-
Notifications
You must be signed in to change notification settings - Fork 127
/
template.yaml
138 lines (138 loc) · 4.4 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: "Template to set up Kinesis stream, Lambda functions, S3 bucket, DynamoDB table and related IAM roles for AWS Lambda Real-time Stream Processing Reference Architecture. PLEASE NOTE: The CloudFormation Stack Name must be all lowercase as it is used as part of the S3 bucket name. Otherwise the stack creation will fail."
Parameters:
LambdaS3Bucket:
Type: String
Default: awslambda-reference-architectures
Description: Name of S3 bucket where Lambda function packages are stored.
LambdaDDBEventProcessorS3Key:
Type : String
Default : stream-processing/ddb_eventprocessor.zip
Description : Name of S3 key for Zip with Stream Processing DynamoDB Event Processor Lambda function package.
LambdaDDBEventProcessorHandler:
Type : String
Default : ddb_eventprocessor.handler
Description : Name of handler for Stream Processing DynamoDB Event Processor Lambda function.
Resources:
EventStream:
Type: 'AWS::Kinesis::Stream'
Properties:
ShardCount: 1
DDBEventProcessor:
Type: 'AWS::Serverless::Function'
Properties:
Description: Stream Processing DDB Event Processor
Handler: !Ref LambdaDDBEventProcessorHandler
MemorySize: 128
Role: !GetAtt
- EventProcessorExecutionRole
- Arn
Timeout: 10
Runtime: nodejs6.10
CodeUri:
Bucket: !Ref LambdaS3Bucket
Key: !Ref LambdaDDBEventProcessorS3Key
Events:
Stream:
Type: Kinesis
Properties:
Stream: !GetAtt EventStream.Arn
StartingPosition: TRIM_HORIZON
BatchSize: 25
EventDataTable:
Type: 'AWS::DynamoDB::Table'
Properties:
AttributeDefinitions:
- AttributeName: Username
AttributeType: S
- AttributeName: Id
AttributeType: S
KeySchema:
- AttributeName: Username
KeyType: HASH
- AttributeName: Id
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: '1'
WriteCapacityUnits: '1'
TableName: !Join
- ''
- - !Ref 'AWS::StackName'
- '-EventData'
EventProcessorExecutionRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: EventProcessorExecutionPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'logs:*'
Resource: 'arn:aws:logs:*:*:*'
- Effect: Allow
Action:
- 'dynamodb:BatchWriteItem'
Resource: !Join
- ''
- - 'arn:aws:dynamodb:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':table/'
- !Ref 'AWS::StackName'
- '-EventData'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole'
streamprocessingclient:
Type: 'AWS::IAM::User'
ClientPolicy:
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: StreamProcessingClientPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'kinesis:Put*'
Resource: !Join
- ''
- - 'arn:aws:kinesis:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':stream/'
- !Ref EventStream
Users:
- !Ref streamprocessingclient
ClientKeys:
Type: 'AWS::IAM::AccessKey'
Properties:
UserName: !Ref streamprocessingclient
Outputs:
AccessKeyId:
Value: !Ref ClientKeys
Description: AWS Access Key Id of stream processing client user
SecretAccessKey:
Value: !GetAtt
- ClientKeys
- SecretAccessKey
Description: AWS Secret Key of stream processing client user
KinesisStream:
Value: !Ref EventStream
Description: The Kinesis stream used for ingestion.
Region:
Value: !Ref 'AWS::Region'
Description: The region this template was launched in.