def build(self, t): evt = t.add_resource( events.Rule('{}Event'.format(self.name), Targets=[])) if self.schedule is not None: evt.ScheduleExpression = self.schedule if self.enabled: evt.State = 'ENABLED' else: evt.State = 'DISABLED' for val in self.targets: tg = val[0] r = val[1] role_ref = ensure_param(t, r.output_role_arn()) # noqa target = events.Target() if isinstance(tg, (awslambda.LambdaStack)): func_name_ref = ensure_param(t, tg.output_func_name()) func_arn_ref = ensure_param(t, tg.output_func_arn()) target.Id = tg.get_stack_name() target.Arn = Ref(func_arn_ref) t.add_resource( tlambda.Permission('{}EventPerm'.format( tg.get_stack_name()), Action='lambda:invokeFunction', Principal='events.amazonaws.com', FunctionName=Ref(func_name_ref), SourceArn=GetAtt(evt, 'Arn'))) evt.Targets.append(target)
def invoke_permission( self, name_suffix: str, service: str, source_arn: str, source_account: Optional[str] = None, ) -> awslambda.Permission: """Create a Lambda Permission object for a given service. :param name_suffix: a suffix used in the object name :param service: service name (without amazonaws.com domain name) :param source_arn: arn of the resource that can access the lambda :param source_account: account that holds the resource. This is mandatory only when using S3 as a service as a bucket arn is not linked to an account. :return: an AWSObject """ params = { "Action": "lambda:InvokeFunction", "FunctionName": self.ref, "Principal": f"{service}.amazonaws.com", "SourceArn": source_arn, } if service == "s3": assert source_account is not None if source_account is not None: params["SourceAccount"] = source_account return awslambda.Permission(name_to_id(self.name + name_suffix), **params)
def lambda_policy_adder(self, name, principal): self.template.add_resource( awslambda.Permission("LambdaPermissionPolicy", DependsOn=name, Action="lambda:InvokeFunction", FunctionName=name, Principal=principal))
def create_scheduler(self): variables = self.get_variables() troposphere_events_rule = variables["CloudwatchEventsRule"] aws_lambda_arns = {} # iterate over targets in the event Rule & gather aws_lambda_arns. for target in getattr(troposphere_events_rule, "Targets", []): if target.Arn.startswith("arn:aws:lambda:"): safe_id = cf_safe_name(target.Id) aws_lambda_arns[safe_id] = target.Arn # schedule a Cloudwatch event rule to invoke the Targets. rule = self.template.add_resource(troposphere_events_rule) # allow cloudwatch to invoke on any of the given lambda targets. for event_rule_target_id, aws_lambda_arn in aws_lambda_arns.items(): self.template.add_resource( awslambda.Permission( "PermToInvokeFunctionFor{}".format(event_rule_target_id), Principal="events.amazonaws.com", Action="lambda:InvokeFunction", FunctionName=aws_lambda_arn, SourceArn=rule.GetAtt("Arn") ) )
def build(self, t, func, key): perm = t.add_resource( awslambda.Permission('{}Perm'.format(key), Action=self.action, Principal=self.principal, FunctionName=Ref(func)))
def build_lambda_permission(name: str) -> awslambda.Permission: permission = awslambda.Permission(lambda_permission_name(name)) permission.Action = "lambda:InvokeFunction" permission.FunctionName = GetAtt(lambda_function_name(name), "Arn") permission.Principal = "events.amazonaws.com" permission.SourceArn = GetAtt(rule_name(name), "Arn") return permission
def register_destination_publish_permission(self, template): template.add_resource( awslambda.Permission( utils.valid_cloudformation_name( self.bucket_notification_configuration.name, self.id, 'permission'), Action="lambda:InvokeFunction", FunctionName=self.get_destination_arn(), Principal="s3.amazonaws.com", SourceAccount=troposphere.Ref(troposphere.AWS_ACCOUNT_ID), ))
def add_api(self): api = self.add_resource( apigatewayv2.Api( 'HttpApi', Name=StackName, Description=Join(' ', [Ref(self.domain), 'Terraform Registry']), ProtocolType='HTTP', Target=Ref(self._lambda_function), )) self.add_resource( awslambda.Permission( f'ApigatewayPermission', Principal='apigateway.amazonaws.com', Action='lambda:InvokeFunction', FunctionName=Ref(self._lambda_function), SourceArn=Join('', [ 'arn:aws:execute-api:', Region, ':', AccountId, ':', Ref(api), '/*' ]))) domain = self.add_resource( apigatewayv2.DomainName('HttpApiDomain', DomainName=Ref(self.domain), DomainNameConfigurations=[ apigatewayv2.DomainNameConfiguration( CertificateArn=Ref( self.certificate), ) ])) mapping = self.add_resource( apigatewayv2.ApiMapping('Mapping', DomainName=Ref(domain), ApiId=Ref(api), Stage='$default')) dns_record = self.add_resource( route53.RecordSetGroup( 'ApiDnsRecord', HostedZoneId=Ref(self.hosted_zone), RecordSets=[ route53.RecordSet( Name=Ref(self.domain), AliasTarget=route53.AliasTarget( DNSName=GetAtt(domain, 'RegionalDomainName'), HostedZoneId=GetAtt(domain, 'RegionalHostedZoneId')), Type='A') ]))
def add_lambda_sns_topic_subscription(self, title, topic, aws_lambda_function): self.template.add_resource( sns.SubscriptionResource(title + 'LambdaSubscriptionToTopic', Protocol='lambda', TopicArn=topic, Endpoint=GetAtt(aws_lambda_function, 'Arn'))) self.template.add_resource( awslambda.Permission(title + 'LambdaSubscriptionToTopicPermission', FunctionName=Ref(aws_lambda_function), Action='lambda:InvokeFunction', Principal='sns.amazonaws.com', SourceArn=topic))
def build_subscription(self, t, topic): policy = t.add_resource( iam.Role( "{}SlackSNSRole".format(self.name), AssumeRolePolicyDocument=aws.Policy(Statement=[ aws.Statement(Action=[awacs.sts.AssumeRole], Effect=aws.Allow, Principal=aws.Principal( "Service", ["lambda.amazonaws.com"])) ]), Path="/", Policies=[ iam.Policy( PolicyName='snspublic', PolicyDocument=aws.PolicyDocument(Statement=[ aws.Statement(Effect=aws.Allow, Action=[ awacs.sns.Publish, awacs.logs.PutLogEvents, awacs.logs.CreateLogGroup, awacs.logs.CreateLogStream, ], Resource=["*"]) ])) ], ManagedPolicyArns=[ # "arn:aws:iam::aws:policy/AdministratorAccess" ])) code = ["import sys"] # make lambda function fn = t.add_resource( awslambda.Function('{}SlackTopicFN'.format(self.name), Handler='index.handle', Runtime='python3.6', Role=GetAtt(policy, "Arn"), Code=awslambda.Code(ZipFile=Join("", code)))) t.add_resource( awslambda.Permission('{}LambdaPerm'.format(self.name), Action='lambda:InvokeFunction', FunctionName=GetAtt(fn, "Arn"), SourceArn=Ref(topic), Principal="sns.amazonaws.com")) return ("lambda", GetAtt(fn, "Arn"))
def declare_route(self, route: Route, integration: Ref | str) -> list[AWSObject]: """Declare a route. :param route: the route definition :param integration: arn of the integration to use for this route :return: a list of AWSObjects to be added to the stack """ result = [] id_prefix = name_to_id(self.name + route.method + route.route) route_params = { "ApiId": self.ref, "AuthorizationType": route.auth.value, "RouteKey": f"{route.method} {route.route}", "Target": Sub("integrations/${integration}", dict_values={"integration": integration}), } if route.authorizer_name: route_params["AuthorizerId"] = Ref( name_to_id(route.authorizer_name)) result.append(apigatewayv2.Route(id_prefix + "Route", **route_params)) result.append( awslambda.Permission( id_prefix + "LambdaPermission", Action="lambda:InvokeFunction", FunctionName=self.lambda_arn, Principal="apigateway.amazonaws.com", SourceArn=Sub( "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:" "${api}/$default/${route_arn}", dict_values={ "api": self.ref, "route_arn": f"{route.method}{route.route}", }, ), )) return result
def add_lambda_events_rule(self, title, function, **kwargs): t = self.template schedule_rule = t.add_resource( events.Rule(title + 'ScheduleRule', Targets=[ events.Target(Arn=GetAtt(function, 'Arn'), Id=title + 'LambdaFunction') ], **kwargs)) perm = t.add_resource( awslambda.Permission(title + 'LambdaInvokePermission', FunctionName=Ref(function), Action='lambda:InvokeFunction', Principal='events.amazonaws.com', SourceArn=GetAtt(schedule_rule, 'Arn'))) return schedule_rule, perm
def add_lambda_scheduler(*, template_res, cron, lambda_function_name, lambda_function_arn): lambda_function = ''.join( [a.title() for a in lambda_function_name.split('_')]) event_target = Target(f'{lambda_function}EventTarget', Arn=lambda_function_arn, Id=f'{lambda_function}FunctionEventTarget') scheduler = template_res.add_resource( Rule( f'ScheduledRule{lambda_function}', ScheduleExpression=cron, # http://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html Description=f'Scheduled Event for Lambda {lambda_function_name}', State="ENABLED", Targets=[event_target])) add_permission = template_res.add_resource( awslambda.Permission(f'AccessLambda{lambda_function}', Action='lambda:InvokeFunction', FunctionName=f'{lambda_function_name}', Principal='events.amazonaws.com', SourceArn=GetAtt(scheduler, 'Arn')))
Runtime="python3.7", MemorySize=128, Role=GetAtt(role, "Arn")) ### API Gateway api = apigatewayv2.Api("HttpApi", Name=f"api-contact-form-{cdomain}", Description=f"API Gateway for contact form on {domain}", ProtocolType="HTTP", Target=GetAtt(lambda_function, "Arn")) api_gateway_lambda_permission = awslambda.Permission( "ApiGatewayLambdaPermission", Action="lambda:InvokeFunction", FunctionName=GetAtt(lambda_function, "Arn"), Principal="apigateway.amazonaws.com", SourceArn=Join(values=[ "arn", "aws", "execute-api", Ref("AWS::Region"), Ref("AWS::AccountId"), Join(values=[Ref(api), "*"], delimiter="/") ], delimiter=":")) t = Template() t.add_resource(topic) t.add_resource(role) t.add_resource(lambda_function) t.add_resource(api) t.add_resource(api_gateway_lambda_permission) print(t.to_yaml())
'lambdas/update_security_groups.py')), Environment=awslambda.Environment( Variables={'REGIONS': Ref(param_regions)}), Handler='index.lambda_handler', Role=GetAtt(update_function_execution_role, 'Arn'), Runtime='python2.7', MemorySize='128', Timeout='300', )) ip_space_changed_topic = 'arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged' update_function_lambda_permission = t.add_resource( awslambda.Permission('LambdaPermission', FunctionName=Ref(update_security_groups_function), Action='lambda:InvokeFunction', Principal='sns.amazonaws.com', SourceArn=ip_space_changed_topic)) custom_resource_execution_role = t.add_resource( iam.Role( 'CustomResourceExecutionRole', AssumeRolePolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[awacs.sts.AssumeRole], Principal=Principal('Service', ['lambda.amazonaws.com'])) ]), ManagedPolicyArns=[ 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole', ], Policies=[
])) ])) # Create the Event Target GuardDutyEventTarget = Target("GuardDutyEventTarget", Arn=GetAtt('GuardDutyToSlackFunction', 'Arn'), Id="GuardDutyToSlackFunction") # Create the Event Rule GuardDutyEventRule = t.add_resource( Rule("GuardDutyEventRule", EventPattern={ "source": ["aws.guardduty"], "detail-type": ["GuardDuty Finding"] }, Description="GuardDuty CloudWatch Event Rule", State="ENABLED", Targets=[GuardDutyEventTarget])) # Create invoke Permission APILambdaPermission = t.add_resource( awslambda.Permission("APILambdaPermission", DependsOn="GuardDutyToSlackFunction", Action="lambda:InvokeFunction", FunctionName=GetAtt('GuardDutyToSlackFunction', 'Arn'), Principal="events.amazonaws.com", SourceArn=GetAtt('GuardDutyEventRule', 'Arn'))) print t.to_json()
# Event subscription - RDS will notify SNS when backup is started and finished template.add_resource( rds.EventSubscription("RDSBackupEvent", Enabled=True, EventCategories=["backup"], SourceType="db-instance", SnsTopicArn=Ref(rds_topic), SourceIds=If("UseAllDatabases", Ref(AWS_NO_VALUE), Ref(databases_to_use_parameter)))) # Permission for SNS to trigger the Lambda template.add_resource( awslambda.Permission("SNSPermissionForLambda", Action="lambda:invokeFunction", FunctionName=Ref(backup_rds_function), Principal="sns.amazonaws.com", SourceArn=Ref(rds_topic))) schedule_event = template.add_resource( events.Rule("AuroraBackupEvent", Condition="IncludeAurora", Description="Copy Aurora clusters to another region", ScheduleExpression="rate(1 day)", State="ENABLED", Targets=[ events.Target(Arn=GetAtt(backup_rds_function, "Arn"), Id="backup_rds_function") ])) # Permission for CloudWatch Events to trigger the Lambda
Handler='index.lambda_handler', Role=GetAtt(lambda_execution_role, 'Arn'), Runtime='python2.7', MemorySize='512', Timeout='120', Environment=awslambda.Environment(Variables={ 'DST_BUCKET': Ref(dst_bucket), # 'DST_PREFIX': Ref(param_dst_prefix) }), )) updater_lambda_permission = t.add_resource( awslambda.Permission( 'LambdaPermission', FunctionName=Ref(lambda_function), Action='lambda:InvokeFunction', Principal='s3.amazonaws.com', SourceAccount=Sub('${AWS::AccountId}'), SourceArn=Join('', ['arn:aws:s3:::', Ref(src_bucket)]), )) # # Output # t.add_output([ Output('SourceBucketName', Description='S3 bucket', Value=Ref(src_bucket), Export=Export(Sub('${AWS::StackName}-SourceBucketName'))), Output('DestinationBucketName', Description='S3 bucket', Value=Ref(dst_bucket),
def archive_invocation_permission(archive_function, archive_event_rule): return awslambda.Permission('ArchiveInvocationPermission', Action='lambda:InvokeFunction', FunctionName=Ref(archive_function), Principal='events.amazonaws.com', SourceArn=GetAtt(archive_event_rule, 'Arn'))
def add_api(self): rest_api = self.add_resource( apigateway.RestApi( 'Api', Description=Join(' ', [Ref(self.domain), 'Terraform Registry']), Name=StackName)) methods = self.add_registry_api(rest_api) methods += [self.add_service_discovery_api(rest_api)] self.add_resource( awslambda.Permission( f'ApigatewayPermission', Principal='apigateway.amazonaws.com', Action='lambda:InvokeFunction', FunctionName=Ref(self._lambda_function), SourceArn=Join('', [ 'arn:aws:execute-api:', Region, ':', AccountId, ':', Ref(rest_api), '/*' ]))) deployment_id = 'ApiDeployment' + ''.join( random.choice(string.ascii_letters) for _ in range(5)) deployment = self.add_resource( apigateway.Deployment(deployment_id, Description=self._build_version, RestApiId=Ref(rest_api), DependsOn=methods, DeletionPolicy=Retain)) stage = self.add_resource( apigateway.Stage('ApiStage', MethodSettings=[ apigateway.MethodSetting( HttpMethod='*', LoggingLevel='INFO', MetricsEnabled=True, ResourcePath='/*', DataTraceEnabled=True, ) ], TracingEnabled=True, StageName='prd', RestApiId=Ref(rest_api), DeploymentId=Ref(deployment), DependsOn=[deployment])) domain = self.add_resource( apigateway.DomainName( 'ApiDomain', DomainName=Ref(self.domain), CertificateArn=Ref(self.certificate), EndpointConfiguration=apigateway.EndpointConfiguration( Types=['EDGE']))) mapping = self.add_resource( apigateway.BasePathMapping('Mapping', DomainName=Ref(domain), RestApiId=Ref(rest_api), Stage='prd', DependsOn=['ApiStage'])) dns_record = self.add_resource( route53.RecordSetGroup('ApiDnsRecord', HostedZoneId=Ref(self.hosted_zone), RecordSets=[ route53.RecordSet( Name=Ref(self.domain), AliasTarget=route53.AliasTarget( DNSName=GetAtt( domain, 'DistributionDomainName'), HostedZoneId='Z2FDTNDATAQYW2'), Type='A') ]))
account = t.add_resource(apigateway.Account( "Account", DependsOn=api.title, CloudWatchRoleArn=ImportValue( Sub("${AccessStack}-SshCaApiRole") ) )) invoke_perm_get = t.add_resource(awslambda.Permission( "InvokePermGet", Action="lambda:InvokeFunction", FunctionName=LAMBDA_ARN, Principal="apigateway.amazonaws.com", SourceArn=Join(":", [ "arn:aws:execute-api", Ref("AWS::Region"), Ref("AWS::AccountId"), Join("", [ Ref(api), "/*/GET/*" ])]) )) invoke_perm_post = t.add_resource(awslambda.Permission( "InvokePermPost", Action="lambda:InvokeFunction", FunctionName=LAMBDA_ARN, Principal="apigateway.amazonaws.com", SourceArn=Join(":", [ "arn:aws:execute-api", Ref("AWS::Region"), Ref("AWS::AccountId"),
def invocation_permission(name, function, event_rule): return awslambda.Permission(name, Action='lambda:InvokeFunction', FunctionName=Ref(function), Principal='events.amazonaws.com', SourceArn=GetAtt(event_rule, 'Arn'))
def build_template(self): t = self._init_template() swag_data = [] for i in range(0, 4): swag_data.append( Ref( t.add_parameter( Parameter('{}Swagger{}'.format(self.stack_name, i), Type='String', Default=' ', Description='Swagger Data #{}'.format(i))))) api = t.add_resource( apigateway.RestApi( '{}RestApi'.format(self.stack_name), Body=Join('', swag_data), EndpointConfiguration=apigateway.EndpointConfiguration( Types=[self.ep_type]))) if len(self.stages) <= 0: self.add_stage('prod') for stage in self.stages: deployment = t.add_resource( apigateway.Deployment( '{}{}{}Deployment'.format(self.stack_name, md5str(self.template_str), stage), RestApiId=Ref(api), StageName=md5str(self.template_str + stage), )) stage_res = t.add_resource( apigateway.Stage( '{}{}Stage'.format(self.stack_name, stage), StageName=stage, Description='{}{}'.format(self.stack_name, stage), RestApiId=Ref(api), DeploymentId=Ref(deployment), )) for func in self.lambda_funcs: func_param = t.add_parameter( Parameter(func.output_func_arn(), Type='String', Description='Function to grant invoke access to')) t.add_resource( awslambda.Permission( 'SwagFuncPerm{}'.format(func.output_func_name()), SourceArn=Join("", [ 'arn:aws:execute-api:', Ref('AWS::Region'), ':', Ref('AWS::AccountId'), ':', Ref(api), "/*/*/*" ]), FunctionName=Ref(func_param), Action='lambda:invokeFunction', Principal='apigateway.amazonaws.com', DependsOn="{}RestApi".format(self.stack_name))) t.add_output([ Output('ApiId'.format(self.stack_name), Description='Root id for API', Value=Ref(api)), Output('ApiUrl'.format(self.stack_name), Value=Join('', [ Ref(api), '.execute-api.', Ref('AWS::Region'), '.amazonaws.com' ])) ]) return t
def archiveeach_invocation_permission(archiveeach_function, archiveeach_topic): return awslambda.Permission('ArchiveeachInvocationPermission', Action='lambda:InvokeFunction', FunctionName=Ref(archiveeach_function), Principal='sns.amazonaws.com', SourceArn=Ref(archiveeach_topic))
S3Key=Ref(param_lambda_file_name)), Handler="lambda.lambda_handler", MemorySize=128, Role=GetAtt(lambda_role, "Arn"), Runtime="python2.7", Timeout=30)) api = template.add_resource( apigateway.RestApi("API", Description="My API", Name="MyAPI")) api_lambda_permission = template.add_resource( awslambda.Permission("APILambdaPermission", Action="lambda:InvokeFunction", FunctionName=Ref(lambda_function), Principal="apigateway.amazonaws.com", SourceArn=Join("", [ "arn:aws:execute-api:", Ref("AWS::Region"), ":", Ref("AWS::AccountId"), ":", Ref(api), "/*/GET/*" ]))) api_first_resource = template.add_resource( apigateway.Resource("APIFirstResource", ParentId=GetAtt(api, "RootResourceId"), PathPart="{param1}", RestApiId=Ref(api))) api_first_method = template.add_resource( apigateway.Method( "APIFirstResourceMethodGET", ApiKeyRequired=False,
"format": frmt }))) # create an EventBridge rule to kick off the lambda arcgis_rule = template.add_resource( events.Rule(rule_name, ScheduleExpression=cron, Description="My Lambda CloudWatch Event", State="ENABLED", Targets=[ events.Target("MyLambdaTarget", Arn=GetAtt(arcgis_lambda.title, "Arn"), Id="MyLambdaId") ])) # add permissions to the lambda to allow EventBridge to kick it off arcgis_permission = template.add_resource( awslambda.Permission( perm_name, FunctionName=GetAtt(arcgis_lambda.title, 'Arn'), Action='lambda:InvokeFunction', Principal='events.amazonaws.com', SourceArn=GetAtt(arcgis_rule.title, 'Arn'), )) # write the json template to a yaml file template.to_yaml() fh = open("template.yaml", "w") fh.writelines(template.to_yaml()) fh.close()
def generate_template(self, template): alias = Parameter("LambdaEnvAlias", Default="int", Description="Alias used to reference the lambda", Type="String") template.add_parameter(aliasP) lambda_bucket = template.add_parameter( Parameter("LambdaBucket", Type="String", Default="go-lambda-hello-world", Description= "The S3 Bucket that contains the zip to bootstrap your " "lambda function")) s3_key = template.add_parameter( Parameter("S3Key", Type="String", Default="main.zip", Description= "The S3 key that references the zip to bootstrap your " "lambda function")) handler = template.add_parameter( Parameter( "LambdaHandler", Type="String", Default="event_handler.handler", Description="The name of the function (within your source code) " "that Lambda calls to start running your code.")) memory_size = template.add_parameter( Parameter( "LambdaMemorySize", Type="Number", Default="128", Description="The amount of memory, in MB, that is allocated to " "your Lambda function.", MinValue="128")) timeout = template.add_parameter( Parameter("LambdaTimeout", Type="Number", Default="300", Description= "The function execution time (in seconds) after which " "Lambda terminates the function. ")) lambda_function = template.add_resource( Function( "LambdaGoHelloWorld", Code=Code(S3Bucket="go-lambda-hello-world", S3Key=Ref(s3_key)), Description="Go function used to demonstate sqs integration", Handler=Ref(handler), Role=GetAtt("LambdaExecutionRole", "Arn"), Runtime="go1.x", MemorySize=Ref(memory_size), FunctionName="go-lambda-hello-world", Timeout=Ref(timeout))) alias = template.add_resource( Alias("GolLambdaAlias", Description="Alias for the go lambda", FunctionName=Ref(lambda_function), FunctionVersion="$LATEST", Name=Ref(alias))) dead_letter_queue = template.add_resource( Queue("GoLambdaDeadLetterQueue", QueueName=("golambdaqueue-dlq"), VisibilityTimeout=30, MessageRetentionPeriod=1209600, MaximumMessageSize=262144, DelaySeconds=0, ReceiveMessageWaitTimeSeconds=0)) go_helloworld_queue = template.add_resource( Queue("GoLambdaQueue", QueueName=("golambdaqueue"), VisibilityTimeout=1800, RedrivePolicy=RedrivePolicy(deadLetterTargetArn=GetAtt( dead_letter_queue, "Arn"), maxReceiveCount=3))) lambda_execution_role = template.add_resource( Role("LambdaExecutionRole", Policies=[ iam.Policy( PolicyName="GoFunctionRolePolicy", PolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[ Action("logs", "CreateLogGroup"), Action("logs", "CreateLogStream"), Action("logs", "PutLogEvents") ], Resource=["arn:aws:logs:*:*:*"]), Statement( Effect=Allow, Action=[ Action("sqs", "ChangeMessageVisibility"), Action("sqs", "DeleteMessage"), Action("sqs", "GetQueueAttributes"), Action("sqs", "ReceiveMessage") ], Resource=[GetAtt(go_helloworld_queue, "Arn")]) ])) ], AssumeRolePolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[AssumeRole], Principal=Principal("Service", ["lambda.amazonaws.com"])) ]))) template.add_resource( awslambda.Permission( 'QueueInvokePermission', FunctionName=GetAtt(lambda_function, 'Arn'), Action="lambda:InvokeFunction", Principal="sqs.amazonaws.com", SourceArn=GetAtt(go_helloworld_queue, 'Arn'), )) template.add_output( Output("LambdaHelloWorldQueue", Value=GetAtt(go_helloworld_queue, "Arn"), Export=Export("lambda-go-hello-world-queue"), Description="Arn of the queue")) template.add_output( Output("LambdaHelloWorlFunction", Value=Ref(alias), Export=Export("lambda-go-hello-world-function"), Description="Arn of the function"))
role=lambda_exe_role, lambda_params={ "Environment": awslambda.Environment( Variables={ 'PREVIOUS_TIME_SSM_PARAM_NAME': Ref(ssm_previous_time), 'SCHEDULER_LAMBDA_NAME': Ref(hyp3_scheduler.scheduler) }), "MemorySize": 128, "Timeout": 300 })) find_new_target = events.Target("FindNewTarget", Arn=GetAtt(find_new_granules, 'Arn'), Id="FindNewFunction1") find_new_event_rule = t.add_resource( events.Rule("FindNewGranulesSchedule", ScheduleExpression="rate(1 minute)", State="ENABLED", Targets=[find_new_target])) PermissionForEventsToInvokeLambda = t.add_resource( awslambda.Permission("EventSchedulePermissions", FunctionName=Ref(find_new_granules), Action="lambda:InvokeFunction", Principal="events.amazonaws.com", SourceArn=GetAtt("FindNewGranulesSchedule", "Arn")))
Description="Maintains EBS snapshots of tagged instances", Code=awslambda.Code( S3Bucket=Ref(s3_bucket_parameter), S3Key=Ref(source_zip_parameter), ), Handler="ebs-snapshots.lambda_handler", MemorySize=128, Role=GetAtt(lambda_role, "Arn"), Runtime="python3.6", Timeout=30)) schedule_event = template.add_resource( events.Rule("LambdaTriggerRule", Description="Trigger EBS snapshot Lambda", ScheduleExpression="rate(1 day)", State="ENABLED", Targets=[ events.Target(Arn=GetAtt(lambda_function, "Arn"), Id="ebs-snapshot-lambda") ])) # Permission for CloudWatch Events to trigger the Lambda template.add_resource( awslambda.Permission("EventsPermissionForLambda", Action="lambda:invokeFunction", FunctionName=Ref(lambda_function), Principal="events.amazonaws.com", SourceArn=GetAtt(schedule_event, "Arn"))) print(template.to_json())
def show_invocation_permission(show_function, show_event_rule): return awslambda.Permission('ShowInvocationPermission', Action='lambda:InvokeFunction', FunctionName=Ref(show_function), Principal='events.amazonaws.com', SourceArn=GetAtt(show_event_rule, 'Arn'))