template.yaml

AWSTemplateFormatVersion: 2010-09-09
Transform: "AWS::Serverless-2016-10-31"
Description: An AWS Lambda function with access to Data API

# Global values that are applied to all applicable resources in this template
Globals:
  Function:
    MemorySize: 128
    Timeout: 30

Resources:
  # Lambda Function - uses Globals to define additional configuration values
  LambdaFunction:
    Type: "AWS::Serverless::Function"
    Properties:
      FunctionName: lambda-aurora-serverless-example-function
      CodeUri: ./src
      Runtime: nodejs16.x
      Handler: app.handler
      # Function environment variables
      Environment:
        Variables:
          DBClusterArn: !Sub "{{resolve:ssm:/serverlessDB/dbClusterArn}}"
          DBName: !Sub "{{resolve:ssm:/serverlessDB/dbName}}"
          SecretArn: !Sub "{{resolve:ssm:/serverlessDB/secretsArn}}"
      # Creates an IAM Role that defines the services the function can access and which actions the function can perform
      Policies:
        - AWSSecretsManagerGetSecretValuePolicy:
            SecretArn: !Sub "{{resolve:ssm:/serverlessDB/secretsArn}}"
        - Statement:
            - Effect: Allow
              Action:
                - "rds-data:BatchExecuteStatement"
                - "rds-data:BeginTransaction"
                - "rds-data:CommitTransaction"
                - "rds-data:ExecuteStatement"
                - "rds-data:ExecuteSql"
                - "rds-data:RollbackTransaction"
              Resource: !Sub "{{resolve:ssm:/serverlessDB/dbClusterArn}}"