AWSTemplateFormatVersion: 2010-09-09 Transform: AWS::Serverless-2016-10-31 Description: Workload Discovery on AWS DrawIo Export API Parameters: DeploymentBucket: Type: String DeploymentBucketKey: Type: String PerspectiveAppSyncApiId: Type: String Resources: DrawIoLambdaFunctionRole: Type: AWS::IAM::Role Properties: Path: '/' ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: sts:AssumeRole DrawIoFunction: Type: AWS::Serverless::Function Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: This Lambda does not connect to any resources in a VPC Properties: Description: Converts Worload Discovery diagram to a Draw IO URL Runtime: python3.9 Handler: main.handler CodeUri: Bucket: !Ref DeploymentBucket Key: !Sub ${DeploymentBucketKey}/drawio.zip Timeout: 5 MemorySize: 256 ReservedConcurrentExecutions: 5 DrawIoInvokeRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - appsync.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: !Sub ${AWS::StackName}-AppSyncDrawIohRole PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - lambda:InvokeFunction Resource: !GetAtt DrawIoFunction.Arn DrawIoExportLambdaDataSource: Type: AWS::AppSync::DataSource Properties: ApiId: !Ref PerspectiveAppSyncApiId Name: DrawIo_Lambda_DS9 Description: ADrawIo Export Lambda AppSync Data Source Type: AWS_LAMBDA ServiceRoleArn: !GetAtt DrawIoInvokeRole.Arn LambdaConfig: LambdaFunctionArn: !GetAtt DrawIoFunction.Arn DrawIoExporteResolver: Type: AWS::AppSync::Resolver Properties: ApiId: !Ref PerspectiveAppSyncApiId TypeName: Query FieldName: exportToDrawIo DataSourceName: !GetAtt DrawIoExportLambdaDataSource.Name