-
Notifications
You must be signed in to change notification settings - Fork 7
/
aws_sam_template.yaml
104 lines (97 loc) · 4.19 KB
/
aws_sam_template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
gitpanda-sam
Sample SAM Template for gitpanda-sam
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 5
# More info about CloudFormation Parameters: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html
Parameters:
GitlabApiEndpoint:
Type: String
Description: Gitlab API Endpoint URL. ex) https://gitlab.example.com/api/v4
Default: https://gitlab.example.com/api/v4
GitlabBaseUrl:
Type: String
Description: Gitlab Base URL. ex) https://gitlab.example.com
Default: https://gitlab.example.com
GitlabPrivateTokenKey:
Type: String
Description: SSM Parameter Store name of Gitlab Private Token Key
Default: GITPANDA_GITLAB_PRIVATE_TOKEN
SlackOAuthAccessTokenKey:
Type: String
Description: SSM Parameter Store name of Slack OAuth Token Key
Default: GITPANDA_SLACK_OAUTH_ACCESS_TOKEN
Resources:
GitpandaFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
# zipping CodeUri directory by `sam package`
CodeUri: gitpanda/
Handler: gitpanda_linux_amd64
Runtime: go1.x
# AWS X-Ray Mode Setting
# Tracing: Active # More info about AWS X-Ray: https://docs.aws.amazon.com/lambda/latest/dg/lambda-x-ray.html
Events:
CatchAll:
Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Properties:
Path: /
Method: POST
Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object
Variables:
# DEBUG_LOGGING: "1"
# TRUNCATE_LINES: "5"
GITLAB_API_ENDPOINT: !Ref GitlabApiEndpoint
GITLAB_BASE_URL: !Ref GitlabBaseUrl
GITLAB_PRIVATE_TOKEN_KEY: !Ref GitlabPrivateTokenKey
SLACK_OAUTH_ACCESS_TOKEN_KEY: !Ref SlackOAuthAccessTokenKey
# SENTRY_DSN: https://[email protected]/0000000
Policies:
- AWSLambdaExecute # Managed Policy
- Version: '2012-10-17' # Policy Document
Statement:
- Effect: Allow
Resource: '*'
Action:
- ssm:GetParameter
- ssm:GetParameters
- sts:AssumeRole
# followings are required when you want to run lambda in VPC
# c.f. https://docs.aws.amazon.com/lambda/latest/dg/vpc.html
# - Effect: Allow
# Resource: '*'
# Action:
# - ec2:CreateNetworkInterface
# - ec2:DescribeNetworkInterfaces
# - ec2:DeleteNetworkInterface
#
# VpcConfig:
# SecurityGroupIds:
# - sg-xxxxxxxxxxxxxxxxx
# SubnetIds:
# # Requires NAT Gateway
# # c.f. https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/
# - subnet-xxxxxxxxxxxxxxxxx
# - subnet-xxxxxxxxxxxxxxxxx
GitpandaFunctionLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub /aws/lambda/${GitpandaFunction}
RetentionInDays: 7
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
GitpandaAPI:
Description: "API Gateway endpoint URL for Prod environment for Gitpanda Function"
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/"
GitpandaFunction:
Description: "Gitpanda Lambda Function ARN"
Value: !GetAtt GitpandaFunction.Arn
GitpandaFunctionIamRole:
Description: "Implicit IAM Role created for Gitpanda function"
Value: !GetAtt GitpandaFunctionRole.Arn