-
Notifications
You must be signed in to change notification settings - Fork 2
/
lambda_IAC
77 lines (77 loc) · 2.08 KB
/
lambda_IAC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
AWSTemplateFormatVersion: '2010-09-09'
Description: Template for Lambda Sample.
Parameters:
EnvName:
Type: String
Description: Name of an environment. 'dev', 'staging', 'prod' and any name.
AllowedPattern: ^.*[^0-9]$
ConstraintDescription: Must end with non-numeric character.
LambdaHandlerPath:
Type: String
Description: Path of a Lambda Handler, this is the method to execute
AllowedPattern: ^.*[^0-9]$
ConstraintDescription: Must end with non-numeric character.
Outputs:
LambdaRoleARN:
Description: Role for Lambda execution.
Value:
Fn::GetAtt:
- LambdaRole
- Arn
Export:
Name:
Fn::Sub: LambdaRole
LambdaFunctionName:
Value:
Ref: LambdaFunction
LambdaFunctionARN:
Description: Lambda function ARN.
Value:
Fn::GetAtt:
- LambdaFunction
- Arn
Export:
Name:
Fn::Sub: LambdaARN-${EnvName}
Resources:
LambdaRole:
Type: AWS::IAM::Role
Properties:
RoleName:
Fn::Sub: lambda-role
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSLambdaExecute
- arn:aws:iam::aws:policy/AmazonS3FullAccess
- arn:aws:iam::aws:policy/AWSSecurityHubFullAccess
Path: /
LambdaFunction:
Type: AWS::Lambda::Function
Properties:
FunctionName:
Fn::Sub: lambda-function-${EnvName}-Pipeline2SecHub
Description: LambdaFunction of python3.8
Runtime: python3.8
Code:
S3Bucket: am-lambda-function-storage
S3Key: lambda_pipeline2Slack_SecHub.zip
Handler: ${LambdaHandlerPath}
MemorySize: 128
Timeout: 90
Role:
Fn::GetAtt:
- LambdaRole
- Arn
Environment:
Variables:
ENV:
Fn::Sub: ${EnvName}
TZ: UTC