@incdevco/framework
Version:
node.js lambda framework
423 lines • 12.8 kB
JSON
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "user stack",
"Parameters": {
"AmazonAppId": {
"Default": "",
"Type": "String"
},
"AssetsAlarmArn": {
"Type": "String"
},
"AssetsBucket": {
"Type": "String"
},
"CustomCFResourceFunctionArn": {
"Type": "String"
},
"EventLogArn": {
"Default": "",
"Type": "String"
},
"EventLogSubscriptionRoleArn": {
"Default": "",
"Type": "String"
},
"FacebookAppId": {
"Default": "",
"Type": "String"
},
"GoogleClientId": {
"Default": "",
"Type": "String"
},
"SyncFunctionCodeS3ObjectKey": {
"Default": "",
"Type": "String"
},
"SyncFunctionCodeS3ObjectVersion": {
"Default": "",
"Type": "String"
},
"SyncFunctionDurationAlarmThreshold": {
"Default": 150000.0,
"Type": "Number"
},
"SyncFunctionInvocationAlarmThreshold": {
"Default": 10.0,
"Type": "Number"
},
"Stage": {
"Description": "stage of the stack",
"Type": "String"
},
"TwitterConsumerKey": {
"Default": "",
"Type": "String"
},
"TwitterConsumerSecret": {
"Default": "",
"Type": "String"
}
},
"Conditions": {
"HasAmazonAppId": {"Fn::Not": [{"Fn::Equals": ["", {"Ref": "AmazonAppId"}]}]},
"HasFacebookAppId": {"Fn::Not": [{"Fn::Equals": ["", {"Ref": "FacebookAppId"}]}]},
"HasGoogleClientId": {"Fn::Not": [{"Fn::Equals": ["", {"Ref": "GoogleClientId"}]}]},
"HasSyncFunction": {"Fn::Not": [{"Fn::Equals": ["", {"Ref": "SyncFunctionCodeS3ObjectKey"}]}]},
"HasTwitterConsumerKey": {"Fn::Not": [{"Fn::Equals": ["", {"Ref": "TwitterConsumerKey"}]}]},
"IsDevelopment": {"Fn::Not": [{"Fn::Equals": ["production", {"Ref": "Stage"}]}]},
"IsProduction": {"Fn::Equals": ["production", {"Ref": "Stage"}]},
"NoSyncFunction": {"Fn::Equals": ["", {"Ref": "SyncFunctionCodeS3ObjectKey"}]}
},
"Outputs": {
"AuthenticatedRole": {
"Value": {"Ref": "AuthenticatedRole"}
},
"AuthenticatedRoleArn": {
"Value": {"Fn::GetAtt": ["AuthenticatedRole", "Arn"]}
},
"IdentityPool": {
"Value": {"Fn::If": [
"HasSyncFunction",
{"Ref": "IdentityPoolWithSync"},
{"Ref": "IdentityPool"}
]}
},
"SyncFunction": {
"Condition": "HasSyncFunction",
"Value": {"Fn::GetAtt": ["SyncFunctionStack", "Outputs.FunctionName"]}
},
"SyncFunctionArn": {
"Condition": "HasSyncFunction",
"Value": {"Fn::GetAtt": ["SyncFunctionStack", "Outputs.FunctionArn"]}
},
"SyncFunctionRole": {
"Condition": "HasSyncFunction",
"Value": {"Ref": "SyncFunctionRole"}
},
"SyncFunctionRoleArn": {
"Condition": "HasSyncFunction",
"Value": {"Fn::GetAtt": ["SyncFunctionRole", "Arn"]}
},
"UnauthenticatedRole": {
"Value": {"Ref": "UnauthenticatedRole"}
},
"UnauthenticatedRoleArn": {
"Value": {"Fn::GetAtt": ["UnauthenticatedRole", "Arn"]}
}
},
"Mappings": {},
"Resources": {
"AuthenticatedRole": {
"Type": "AWS::IAM::Role",
"DeletionPolicy": "Retain",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": {"Fn::If": [
"HasSyncFunction",
{"Ref": "IdentityPoolWithSync"},
{"Ref": "IdentityPool"}
]}
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "cognito",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*",
"cognito-identity:*"
],
"Resource": [
"*"
]
}
]
}
}
]
}
},
"IdentityPool": {
"Type": "AWS::Cognito::IdentityPool",
"DeletionPolicy": "Retain",
"Condition": "NoSyncFunction",
"Properties": {
"AllowUnauthenticatedIdentities": true,
"SupportedLoginProviders": {
"accounts.google.com": {"Fn::If": [
"HasGoogleClientId",
{"Ref": "GoogleClientId"},
{"Ref": "AWS::NoValue"}
]},
"api.twitter.com": {"Fn::If": [
"HasTwitterConsumerKey",
{"Fn::Join": [";", [
{"Ref": "TwitterConsumerKey"},
{"Ref": "TwitterConsumerSecret"}
]]},
{"Ref": "AWS::NoValue"}
]},
"graph.facebook.com": {"Fn::If": [
"HasFacebookAppId",
{"Ref": "FacebookAppId"},
{"Ref": "AWS::NoValue"}
]},
"www.amazon.com": {"Fn::If": [
"HasAmazonAppId",
{"Ref": "AmazonAppId"},
{"Ref": "AWS::NoValue"}
]}
},
"CognitoIdentityProviders": []
}
},
"IdentityPoolWithSync": {
"Type": "AWS::Cognito::IdentityPool",
"DeletionPolicy": "Retain",
"Condition": "HasSyncFunction",
"Properties": {
"AllowUnauthenticatedIdentities": true,
"SupportedLoginProviders": {
"accounts.google.com": {"Fn::If": [
"HasGoogleClientId",
{"Ref": "GoogleClientId"},
{"Ref": "AWS::NoValue"}
]},
"api.twitter.com": {"Fn::If": [
"HasTwitterConsumerKey",
{"Fn::Join": [";", [
{"Ref": "TwitterConsumerKey"},
{"Ref": "TwitterConsumerSecret"}
]]},
{"Ref": "AWS::NoValue"}
]},
"graph.facebook.com": {"Fn::If": [
"HasFacebookAppId",
{"Ref": "FacebookAppId"},
{"Ref": "AWS::NoValue"}
]},
"www.amazon.com": {"Fn::If": [
"HasAmazonAppId",
{"Ref": "AmazonAppId"},
{"Ref": "AWS::NoValue"}
]}
},
"CognitoIdentityProviders": [],
"CognitoEvents": {
"SyncTrigger": {"Fn::GetAtt": ["SyncFunctionStack", "Outputs.FunctionArn"]}
}
}
},
"IdentityPoolRoleAttachment": {
"Type": "AWS::Cognito::IdentityPoolRoleAttachment",
"DeletionPolicy": "Retain",
"Properties": {
"IdentityPoolId": {"Fn::If": [
"HasSyncFunction",
{"Ref": "IdentityPoolWithSync"},
{"Ref": "IdentityPool"}
]},
"Roles": {
"authenticated": {"Fn::GetAtt": ["AuthenticatedRole", "Arn"]},
"unauthenticated": {"Fn::GetAtt": ["UnauthenticatedRole", "Arn"]}
}
}
},
"SyncFunctionPermission": {
"Type": "AWS::Lambda::Permission",
"Condition": "HasSyncFunction",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {"Fn::GetAtt": ["SyncFunctionStack", "Outputs.FunctionName"]},
"Principal": "cognito-sync.amazonaws.com",
"SourceArn": {"Fn::Join": [":", [
"arn",
"aws",
"cognito-identity",
{"Ref": "AWS::Region"},
{"Ref": "AWS::AccountId"},
{"Fn::Join": ["/", [
"identitypool",
{"Fn::If": [
"HasSyncFunction",
{"Ref": "IdentityPoolWithSync"},
{"Ref": "IdentityPool"}
]}
]]}
]]}
}
},
"SyncFunctionPolicy": {
"Type": "AWS::IAM::ManagedPolicy",
"Condition": "HasSyncFunction",
"Properties": {
"Description": "policy to cognito to invoke sync function",
"Path": "/",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["lambda:InvokeFunction"],
"Resource": [
{"Fn::GetAtt": ["SyncFunctionStack", "Outputs.FunctionArn"]}
]
}
]
},
"Roles": [
{"Ref": "AuthenticatedRole"},
{"Ref": "UnauthenticatedRole"}
]
}
},
"SyncFunctionRole": {
"Type": "AWS::IAM::Role",
"Condition": "HasSyncFunction",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"ManagedPolicyArns": [],
"Path": "/",
"Policies": [
{
"PolicyName": "cloudwatch",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}
}
]
}
},
"SyncFunctionStack": {
"Type": "AWS::CloudFormation::Stack",
"Condition": "HasSyncFunction",
"Properties": {
"NotificationARNs": {"Ref": "AWS::NotificationARNs"},
"Parameters": {
"AlarmActionsArn": {"Ref": "AssetsAlarmArn"},
"CodeS3Bucket": {"Ref": "AssetsBucket"},
"CodeS3ObjectKey": {"Ref": "SyncFunctionCodeS3ObjectKey"},
"CodeS3ObjectVersion": {"Ref": "SyncFunctionCodeS3ObjectVersion"},
"CustomCFResourceFunctionArn": {"Ref": "CustomCFResourceFunctionArn"},
"Description": "cognito identity pool sync function",
"DurationAlarmThreshold": {"Ref": "SyncFunctionDurationAlarmThreshold"},
"EventLogArn": {"Ref": "EventLogArn"},
"EventLogSubscriptionRoleArn": {"Ref": "EventLogSubscriptionRoleArn"},
"InvocationAlarmThreshold": {"Ref": "SyncFunctionInvocationAlarmThreshold"},
"MemorySize": 128,
"RoleArn": {"Fn::GetAtt": ["SyncFunctionRole", "Arn"]},
"RoleName": {"Ref": "SyncFunctionRole"},
"Runtime": "nodejs6.10",
"Timeout": "120"
},
"TemplateURL": {"Fn::Join": ["", [
"https://s3-",
{"Ref": "AWS::Region"},
".amazonaws.com/",
{"Ref": "AssetsBucket"},
"/incdevco-cf-templates/lambda/function/stack.json"
]]}
}
},
"UnauthenticatedRole": {
"Type": "AWS::IAM::Role",
"DeletionPolicy": "Retain",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": {"Fn::If": [
"HasSyncFunction",
{"Ref": "IdentityPoolWithSync"},
{"Ref": "IdentityPool"}
]}
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "cognito",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource": [
"*"
]
}
]
}
}
]
}
}
}
}