Commit d79e3404fb4a9f8b560341fd00b61c3fc1f8fda3

Authored by Alex Mukha
1 parent b6c90e28f0
Exists in master

Changed the CF template to a full format with authentication added.

Showing 1 changed file with 267 additions and 76 deletions   Show diff stats
heartbeat-template.yaml
... ... @@ -2,47 +2,55 @@
2 2 Transform: 'AWS::Serverless-2016-10-31'
3 3 Description: An AWS Serverless Heartbeat receiver
4 4 Resources:
5   - ReportByRepoIdLambda:
6   - Type: AWS::Serverless::Function
  5 +
  6 + ProcessDynamoDBStreamStream:
  7 + Type: AWS::Lambda::EventSourceMapping
7 8 Properties:
8   - Handler: org.alfresco.heartbeat.handler.GetByRepoIdRequestHandler
9   - Runtime: java8
10   - MemorySize: 512
11   - Timeout: 15
12   - CodeUri: ./reporting-service/target/heartbeat-reporting-2.0-SNAPSHOT.jar
13   - Policies:
14   - - AmazonDynamoDBReadOnlyAccess
15   - Environment:
16   - Variables:
17   - TABLE_NAME:
18   - Ref: AggregationTable
19   - Events:
20   - PostRequest:
21   - Type: Api
22   - Properties:
23   - Path: /report/{repositoryId}
24   - Method: get
  9 + EventSourceArn:
  10 + Fn::GetAtt:
  11 + - IngestionTable
  12 + - StreamArn
  13 + StartingPosition: TRIM_HORIZON
  14 + FunctionName:
  15 + Ref: ProcessDynamoDBStream
25 16  
26   - IngestLambda:
27   - Type: AWS::Serverless::Function
  17 + AggregationTable:
  18 + Type: AWS::DynamoDB::Table
28 19 Properties:
29   - Handler: org.alfresco.heartbeat.handler.HeartbeatRequestHandler
30   - Runtime: java8
31   - MemorySize: 512
32   - Timeout: 15
33   - CodeUri: ./ingestion-service/target/heartbeat-ingestion-2.0-SNAPSHOT.jar
34   - Policies:
35   - - AmazonDynamoDBFullAccess
36   - Environment:
37   - Variables:
38   - TABLE_NAME:
39   - Ref: IngestionTable
40   - Events:
41   - PostRequest:
42   - Type: Api
43   - Properties:
44   - Path: /ingest
45   - Method: post
  20 + KeySchema:
  21 + -
  22 + AttributeName: "repositoryId"
  23 + KeyType: "HASH"
  24 + -
  25 + AttributeName: "feature"
  26 + KeyType: "RANGE"
  27 + AttributeDefinitions:
  28 + -
  29 + AttributeName: 'repositoryId'
  30 + AttributeType: 'S'
  31 + -
  32 + AttributeName: 'feature'
  33 + AttributeType: 'S'
  34 +# Declare columns once the secondary indexes are described
  35 +# -
  36 +# AttributeName: "version"
  37 +# AttributeType: 'S'
  38 +# -
  39 +# AttributeName: "payload"
  40 +# AttributeType: 'S'
  41 + ProvisionedThroughput:
  42 + ReadCapacityUnits: "5"
  43 + WriteCapacityUnits: "5"
  44 +
  45 + ReportByRepoIdLambdaPostRequestPermissionTest:
  46 + Type: AWS::Lambda::Permission
  47 + Properties:
  48 + Action: lambda:invokeFunction
  49 + Principal: apigateway.amazonaws.com
  50 + FunctionName:
  51 + Ref: ReportByRepoIdLambda
  52 + SourceArn:
  53 + Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/GET/report/{repositoryId}
46 54  
47 55 IngestionTable:
48 56 Type: AWS::DynamoDB::Table
... ... @@ -80,53 +88,236 @@ Resources:
80 88 StreamSpecification:
81 89 StreamViewType: "NEW_IMAGE"
82 90  
  91 + ServerlessRestApiProdStage:
  92 + Type: AWS::ApiGateway::Stage
  93 + Properties:
  94 + DeploymentId:
  95 + Ref: ServerlessRestApiDeployment
  96 + RestApiId:
  97 + Ref: ServerlessRestApi
  98 + StageName: Prod
  99 +
  100 + ServerlessRestApi:
  101 + Type: AWS::ApiGateway::RestApi
  102 + Properties:
  103 + Body:
  104 + {
  105 + "swagger": "2.0",
  106 + "info": {
  107 + "title": {
  108 + "Ref": "AWS::StackName"
  109 + },
  110 + "version": "1.0"
  111 + },
  112 + "paths": {
  113 + "/ingest": {
  114 + "post": {
  115 + "x-amazon-apigateway-integration": {
  116 + "httpMethod": "POST",
  117 + "type": "aws_proxy",
  118 + "uri": {
  119 + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${IngestLambda.Arn}/invocations"
  120 + }
  121 + },
  122 + "responses": {
  123 + "200": {
  124 + "description": "Success",
  125 + "schema": {
  126 + "type": "object",
  127 + "properties": {
  128 + "success": {
  129 + "type": "boolean"
  130 + }
  131 + }
  132 + }
  133 + }
  134 + }
  135 + }
  136 + },
  137 + "/report/{repositoryId}": {
  138 + "get": {
  139 + "x-amazon-apigateway-integration": {
  140 + "httpMethod": "POST",
  141 + "type": "aws_proxy",
  142 + "uri": {
  143 + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ReportByRepoIdLambda.Arn}/invocations"
  144 + }
  145 + },
  146 + "parameters": [
  147 + {
  148 + "name": "repositoryId",
  149 + "in": "path",
  150 + "required": true,
  151 + "type": "string"
  152 + }
  153 + ],
  154 + "responses": {
  155 + "200": {
  156 + "description": "Success",
  157 + "schema": {
  158 + "type": "object",
  159 + "properties": {
  160 + "success": {
  161 + "type": "boolean"
  162 + }
  163 + }
  164 + }
  165 + }
  166 + },
  167 + "security": [
  168 + {
  169 + "sigv4": []
  170 + }
  171 + ]
  172 + }
  173 + }
  174 + },
  175 + "securityDefinitions": {
  176 + "sigv4": {
  177 + "type": "apiKey",
  178 + "name": "Authorization",
  179 + "in": "header",
  180 + "x-amazon-apigateway-authtype": "awsSigv4"
  181 + }
  182 + }
  183 + }
  184 +
  185 + IngestLambdaPostRequestPermissionTest:
  186 + Type: AWS::Lambda::Permission
  187 + Properties:
  188 + Action: lambda:invokeFunction
  189 + Principal: apigateway.amazonaws.com
  190 + FunctionName:
  191 + Ref: IngestLambda
  192 + SourceArn:
  193 + Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/POST/ingest
  194 +
  195 + IngestLambda:
  196 + Type: AWS::Lambda::Function
  197 + Properties:
  198 + Handler: org.alfresco.heartbeat.handler.HeartbeatRequestHandler
  199 + Role:
  200 + Fn::GetAtt:
  201 + - IngestLambdaRole
  202 + - Arn
  203 + Runtime: java8
  204 + MemorySize: 512
  205 + Timeout: 15
  206 + Code: ./ingestion-service/target/heartbeat-ingestion-2.0-SNAPSHOT.jar
  207 + Environment:
  208 + Variables:
  209 + TABLE_NAME:
  210 + Ref: IngestionTable
  211 +
  212 + ServerlessRestApiDeployment:
  213 + Type: AWS::ApiGateway::Deployment
  214 + Properties:
  215 + RestApiId:
  216 + Ref: ServerlessRestApi
  217 + StageName: Stage
  218 +
  219 + ReportByRepoIdLambda:
  220 + Type: AWS::Lambda::Function
  221 + Properties:
  222 + Handler: org.alfresco.heartbeat.handler.GetByRepoIdRequestHandler
  223 + Role:
  224 + Fn::GetAtt:
  225 + - ReportByRepoIdLambdaRole
  226 + - Arn
  227 + Runtime: java8
  228 + MemorySize: 512
  229 + Timeout: 15
  230 + Code: ./reporting-service/target/heartbeat-reporting-2.0-SNAPSHOT.jar
  231 + Environment:
  232 + Variables:
  233 + TABLE_NAME:
  234 + Ref: AggregationTable
  235 +
83 236 ProcessDynamoDBStream:
84   - Type: AWS::Serverless::Function
  237 + Type: AWS::Lambda::Function
85 238 Properties:
86 239 Handler: org.alfresco.heartbeat.processor.IngestionTableEventProcessor
  240 + Role:
  241 + Fn::GetAtt:
  242 + - ProcessDynamoDBStreamRole
  243 + - Arn
87 244 Runtime: java8
88 245 MemorySize: 512
89 246 Timeout: 15
90   - CodeUri: ./aggregation-service/target/heartbeat-aggregation-2.0-SNAPSHOT.jar
91   - Policies:
92   - - AWSLambdaDynamoDBExecutionRole
93   - - AmazonDynamoDBFullAccess
  247 + Code: ./aggregation-service/target/heartbeat-aggregation-2.0-SNAPSHOT.jar
94 248 Environment:
95 249 Variables:
96 250 TABLE_NAME:
97 251 Ref: AggregationTable
98   - Events:
99   - Stream:
100   - Type: DynamoDB
101   - Properties:
102   - Stream: !GetAtt IngestionTable.StreamArn
103   - BatchSize: 100
104   - StartingPosition: TRIM_HORIZON
105 252  
106   - AggregationTable:
107   - Type: AWS::DynamoDB::Table
  253 + IngestLambdaPostRequestPermissionProd:
  254 + Type: AWS::Lambda::Permission
108 255 Properties:
109   - KeySchema:
110   - -
111   - AttributeName: "repositoryId"
112   - KeyType: "HASH"
113   - -
114   - AttributeName: "feature"
115   - KeyType: "RANGE"
116   - AttributeDefinitions:
117   - -
118   - AttributeName: 'repositoryId'
119   - AttributeType: 'S'
120   - -
121   - AttributeName: 'feature'
122   - AttributeType: 'S'
123   -# Declare columns once the secondary indexes are described
124   -# -
125   -# AttributeName: "version"
126   -# AttributeType: 'S'
127   -# -
128   -# AttributeName: "payload"
129   -# AttributeType: 'S'
130   - ProvisionedThroughput:
131   - ReadCapacityUnits: "5"
132   - WriteCapacityUnits: "5"
133 256 \ No newline at end of file
  257 + Action: lambda:invokeFunction
  258 + Principal: apigateway.amazonaws.com
  259 + FunctionName:
  260 + Ref: IngestLambda
  261 + SourceArn:
  262 + Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/POST/ingest
  263 +
  264 + ReportByRepoIdLambdaRole:
  265 + Type: AWS::IAM::Role
  266 + Properties:
  267 + ManagedPolicyArns:
  268 + - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
  269 + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
  270 + AssumeRolePolicyDocument:
  271 + Version: "2012-10-17"
  272 + Statement:
  273 + -
  274 + Action:
  275 + - sts:AssumeRole
  276 + Effect: Allow
  277 + Principal:
  278 + Service:
  279 + - lambda.amazonaws.com
  280 +
  281 + IngestLambdaRole:
  282 + Type: AWS::IAM::Role
  283 + Properties:
  284 + ManagedPolicyArns:
  285 + - arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
  286 + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
  287 + AssumeRolePolicyDocument:
  288 + Version: "2012-10-17"
  289 + Statement:
  290 + -
  291 + Action:
  292 + - sts:AssumeRole
  293 + Effect: Allow
  294 + Principal:
  295 + Service:
  296 + - lambda.amazonaws.com
  297 +
  298 + ProcessDynamoDBStreamRole:
  299 + Type: AWS::IAM::Role
  300 + Properties:
  301 + ManagedPolicyArns:
  302 + - arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
  303 + - arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole
  304 + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
  305 + AssumeRolePolicyDocument:
  306 + Version: "2012-10-17"
  307 + Statement:
  308 + -
  309 + Action:
  310 + - sts:AssumeRole
  311 + Effect: Allow
  312 + Principal:
  313 + Service:
  314 + - lambda.amazonaws.com
  315 +
  316 + ReportByRepoIdLambdaPostRequestPermissionProd:
  317 + Type: AWS::Lambda::Permission
  318 + Properties:
  319 + Action: lambda:invokeFunction
  320 + Principal: apigateway.amazonaws.com
  321 + FunctionName:
  322 + Ref: ReportByRepoIdLambda
  323 + SourceArn:
  324 + Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/GET/report/{repositoryId}
... ...