameters: Location: !Sub '${TemplateSnippetS3UriBase}cfn-role-lambdaRequestAuthInvokerRole.yaml' DependsOn: - RESTLambdaFunction ApiGatewayAccessLogGroup: Condition: EnableApiGatewayAccessLogs Type: 'AWS::Logs::LogGroup' Properties: LogGroupName: !Sub 'cdf-greengrassprovisioning-apigatewayaccesslogs-${Environment}' KmsPolicy: Type: AWS::IAM::ManagedPolicy Condition: KmsKeyIdProvided Properties: Description: 'CDF greengrass2-provisioning policy for accessing KMS' Path: '/cdf/greengrass2/' PolicyDocument: Version: '2012-10-17' Statement: - Action: - 'kms:Decrypt' - 'kms:GenerateDataKey' Effect: Allow Resource: !Sub 'arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/${KmsKeyId}' ApplicationPolicies: Type: 'AWS::IAM::ManagedPolicy' Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: 'Lambda permissions to manage greengrass resources' Properties: Description: 'cdf-greengrass2-provisioning application policies' Path: '/' PolicyDocument: Version: '2012-10-17' Statement: - Sid: eventbridge Action: - events:PutEvents Effect: Allow Resource: - !Ref EventBridgeBusName - Sid: sqs Action: - sqs:SendMessage - sqs:ReceiveMessage - sqs:DeleteMessage - sqs:GetQueueAttributes Effect: Allow Resource: - !GetAtt CoreTasksQueue.Arn - !GetAtt CoreTasksStatusQueue.Arn - !GetAtt DeviceTasksQueue.Arn - !GetAtt DeploymentTasksQueue.Arn - !GetAtt DlqQueue.Arn - Sid: lambda Effect: Allow Action: - lambda:InvokeFunction Resource: - !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:cdf-*' - Sid: dynamodb1 Effect: Allow Action: - dynamodb:DescribeStream - dynamodb:GetRecords - dynamodb:GetShardIterator - dynamodb:ListShards - dynamodb:ListStreams - dynamodb:Query - dynamodb:Scan Resource: - !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${Table}' - !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${Table}/index/*' - !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${Table}/stream/*' - Sid: dynamodb2 Effect: Allow Action: - dynamodb:BatchGetItem - dynamodb:BatchWriteItem - dynamodb:PutItem - dynamodb:DeleteItem - dynamodb:GetItem - dynamodb:Scan - dynamodb:Query - dynamodb:UpdateItem Resource: - !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${Table}' - !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${Table}/index/*' - Sid: iot Effect: Allow Action: - iot:AddThingToThingGroup - iot:CancelJob - iot:CreateJob - iot:CreateThingGroup - iot:DescribeJob - iot:DescribeThing - iot:DescribeThingGroup - iot:RemoveThingFromThingGroup - iot:ListTagsForResource - iot:ListThingGroupsForThing - iot:TagResource - iot:UntagResource - iot:UpdateThingGroup Resource: - !Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:job/*' - !Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:thing/*' - !Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:thinggroup/*' - Sid: greengrass1 Action: - greengrass:CreateDeployment - greengrass:ListCoreDevices - greengrass:ListDeployments - greengrass:ListComponents - greengrass:ListTagsForResource - greengrass:TagResource - greengrass:UntagResource Effect: Allow Resource: - '*' - Sid: greengrass2 Action: - greengrass:BatchAssociateClientDeviceWithCoreDevice - greengrass:ListClientDevicesAssociatedWithCoreDevice - greengrass:BatchDisassociateClientDeviceFromCoreDevice - greengrass:CancelDeployment - greengrass:DeleteCoreDevice - greengrass:DescribeComponent - greengrass:GetComponent - greengrass:GetCoreDevice - greengrass:GetDeployment - greengrass:ListEffectiveDeployments - greengrass:ListInstalledComponents - greengrass:ListTagsForResource - greengrass:TagResource - greengrass:UntagResource Effect: Allow Resource: - !Sub 'arn:aws:greengrass:${AWS::Region}:${AWS::AccountId}:components:*:versions:*' - !Sub 'arn:aws:greengrass:${AWS::Region}:${AWS::AccountId}:components:*' - !Sub 'arn:aws:greengrass:${AWS::Region}:${AWS::AccountId}:coreDevices:*' - !Sub 'arn:aws:greengrass:${AWS::Region}:${AWS::AccountId}:deployments:*' LambdaExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: Effect: Allow Principal: Service: lambda.amazonaws.com Action: sts:AssumeRole Path: '/cdf/greengrass2/' ManagedPolicyArns: - !Ref ApplicationPolicies - !If [KmsKeyIdProvided, !Ref KmsPolicy, !Ref 'AWS::NoValue'] - arn:aws:iam::aws:policy/AWSLambdaExecute - arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole RESTLambdaFunction: Type: AWS::Serverless::Function Properties: FunctionName: !Sub 'cdf-greengrass2-provisioning-rest-${Environment}' CodeUri: ../bundle.zip Handler: lambda_apigw_proxy.handler MemorySize: 256 Role: !GetAtt LambdaExecutionRole.Arn Runtime: nodejs16.x Timeout: 29 AutoPublishAlias: live DeploymentPreference: Type: AllAtOnce ProvisionedConcurrencyConfig: Fn::If: - DeployWithProvisionedCapacity - ProvisionedConcurrentExecutions: !Ref ProvisionedConcurrentExecutions - Ref: AWS::NoValue Environment: Variables: APP_CONFIG_DIR: 'config' APP_CONFIG: !Ref ApplicationConfigurationOverride AWS_ACCOUNTID: !Ref AWS::AccountId AWS_EVENTBRIDGE_BUS_NAME: !Ref EventBridgeBusName CDF_SERVICE_EVENTBRIDGE_SOURCE: !Ref CdfServiceEventBridgeSource AWS_DYNAMODB_TABLE_NAME: !Ref Table AWS_S3_ARTIFACTS_BUCKET: !Ref ArtifactsBucket AWS_S3_ARTIFACTS_PREFIX: !Ref ArtifactsKeyPrefix AWS_SQS_QUEUES_CORE_TASKS: !Ref CoreTasksQueue AWS_SQS_QUEUES_DEVICE_TASKS: !Ref DeviceTasksQueue AWS_SQS_QUEUES_DEPLOYMENT_TASKS: !Ref DeploymentTasksQueue AWS_SQS_QUEUES_CORE_TASKS_STATUS: !Ref CoreTasksStatusQueue PROVISIONING_API_FUNCTION_NAME: !Ref ProvisioningFunctionName ASSETLIBRARY_API_FUNCTION_NAME: !Ref AssetLibraryFunctionName ENABLE_PUBLISH_EVENTS: !Ref EnablePublishEvents Tracing: Active VpcConfig: Fn::If: - DeployInVPC - SubnetIds: !Ref PrivateSubNetIds SecurityGroupIds: - !Ref CDFSecurityGroupId - Ref: AWS::NoValue Events: ProxyApiRoot: Type: Api Properties: RestApiId: !Ref ApiGatewayApi Path: / Method: ANY ProxyApiGreedy: Type: Api Properties: RestApiId: !Ref ApiGatewayApi Path: /{proxy+} Method: ANY SQSLambdaFunction: Type: AWS::Serverless::Function Properties: FunctionName: !Sub 'cdf-greengrass2-provisioning-sqs-${Environment}' CodeUri: ../bundle.zip Handler: lambda_sqs_proxy.handler MemorySize: 256 Role: !GetAtt LambdaExecutionRole.Arn Runtime: nodejs16.x Timeout: 900 AutoPublishAlias: live DeploymentPreference: Type: AllAtOnce ProvisionedConcurrencyConfig: Fn::If: - DeployWithProvisionedCapacity - ProvisionedConcurrentExecutions: !Ref ProvisionedConcurrentExecutions - Ref: AWS::NoValue Environment: Variables: APP_CONFIG_DIR: 'config' APP_CONFIG: !Ref ApplicationConfigurationOverride AWS_EVENTBRIDGE_BUS_NAME: !Ref EventBridgeBusName ENABLE_PUBLISH_EVENTS: !Ref EnablePublishEvents CDF_SERVICE_EVENTBRIDGE_SOURCE: !Ref CdfServiceEventBridgeSource AWS_ACCOUNTID: !Ref AWS::AccountId AWS_DYNAMODB_TABLE_NAME: !Ref Table AWS_S3_ARTIFACTS_BUCKET: !Ref ArtifactsBucket AWS_S3_ARTIFACTS_PREFIX: !Ref ArtifactsKeyPrefix AWS_SQS_QUEUES_CORE_TASKS: !Ref CoreTasksQueue AWS_SQS_QUEUES_CORE_TASKS_STATUS: !Ref CoreTasksStatusQueue AWS_SQS_QUEUES_DEVICE_TASKS: !Ref DeviceTasksQueue AWS_SQS_QUEUES_DEPLOYMENT_TASKS: !Ref DeploymentTasksQueue PROVISIONING_API_FUNCTION_NAME: !Ref ProvisioningFunctionName ASSETLIBRARY_API_FUNCTION_NAME: !Ref AssetLibraryFunctionName INSTALLER_CONFIG_GENERATORS: !Ref InstallerConfigGenerators Tracing: Active Events: DeviceTasksQeueu: Type: SQS Properties: Queue: !GetAtt DeviceTasksQueue.Arn BatchSize: 5 CoreTasksQueue: Type: SQS Properties: Queue: !GetAtt CoreTasksQueue.Arn BatchSize: 5 CoreTasksStatusQueue: Type: SQS Properties: Queue: !GetAtt CoreTasksStatusQueue.Arn BatchSize: 5 DeploymentTasksQueue: Type: SQS Properties: Queue: !GetAtt DeploymentTasksQueue.Arn BatchSize: 5 IotJobLambdaFunction: Type: AWS::Serverless::Function Properties: FunctionName: !Sub 'cdf-greengrass2-provisioning-job-${Environment}' CodeUri: ../bundle.zip Handler: lambda_job_execution_proxy.handler MemorySize: 256 Role: !GetAtt LambdaExecutionRole.Arn Runtime: nodejs16.x Timeout: 30 AutoPublishAlias: live DeploymentPreference: Type: AllAtOnce ProvisionedConcurrencyConfig: Fn::If: - DeployWithProvisionedCapacity - ProvisionedConcurrentExecutions: !Ref ProvisionedConcurrentExecutions - Ref: AWS::NoValue Environment: Variables: APP_CONFIG_DIR: 'config' APP_CONFIG: !Ref ApplicationConfigurationOverride AWS_ACCOUNTID: !Ref AWS::AccountId ENABLE_PUBLISH_EVENTS: !Ref EnablePublishEvents AWS_DYNAMODB_TABLE_NAME: !Ref Table AWS_EVENTBRIDGE_BUS_NAME: !Ref EventBridgeBusName CDF_SERVICE_EVENTBRIDGE_SOURCE: !Ref CdfServiceEventBridgeSource Tracing: Active Events: JobExecutionIotRule: Type: IoTRule Properties: Sql: "SELECT * FROM '$aws/events/jobExecution/+/+'" DDbStreamLambdaFunction: Type: AWS::Serverless::Function Properties: FunctionName: !Sub 'cdf-greengrass2-provisioning-dynamoDb-${Environment}' CodeUri: ../bundle.zip Handler: lambda_ddbstream_proxy.handler MemorySize: 256 Role: !GetAtt LambdaExecutionRole.Arn Runtime: nodejs16.x Timeout: 30 AutoPublishAlias: live DeploymentPreference: Type: AllAtOnce ProvisionedConcurrencyConfig: Fn::If: - DeployWithProvisionedCapacity - ProvisionedConcurrentExecutions: !Ref ProvisionedConcurrentExecutions - Ref: AWS::NoValue Environment: Variables: APP_CONFIG_DIR: 'config' APP_CONFIG: !Ref ApplicationConfigurationOverride AWS_ACCOUNTID: !Ref AWS::AccountId AWS_DYNAMODB_TABLE_NAME: !Ref Table AWS_EVENTBRIDGE_BUS_NAME: !Ref EventBridgeBusName CDF_SERVICE_EVENTBRIDGE_SOURCE: !Ref CdfServiceEventBridgeSource ENABLE_PUBLISH_EVENTS: !Ref EnablePublishEvents Tracing: Active Events: DynamoDBStream: Type: DynamoDB Properties: Stream: !GetAtt Table.StreamArn StartingPosition: TRIM_HORIZON BatchSize: 10 MaximumBatchingWindowInSeconds: 10 Enabled: true ParallelizationFactor: 8 MaximumRetryAttempts: 5 BisectBatchOnFunctionError: true MaximumRecordAgeInSeconds: 86400 DestinationConfig: OnFailure: Type: SQS Destination: !GetAtt DlqQueue.Arn TumblingWindowInSeconds: 0 FunctionResponseTypes: - ReportBatchItemFailures Table: Type: AWS::DynamoDB::Table Metadata: cfn_nag: rules_to_suppress: - id: W28 reason: 'safely naming this resources to be unique by environment' - id: W73 reason: 'Can be decided by the customer, to specify the billing mode' Properties: PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: true SSESpecification: Fn::If: - KmsKeyIdProvided - KMSMasterKeyId: !Ref KmsKeyId SSEEnabled: true SSEType: KMS - Ref: AWS::NoValue TableName: !Sub 'cdf-greengrass2-provisioning-${Environment}' KeySchema: - AttributeName: 'pk' KeyType: 'HASH' - AttributeName: 'sk' KeyType: 'RANGE' AttributeDefinitions: - AttributeName: 'pk' AttributeType: 'S' - AttributeName: 'sk' AttributeType: 'S' - AttributeName: 'siKey1' AttributeType: 'S' - AttributeName: 'siKey2' AttributeType: 'S' - AttributeName: 'siSort2' AttributeType: 'S' - AttributeName: 'siKey3' AttributeType: 'S' - AttributeName: 'siSort3' AttributeType: 'S' - AttributeName: 'siKey4' AttributeType: 'S' - AttributeName: 'siSort4' AttributeType: 'S' - AttributeName: 'siKey5' AttributeType: 'S' - AttributeName: 'siSort5' AttributeType: 'S' - AttributeName: 'siKey6' AttributeType: 'S' - AttributeName: 'siSort6' AttributeType: 'S' ProvisionedThroughput: ReadCapacityUnits: '5' WriteCapacityUnits: '5' GlobalSecondaryIndexes: - IndexName: 'siKey1-pk-index' KeySchema: - AttributeName: 'siKey1' KeyType: 'HASH' - AttributeName: 'pk' KeyType: 'RANGE' Projection: ProjectionType: ALL ProvisionedThroughput: ReadCapacityUnits: '5' WriteCapacityUnits: '5' - IndexName: 'siKey2-siSort2-index' KeySchema: - AttributeName: 'siKey2' KeyType: 'HASH' - AttributeName: 'siSort2' KeyType: 'RANGE' Projection: ProjectionType: ALL ProvisionedThroughput: ReadCapacityUnits: '5' WriteCapacityUnits: '5' - IndexName: 'siKey3-siSort3-index' KeySchema: - AttributeName: 'siKey3' KeyType: 'HASH' - AttributeName: 'siSort3' KeyType: 'RANGE' Projection: ProjectionType: ALL ProvisionedThroughput: ReadCapacityUnits: '5' WriteCapacityUnits: '5' - IndexName: 'siKey4-siSort4-index' KeySchema: - AttributeName: 'siKey4' KeyType: 'HASH' - AttributeName: 'siSort4' KeyType: 'RANGE' Projection: ProjectionType: ALL ProvisionedThroughput: ReadCapacityUnits: '5' WriteCapacityUnits: '5' - IndexName: 'siKey5-siSort5-index' KeySchema: - AttributeName: 'siKey5' KeyType: 'HASH' - AttributeName: 'siSort5' KeyType: 'RANGE' Projection: ProjectionType: ALL ProvisionedThroughput: ReadCapacityUnits: '5' WriteCapacityUnits: '5' - IndexName: 'siKey6-siSort6-index' KeySchema: - AttributeName: 'siKey6' KeyType: 'HASH' - AttributeName: 'siSort6' KeyType: 'RANGE' Projection: ProjectionType: ALL ProvisionedThroughput: ReadCapacityUnits: '5' WriteCapacityUnits: '5' StreamSpecification: StreamViewType: NEW_AND_OLD_IMAGES DeviceTasksQueue: Type: AWS::SQS::Queue Properties: MessageRetentionPeriod: 604800 VisibilityTimeout: 960 RedrivePolicy: deadLetterTargetArn: !GetAtt DlqQueue.Arn maxReceiveCount: 10 KmsMasterKeyId: Fn::If: - KmsKeyIdProvided - Ref: KmsKeyId - Ref: AWS::NoValue CoreTasksStatusQueue: Type: AWS::SQS::Queue Properties: MessageRetentionPeriod: 604800 VisibilityTimeout: 960 RedrivePolicy: deadLetterTargetArn: !GetAtt DlqQueue.Arn maxReceiveCount: 10 KmsMasterKeyId: Fn::If: - KmsKeyIdProvided - Ref: KmsKeyId - Ref: AWS::NoValue CoreTasksQueue: Type: AWS::SQS::Queue Properties: MessageRetentionPeriod: 604800 VisibilityTimeout: 960 RedrivePolicy: deadLetterTargetArn: !GetAtt DlqQueue.Arn maxReceiveCount: 10 KmsMasterKeyId: Fn::If: - KmsKeyIdProvided - Ref: KmsKeyId - Ref: AWS::NoValue DeploymentTasksQueue: Type: AWS::SQS::Queue Properties: MessageRetentionPeriod: 604800 VisibilityTimeout: 960 RedrivePolicy: deadLetterTargetArn: !GetAtt DlqQueue.Arn maxReceiveCount: 10 KmsMasterKeyId: Fn::If: - KmsKeyIdProvided - Ref: KmsKeyId - Ref: AWS::NoValue DlqQueue: Type: AWS::SQS::Queue Properties: MessageRetentionPeriod: 1209600 KmsMasterKeyId: Fn::If: - KmsKeyIdProvided - Ref: KmsKeyId - Ref: AWS::NoValue # Optional auto-scaling configuration AutoScalingNestedStack: Type: AWS::CloudFormation::Stack Condition: DeployWithScaling Properties: TemplateURL: ./cfn-autoscaling.yml Parameters: RESTLambdaFunction: !Ref RESTLambdaFunction SQSLambdaFunction: !Ref SQSLambdaFunction DynamoDbTableName: !Ref Table TimeoutInMinutes: 5 DependsOn: - RESTLambdaFunction - Table Outputs: RESTLambdaFunctionConsoleUrl: Description: Console URL for the Lambda Function. Value: !Sub 'https://${AWS::Region}.console.aws.amazon.com/lambda/home?region=${AWS::Region}#/functions/${RESTLambdaFunction}' RESTLambdaArn: Description: REST API Lambda Arn Value: !Sub '${RESTLambdaFunction.Arn}' Export: Name: !Sub 'cdf-greengrass2-provisioning-${Environment}-RESTLambdaArn' RestApiFunctionName: Description: Events REST API lambda function name Value: !Ref RESTLambdaFunction Export: Name: !Sub 'cdf-greengrass2-provisioning-${Environment}-restApiFunctionName' ApiGatewayUrl: Description: Events REST API URL Value: !Sub 'https://${ApiGatewayApi}.execute-api.${AWS::Region}.amazonaws.com/Prod' Export: Name: !Sub 'cdf-greengrass2-provisioning-${Environment}-apigatewayurl' ApiGatewayHost: Description: Events REST API host Value: !Sub '${ApiGatewayApi}.execute-api.${AWS::Region}.amazonaws.com' Export: Name: !Sub 'cdf-greengrass2-provisioning-${Environment}-apigatewayhost' ProvisioningTable: Description: cdf greengrass2 provisioning dynamodb table Value: !Sub '${Table}' Export: Name: !Sub 'cdf-greengrass2-provisioning-${Environment}-table'