# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://www.apache.org/licenses/LICENSE-2.0 # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. # The child templates we added an X to the end of the solutionID for so only the root template is counted in reporting. AWSTemplateFormatVersion: 2010-09-09 Description: (SO0153X) - __SOLUTION_NAME__ __VERSION__ Create an FSx DNS NAME for Windows file system. Parameters: FSxFileSystemID: Description: ID for the FSx Filesystem Type: String Project: Description: Tag used for resources and billing Type: String Default: cloud-edit-fsx CloudFormationBucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: >- CloudFormation assets bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: my-cfn-bucket Description: >- S3 bucket name for the CloudFormation assets. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String LambdaFunctionS3Key: Type: String Default: cfn-repo/sgw/fsx-dns-name.zip Description: S3 key (path and file name) of the Lambda 'zip' archive. Boto3LayerS3Key: Type: String Default: cfn-repo/sgw/boto3-layer.zip Description: S3 key (path and file name) of the Boto3 SDK 'zip' archive. botoConfig: Type: String Description: Botocore configuration parameters SendAnonymizedMetric: Type: String Description: Flag to send anonymized metric Resources: FSxDNSNameLambdaExecutionRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com - events.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: root PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/* FSxDNSNameLambdaExecutionPolicy: Type: 'AWS::IAM::Policy' Properties: PolicyName: !Sub '${Project}-FSxDNSNamePolicy' Roles: - !Ref FSxDNSNameLambdaExecutionRole PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: 'iam:PassRole' Resource: 'arn:aws:iam::*:role/*' - Effect: Allow Action: - 'lambda:AddPermission' - 'lambda:RemovePermission' Resource: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${FSxDNSNameLambda}' - Effect: Allow Action: 'fsx:DescribeFileSystems' Resource: 'arn:aws:fsx:*:*:*' - Effect: Allow Action: - 'events:PutRule' - 'events:DeleteRule' - 'events:PutTargets' - 'events:RemoveTargets' Resource: 'arn:aws:events:*:*:rule/*' Boto3Layer: Type: "AWS::Lambda::LayerVersion" Properties: CompatibleRuntimes: - python3.7 - python3.8 - python3.9 Content: S3Bucket: !Ref CloudFormationBucketName S3Key: !Ref Boto3LayerS3Key Description: 'Boto3 SDK layer' LayerName: !Sub '${Project}-FSx-Boto3' FSxDNSNameLambda: Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "(W89) Lambda function is 1 time use and does not need to be in a VPC" - id: W92 reason: "(W92) Lambda function is 1 time use and does not need to be reserve simultaneous executions" DependsOn: FSxDNSNameLambdaExecutionRole Type: 'AWS::Lambda::Function' Properties: FunctionName: !Sub '${Project}-FSxDNSNameLambda' Description: Get FSx DNS Name (file_system_id) Runtime: python3.9 Code: S3Bucket: !Ref CloudFormationBucketName S3Key: !Ref LambdaFunctionS3Key Layers: - !Ref Boto3Layer Environment: Variables: botoConfig: !Ref botoConfig SendAnonymizedMetric: !Ref SendAnonymizedMetric Handler: fsx-dns-name.handler MemorySize: 256 Role: Fn::GetAtt: FSxDNSNameLambdaExecutionRole.Arn Timeout: 30 FSxDNSNameLambdaLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Join ['/', ['/aws/lambda', !Ref FSxDNSNameLambda]] RetentionInDays: 30 FSxDNSName: DependsOn: FSxDNSNameLambdaExecutionPolicy Type: Custom::FSxDNSName Properties: ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${FSxDNSNameLambda}' FileSystemId: !Sub '${FSxFileSystemID}' Outputs: FSxNetworkShare: Description: 'The Network Share Mapping for the FSX FileSystem Created' Value: !Sub '\\${FSxDNSName.FSxDNSName}\share'