This repository has been archived by the owner on May 18, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
template.yaml
86 lines (79 loc) · 2.31 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Alpine Package Repository
Parameters:
BucketName:
Type: String
LambdaRuntime:
Type: String
Default: python3.7
LambdaTimeout:
Type: String
Default: 90
Resources:
ApkS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
AccessControl: PublicRead
ApkS3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ApkS3Bucket
PolicyDocument:
Statement:
- Action: 's3:GetObject'
Effect: 'Allow'
Resource: !Sub 'arn:${AWS::Partition}:s3:::${BucketName}/*'
Principal: '*'
ApkIndexFunctionDependencies:
Type: AWS::Serverless::LayerVersion
Properties:
LayerName: !Sub 'apk-repository-${BucketName}-deps'
Description: !Sub 'Dependencies for function apk-repository-${BucketName}'
ContentUri: dependencies/
CompatibleRuntimes:
- !Ref LambdaRuntime
LicenseInfo: 'MIT'
RetentionPolicy: 'Delete'
ApkIndexFunctionPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Sub '${AWS::StackName}-Lambda-apk-repository'
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: 'ssm:GetParameter*'
Resource: !Sub 'arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/apk/*'
- Effect: Allow
Action: 's3:ListBucket'
Resource: !GetAtt ApkS3Bucket.Arn
- Effect: Allow
Action:
- 's3:GetObject'
- 's3:PutObject'
Resource: !Sub '${ApkS3Bucket.Arn}/*'
Roles:
- !Ref ApkIndexFunctionRole
ApkIndexFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub '${AWS::StackName}-apk-repository'
Runtime: !Ref LambdaRuntime
Timeout: !Ref LambdaTimeout
Handler: index.handler
CodeUri: ./lambda
Layers:
- !Ref ApkIndexFunctionDependencies
Events:
S3FileListener:
Type: S3
Properties:
Bucket: !Ref ApkS3Bucket
Events: 's3:ObjectCreated:*'
Filter:
S3Key:
Rules:
- Name: suffix
Value: '.apk'