@knapsack/app

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Lambda resource stack creation using Amplify CLI", "Parameters": { "env": { "Type": "String" }, "authKsUsersUserPoolId": { "Type": "String", "Default": "authKsUsersUserPoolId" } }, "Conditions": { "ShouldNotCreateEnvResources": { "Fn::Equals": [ { "Ref": "env" }, "NONE" ] } }, "Resources": { "LambdaFunction": { "Type": "AWS::Lambda::Function", "Metadata": { "aws:asset:path": "./src", "aws:asset:property": "Code" }, "Properties": { "Handler": "index.handler", "FunctionName": { "Fn::If": [ "ShouldNotCreateEnvResources", "AdminQueries8dc795a4", { "Fn::Join": [ "", [ "AdminQueries8dc795a4", "-", { "Ref": "env" } ] ] } ] }, "Environment": { "Variables": { "ENV": { "Ref": "env" }, "GROUP": "admins", "USERPOOL": { "Ref": "authKsUsersUserPoolId" } } }, "Role": { "Fn::GetAtt": ["LambdaExecutionRole", "Arn"] }, "Runtime": "nodejs8.10", "Timeout": "25", "Code": { "S3Bucket": "amplify-knapsack-local-162428-deployment", "S3Key": "amplify-builds/AdminQueries8dc795a4-65544e52573753644c58-build.zip" } } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": { "Fn::If": [ "ShouldNotCreateEnvResources", "AdminQueries8dc795a4LambdaRole", { "Fn::Join": [ "", [ "AdminQueries8dc795a4LambdaRole", "-", { "Ref": "env" } ] ] } ] }, "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": ["lambda.amazonaws.com"] }, "Action": ["sts:AssumeRole"] } ] } } }, "lambdaexecutionpolicy": { "DependsOn": ["LambdaExecutionRole"], "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "lambda-execution-policy", "Roles": [ { "Ref": "LambdaExecutionRole" } ], "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": { "Fn::Sub": [ "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", { "region": { "Ref": "AWS::Region" }, "account": { "Ref": "AWS::AccountId" }, "lambda": { "Ref": "LambdaFunction" } } ] } }, { "Effect": "Allow", "Action": [ "cognito-idp:ListUsersInGroup", "cognito-idp:AdminUserGlobalSignOut", "cognito-idp:AdminEnableUser", "cognito-idp:AdminDisableUser", "cognito-idp:AdminRemoveUserFromGroup", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminListGroupsForUser", "cognito-idp:AdminGetUser", "cognito-idp:AdminConfirmSignUp", "cognito-idp:ListUsers" ], "Resource": { "Fn::Join": [ "", [ "arn:aws:cognito-idp:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":userpool/", { "Ref": "authKsUsersUserPoolId" } ] ] } } ] } } } }, "Outputs": { "Name": { "Value": { "Ref": "LambdaFunction" } }, "Arn": { "Value": { "Fn::GetAtt": ["LambdaFunction", "Arn"] } }, "Region": { "Value": { "Ref": "AWS::Region" } }, "LambdaExecutionRole": { "Value": { "Ref": "LambdaExecutionRole" } } } }