diff --git a/templates/lambda/lambda-sample.yml b/templates/lambda/lambda-sample.yml new file mode 100644 index 0000000..e4dbfed --- /dev/null +++ b/templates/lambda/lambda-sample.yml @@ -0,0 +1,165 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: "Lambda Function Stack" + +# ------------------------------------- +# Metadata +# ------------------------------------- +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: "Project Configuration" + Parameters: + - ProjectName + - Environment + - Label: + default: "Lambda Configuration" + Parameters: + - LambdaProtectedSubnet1 + - LambdaProtectedSubnet2 + - LambdaSecurityGroupID + - LambdaArchiveBucketName + - LambdaArchiveBucketObjectKey + - ParametersSecretsLambdaExtensionArn + - Handler + - MemorySize + - Timeout + - Runtime + +# ------------------------------------- +# Input parameters +# ------------------------------------- +Parameters: + ProjectName: + Description: "Enter the project name. (ex: shun198)" + Type: String + MinLength: 1 + ConstraintDescription: "ProjectName must be entered." + Default: shun198 + Environment: + Description: "Select the environment." + Type: String + AllowedValues: + - dev + - stg + - prd + ConstraintDescription: "Environment must be selected." + LambdaArchiveBucketName: + Description: "Enter the S3 bucket name for Lambda zip archive." + Type: String + LambdaArchiveBucketObjectKey: + Description: "Enter the S3 bucket object key for Lambda zip archive." + Type: String + # @see https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/ps-integration-lambda-extensions.html#ps-integration-lambda-extensions-add + ParametersSecretsLambdaExtensionArn: + Description: "Enter the Lambda Extension ARN for AWS Parameters and Secrets." + Type: String + Default: arn:aws:lambda:ap-northeast-1:133490724326:layer:AWS-Parameters-and-Secrets-Lambda-Extension:11 + Handler: + Description: "Enter the Lambda function name to delete data. (default: lambda_function.lambda_handler)" + Type: String + Default: lambda_function.lambda_handler + MemorySize: + Description: "Enter the Lambda function memory size. (MiB) (default: 128)" + Type: Number + Default: 128 + MinValue: 128 + MaxValue: 10240 + Timeout: + Description: "Enter the Lambda function timeout second. (default: 30)" + Type: Number + Default: 30 + MinValue: 1 + MaxValue: 900 + Runtime: + Description: "Enter the Lambda function runtime." + Type: String + AllowedValues: + - python3.11 + Default: python3.11 + QueueArn: + Description: "Enter the SQS queue ARN (ex: arn:aws:sqs:::shun198-dev-sqs.fifo)" + Type: String +# ------------------------------------- +# Resources +# ------------------------------------- +Resources: + # ------------------------------------- + # Lambda Function + # ------------------------------------- + Lambda: + Type: AWS::Lambda::Function + Properties: + Code: + S3Bucket: !Ref LambdaArchiveBucketName + S3Key: !Ref LambdaArchiveBucketObjectKey + Layers: + - !Ref ParametersSecretsLambdaExtensionArn + FunctionName: !Sub ${ProjectName}-${Environment} + Description: "サンプル用Lambda 関数" + Handler: !Ref Handler + MemorySize: !Ref MemorySize + Role: !GetAtt LambdaRole.Arn + Runtime: !Ref Runtime + Timeout: !Ref Timeout + PackageType: Zip + LambdaPermission: + Type: AWS::Lambda::Permission + Properties: + Action: lambda:InvokeFunction + FunctionName: !GetAtt Lambda.Arn + Principal: cloudformation.amazonaws.com + + # ------------------------------------- + # Lambda Trigger + # ------------------------------------- + LambdaTrigger: + Type: AWS::Lambda::EventSourceMapping + Properties: + FunctionName: !GetAtt Lambda.Arn + BatchSize: 1 + EventSourceArn: !Ref QueueArn + + # ------------------------------------- + # IAM Role + # ------------------------------------- + LambdaRole: + Type: AWS::IAM::Role + Properties: + RoleName: !Sub LambdaRole-${ProjectName}-${Environment}-sample + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + Path: /service-role/ + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole + Policies: + - PolicyName: !Sub LambdaAccess-${ProjectName}-${Environment} + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: + - ec2:CreateNetworkInterface + - ec2:DescribeNetworkInterfaces + - ec2:DeleteNetworkInterface + - ssm:GetParameter + - ssm:GetParameters + - kms:Decrypt + Resource: "*" + - Effect: Allow + Action: logs:CreateLogGroup + Resource: !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:* + - Effect: Allow + Action: + - logs:CreateLogStream + - logs:PutLogEvents + Resource: !Sub + - arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${Lambda}:* + - { + Lambda: !Sub "${ProjectName}-${Environment}", + } diff --git a/templates/messages/sqs-sample.yml b/templates/messages/sqs-sample.yml new file mode 100644 index 0000000..a6730ad --- /dev/null +++ b/templates/messages/sqs-sample.yml @@ -0,0 +1,89 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: "SQS Stack For Lambda Function" + +# ------------------------------------- +# Metadata +# ------------------------------------- +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: "Project Configuration" + Parameters: + - ProjectName + - Environment + - Label: + default: "SQS Configuration" + Parameters: + - SQSQueueName + +# ------------------------------------- +# Parameters +# ------------------------------------- +Parameters: + ProjectName: + Description: "Enter the project name (ex: shun198)" + Type: String + MinLength: 1 + ConstraintDescription: "ProjectName must be entered" + Default: shun198 + Environment: + Description: "Select the environment" + Type: String + AllowedValues: + - dev + - stg + - prd + ConstraintDescription: "Environment must be selected" + SQSQueueName: + Description: "Enter the queue name (ex: shun198-dev-sqs.fifo)" + Type: String + MessageRetentionPeriod: + Description: "Enter the time to hold messages as a queue (default: 3600)" + Type: Number + Default: 3600 + MinValue: 60 + MaxValue: 1209600 + ConstraintDescription: "MessageRetentionPeriod must be entered between the values 60 - 1209600" + +# ------------------------------------- +# Resources +# ------------------------------------- +Resources: + # For SQS + Queue: + Type: AWS::SQS::Queue + Properties: + FifoQueue: true + ContentBasedDeduplication: true + QueueName: !Ref SQSQueueName + MessageRetentionPeriod: !Ref MessageRetentionPeriod + Tags: + - Key: ProjectName + Value: !Ref ProjectName + - Key: Environment + Value: !Ref Environment + # For SQS Access Policy + QueuePolicy: + Type: AWS::SQS::QueuePolicy + Properties: + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: + - sqs:SendMessage + - sqs:ReceiveMessage + - sqs:DeleteMessage + Resource: !GetAtt Queue.Arn + Queues: + - !Ref Queue + +# ------------------------------------- +# Outputs +# ------------------------------------- +Outputs: + QueueArn: + Value: !GetAtt Queue.Arn + QueueUrl: + Value: !Ref Queue