awscloud/RunLambdaDeleteVolumeOnce.template at master · emooreatx/awscloud · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
{
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "This is a template to run a lambda function once. Specify the bucket, the name of the zip file with your source code, and the name of the file itself. Assumes python 3.6. Make sure your lambda handler in your code is called lambda_handler. You will probably need to modify the code inside of this template to allow the permissions you need for your lambda to function.",

  "Parameters": {
    "ModuleName" : {
      "Description" : "The name of the Source code file without file extension",
      "Type" : "String",
      "Default" : "CFLambdaDeleteVolumes"
    },
    "S3Bucket" : {
      "Description" : "The name of the bucket that contains your packaged source",
      "Type" : "String"
    },
    "S3Key" : {
      "Description" : "The name of the ZIP package",
      "Type" : "String",
      "Default" : "CFLambdaDeleteVolumes.zip"
    }
  },

  "Resources" : {

    "RunLambda": {
      "Type": "Custom::RunLambda",
      "Properties": {
        "ServiceToken": { "Fn::GetAtt" : ["LambdaFunction", "Arn"] },
      }
    },

    "LambdaFunction": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
            "S3Bucket": { "Ref": "S3Bucket" },
            "S3Key": { "Ref": "S3Key" }
        },
        "Handler": { "Fn::Join" : [ "", [{ "Ref": "ModuleName" },".lambda_handler"] ] },
        "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
        "Runtime": "python3.6",
        "Timeout": "120"
      }
    },

    "LambdaExecutionRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Principal": {"Service": ["lambda.amazonaws.com"]},
              "Action": ["sts:AssumeRole"]
          }]
        },
        "Path": "/",
        "Policies": [{
          "PolicyName": "root",
          "PolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [{
                "Effect": "Allow",
                "Action": ["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],
                "Resource": "arn:aws:logs:*:*:*"
            },
            {
                "Effect": "Allow",
                "Action": ["ec2:Describe*","ec2:DeleteVolume"],
                "Resource": "*"
            }]
          }
        }]
      }
    }
  }
}