👍 create sqs and lambda

templates/lambda/lambda-sample.yml

@@ -0,0 +1,165 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: "Lambda Function Stack"
+
+# -------------------------------------
+# Metadata
+# -------------------------------------
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: "Project Configuration"
+        Parameters:
+          - ProjectName
+          - Environment
+      - Label:
+          default: "Lambda Configuration"
+        Parameters:
+          - LambdaProtectedSubnet1
+          - LambdaProtectedSubnet2
+          - LambdaSecurityGroupID
+          - LambdaArchiveBucketName
+          - LambdaArchiveBucketObjectKey
+          - ParametersSecretsLambdaExtensionArn
+          - Handler
+          - MemorySize
+          - Timeout
+          - Runtime
+
+# -------------------------------------
+# Input parameters
+# -------------------------------------
+Parameters:
+  ProjectName:
+    Description: "Enter the project name. (ex: shun198)"
+    Type: String
+    MinLength: 1
+    ConstraintDescription: "ProjectName must be entered."
+    Default: shun198
+  Environment:
+    Description: "Select the environment."
+    Type: String
+    AllowedValues:
+      - dev
+      - stg
+      - prd
+    ConstraintDescription: "Environment must be selected."
+  LambdaArchiveBucketName:
+    Description: "Enter the S3 bucket name for Lambda zip archive."
+    Type: String
+  LambdaArchiveBucketObjectKey:
+    Description: "Enter the S3 bucket object key for Lambda zip archive."
+    Type: String
+  # @see https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/ps-integration-lambda-extensions.html#ps-integration-lambda-extensions-add
+  ParametersSecretsLambdaExtensionArn:
+    Description: "Enter the Lambda Extension ARN for AWS Parameters and Secrets."
+    Type: String
+    Default: arn:aws:lambda:ap-northeast-1:133490724326:layer:AWS-Parameters-and-Secrets-Lambda-Extension:11
+  Handler:
+    Description: "Enter the Lambda function name to delete data. (default: lambda_function.lambda_handler)"
+    Type: String
+    Default: lambda_function.lambda_handler
+  MemorySize:
+    Description: "Enter the Lambda function memory size. (MiB) (default: 128)"
+    Type: Number
+    Default: 128
+    MinValue: 128
+    MaxValue: 10240
+  Timeout:
+    Description: "Enter the Lambda function timeout second. (default: 30)"
+    Type: Number
+    Default: 30
+    MinValue: 1
+    MaxValue: 900
+  Runtime:
+    Description: "Enter the Lambda function runtime."
+    Type: String
+    AllowedValues:
+      - python3.11
+    Default: python3.11
+  QueueArn:
+    Description: "Enter the SQS queue ARN (ex: arn:aws:sqs:<aws_region>:<aws_account_id>:shun198-dev-sqs.fifo)"
+    Type: String
+# -------------------------------------
+# Resources
+# -------------------------------------
+Resources:
+  # -------------------------------------
+  # Lambda Function
+  # -------------------------------------
+  Lambda:
+    Type: AWS::Lambda::Function
+    Properties:
+      Code:
+        S3Bucket: !Ref LambdaArchiveBucketName
+        S3Key: !Ref LambdaArchiveBucketObjectKey
+      Layers:
+        - !Ref ParametersSecretsLambdaExtensionArn
+      FunctionName: !Sub ${ProjectName}-${Environment}
+      Description: "サンプル用Lambda 関数"
+      Handler: !Ref Handler
+      MemorySize: !Ref MemorySize
+      Role: !GetAtt LambdaRole.Arn
+      Runtime: !Ref Runtime
+      Timeout: !Ref Timeout
+      PackageType: Zip
+  LambdaPermission:
+    Type: AWS::Lambda::Permission
+    Properties:
+      Action: lambda:InvokeFunction
+      FunctionName: !GetAtt Lambda.Arn
+      Principal: cloudformation.amazonaws.com
+
+  # -------------------------------------
+  # Lambda Trigger
+  # -------------------------------------
+  LambdaTrigger:
+    Type: AWS::Lambda::EventSourceMapping
+    Properties:
+      FunctionName: !GetAtt Lambda.Arn
+      BatchSize: 1
+      EventSourceArn: !Ref QueueArn
+
+  # -------------------------------------
+  # IAM Role
+  # -------------------------------------
+  LambdaRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: !Sub LambdaRole-${ProjectName}-${Environment}-sample
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: lambda.amazonaws.com
+            Action: sts:AssumeRole
+      Path: /service-role/
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole
+      Policies:
+        - PolicyName: !Sub LambdaAccess-${ProjectName}-${Environment}
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - ec2:CreateNetworkInterface
+                  - ec2:DescribeNetworkInterfaces
+                  - ec2:DeleteNetworkInterface
+                  - ssm:GetParameter
+                  - ssm:GetParameters
+                  - kms:Decrypt
+                Resource: "*"
+              - Effect: Allow
+                Action: logs:CreateLogGroup
+                Resource: !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*
+              - Effect: Allow
+                Action:
+                  - logs:CreateLogStream
+                  - logs:PutLogEvents
+                Resource: !Sub
+                  - arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${Lambda}:*
+                  - {
+                      Lambda: !Sub "${ProjectName}-${Environment}",
+                    }

templates/messages/sqs-sample.yml

@@ -0,0 +1,89 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: "SQS Stack For Lambda Function"
+
+# -------------------------------------
+# Metadata
+# -------------------------------------
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: "Project Configuration"
+        Parameters:
+          - ProjectName
+          - Environment
+      - Label:
+          default: "SQS Configuration"
+        Parameters:
+          - SQSQueueName
+
+# -------------------------------------
+# Parameters
+# -------------------------------------
+Parameters:
+  ProjectName:
+    Description: "Enter the project name (ex: shun198)"
+    Type: String
+    MinLength: 1
+    ConstraintDescription: "ProjectName must be entered"
+    Default: shun198
+  Environment:
+    Description: "Select the environment"
+    Type: String
+    AllowedValues:
+      - dev
+      - stg
+      - prd
+    ConstraintDescription: "Environment must be selected"
+  SQSQueueName:
+    Description: "Enter the queue name (ex: shun198-dev-sqs.fifo)"
+    Type: String
+  MessageRetentionPeriod:
+    Description: "Enter the time to hold messages as a queue (default: 3600)"
+    Type: Number
+    Default: 3600
+    MinValue: 60
+    MaxValue: 1209600
+    ConstraintDescription: "MessageRetentionPeriod must be entered between the values 60 - 1209600"
+
+# -------------------------------------
+# Resources
+# -------------------------------------
+Resources:
+  # For SQS
+  Queue:
+    Type: AWS::SQS::Queue
+    Properties:
+      FifoQueue: true
+      ContentBasedDeduplication: true
+      QueueName: !Ref SQSQueueName
+      MessageRetentionPeriod: !Ref MessageRetentionPeriod
+      Tags:
+        - Key: ProjectName
+          Value: !Ref ProjectName
+        - Key: Environment
+          Value: !Ref Environment
+  # For SQS Access Policy
+  QueuePolicy:
+    Type: AWS::SQS::QueuePolicy
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action:
+              - sqs:SendMessage
+              - sqs:ReceiveMessage
+              - sqs:DeleteMessage
+            Resource: !GetAtt Queue.Arn
+      Queues:
+        - !Ref Queue
+
+# -------------------------------------
+# Outputs
+# -------------------------------------
+Outputs:
+  QueueArn:
+    Value: !GetAtt Queue.Arn
+  QueueUrl:
+    Value: !Ref Queue