template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  pritunl-slack-app

  Sample SAM Template for pritunl-slack-app

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          default: "General"
        Parameters:
          - PritunlBaseUrl
          - PritunlApiSecret
          - PritunlApiToken
          - SlackSigningSecret
          - SlackBotToken

  AWS::ServerlessRepo::Application:
    Name: pritunl-slack-app
    Description: Pritunl Slack App Slash Commands
    Author: Nathaniel Varona
    SpdxLicenseId: MIT
    LicenseUrl: LICENSE
    ReadmeUrl: README.md
    Labels: [serverless, lambda, pritunl, vpn]
    HomePageUrl: https://github.com/nathanielvarona/pritunl-slack-app
    SemanticVersion: 0.1.0
    SourceCodeUrl: https://github.com/nathanielvarona/pritunl-slack-app

Parameters:
  PritunlBaseUrl:
    Type: String
    Description: Pritunl API Base Url
    NoEcho: true

  PritunlApiSecret:
    Type: String
    Description: Pritunl API Secret
    NoEcho: true

  PritunlApiToken:
    Type: String
    Description: Pritunl API Token
    NoEcho: true

  SlackSigningSecret:
    Type: String
    Description: Slack Signing Secret
    NoEcho: true

  SlackBotToken:
    Type: String
    Description: Salck Signing Token
    NoEcho: true

Mappings:
  RegionToLayerArnMap:
    us-east-1:
      "LayerArn": "arn:aws:lambda:us-east-1:177933569100:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4"
    us-east-2:
      "LayerArn": "arn:aws:lambda:us-east-2:590474943231:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4"

Globals:
  Function:
    Timeout: 10
    MemorySize: 128

Resources:
  PritunlSlackFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: pritunl_slack_app/function
      Handler: pritunl_slack_app.function_handler.handler
      Runtime: python3.10
      PackageType: Zip
      Architectures:
        - x86_64
      Environment:
        Variables:
          PRITUNL_BASE_URL: !Ref AWSPritunlBaseUrl
          PRITUNL_API_SECRET: !Ref AWSSecretPritunlApiSecret
          PRITUNL_API_TOKEN: !Ref AWSSecretPritunlApiToken
          SLACK_SIGNING_SECRET: !Ref AWSSecretSlackSigningSecret
          SLACK_BOT_TOKEN: !Ref AWSSecretSlackBotToken
          SSM_PARAMETER_STORE_TTL: 120
          SECRETS_MANAGER_TTL: 120

      Policies:
        - Version: '2012-10-17'
          Statement:
            - Sid: SecretManagerPolicy
              Effect: Allow
              Action:
                - "secretsmanager:GetSecretValue"
              Resource:
                - !Ref AWSPritunlBaseUrl
                - !Ref AWSSecretPritunlApiSecret
                - !Ref AWSSecretPritunlApiToken
                - !Ref AWSSecretSlackSigningSecret
                - !Ref AWSSecretSlackBotToken
        - Version: '2012-10-17'
          Statement:
            - Sid: InvokeLambda
              Effect: Allow
              Action:
                - "lambda:InvokeFunction"
                - "lambda:InvokeAsync"
              Resource:
                - "*"
      Layers:
        - !FindInMap [RegionToLayerArnMap, !Ref "AWS::Region", LayerArn]

  PritunlSlackUrlFunctionPermissions:
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName: !Ref PritunlSlackFunction
      Action: lambda:InvokeFunctionUrl
      Principal: "*"
      FunctionUrlAuthType: NONE

  PritunlSlackFunctionUrl:
    Type: AWS::Lambda::Url
    Properties:
      TargetFunctionArn: !Ref PritunlSlackFunction
      AuthType: NONE

  AWSPritunlBaseUrl:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: PritunlBaseUrl
      SecretString: !Ref PritunlBaseUrl

  AWSSecretPritunlApiSecret:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: PritunlApiSecret
      SecretString: !Ref PritunlApiSecret

  AWSSecretPritunlApiToken:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: PritunlApiToken
      SecretString: !Ref PritunlApiToken

  AWSSecretSlackSigningSecret:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: SlackSigningSecret
      SecretString: !Ref SlackSigningSecret

  AWSSecretSlackBotToken:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: SlackBotToken
      SecretString: !Ref SlackBotToken

Outputs:
  PritunlSlackFunctionUrl:
    Description: "Pritunl Slack App Lambda Function URL"
    Value:
      Fn::GetAtt: PritunlSlackFunctionUrl.FunctionUrl
  PritunlSlackFunction:
    Description: "Pritunl Slack App Lambda Function ARN"
    Value: !GetAtt PritunlSlackFunction.Arn
  PritunlSlackFunctionIamRole:
    Description: "Implicit IAM Role created for Pritunl Slack App function"
    Value: !GetAtt PritunlSlackFunctionRole.Arn