diff --git a/examples/apps/alexa-skill-kit-sdk-factskill/template.yaml b/examples/apps/alexa-skill-kit-sdk-factskill/template.yaml index 5dbf41b90..bb5490f22 100644 --- a/examples/apps/alexa-skill-kit-sdk-factskill/template.yaml +++ b/examples/apps/alexa-skill-kit-sdk-factskill/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Demonstrate a basic fact skill built with the ASK NodeJS SDK +Parameters: + TopicNameParameter: + Type: String Resources: alexaskillkitsdkfactskill: Type: 'AWS::Serverless::Function' @@ -12,9 +15,5 @@ Resources: MemorySize: 128 Timeout: 7 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter diff --git a/examples/apps/alexa-skill-kit-sdk-howtoskill/template.yaml b/examples/apps/alexa-skill-kit-sdk-howtoskill/template.yaml index ceffa3d62..7021ed1cd 100644 --- a/examples/apps/alexa-skill-kit-sdk-howtoskill/template.yaml +++ b/examples/apps/alexa-skill-kit-sdk-howtoskill/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Demonstrate a basic How-to skill built with the ASK NodeJS SDK +Parameters: + TopicNameParameter: + Type: String Resources: alexaskillkitsdkhowtoskill: Type: 'AWS::Serverless::Function' @@ -12,9 +15,5 @@ Resources: MemorySize: 128 Timeout: 7 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter diff --git a/examples/apps/alexa-skill-kit-sdk-triviaskill/template.yaml b/examples/apps/alexa-skill-kit-sdk-triviaskill/template.yaml index a63ee0b6d..661934cd7 100644 --- a/examples/apps/alexa-skill-kit-sdk-triviaskill/template.yaml +++ b/examples/apps/alexa-skill-kit-sdk-triviaskill/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Demonstrate a basic trivia skill built with the ASK NodeJS SDK +Parameters: + TopicNameParameter: + Type: String Resources: alexaskillkitsdktriviaskill: Type: 'AWS::Serverless::Function' @@ -12,9 +15,5 @@ Resources: MemorySize: 128 Timeout: 7 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter \ No newline at end of file diff --git a/examples/apps/alexa-skills-kit-color-expert-python/template.yaml b/examples/apps/alexa-skills-kit-color-expert-python/template.yaml index ecb69addb..c61acea59 100644 --- a/examples/apps/alexa-skills-kit-color-expert-python/template.yaml +++ b/examples/apps/alexa-skills-kit-color-expert-python/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Demonstrates a basic skill built with the Amazon Alexa Skills Kit. +Parameters: + TopicNameParameter: + Type: String Resources: alexaskillskitcolorexpertpython: Type: 'AWS::Serverless::Function' @@ -12,12 +15,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter Events: AlexaSkillEvent: Type: AlexaSkill diff --git a/examples/apps/alexa-skills-kit-color-expert/template.yaml b/examples/apps/alexa-skills-kit-color-expert/template.yaml index 5c1be4473..7edc09a44 100644 --- a/examples/apps/alexa-skills-kit-color-expert/template.yaml +++ b/examples/apps/alexa-skills-kit-color-expert/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Demonstrates a basic skill built with the Amazon Alexa Skills Kit. +Parameters: + TopicNameParameter: + Type: String Resources: alexaskillskitcolorexpert: Type: 'AWS::Serverless::Function' @@ -12,12 +15,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter Events: AlexaSkillEvent: Type: AlexaSkill diff --git a/examples/apps/alexa-smart-home-skill-adapter/template.yaml b/examples/apps/alexa-smart-home-skill-adapter/template.yaml index c00a61689..09ee253e5 100644 --- a/examples/apps/alexa-smart-home-skill-adapter/template.yaml +++ b/examples/apps/alexa-smart-home-skill-adapter/template.yaml @@ -1,20 +1,19 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Provides the basic framework for a skill adapter for a smart home skill. +Parameters: + TopicNameParameter: + Type: String Resources: alexasmarthomeskilladapter: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Provides the basic framework for a skill adapter for a smart home skill. MemorySize: 128 Timeout: 7 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter \ No newline at end of file diff --git a/examples/apps/algorithmia/template.yaml b/examples/apps/algorithmia/template.yaml index efdd9059b..e535de76c 100644 --- a/examples/apps/algorithmia/template.yaml +++ b/examples/apps/algorithmia/template.yaml @@ -1,23 +1,22 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Run any algorithm in the Algorithmia marketplace. +Parameters: + TopicNameParameter: + Type: String Resources: algorithmia: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Run any algorithm in the Algorithmia marketplace. MemorySize: 256 Timeout: 60 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter Events: BucketEvent1: Type: S3 diff --git a/examples/apps/api-gateway-authorizer-nodejs/template.yaml b/examples/apps/api-gateway-authorizer-nodejs/template.yaml index 4de576cc3..e99aff6d6 100644 --- a/examples/apps/api-gateway-authorizer-nodejs/template.yaml +++ b/examples/apps/api-gateway-authorizer-nodejs/template.yaml @@ -1,20 +1,19 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: 'Blueprint for API Gateway custom authorizers, implemented in NodeJS.' +Parameters: + TopicNameParameter: + Type: String Resources: apigatewayauthorizernodejs: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: 'Blueprint for API Gateway custom authorizers, implemented in NodeJS.' MemorySize: 256 Timeout: 5 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter \ No newline at end of file diff --git a/examples/apps/api-gateway-authorizer-python/template.yaml b/examples/apps/api-gateway-authorizer-python/template.yaml index fdf93e957..9287ef309 100644 --- a/examples/apps/api-gateway-authorizer-python/template.yaml +++ b/examples/apps/api-gateway-authorizer-python/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: 'Blueprint for API Gateway custom authorizers, implemented in Python 2.7.' +Parameters: + TopicNameParameter: + Type: String Resources: apigatewayauthorizerpython: Type: 'AWS::Serverless::Function' @@ -12,9 +15,5 @@ Resources: MemorySize: 256 Timeout: 5 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter diff --git a/examples/apps/api-gateway-multiple-origin-cors/template.yaml b/examples/apps/api-gateway-multiple-origin-cors/template.yaml index ba49bb6fa..d900c9d83 100644 --- a/examples/apps/api-gateway-multiple-origin-cors/template.yaml +++ b/examples/apps/api-gateway-multiple-origin-cors/template.yaml @@ -33,18 +33,18 @@ Resources: Method: 'options' Outputs: - ExampleApi: - Description: "API Gateway endpoint URL for Prod stage for API Gateway Multi-Origin CORS function" - Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - ExampleRoot: - Description: "API Gateway Multi-Origin CORS Lambda Function (Root) ARN" - Value: !GetAtt ExampleRoot.Arn - ExampleRootIamRole: - Description: "Implicit IAM Role created for API Gateway Multi-Origin CORS function (Root)" - Value: !GetAtt ExampleRootRole.Arn - ExampleTest: - Description: "API Gateway Multi-Origin CORS Lambda Function (Test) ARN" - Value: !GetAtt ExampleTest.Arn - ExampleTestIamRole: - Description: "Implicit IAM Role created for API Gateway Multi-Origin CORS function (Test)" - Value: !GetAtt ExampleTestRole.Arn + ExampleApi: + Description: "API Gateway endpoint URL for Prod stage for API Gateway Multi-Origin CORS function" + Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + ExampleRoot: + Description: "API Gateway Multi-Origin CORS Lambda Function (Root) ARN" + Value: !GetAtt ExampleRoot.Arn + ExampleRootIamRole: + Description: "Implicit IAM Role created for API Gateway Multi-Origin CORS function (Root)" + Value: !GetAtt ExampleRootRole.Arn + ExampleTest: + Description: "API Gateway Multi-Origin CORS Lambda Function (Test) ARN" + Value: !GetAtt ExampleTest.Arn + ExampleTestIamRole: + Description: "Implicit IAM Role created for API Gateway Multi-Origin CORS function (Test)" + Value: !GetAtt ExampleTestRole.Arn diff --git a/examples/apps/cfn-look-up-ami-ids/template.yaml b/examples/apps/cfn-look-up-ami-ids/template.yaml index 32637e719..5ae40232c 100644 --- a/examples/apps/cfn-look-up-ami-ids/template.yaml +++ b/examples/apps/cfn-look-up-ami-ids/template.yaml @@ -6,15 +6,10 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Looks up the latest AMI ID for a given region and architecture. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'ec2:DescribeImages' - Resource: '*' + - AMIDescribePolicy: {} \ No newline at end of file diff --git a/examples/apps/cfn-stack-outputs/template.yaml b/examples/apps/cfn-stack-outputs/template.yaml index 21c83601c..4d15e5e60 100644 --- a/examples/apps/cfn-stack-outputs/template.yaml +++ b/examples/apps/cfn-stack-outputs/template.yaml @@ -8,7 +8,7 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- Takes an AWS CloudFormation stack name and returns the outputs from that @@ -16,9 +16,4 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudformation:DescribeStacks' - Resource: '*' + - CloudFormationDescribeStacksPolicy: {} \ No newline at end of file diff --git a/examples/apps/cloudfront-ab-test/template.yaml b/examples/apps/cloudfront-ab-test/template.yaml index 2c9ff51cd..8ad8d9b9d 100644 --- a/examples/apps/cloudfront-ab-test/template.yaml +++ b/examples/apps/cloudfront-ab-test/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: 'Blueprint for CloudFront ab testing, implemented in NodeJS.' +Parameters: + KeyIdParameter: + Type: String Resources: cloudfrontabtest: Type: 'AWS::Serverless::Function' @@ -12,9 +15,5 @@ Resources: MemorySize: 128 Timeout: 1 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-access-request-in-response/template.yaml b/examples/apps/cloudfront-access-request-in-response/template.yaml index 152781b07..17225c048 100644 --- a/examples/apps/cloudfront-access-request-in-response/template.yaml +++ b/examples/apps/cloudfront-access-request-in-response/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Blueprint for setting CloudFront response header based on value in the request - header implemented in NodeJS. + Blueprint for setting CloudFront response header based on value in the request header implemented in NodeJS. +Parameters: + KeyIdParameter: + Type: String Resources: cloudfrontaccessrequestinresponse: Type: 'AWS::Serverless::Function' @@ -11,14 +13,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - Blueprint for setting CloudFront response header based on value in the - request header implemented in NodeJS. + Blueprint for setting CloudFront response header based on value in the request header implemented in NodeJS. MemorySize: 128 Timeout: 1 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-http-redirect/template.yaml b/examples/apps/cloudfront-http-redirect/template.yaml index 359557f0c..a7928a716 100644 --- a/examples/apps/cloudfront-http-redirect/template.yaml +++ b/examples/apps/cloudfront-http-redirect/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Blueprint for returning HTTP redirect implemented in NodeJS. +Parameters: + KeyIdParameter: + Type: String Resources: cloudfronthttpredirect: Type: 'AWS::Serverless::Function' @@ -12,9 +15,5 @@ Resources: MemorySize: 128 Timeout: 1 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-modify-querystring/template.yaml b/examples/apps/cloudfront-modify-querystring/template.yaml index 17d0b6950..fe62ad73d 100644 --- a/examples/apps/cloudfront-modify-querystring/template.yaml +++ b/examples/apps/cloudfront-modify-querystring/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Blueprint to add a header based on the values in a key-value pair in a query - string. + Blueprint to add a header based on the values in a key-value pair in a querynstring. +Parameters: + KeyIdParameter: + Type: String Resources: cloudfrontmodifyquerystring: Type: 'AWS::Serverless::Function' @@ -11,14 +13,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - Blueprint to add a header based on the values in a key-value pair in a - query string. + Blueprint to add a header based on the values in a key-value pair in a query string. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-modify-response-header/template.yaml b/examples/apps/cloudfront-modify-response-header/template.yaml index d8adc2dc3..f3972b085 100644 --- a/examples/apps/cloudfront-modify-response-header/template.yaml +++ b/examples/apps/cloudfront-modify-response-header/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Blueprint for modifying CloudFront response header implemented in NodeJS. +Parameters: + KeyIdParameter: + Type:String Resources: cloudfrontmodifyresponseheader: Type: 'AWS::Serverless::Function' @@ -9,14 +12,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - Blueprint for modifying CloudFront response header implemented in - NodeJS. + Blueprint for modifying CloudFront response header implemented in NodeJS. MemorySize: 128 Timeout: 1 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-multiple-remote-calls-aggregate-response/template.yaml b/examples/apps/cloudfront-multiple-remote-calls-aggregate-response/template.yaml index 78aa473c7..5eb48bcad 100644 --- a/examples/apps/cloudfront-multiple-remote-calls-aggregate-response/template.yaml +++ b/examples/apps/cloudfront-multiple-remote-calls-aggregate-response/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Blueprint for generating aggregated response from multiple remote calls on - origin-request trigger implemented in NodeJS. + Blueprint for generating aggregated response from multiple remote calls on origin-request trigger implemented in NodeJS. +Parameters: + KeyIdParameter: + Type: String Resources: cloudfrontmultipleremotecallsaggregateresponse: Type: 'AWS::Serverless::Function' @@ -11,14 +13,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - Blueprint for generating aggregated response from multiple remote calls - on origin-request trigger implemented in NodeJS. + Blueprint for generating aggregated response from multiple remote calls on origin-request trigger implemented in NodeJS. MemorySize: 128 Timeout: 1 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-redirect-on-viewer-country/template.yaml b/examples/apps/cloudfront-redirect-on-viewer-country/template.yaml index 0ff11a971..8e1a6a9a1 100644 --- a/examples/apps/cloudfront-redirect-on-viewer-country/template.yaml +++ b/examples/apps/cloudfront-redirect-on-viewer-country/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Blueprint for generating a redirect response based on the viewer country. - Triggered by an origin-request. Implemented in NodeJS. + Blueprint for generating a redirect response based on the viewer country. Triggered by an origin-request. Implemented in NodeJS. +Parameters: + KeyIdParameter: + Type: String Resources: cloudfrontredirectonviewercountry: Type: 'AWS::Serverless::Function' @@ -11,14 +13,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - Blueprint for generating a redirect response based on the viewer - country. Triggered by an origin-request. Implemented in NodeJS. + Blueprint for generating a redirect response based on the viewer country. Triggered by an origin-request. Implemented in NodeJS. MemorySize: 128 Timeout: 1 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-redirect-unauthenticated-users/template.yaml b/examples/apps/cloudfront-redirect-unauthenticated-users/template.yaml index 595eb23f8..6f6d288d5 100644 --- a/examples/apps/cloudfront-redirect-unauthenticated-users/template.yaml +++ b/examples/apps/cloudfront-redirect-unauthenticated-users/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Blueprint for redirecting unauthenticated users to sign-in page; triggered by - CloudFront viewer-request event. + Blueprint for redirecting unauthenticated users to sign-in page; triggered by CloudFront viewer-request event. +Parameters: + KeyIdParameter: + Type: String Resources: cloudfrontredirectunauthenticatedusers: Type: 'AWS::Serverless::Function' @@ -11,14 +13,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - Blueprint for redirecting unauthenticated users to sign-in page; - triggered by CloudFront viewer-request event. + Blueprint for redirecting unauthenticated users to sign-in page; triggered by CloudFront viewer-request event. MemorySize: 128 Timeout: 1 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-response-generation/template.yaml b/examples/apps/cloudfront-response-generation/template.yaml index febf336d9..7d339d823 100644 --- a/examples/apps/cloudfront-response-generation/template.yaml +++ b/examples/apps/cloudfront-response-generation/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Blueprint for generating a response from viewer-request trigger implemented in - NodeJS. + Blueprint for generating a response from viewer-request trigger implemented in NodeJS. +Parameters: + KeyIdParameter: + Type: String Resources: cloudfrontresponsegeneration: Type: 'AWS::Serverless::Function' @@ -11,14 +13,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - Blueprint for generating a response from viewer-request trigger - implemented in NodeJS. + Blueprint for generating a response from viewer-request trigger implemented in NodeJS. MemorySize: 128 Timeout: 1 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudfront-simple-remote-call/template.yaml b/examples/apps/cloudfront-simple-remote-call/template.yaml index f1bfd4cc8..17d44000b 100644 --- a/examples/apps/cloudfront-simple-remote-call/template.yaml +++ b/examples/apps/cloudfront-simple-remote-call/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Blueprint for generating a response from origin-request trigger implemented in - NodeJS. + Blueprint for generating a response from origin-request trigger implemented in NodeJS. +Parameters: + KeyIdParameter: + Type: String Resources: cloudfrontsimpleremotecall: Type: 'AWS::Serverless::Function' @@ -16,9 +18,5 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudwatch-alarm-to-slack-python/template.yaml b/examples/apps/cloudwatch-alarm-to-slack-python/template.yaml index 61e2963cd..f5adc211f 100644 --- a/examples/apps/cloudwatch-alarm-to-slack-python/template.yaml +++ b/examples/apps/cloudwatch-alarm-to-slack-python/template.yaml @@ -1,6 +1,13 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: An Amazon SNS trigger that sends CloudWatch alarm notifications to Slack. +Parameters: + KeyIdParameter: + Type: String + slackChannelParameter: + Type: String + kmsEncryptedHookUrlParameter: + Type: String Resources: cloudwatchalarmtoslackpython: Type: 'AWS::Serverless::Function' @@ -14,12 +21,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter Events: SNS1: Type: SNS @@ -28,7 +31,7 @@ Resources: Ref: SNSTopic1 Environment: Variables: - slackChannel: - kmsEncryptedHookUrl: + slackChannel: slackChannelParameter + kmsEncryptedHookUrl: kmsEncryptedHookUrlParameter SNSTopic1: Type: 'AWS::SNS::Topic' diff --git a/examples/apps/cloudwatch-alarm-to-slack-python3/template.yaml b/examples/apps/cloudwatch-alarm-to-slack-python3/template.yaml index 199074acb..5a731211b 100644 --- a/examples/apps/cloudwatch-alarm-to-slack-python3/template.yaml +++ b/examples/apps/cloudwatch-alarm-to-slack-python3/template.yaml @@ -1,6 +1,13 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: An Amazon SNS trigger that sends CloudWatch alarm notifications to Slack. +Parameters: + KeyIdParameter: + Type: String + slackChannelParameter: + Type: String + kmsEncryptedHookUrlParameter: + Type: String Resources: cloudwatchalarmtoslackpython3: Type: 'AWS::Serverless::Function' @@ -14,12 +21,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter Events: SNS1: Type: SNS @@ -28,7 +31,7 @@ Resources: Ref: SNSTopic1 Environment: Variables: - slackChannel: - kmsEncryptedHookUrl: + slackChannel: slackChannelParameter + kmsEncryptedHookUrl: kmsEncryptedHookUrlParameter SNSTopic1: Type: 'AWS::SNS::Topic' diff --git a/examples/apps/cloudwatch-alarm-to-slack/template.yaml b/examples/apps/cloudwatch-alarm-to-slack/template.yaml index d32f00bb3..dd316e1f2 100644 --- a/examples/apps/cloudwatch-alarm-to-slack/template.yaml +++ b/examples/apps/cloudwatch-alarm-to-slack/template.yaml @@ -1,12 +1,19 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: An Amazon SNS trigger that sends CloudWatch alarm notifications to Slack. +Parameters: + KeyIdParameter: + Type: String + slackChannelParameter: + Type: String + kmsEncryptedHookUrlParameter: + Type: String Resources: cloudwatchalarmtoslack: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- An Amazon SNS trigger that sends CloudWatch alarm notifications to @@ -14,12 +21,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter Events: SNS1: Type: SNS @@ -28,7 +31,7 @@ Resources: Ref: SNSTopic1 Environment: Variables: - slackChannel: - kmsEncryptedHookUrl: + slackChannel: slackChannelParameter + kmsEncryptedHookUrl: kmsEncryptedHookUrlParameter SNSTopic1: Type: 'AWS::SNS::Topic' diff --git a/examples/apps/cloudwatch-logs-process-data/template.yaml b/examples/apps/cloudwatch-logs-process-data/template.yaml index fa561dd0c..189e215a8 100644 --- a/examples/apps/cloudwatch-logs-process-data/template.yaml +++ b/examples/apps/cloudwatch-logs-process-data/template.yaml @@ -3,12 +3,15 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- A real-time consumer of log events ingested by an Amazon CloudWatch Logs log group. +Parameters: + KeyIdParameter: + Type:String Resources: cloudwatchlogsprocessdata: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- A real-time consumer of log events ingested by an Amazon CloudWatch Logs @@ -16,9 +19,5 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/cloudwatch-logs-to-loggly/template.yaml b/examples/apps/cloudwatch-logs-to-loggly/template.yaml index bcbfb236a..e2fe879a5 100644 --- a/examples/apps/cloudwatch-logs-to-loggly/template.yaml +++ b/examples/apps/cloudwatch-logs-to-loggly/template.yaml @@ -1,23 +1,22 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Sends logs from Cloudwatch logs to Loggly using a Lambda function. +Parameters: + KeyIdParameter: + Type:String Resources: cloudwatchlogstologgly: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Sends logs from Cloudwatch logs to Loggly using a Lambda function. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter Environment: Variables: kmsEncryptedCustomerToken: diff --git a/examples/apps/cognito-sync-trigger/template.yaml b/examples/apps/cognito-sync-trigger/template.yaml index a081826d0..59997a34f 100644 --- a/examples/apps/cognito-sync-trigger/template.yaml +++ b/examples/apps/cognito-sync-trigger/template.yaml @@ -3,12 +3,15 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon Cognito Sync trigger that modifies Cognito datasets based on the incoming event. +Parameters: + KeyIdParameter: + Type:String Resources: cognitosynctrigger: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- An Amazon Cognito Sync trigger that modifies Cognito datasets based on @@ -16,9 +19,5 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter diff --git a/examples/apps/config-rule-change-triggered/template.yaml b/examples/apps/config-rule-change-triggered/template.yaml index cdaef8a30..67c45586e 100644 --- a/examples/apps/config-rule-change-triggered/template.yaml +++ b/examples/apps/config-rule-change-triggered/template.yaml @@ -8,7 +8,7 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- An AWS Config rule that is triggered by configuration changes to EC2 diff --git a/examples/apps/config-rule-periodic/template.yaml b/examples/apps/config-rule-periodic/template.yaml index e3661a816..528cc8aa7 100644 --- a/examples/apps/config-rule-periodic/template.yaml +++ b/examples/apps/config-rule-periodic/template.yaml @@ -8,7 +8,7 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- An AWS Config rule that is triggered periodically. Checks for a maximum diff --git a/examples/apps/datadog-process-rds-metrics/template.yaml b/examples/apps/datadog-process-rds-metrics/template.yaml index f8b28e945..40c7e6110 100644 --- a/examples/apps/datadog-process-rds-metrics/template.yaml +++ b/examples/apps/datadog-process-rds-metrics/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Pushes RDS Enhanced metrics to Datadog. +Parameters: + KeyIdParameter: + Type:String Resources: datadogprocessrdsmetrics: Type: 'AWS::Serverless::Function' @@ -12,12 +15,8 @@ Resources: MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter Environment: Variables: kmsEncryptedKeys: diff --git a/examples/apps/greengrass-hello-world-nodejs/template.yaml b/examples/apps/greengrass-hello-world-nodejs/template.yaml index d135474b8..bf0bb24d7 100644 --- a/examples/apps/greengrass-hello-world-nodejs/template.yaml +++ b/examples/apps/greengrass-hello-world-nodejs/template.yaml @@ -3,6 +3,9 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- Deploy this lambda to a Greengrass core where it will send a hello world message to a topic +Parameters: + IdentityNameParameter: + Type: String Resources: greengrasshelloworldnodejs: Type: 'AWS::Serverless::Function' @@ -16,9 +19,5 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'ses:SendBounce' - Resource: '*' + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter \ No newline at end of file diff --git a/examples/apps/greengrass-hello-world/template.yaml b/examples/apps/greengrass-hello-world/template.yaml index eaf348c2d..8e33c96ba 100644 --- a/examples/apps/greengrass-hello-world/template.yaml +++ b/examples/apps/greengrass-hello-world/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Deploy this lambda to a Greengrass core where it will send a hello world - message to a topic + Deploy this lambda to a Greengrass core where it will send a hello world message to a topic +Parameters: + IdentityNameParameter: + Type: String Resources: greengrasshelloworld: Type: 'AWS::Serverless::Function' @@ -11,7 +13,9 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - Deploy this lambda to a Greengrass core where it will send a hello world - message to a topic + Deploy this lambda to a Greengrass core where it will send a hello world message to a topic MemorySize: 128 Timeout: 3 + Policies: + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter \ No newline at end of file diff --git a/examples/apps/hello-world-python/template.yaml b/examples/apps/hello-world-python/template.yaml index ed0606f6e..e0c0e1af8 100644 --- a/examples/apps/hello-world-python/template.yaml +++ b/examples/apps/hello-world-python/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: A starter AWS Lambda function. +Parameters: + IdentityNameParameter: + Type: String Resources: helloworldpython: Type: 'AWS::Serverless::Function' @@ -11,3 +14,6 @@ Resources: Description: A starter AWS Lambda function. MemorySize: 128 Timeout: 3 + Policies: + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter diff --git a/examples/apps/hello-world-python3/template.yaml b/examples/apps/hello-world-python3/template.yaml index ceb9ea2cb..d23e9027a 100644 --- a/examples/apps/hello-world-python3/template.yaml +++ b/examples/apps/hello-world-python3/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: A starter AWS Lambda function. +Parameters: + IdentityNameParameter: + Type: String Resources: helloworldpython3: Type: 'AWS::Serverless::Function' @@ -11,3 +14,6 @@ Resources: Description: A starter AWS Lambda function. MemorySize: 128 Timeout: 3 + Policies: + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter diff --git a/examples/apps/hello-world/template.yaml b/examples/apps/hello-world/template.yaml index 71eddb131..fe9712bc7 100644 --- a/examples/apps/hello-world/template.yaml +++ b/examples/apps/hello-world/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: A starter AWS Lambda function. +Parameters: + IdentityNameParameter: + Type: String Resources: helloworld: Type: 'AWS::Serverless::Function' @@ -11,3 +14,6 @@ Resources: Description: A starter AWS Lambda function. MemorySize: 128 Timeout: 3 + Policies: + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter \ No newline at end of file diff --git a/examples/apps/https-request/template.yaml b/examples/apps/https-request/template.yaml index b304cb5c8..98e3181f1 100644 --- a/examples/apps/https-request/template.yaml +++ b/examples/apps/https-request/template.yaml @@ -1,20 +1,19 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Demonstrates using a built-in Node.js module to make an HTTPS request. +Parameters: + IdentityNameParameter: + Type: String Resources: httpsrequest: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Demonstrates using a built-in Node.js module to make an HTTPS request. MemorySize: 128 Timeout: 60 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'ses:SendBounce' - Resource: '*' + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter diff --git a/examples/apps/image-processing-service/template.yaml b/examples/apps/image-processing-service/template.yaml index b6cb65ad0..15b640e2a 100644 --- a/examples/apps/image-processing-service/template.yaml +++ b/examples/apps/image-processing-service/template.yaml @@ -1,24 +1,21 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Uses ImageMagick to perform simple image processing operations, such as - resizing. + Uses ImageMagick to perform simple image processing operations, such as resizing. +Parameters: + IdentityNameParameter: + Type: String Resources: imageprocessingservice: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- - Uses ImageMagick to perform simple image processing operations, such as - resizing. + Uses ImageMagick to perform simple image processing operations, such as resizing. MemorySize: 512 Timeout: 30 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'ses:SendBounce' - Resource: '*' + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter diff --git a/examples/apps/inbound-ses-spam-filter-python/template.yaml b/examples/apps/inbound-ses-spam-filter-python/template.yaml index 618fac626..f61ec24fa 100644 --- a/examples/apps/inbound-ses-spam-filter-python/template.yaml +++ b/examples/apps/inbound-ses-spam-filter-python/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - A simple email filter for protection against spam and viruses as well as DKIM - and SPF failures. + A simple email filter for protection against spam and viruses as well as DKIM and SPF failures. +Parameters: + IdentityNameParameter: + Type: String Resources: inboundsesspamfilterpython: Type: 'AWS::Serverless::Function' @@ -11,17 +13,12 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - A simple email filter for protection against spam and viruses as well as - DKIM and SPF failures. + A simple email filter for protection against spam and viruses as well as DKIM and SPF failures. MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'ses:SendBounce' - Resource: '*' + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter Environment: Variables: emailDomain: diff --git a/examples/apps/inbound-ses-spam-filter/template.yaml b/examples/apps/inbound-ses-spam-filter/template.yaml index e61cfc645..5416d5421 100644 --- a/examples/apps/inbound-ses-spam-filter/template.yaml +++ b/examples/apps/inbound-ses-spam-filter/template.yaml @@ -1,27 +1,24 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - A simple email filter for protection against spam and viruses as well as DKIM - and SPF failures. + A simple email filter for protection against spam and viruses as well as DKIM and SPF failures. +Parameters: + IdentityNameParameter: + Type: String Resources: inboundsesspamfilter: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- - A simple email filter for protection against spam and viruses as well as - DKIM and SPF failures. + A simple email filter for protection against spam and viruses as well as DKIM and SPF failures. MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'ses:SendBounce' - Resource: '*' + - SESSendBouncePolicy: + IdentityName: !Ref IdentityNameParameter Environment: Variables: emailDomain: diff --git a/examples/apps/inspector-scheduled-run/template.yaml b/examples/apps/inspector-scheduled-run/template.yaml index 8b00789ac..29186a310 100644 --- a/examples/apps/inspector-scheduled-run/template.yaml +++ b/examples/apps/inspector-scheduled-run/template.yaml @@ -1,27 +1,22 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Schedules a recurring Amazon Inspector assessment run +Parameters: + TopicNameParameter: + Type:String Resources: inspectorscheduledrun: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Schedules a recurring Amazon Inspector assessment run MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:ListSubscriptionsByTopic' - - 'sns:CreateTopic' - - 'sns:SetTopicAttributes' - - 'sns:Subscribe' - - 'sns:Publish' - Resource: '*' + - SNSCrudPolicy: + TopicName: !Ref TopicNameParameter Environment: Variables: assessmentTemplateArn: diff --git a/examples/apps/kinesis-analytics-process-compressed-record/template.yaml b/examples/apps/kinesis-analytics-process-compressed-record/template.yaml index 66e095f39..836265b32 100644 --- a/examples/apps/kinesis-analytics-process-compressed-record/template.yaml +++ b/examples/apps/kinesis-analytics-process-compressed-record/template.yaml @@ -4,6 +4,11 @@ Description: >- An Amazon Kinesis Analytics record pre-processor that receives compressed (GZIP or Deflate compressed) JSON or CSV records as input and returns decompressed records with a processing status. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisanalyticsprocesscompressedrecord: Type: 'AWS::Serverless::Function' @@ -18,27 +23,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter diff --git a/examples/apps/kinesis-analytics-process-kpl-record/template.yaml b/examples/apps/kinesis-analytics-process-kpl-record/template.yaml index 14dc91e48..c72c4b489 100644 --- a/examples/apps/kinesis-analytics-process-kpl-record/template.yaml +++ b/examples/apps/kinesis-analytics-process-kpl-record/template.yaml @@ -4,6 +4,11 @@ Description: >- An Amazon Kinesis Analytics record pre-processor that receives Kinesis Producer Library (KPL) aggregates of JSON or CSV records as input and returns de-aggregated records with a processing status. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisanalyticsprocesskplrecord: Type: 'AWS::Serverless::Function' @@ -18,27 +23,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + Policies: + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter diff --git a/examples/apps/kinesis-analytics-process-record-python/template.yaml b/examples/apps/kinesis-analytics-process-record-python/template.yaml index a8bf0bb5e..0b37e1065 100644 --- a/examples/apps/kinesis-analytics-process-record-python/template.yaml +++ b/examples/apps/kinesis-analytics-process-record-python/template.yaml @@ -4,6 +4,11 @@ Description: >- An Amazon Kinesis Analytics record pre-processor that receives JSON or CSV records as input and returns them with a processing status. Use this processor as a starting point for custom transformation logic. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisanalyticsprocessrecordpython: Type: 'AWS::Serverless::Function' @@ -18,27 +23,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-analytics-process-record/template.yaml b/examples/apps/kinesis-analytics-process-record/template.yaml index 8f16029fe..615ea2698 100644 --- a/examples/apps/kinesis-analytics-process-record/template.yaml +++ b/examples/apps/kinesis-analytics-process-record/template.yaml @@ -4,6 +4,11 @@ Description: >- An Amazon Kinesis Analytics record pre-processor that receives JSON or CSV records as input and returns them with a processing status. Use this processor as a starting point for custom transformation logic. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisanalyticsprocessrecord: Type: 'AWS::Serverless::Function' @@ -18,27 +23,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-apachelog-to-csv-python/template.yaml b/examples/apps/kinesis-firehose-apachelog-to-csv-python/template.yaml index 738c5c08f..2f8bd41f2 100644 --- a/examples/apps/kinesis-firehose-apachelog-to-csv-python/template.yaml +++ b/examples/apps/kinesis-firehose-apachelog-to-csv-python/template.yaml @@ -3,6 +3,11 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon Kinesis Firehose stream processor that converts input records from Apache Common Log format to CSV. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehoseapachelogtocsvpython: Type: 'AWS::Serverless::Function' @@ -16,27 +21,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-apachelog-to-csv/template.yaml b/examples/apps/kinesis-firehose-apachelog-to-csv/template.yaml index 422727ff8..8362fb286 100644 --- a/examples/apps/kinesis-firehose-apachelog-to-csv/template.yaml +++ b/examples/apps/kinesis-firehose-apachelog-to-csv/template.yaml @@ -3,6 +3,11 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon Kinesis Firehose stream processor that converts input records from Apache Common Log format to CSV. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehoseapachelogtocsv: Type: 'AWS::Serverless::Function' @@ -16,27 +21,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-apachelog-to-json-python/template.yaml b/examples/apps/kinesis-firehose-apachelog-to-json-python/template.yaml index 474d54c3f..b43fb035b 100644 --- a/examples/apps/kinesis-firehose-apachelog-to-json-python/template.yaml +++ b/examples/apps/kinesis-firehose-apachelog-to-json-python/template.yaml @@ -3,6 +3,11 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon Kinesis Firehose stream processor that converts input records from Apache Common Log format to JSON. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehoseapachelogtojsonpython: Type: 'AWS::Serverless::Function' @@ -16,27 +21,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-apachelog-to-json/template.yaml b/examples/apps/kinesis-firehose-apachelog-to-json/template.yaml index c129095de..ecec7ba08 100644 --- a/examples/apps/kinesis-firehose-apachelog-to-json/template.yaml +++ b/examples/apps/kinesis-firehose-apachelog-to-json/template.yaml @@ -3,6 +3,11 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon Kinesis Firehose stream processor that converts input records from Apache Common Log format to JSON. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehoseapachelogtojson: Type: 'AWS::Serverless::Function' @@ -16,27 +21,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-cloudwatch-logs-processor/template.yaml b/examples/apps/kinesis-firehose-cloudwatch-logs-processor/template.yaml index b79353b9f..0ee0d6072 100644 --- a/examples/apps/kinesis-firehose-cloudwatch-logs-processor/template.yaml +++ b/examples/apps/kinesis-firehose-cloudwatch-logs-processor/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon Kinesis Firehose stream processor that extracts individual log - events from records sent by Cloudwatch Logs subscription filters. + An Amazon Kinesis Firehose stream processor that extracts individual log events from records sent by Cloudwatch Logs subscription filters. +Parameters: + BucketNameParameter: + Type: String Resources: kinesisfirehosecloudwatchlogsprocessor: Type: 'AWS::Serverless::Function' @@ -11,14 +13,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - An Amazon Kinesis Firehose stream processor that extracts individual log - events from records sent by Cloudwatch Logs subscription filters. + An Amazon Kinesis Firehose stream processor that extracts individual log events from records sent by Cloudwatch Logs subscription filters. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter diff --git a/examples/apps/kinesis-firehose-process-record-python/template.yaml b/examples/apps/kinesis-firehose-process-record-python/template.yaml index 2b2e4bfeb..4b9abb500 100644 --- a/examples/apps/kinesis-firehose-process-record-python/template.yaml +++ b/examples/apps/kinesis-firehose-process-record-python/template.yaml @@ -4,6 +4,11 @@ Description: >- An Amazon Kinesis Firehose stream processor that accesses the records in the input and returns them with a processing status. Use this processor for any custom transformation logic. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehoseprocessrecordpython: Type: 'AWS::Serverless::Function' @@ -18,27 +23,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter diff --git a/examples/apps/kinesis-firehose-process-record-streams-as-source-python/template.yaml b/examples/apps/kinesis-firehose-process-record-streams-as-source-python/template.yaml index 37c6e0f12..c2322b583 100644 --- a/examples/apps/kinesis-firehose-process-record-streams-as-source-python/template.yaml +++ b/examples/apps/kinesis-firehose-process-record-streams-as-source-python/template.yaml @@ -1,8 +1,12 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon Kinesis Firehose stream processor that accesses the Kinesis Streams - records in the input and returns them with a processing status. + An Amazon Kinesis Firehose stream processor that accesses the Kinesis Streams records in the input and returns them with a processing status. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehoseprocessrecordstreamsassourcepython: Type: 'AWS::Serverless::Function' @@ -11,32 +15,11 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - An Amazon Kinesis Firehose stream processor that accesses the Kinesis - Streams records in the input and returns them with a processing status. + An Amazon Kinesis Firehose stream processor that accesses the Kinesis Streams records in the input and returns them with a processing status. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-process-record-streams-as-source/template.yaml b/examples/apps/kinesis-firehose-process-record-streams-as-source/template.yaml index 54555aa51..aa67bdecc 100644 --- a/examples/apps/kinesis-firehose-process-record-streams-as-source/template.yaml +++ b/examples/apps/kinesis-firehose-process-record-streams-as-source/template.yaml @@ -1,8 +1,12 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon Kinesis Firehose stream processor that accesses the Kinesis Streams - records in the input and returns them with a processing status. + An Amazon Kinesis Firehose stream processor that accesses the Kinesis Streams records in the input and returns them with a processing status. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehoseprocessrecordstreamsassource: Type: 'AWS::Serverless::Function' @@ -11,32 +15,11 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - An Amazon Kinesis Firehose stream processor that accesses the Kinesis - Streams records in the input and returns them with a processing status. + An Amazon Kinesis Firehose stream processor that accesses the Kinesis Streams records in the input and returns them with a processing status. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-process-record/template.yaml b/examples/apps/kinesis-firehose-process-record/template.yaml index 382ec41b3..8f1ed4c26 100644 --- a/examples/apps/kinesis-firehose-process-record/template.yaml +++ b/examples/apps/kinesis-firehose-process-record/template.yaml @@ -3,12 +3,17 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon Kinesis Firehose stream processor that accesses the records in the input and returns them with a processing status. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehoseprocessrecord: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- An Amazon Kinesis Firehose stream processor that accesses the records in @@ -16,27 +21,7 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-syslog-to-csv-python/template.yaml b/examples/apps/kinesis-firehose-syslog-to-csv-python/template.yaml index 2e1b4a6a3..39ed34d0d 100644 --- a/examples/apps/kinesis-firehose-syslog-to-csv-python/template.yaml +++ b/examples/apps/kinesis-firehose-syslog-to-csv-python/template.yaml @@ -1,8 +1,12 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon Kinesis Firehose stream processor that converts input records from - RFC3164 Syslog format to CSV. + An Amazon Kinesis Firehose stream processor that converts input records from RFC3164 Syslog format to CSV. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehosesyslogtocsvpython: Type: 'AWS::Serverless::Function' @@ -11,32 +15,11 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - An Amazon Kinesis Firehose stream processor that converts input records - from RFC3164 Syslog format to CSV. + An Amazon Kinesis Firehose stream processor that converts input records from RFC3164 Syslog format to CSV. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter diff --git a/examples/apps/kinesis-firehose-syslog-to-csv/template.yaml b/examples/apps/kinesis-firehose-syslog-to-csv/template.yaml index 0e8ff951f..31f5e83ef 100644 --- a/examples/apps/kinesis-firehose-syslog-to-csv/template.yaml +++ b/examples/apps/kinesis-firehose-syslog-to-csv/template.yaml @@ -1,8 +1,12 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon Kinesis Firehose stream processor that converts input records from - RFC3164 Syslog format to CSV. + An Amazon Kinesis Firehose stream processor that converts input records from RFC3164 Syslog format to CSV. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehosesyslogtocsv: Type: 'AWS::Serverless::Function' @@ -11,32 +15,11 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - An Amazon Kinesis Firehose stream processor that converts input records - from RFC3164 Syslog format to CSV. + An Amazon Kinesis Firehose stream processor that converts input records from RFC3164 Syslog format to CSV. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/kinesis-firehose-syslog-to-json-python/template.yaml b/examples/apps/kinesis-firehose-syslog-to-json-python/template.yaml index 93a088d7c..56ee835a6 100644 --- a/examples/apps/kinesis-firehose-syslog-to-json-python/template.yaml +++ b/examples/apps/kinesis-firehose-syslog-to-json-python/template.yaml @@ -1,8 +1,12 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon Kinesis Firehose stream processor that converts input records from - RFC3164 Syslog format to JSON. + An Amazon Kinesis Firehose stream processor that converts input records from RFC3164 Syslog format to JSON. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehosesyslogtojsonpython: Type: 'AWS::Serverless::Function' @@ -11,32 +15,12 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - An Amazon Kinesis Firehose stream processor that converts input records - from RFC3164 Syslog format to JSON. + An Amazon Kinesis Firehose stream processor that converts input records from RFC3164 Syslog format to JSON. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter + diff --git a/examples/apps/kinesis-firehose-syslog-to-json/template.yaml b/examples/apps/kinesis-firehose-syslog-to-json/template.yaml index e7415f815..6d2cbfada 100644 --- a/examples/apps/kinesis-firehose-syslog-to-json/template.yaml +++ b/examples/apps/kinesis-firehose-syslog-to-json/template.yaml @@ -1,42 +1,25 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon Kinesis Firehose stream processor that converts input records from - RFC3164 Syslog format to JSON. + An Amazon Kinesis Firehose stream processor that converts input records from RFC3164 Syslog format to JSON. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisfirehosesyslogtojson: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- - An Amazon Kinesis Firehose stream processor that converts input records - from RFC3164 Syslog format to JSON. + An Amazon Kinesis Firehose stream processor that converts input records from RFC3164 Syslog format to JSON. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter diff --git a/examples/apps/kinesis-process-record-python/template.yaml b/examples/apps/kinesis-process-record-python/template.yaml index c3c788f69..fe189893a 100644 --- a/examples/apps/kinesis-process-record-python/template.yaml +++ b/examples/apps/kinesis-process-record-python/template.yaml @@ -1,6 +1,11 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: An Amazon Kinesis stream processor that logs the data being published. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisprocessrecordpython: Type: 'AWS::Serverless::Function' @@ -12,30 +17,10 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter Events: Kinesis1: Type: Kinesis diff --git a/examples/apps/kinesis-process-record/template.yaml b/examples/apps/kinesis-process-record/template.yaml index df2a345c1..8e767d7f4 100644 --- a/examples/apps/kinesis-process-record/template.yaml +++ b/examples/apps/kinesis-process-record/template.yaml @@ -1,41 +1,26 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: An Amazon Kinesis stream processor that logs the data being published. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: kinesisprocessrecord: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: An Amazon Kinesis stream processor that logs the data being published. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter Events: Kinesis1: Type: Kinesis diff --git a/examples/apps/lambda-canary-python3/template.yaml b/examples/apps/lambda-canary-python3/template.yaml index 663e9e7a6..ffa60a506 100644 --- a/examples/apps/lambda-canary-python3/template.yaml +++ b/examples/apps/lambda-canary-python3/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: 'Performs a periodic check of the given site, erroring out on test failure.' +Parameters: + FunctionNameParameter: + Type: String Resources: lambdacanarypython3: Type: 'AWS::Serverless::Function' @@ -9,24 +12,12 @@ Resources: Runtime: python3.6 CodeUri: . Description: >- - Performs a periodic check of the given site, erroring out on test - failure. + Performs a periodic check of the given site, erroring out on test failure. MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter Environment: Variables: site: 'https://www.amazon.com/' diff --git a/examples/apps/lambda-canary/template.yaml b/examples/apps/lambda-canary/template.yaml index 4f6bb30f4..82ce5c4f0 100644 --- a/examples/apps/lambda-canary/template.yaml +++ b/examples/apps/lambda-canary/template.yaml @@ -1,6 +1,11 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: 'Performs a periodic check of the given site, erroring out on test failure.' +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: lambdacanary: Type: 'AWS::Serverless::Function' @@ -9,35 +14,14 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - Performs a periodic check of the given site, erroring out on test - failure. + Performs a periodic check of the given site, erroring out on test failure. MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter Environment: Variables: site: diff --git a/examples/apps/lambda-test-harness/template.yaml b/examples/apps/lambda-test-harness/template.yaml index 3a7a2b1f2..628ef46dd 100644 --- a/examples/apps/lambda-test-harness/template.yaml +++ b/examples/apps/lambda-test-harness/template.yaml @@ -1,42 +1,25 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Provides a simple framework for conducting various tests of your Lambda - functions. + Provides a simple framework for conducting various tests of your Lambda functions. +Parameters: + FunctionNameParameter: + Type: String + TableNameParameter: + Type: String Resources: lambdatestharness: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- - Provides a simple framework for conducting various tests of your Lambda - functions. + Provides a simple framework for conducting various tests of your Lambda functions. MemorySize: 128 Timeout: 60 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:PutItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' - - Effect: Allow - Action: - - 'lambda:InvokeFunction' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:lambda:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - LambdaInvokePolicy: + FunctionName: !Ref FunctionNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/lex-book-trip-python/template.yaml b/examples/apps/lex-book-trip-python/template.yaml index 7e7d6e5b8..399600f67 100644 --- a/examples/apps/lex-book-trip-python/template.yaml +++ b/examples/apps/lex-book-trip-python/template.yaml @@ -3,6 +3,9 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- Book details of a visit, using Amazon Lex to perform natural language understanding +Parameters: + KeyIdParameter: + Type:String Resources: lexbooktrippython: Type: 'AWS::Serverless::Function' @@ -16,9 +19,5 @@ Resources: MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/lex-book-trip/template.yaml b/examples/apps/lex-book-trip/template.yaml index 324529384..5ce50c064 100644 --- a/examples/apps/lex-book-trip/template.yaml +++ b/examples/apps/lex-book-trip/template.yaml @@ -3,12 +3,15 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- Book details of a visit, using Amazon Lex to perform natural language understanding +Parameters: + KeyIdParameter: + Type:String Resources: lexbooktrip: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- Book details of a visit, using Amazon Lex to perform natural language @@ -16,9 +19,5 @@ Resources: MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/lex-make-appointment-python/template.yaml b/examples/apps/lex-make-appointment-python/template.yaml index b289cc277..79331121f 100644 --- a/examples/apps/lex-make-appointment-python/template.yaml +++ b/examples/apps/lex-make-appointment-python/template.yaml @@ -3,6 +3,9 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- Schedule a dentist appointment, using Amazon Lex to perform natural language understanding +Parameters: + KeyIdParameter: + Type:String Resources: lexmakeappointmentpython: Type: 'AWS::Serverless::Function' @@ -16,9 +19,5 @@ Resources: MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/lex-make-appointment/lambda_function.py b/examples/apps/lex-make-appointment/lambda_function.py deleted file mode 100644 index adead669a..000000000 --- a/examples/apps/lex-make-appointment/lambda_function.py +++ /dev/null @@ -1,214 +0,0 @@ -''' -This function uses the LogicMonitor REST API to create LogicMonitor OpsNotes -for CloudWatch Events. -Once the Ops Notes have been created for monitored resources that have -associated events, you'll see them on all graphs for those resources. -Assuming you already have monitored AWS resources in LogicMonitor, you'll -need to perform the following steps: - -Follow these steps to provision LogicMonitor API Tokens as environment -variables for the Lambda Function: - - 1. Navigate to https://.logicmonitor.com. - - 2. Locate the Users & Roles section within the Settings Page. - - 3. Identify an existing user or create a new existing user with - permission to manage all devices. As a best practice, we recommend - creating a designated API user for the integration. - - 4. Create a set of API Tokens from the Manage User dialog for the - user in step 3. Copy the Access Id and Access Key values for use - n the next section. - - -To add your LogicMonitor API Tokens as environment variables, follow these -steps: - - 1. Create or use an existing KMS Key - http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html - - 2. Click the "Enable Encryption Helpers" checkbox - - 3. Paste the value of the Access Id in the API_ACCESS_ID environment - variable and click encrypt. - - 4. Paste the value of the Access Key in the API_ACCESS_KEY environment - variable and click encrypt. - - 5. Provide your LogicMonitor account name as the value of the - ACCOUNT_NAME environment variable and click encrypt. - - -Follow these steps to configure CloudWatch Events Rules that will trigger -the Lambda Function: - - 1. Create a CloudWatch Event Rule that matches the events you'd like - to show up in your LogicMonitor account - https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ - WhatIsCloudWatchEvents.html - - 2. Configure the rule to trigger this Lambda Function. - - -This code requires the upload of a zip to include the "requests" library. -Do no edit this in the lambda UI. -''' - -from __future__ import print_function - -import requests -import os -import hashlib -import base64 -import time -import hmac -import json -import boto3 -from base64 import b64decode - -from six import string_types - -print('Loading function') - - -# Use LogicMonitor's API to search for a monitored device given an ARN -def find_device_by_arn(args): - device_info = lm_api("GET", "", "/device/devices", - "?filter=systemProperties.value:{}".format( - args['arn']), - args['account_name'], args['api_access_id'], - args['api_access_key']) - if len(device_info['data']['items']) == 1: - return device_info['data']['items'][0] - else: - return None - - -# Add a LogicMonitor OpsNote to a particular device, given the deviceId -# and the note / tags that should be included -def add_opsNote(args, device): - data = {"scopes": [{"type": "device", "deviceId": device['id']}], - "note": '{}: {}'.format(args['tag'], args['note']), - "tags": [{"name": args['tag']}]} - opsNote_response = lm_api("POST", json.dumps(data), "/setting/opsnotes", - "", args['account_name'], args['api_access_id'], - args['api_access_key']) - return opsNote_response - - -# Generic helper fuction to abstract the interation with the LM API -# Handles generation of authentication header string and -# interfacing with the HTTPs endpoint -def lm_api(verb, data, resource, query, account_name, access_id, access_key): - # generic definition for all lm RESTful resources - url = ('https://{}.logicmonitor.com/santaba/rest{}{}'.format(account_name, - resource, - query)) - - # Lets set the epoch so that it doesn't change between the - # two locations we need to use it - epoch = str(int(time.time() * 1000)) - - # Time to start building the auth strings for our headers - auth_contents = verb + epoch + data + resource - digest = hmac.new(access_key, msg=auth_contents, - digestmod=hashlib.sha256).hexdigest() - signature = base64.b64encode(digest) - auth = 'LMv1 {}:{}:{}'.format(access_id, signature, epoch) - - # Abstract the calling of the http verb as we are already defining - # it above. Make sure that we insert the customer Auth header - response = getattr(requests, verb.lower())(url, - data=data, - headers={'Content-Type': - 'application/json', - 'Authorization': auth}) - - # In the case that we have a 200 response we should have a - # json response content. However let's verify to make sure - if (response.status_code is requests.codes.ok and - response.headers['Content-Type'] == "application/json"): - return response.json() - else: - # Raise exception for bad status - response.raise_for_status() - # Return response content in the case of good status but - # bad response header - return response.text - - -# Decrypt value using KMS -def decrypt(text): - kms = boto3.client("kms") - response = kms.decrypt(CiphertextBlob=b64decode(text)) - return response["Plaintext"] - - -# Main event function -def lambda_handler(event, context): - # Get LogicMonitor API keys / account name from environment variables, - # where API keys are encrypted - args = {} - args['account_name'] = os.environ["ACCOUNT_NAME"] - encrypted_id = os.environ["API_ACCESS_ID"] - encrypted_key = os.environ["API_ACCESS_KEY"] - - # Decrypt LM API keys - args['api_access_id'] = decrypt(encrypted_id) - args['api_access_key'] = decrypt(encrypted_key).replace("'", "") - - # Define the OpsNote message content to the event detail object - args['note'] = json.dumps(event['detail'], indent=4) - - # Define OpsNote tag as the type of event - args['tag'] = event['detail-type'] - - # For every resource listed for the event, identify the ARN, search - # LogicMonitor using that ARN and add OpsNotes to any identified devices - for resource in event['resources']: - # Set ARN - args['arn'] = resource - # Search for LM devices by ARN - device = find_device_by_arn(args) - # If a device was found, add an OpsNote - if device: - print("Found device:") - print(device) - resp = add_opsNote(args, device) - print("Added Ops Note:") - print(resp) - - # Log note if a device was found for at least one ARN - # in the event resources - if device: - print("Found at least one device and added Ops Notes") - return resp - - # If no devices matched an ARN for the event resources, - # look for devices matching ARNs in event details - else: - print("Could not find any devices with resource ARN " + - args['arn'] + "- checking event details...") - # Identify ARN in event detail - for key, value in event['detail'].iteritems(): - if isinstance(value, string_types): - if 'arn' in value: - args['arn'] = value - # Search for LM devices based on identified ARN - print("Found arn: {} - checking devices...".format( - args['arn'])) - device = find_device_by_arn(args) - # If a device is found, add an OpsNote - if device: - print("Found device:") - print(device) - resp = add_opsNote(args, device) - print("Added Ops Note:") - print(resp) - return resp - # If no devices are found, note that no monitored devices matched - # the ARNs recorded for the event - print("Could not find any devices with ARNs in event detail") - print("Exiting") - return diff --git a/examples/apps/lex-make-appointment/requirements.txt b/examples/apps/lex-make-appointment/requirements.txt deleted file mode 100644 index 6f5275b1c..000000000 --- a/examples/apps/lex-make-appointment/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -requests==2.13.0 diff --git a/examples/apps/lex-make-appointment/template.yaml b/examples/apps/lex-make-appointment/template.yaml index d39dbb5c9..5bffabf0b 100644 --- a/examples/apps/lex-make-appointment/template.yaml +++ b/examples/apps/lex-make-appointment/template.yaml @@ -3,12 +3,15 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- Schedule a dentist appointment, using Amazon Lex to perform natural language understanding +Parameters: + KeyIdParameter: + Type:String Resources: lexmakeappointment: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- Schedule a dentist appointment, using Amazon Lex to perform natural @@ -16,9 +19,5 @@ Resources: MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/lex-order-flowers-python/template.yaml b/examples/apps/lex-order-flowers-python/template.yaml index c59a7d82d..084bc1db8 100644 --- a/examples/apps/lex-order-flowers-python/template.yaml +++ b/examples/apps/lex-order-flowers-python/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: 'Order flowers, using Amazon Lex to perform natural language understanding' +Parameters: + KeyIdParameter: + Type:String Resources: lexorderflowerspython: Type: 'AWS::Serverless::Function' @@ -14,9 +17,5 @@ Resources: MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/lex-order-flowers/lambda_function.py b/examples/apps/lex-order-flowers/lambda_function.py deleted file mode 100644 index adead669a..000000000 --- a/examples/apps/lex-order-flowers/lambda_function.py +++ /dev/null @@ -1,214 +0,0 @@ -''' -This function uses the LogicMonitor REST API to create LogicMonitor OpsNotes -for CloudWatch Events. -Once the Ops Notes have been created for monitored resources that have -associated events, you'll see them on all graphs for those resources. -Assuming you already have monitored AWS resources in LogicMonitor, you'll -need to perform the following steps: - -Follow these steps to provision LogicMonitor API Tokens as environment -variables for the Lambda Function: - - 1. Navigate to https://.logicmonitor.com. - - 2. Locate the Users & Roles section within the Settings Page. - - 3. Identify an existing user or create a new existing user with - permission to manage all devices. As a best practice, we recommend - creating a designated API user for the integration. - - 4. Create a set of API Tokens from the Manage User dialog for the - user in step 3. Copy the Access Id and Access Key values for use - n the next section. - - -To add your LogicMonitor API Tokens as environment variables, follow these -steps: - - 1. Create or use an existing KMS Key - http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html - - 2. Click the "Enable Encryption Helpers" checkbox - - 3. Paste the value of the Access Id in the API_ACCESS_ID environment - variable and click encrypt. - - 4. Paste the value of the Access Key in the API_ACCESS_KEY environment - variable and click encrypt. - - 5. Provide your LogicMonitor account name as the value of the - ACCOUNT_NAME environment variable and click encrypt. - - -Follow these steps to configure CloudWatch Events Rules that will trigger -the Lambda Function: - - 1. Create a CloudWatch Event Rule that matches the events you'd like - to show up in your LogicMonitor account - https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ - WhatIsCloudWatchEvents.html - - 2. Configure the rule to trigger this Lambda Function. - - -This code requires the upload of a zip to include the "requests" library. -Do no edit this in the lambda UI. -''' - -from __future__ import print_function - -import requests -import os -import hashlib -import base64 -import time -import hmac -import json -import boto3 -from base64 import b64decode - -from six import string_types - -print('Loading function') - - -# Use LogicMonitor's API to search for a monitored device given an ARN -def find_device_by_arn(args): - device_info = lm_api("GET", "", "/device/devices", - "?filter=systemProperties.value:{}".format( - args['arn']), - args['account_name'], args['api_access_id'], - args['api_access_key']) - if len(device_info['data']['items']) == 1: - return device_info['data']['items'][0] - else: - return None - - -# Add a LogicMonitor OpsNote to a particular device, given the deviceId -# and the note / tags that should be included -def add_opsNote(args, device): - data = {"scopes": [{"type": "device", "deviceId": device['id']}], - "note": '{}: {}'.format(args['tag'], args['note']), - "tags": [{"name": args['tag']}]} - opsNote_response = lm_api("POST", json.dumps(data), "/setting/opsnotes", - "", args['account_name'], args['api_access_id'], - args['api_access_key']) - return opsNote_response - - -# Generic helper fuction to abstract the interation with the LM API -# Handles generation of authentication header string and -# interfacing with the HTTPs endpoint -def lm_api(verb, data, resource, query, account_name, access_id, access_key): - # generic definition for all lm RESTful resources - url = ('https://{}.logicmonitor.com/santaba/rest{}{}'.format(account_name, - resource, - query)) - - # Lets set the epoch so that it doesn't change between the - # two locations we need to use it - epoch = str(int(time.time() * 1000)) - - # Time to start building the auth strings for our headers - auth_contents = verb + epoch + data + resource - digest = hmac.new(access_key, msg=auth_contents, - digestmod=hashlib.sha256).hexdigest() - signature = base64.b64encode(digest) - auth = 'LMv1 {}:{}:{}'.format(access_id, signature, epoch) - - # Abstract the calling of the http verb as we are already defining - # it above. Make sure that we insert the customer Auth header - response = getattr(requests, verb.lower())(url, - data=data, - headers={'Content-Type': - 'application/json', - 'Authorization': auth}) - - # In the case that we have a 200 response we should have a - # json response content. However let's verify to make sure - if (response.status_code is requests.codes.ok and - response.headers['Content-Type'] == "application/json"): - return response.json() - else: - # Raise exception for bad status - response.raise_for_status() - # Return response content in the case of good status but - # bad response header - return response.text - - -# Decrypt value using KMS -def decrypt(text): - kms = boto3.client("kms") - response = kms.decrypt(CiphertextBlob=b64decode(text)) - return response["Plaintext"] - - -# Main event function -def lambda_handler(event, context): - # Get LogicMonitor API keys / account name from environment variables, - # where API keys are encrypted - args = {} - args['account_name'] = os.environ["ACCOUNT_NAME"] - encrypted_id = os.environ["API_ACCESS_ID"] - encrypted_key = os.environ["API_ACCESS_KEY"] - - # Decrypt LM API keys - args['api_access_id'] = decrypt(encrypted_id) - args['api_access_key'] = decrypt(encrypted_key).replace("'", "") - - # Define the OpsNote message content to the event detail object - args['note'] = json.dumps(event['detail'], indent=4) - - # Define OpsNote tag as the type of event - args['tag'] = event['detail-type'] - - # For every resource listed for the event, identify the ARN, search - # LogicMonitor using that ARN and add OpsNotes to any identified devices - for resource in event['resources']: - # Set ARN - args['arn'] = resource - # Search for LM devices by ARN - device = find_device_by_arn(args) - # If a device was found, add an OpsNote - if device: - print("Found device:") - print(device) - resp = add_opsNote(args, device) - print("Added Ops Note:") - print(resp) - - # Log note if a device was found for at least one ARN - # in the event resources - if device: - print("Found at least one device and added Ops Notes") - return resp - - # If no devices matched an ARN for the event resources, - # look for devices matching ARNs in event details - else: - print("Could not find any devices with resource ARN " + - args['arn'] + "- checking event details...") - # Identify ARN in event detail - for key, value in event['detail'].iteritems(): - if isinstance(value, string_types): - if 'arn' in value: - args['arn'] = value - # Search for LM devices based on identified ARN - print("Found arn: {} - checking devices...".format( - args['arn'])) - device = find_device_by_arn(args) - # If a device is found, add an OpsNote - if device: - print("Found device:") - print(device) - resp = add_opsNote(args, device) - print("Added Ops Note:") - print(resp) - return resp - # If no devices are found, note that no monitored devices matched - # the ARNs recorded for the event - print("Could not find any devices with ARNs in event detail") - print("Exiting") - return diff --git a/examples/apps/lex-order-flowers/requirements.txt b/examples/apps/lex-order-flowers/requirements.txt deleted file mode 100644 index 6f5275b1c..000000000 --- a/examples/apps/lex-order-flowers/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -requests==2.13.0 diff --git a/examples/apps/lex-order-flowers/template.yaml b/examples/apps/lex-order-flowers/template.yaml index 4eaf7caf0..12fddc18c 100644 --- a/examples/apps/lex-order-flowers/template.yaml +++ b/examples/apps/lex-order-flowers/template.yaml @@ -1,12 +1,15 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: 'Order flowers, using Amazon Lex to perform natural language understanding' +Parameters: + KeyIdParameter: + Type:String Resources: lexorderflowers: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- Order flowers, using Amazon Lex to perform natural language @@ -14,9 +17,5 @@ Resources: MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter \ No newline at end of file diff --git a/examples/apps/logicmonitor-send-cloudwatch-events/template.yaml b/examples/apps/logicmonitor-send-cloudwatch-events/template.yaml index dafffa1c6..16d91bd85 100644 --- a/examples/apps/logicmonitor-send-cloudwatch-events/template.yaml +++ b/examples/apps/logicmonitor-send-cloudwatch-events/template.yaml @@ -3,6 +3,9 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- Creates LogicMonitor OpsNotes for CloudWatch Events, thereby enabling correlation between events and performance data. +Parameters: + KeyIdParameter: + Type:String Resources: logicmonitorsendcloudwatchevents: Type: 'AWS::Serverless::Function' @@ -16,12 +19,8 @@ Resources: MemorySize: 128 Timeout: 30 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter Environment: Variables: ACCOUNT_NAME: diff --git a/examples/apps/microservice-http-endpoint-python/index.js b/examples/apps/microservice-http-endpoint-python/index.js deleted file mode 100644 index 367902b8d..000000000 --- a/examples/apps/microservice-http-endpoint-python/index.js +++ /dev/null @@ -1,167 +0,0 @@ -/* - This blueprint helps in transitioning Node.js v0.10 functions. It can be run in three modes: - - List: to list all existing Node.js v0.10 functions and their versions in the current region - - Backup: to publish a version of your current deprecated functions $LATEST version. - - Upgrade: to upgrade the runtime field of existing Node.js v0.10 functions $LATEST version from ‘nodejs’ to - ‘node.js4.3’ or ‘node.js6.10’ - - Notes: - - IMPORTANT: This blueprint only upgrades the runtime value of your nodejs v0.10 functions, you should test your - functions to make sure they behave as expected when operating in the new runtime environment. - - Creating Node.js v0.10 functions has been turned off since January 2017. When run in Backup mode, this blueprint - will publish a version of the existing code and configuration of your function. When run in Upgrade mode this - blueprint will upgrade the value of the runtime of $LATEST version of your function. You can point clients of your - existing function to the backup version if required while you work on validating the upgrade. - - If a function fails to backup or upgrade, this Lambda execution will stop and logs will be available in Cloud - Watch for debugging. - - If you have a large number of functions in your account, this function may take multiple invokes to upgrade your - functions. - - If you receive this error message: "The role defined for the function cannot be assumed by Lambda.", please - confirm that the function being upgraded has a correct execution role value and that role exists in IAM. Try - running this blueprint again after the error has been corrected. - - This blueprint is able to upgrade runtimes for the $LATEST version only. Please follow instructions in the - documentation to transition other versions. - - Usage: - 1. Create a function using this blueprint. The functions role should have listFunctions and - updateFunctionConfiguration privileges in its execution role. - 2. To list all existing Node.js v0.10 functions and their versions in the current region, run the function without any - change from the console. This displays the functions and versions as a json list both in the output pane on the console - as well as Cloudwatch logs. - 3. To publish backup versions of your listed functions before upgrading them, make the following changes to the - function's configuration: - a. Change the MODE environment variable's value to Backup. - b. Running this blueprint multiple times in backup mode will add multiple backups to your functions. - 4. To upgrade the runtime field of the listed functions to a newer value, make the following changes to the function’s - configuration: - a. Change the MODE environment variable’s value to Upgrade. - b. Change the TARGET_RUNTIME environment variable’s value to the runtime that you’d like to transition to. Valid - values are nodejs4.3 || nodejs6.10. - c. Change the EXCEPTIONS environment variable’s value to a list of function names to exclude them from being - upgraded. The value should be a comma separated list of function names alone, not ARNs. - d. Run the function from the console. - 5. Repeat step 4 multiple times if you have a lot of functions that need to be upgraded. - 6. Repeat steps 1-5 for all regions you have Lambda functions in. - */ - -'use strict'; - -const AWS = require('aws-sdk'); -const throat = require('throat'); - -const lambda = new AWS.Lambda(); -exports.handler = (event, context, callback) => { - const memory = { Functions: [], Versions: [] }; - const deprecatedRuntime = 'nodejs'; - const targetRuntime = process.env.TARGET_RUNTIME || 'nodejs4.3'; - const mode = (process.env.MODE || 'list').toLowerCase(); - const list = mode === 'list'; - const upgrade = mode === 'upgrade'; - const backup = mode === 'backup'; - const exceptions = process.env.EXCEPTIONS ? process.env.EXCEPTIONS.split(',') : []; - console.log(`Blueprint Deprecated Runtime set to ${deprecatedRuntime}`); - console.log(`Blueprint TARGET_RUNTIME set to ${targetRuntime}`); - console.log(`Blueprint MODE set to ${process.env.MODE}`); - console.log(`Blueprint EXCEPTIONS set to ${process.env.EXCEPTIONS}`); - - function report() { - const formatExample = { DeprecatedFunctionName: ['DeprecatedVersion1', 'DeprecatedVersion2'] }; - const functionNames = memory.Functions.map((fn) => { - const obj = {}; - obj[`${fn.FunctionName}`] = JSON.stringify(memory.Versions.filter(vs => vs.FunctionName === `${fn.FunctionName}`).map(vs => vs.Version)); - return obj; - }); - if (functionNames.length) { - functionNames.unshift(formatExample); - console.log('Printing deprecated functions and their corresponding deprecated versions.' + - 'The following functions runtimes will be upgraded. Example format: ', functionNames); - } else { - console.log('No deprecated functions found.'); - } - } - - function backupFunctions(functions) { - return Promise.all(functions.map(throat(1, (fn) => { - console.log(`Starting backup of function ${fn}`); - const params = { - FunctionName: fn, - Description: 'Node 0.10 Deprecation Blueprint Backup', - }; - return lambda.publishVersion(params).promise(); - }))); - } - - function upgradeFunctions(functions) { - return Promise.all(functions.map(throat(1, (fn) => { - console.log(`Starting runtime upgrade of function ${fn}`); - const params = { - FunctionName: fn, - Runtime: targetRuntime, - }; - return lambda.updateFunctionConfiguration(params).promise(); - }))); - } - - function getVersions(functions) { - return Promise.all(functions.map(throat(1, (fn) => { - const params = { - FunctionName: fn, - }; - return lambda.listVersionsByFunction(params).promise(); - }))); - } - - function getFunctions(params) { - lambda.listFunctions(params, (err, data) => { - if (err) { - callback(err, err.stack); - } else { - Array.prototype.push.apply(memory.Functions, data.Functions.filter((item) => item.Runtime === deprecatedRuntime && - exceptions.indexOf(item.FunctionName) === -1)); - if (data.NextMarker) { - const nextListFunctionsParams = { - Marker: data.NextMarker, - MaxItems: 50, - }; - setTimeout(() => getFunctions(nextListFunctionsParams), 100); - } else { - // retrieved all functions - console.log(`Total deprecated functions retreived: ${memory.Functions.length}`); - getVersions(memory.Functions.map(fn => fn.FunctionName)).then((versions) => { - memory.Versions = versions; - if (list) { - report(); - console.log('Report Complete.'); - } else if (backup) { - console.log(`Starting Function Backup Operation for ${memory.Functions.length} deprecated functions.`); - backupFunctions(memory.Functions.map(fn => fn.FunctionName)) - .then(() => { - console.log('Function Backup Operation Complete. See CloudWatch logs for Errors' + - ' that may have occurred.'); - }) - .catch((error) => { - console.log(error); - }); - } else if (upgrade) { - console.log(`Starting Function Upgrade Operation for ${memory.Functions.length} deprecated functions.`); - upgradeFunctions(memory.Functions.map(fn => fn.FunctionName)) - .then(() => { - console.log('Function Upgrade Operation Complete. See CloudWatch logs for Errors' + - ' that may have occurred.'); - }) - .catch((error) => { - console.log(error); - }); - } else { - console.log('no MODE environment variable specified.'); - } - }); - } - } - }); - } - const starterParams = { - MaxItems: 50, - }; - getFunctions(starterParams); -}; diff --git a/examples/apps/microservice-http-endpoint-python/package.json b/examples/apps/microservice-http-endpoint-python/package.json deleted file mode 100644 index 348d78f27..000000000 --- a/examples/apps/microservice-http-endpoint-python/package.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "nodejs-upgrade-functions", - "version": "1.0.0", - "private": true, - "dependencies": { - "throat": "^4.0.0" - } -} diff --git a/examples/apps/microservice-http-endpoint-python/template.yaml b/examples/apps/microservice-http-endpoint-python/template.yaml index 4c6cef4c5..805c74ddc 100644 --- a/examples/apps/microservice-http-endpoint-python/template.yaml +++ b/examples/apps/microservice-http-endpoint-python/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - A simple backend (read/write to DynamoDB) with a RESTful API endpoint using - Amazon API Gateway. + A simple backend (read/write to DynamoDB) with a RESTful API endpoint using Amazon API Gateway. +Parameters: + TableNameParameter: + Type: String Resources: microservicehttpendpointpython: Type: 'AWS::Serverless::Function' @@ -11,28 +13,12 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - A simple backend (read/write to DynamoDB) with a RESTful API endpoint - using Amazon API Gateway. + A simple backend (read/write to DynamoDB) with a RESTful API endpoint using Amazon API Gateway. MemorySize: 512 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:DeleteItem' - - 'dynamodb:GetItem' - - 'dynamodb:PutItem' - - 'dynamodb:Scan' - - 'dynamodb:UpdateItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter Events: Api1: Type: Api diff --git a/examples/apps/microservice-http-endpoint-python3/package.json b/examples/apps/microservice-http-endpoint-python3/package.json deleted file mode 100644 index 348d78f27..000000000 --- a/examples/apps/microservice-http-endpoint-python3/package.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "nodejs-upgrade-functions", - "version": "1.0.0", - "private": true, - "dependencies": { - "throat": "^4.0.0" - } -} diff --git a/examples/apps/microservice-http-endpoint-python3/template.yaml b/examples/apps/microservice-http-endpoint-python3/template.yaml index 28045b93d..2e10b5c97 100644 --- a/examples/apps/microservice-http-endpoint-python3/template.yaml +++ b/examples/apps/microservice-http-endpoint-python3/template.yaml @@ -1,23 +1,22 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - A simple backend (read/write to DynamoDB) with a RESTful API endpoint using - Amazon API Gateway. + A simple backend (read/write to DynamoDB) with a RESTful API endpoint using Amazon API Gateway. + +Parameters: + TableNameParameter: + Type: String + Globals: #https://github.com/awslabs/serverless-application-model/blob/develop/docs/globals.rst Function: Runtime: python3.6 MemorySize: 512 - #VpcConfig: - #Tracing: - #AutoPublishAlias: Environment: Variables: TABLE_NAME: Ref: Table - - Resources: microservicehttpendpointpython3: Type: 'AWS::Serverless::Function' @@ -25,28 +24,11 @@ Resources: Handler: lambda_function.lambda_handler CodeUri: . Description: >- - A simple backend (read/write to DynamoDB) with a RESTful API endpoint - using Amazon API Gateway. + A simple backend (read/write to DynamoDB) with a RESTful API endpoint using Amazon API Gateway. Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:DeleteItem' - - 'dynamodb:GetItem' - - 'dynamodb:PutItem' - - 'dynamodb:Scan' - - 'dynamodb:UpdateItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/' - - Ref: Table + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter Events: Api1: Type: Api @@ -56,4 +38,3 @@ Resources: Table: Type: AWS::Serverless::SimpleTable - diff --git a/examples/apps/microservice-http-endpoint/template.yaml b/examples/apps/microservice-http-endpoint/template.yaml index 3b27afd99..afe573092 100644 --- a/examples/apps/microservice-http-endpoint/template.yaml +++ b/examples/apps/microservice-http-endpoint/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - A simple backend (read/write to DynamoDB) with a RESTful API endpoint using - Amazon API Gateway. + A simple backend (read/write to DynamoDB) with a RESTful API endpoint using Amazon API Gateway. +Parameters: + TableNameParameter: + Type: String Resources: microservicehttpendpoint: Type: 'AWS::Serverless::Function' @@ -11,31 +13,15 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - A simple backend (read/write to DynamoDB) with a RESTful API endpoint - using Amazon API Gateway. + A simple backend (read/write to DynamoDB) with a RESTful API endpoint using Amazon API Gateway. MemorySize: 512 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:DeleteItem' - - 'dynamodb:GetItem' - - 'dynamodb:PutItem' - - 'dynamodb:Scan' - - 'dynamodb:UpdateItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter Events: Api1: Type: Api Properties: Path: /MyResource - Method: ANY + Method: ANY \ No newline at end of file diff --git a/examples/apps/node-exec/template.yaml b/examples/apps/node-exec/template.yaml index a6cf892e7..67fc630bf 100644 --- a/examples/apps/node-exec/template.yaml +++ b/examples/apps/node-exec/template.yaml @@ -1,8 +1,12 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Demonstrates running an external process using the Node.js child_process - module. + Demonstrates running an external process using the Node.js child_process module. +Parameters: + BucketNameParameter: + Type: String + CollectionIdParameter: + Type: String Resources: nodeexec: Type: 'AWS::Serverless::Function' @@ -11,25 +15,13 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - Demonstrates running an external process using the Node.js child_process - module. + Demonstrates running an external process using the Node.js child_process module. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' - - Effect: Allow - Action: - - 'rekognition:CompareFaces' - - 'rekognition:DetectFaces' - - 'rekognition:DetectLabels' - Resource: '*' - - Effect: Allow - Action: - - 'rekognition:CreateCollection' - - 'rekognition:IndexFaces' - Resource: '*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter + - RekognitionNoDataAccessPolicy: + CollectionId: !Ref CollectionIdParameter + - RekognitionWriteOnlyAccessPolicy: + CollectionId: !Ref CollectionIdParameter \ No newline at end of file diff --git a/examples/apps/nodejs-upgrade-functions/index.js b/examples/apps/nodejs-upgrade-functions/index.js index 367902b8d..3bd1125a2 100644 --- a/examples/apps/nodejs-upgrade-functions/index.js +++ b/examples/apps/nodejs-upgrade-functions/index.js @@ -36,7 +36,7 @@ configuration: a. Change the MODE environment variable’s value to Upgrade. b. Change the TARGET_RUNTIME environment variable’s value to the runtime that you’d like to transition to. Valid - values are nodejs4.3 || nodejs6.10. + values are nodejs6.10 || nodejs8.10. c. Change the EXCEPTIONS environment variable’s value to a list of function names to exclude them from being upgraded. The value should be a comma separated list of function names alone, not ARNs. d. Run the function from the console. @@ -53,7 +53,7 @@ const lambda = new AWS.Lambda(); exports.handler = (event, context, callback) => { const memory = { Functions: [], Versions: [] }; const deprecatedRuntime = 'nodejs'; - const targetRuntime = process.env.TARGET_RUNTIME || 'nodejs4.3'; + const targetRuntime = process.env.TARGET_RUNTIME || 'nodejs6.10'; const mode = (process.env.MODE || 'list').toLowerCase(); const list = mode === 'list'; const upgrade = mode === 'upgrade'; diff --git a/examples/apps/nodejs-upgrade-functions/template.yaml b/examples/apps/nodejs-upgrade-functions/template.yaml index 14e0ae7fd..08df59c57 100644 --- a/examples/apps/nodejs-upgrade-functions/template.yaml +++ b/examples/apps/nodejs-upgrade-functions/template.yaml @@ -1,6 +1,11 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Upgrade deprecated Nodejs v0.10 functions to a newer runtime. +Parameters: + BucketNameParameter: + Type: String + CollectionIdParameter: + Type: String Resources: nodejsupgradefunctions: Type: 'AWS::Serverless::Function' @@ -12,25 +17,14 @@ Resources: MemorySize: 128 Timeout: 300 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' - - Effect: Allow - Action: - - 'rekognition:CompareFaces' - - 'rekognition:DetectFaces' - - 'rekognition:DetectLabels' - Resource: '*' - - Effect: Allow - Action: - - 'rekognition:CreateCollection' - - 'rekognition:IndexFaces' - Resource: '*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter + - RekognitionNoDataAccessPolicy: + CollectionId: !Ref CollectionIdParameter + - RekognitionWriteOnlyAccessPolicy: + CollectionId: !Ref CollectionIdParameter Environment: Variables: EXCEPTIONS: - TARGET_RUNTIME: nodejs4.3 + TARGET_RUNTIME: nodejs6.10 MODE: List diff --git a/examples/apps/rekognition-python/template.yaml b/examples/apps/rekognition-python/template.yaml index 1e0001446..36a2b50de 100644 --- a/examples/apps/rekognition-python/template.yaml +++ b/examples/apps/rekognition-python/template.yaml @@ -1,6 +1,11 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: An Amazon S3 trigger that uses rekognition APIs to detect faces +Parameters: + BucketNameParameter: + Type: String + CollectionIdParameter: + Type: String Resources: rekognitionpython: Type: 'AWS::Serverless::Function' @@ -12,23 +17,12 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' - - Effect: Allow - Action: - - 'rekognition:CompareFaces' - - 'rekognition:DetectFaces' - - 'rekognition:DetectLabels' - Resource: '*' - - Effect: Allow - Action: - - 'rekognition:CreateCollection' - - 'rekognition:IndexFaces' - Resource: '*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter + - RekognitionNoDataAccessPolicy: + CollectionId: !Ref CollectionIdParameter + - RekognitionWriteOnlyAccessPolicy: + CollectionId: !Ref CollectionIdParameter Events: BucketEvent1: Type: S3 diff --git a/examples/apps/s3-get-object-python/template.yaml b/examples/apps/s3-get-object-python/template.yaml index de0f0cfb9..67c860940 100644 --- a/examples/apps/s3-get-object-python/template.yaml +++ b/examples/apps/s3-get-object-python/template.yaml @@ -3,6 +3,9 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon S3 trigger that retrieves metadata for the object that has been updated. +Parameters: + BucketNameParameter: + Type:String Resources: s3getobjectpython: Type: 'AWS::Serverless::Function' @@ -16,12 +19,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter Events: BucketEvent1: Type: S3 diff --git a/examples/apps/s3-get-object-python3/template.yaml b/examples/apps/s3-get-object-python3/template.yaml index 6d03c507b..85023494e 100644 --- a/examples/apps/s3-get-object-python3/template.yaml +++ b/examples/apps/s3-get-object-python3/template.yaml @@ -3,6 +3,9 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon S3 trigger that retrieves metadata for the object that has been updated. +Parameters: + BucketNameParameter: + Type:String Resources: s3getobjectpython3: Type: 'AWS::Serverless::Function' @@ -16,12 +19,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter Events: BucketEvent1: Type: S3 diff --git a/examples/apps/s3-get-object/template.yaml b/examples/apps/s3-get-object/template.yaml index 564d59130..543ce926a 100644 --- a/examples/apps/s3-get-object/template.yaml +++ b/examples/apps/s3-get-object/template.yaml @@ -3,6 +3,9 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- An Amazon S3 trigger that retrieves metadata for the object that has been updated. +Parameters: + BucketNameParameter: + Type:String Resources: s3getobject: Type: 'AWS::Serverless::Function' @@ -16,12 +19,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter Events: BucketEvent1: Type: S3 diff --git a/examples/apps/ses-notification-nodejs/template.yaml b/examples/apps/ses-notification-nodejs/template.yaml index 6f63d8c4a..a8d3f8d8f 100644 --- a/examples/apps/ses-notification-nodejs/template.yaml +++ b/examples/apps/ses-notification-nodejs/template.yaml @@ -1,35 +1,21 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon SES notification handler for processing bounces, complaints and - deliveries. + An Amazon SES notification handler for processing bounces, complaints and deliveries. +Parameters: + TableNameParameter: + Type: String Resources: sesnotificationnodejs: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- - An Amazon SES notification handler for processing bounces, complaints - and deliveries. + An Amazon SES notification handler for processing bounces, complaints and deliveries. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:DeleteItem' - - 'dynamodb:GetItem' - - 'dynamodb:PutItem' - - 'dynamodb:Scan' - - 'dynamodb:UpdateItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/ses-notification-python/template.yaml b/examples/apps/ses-notification-python/template.yaml index 5ac7cf1eb..70bcd165f 100644 --- a/examples/apps/ses-notification-python/template.yaml +++ b/examples/apps/ses-notification-python/template.yaml @@ -1,8 +1,10 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An Amazon SES notification handler for processing bounces, complaints and - deliveries. + An Amazon SES notification handler for processing bounces, complaints and deliveries. +Parameters: + TableNameParameter: + Type: String Resources: sesnotificationpython: Type: 'AWS::Serverless::Function' @@ -11,25 +13,9 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - An Amazon SES notification handler for processing bounces, complaints - and deliveries. + An Amazon SES notification handler for processing bounces, complaints and deliveries. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'dynamodb:DeleteItem' - - 'dynamodb:GetItem' - - 'dynamodb:PutItem' - - 'dynamodb:Scan' - - 'dynamodb:UpdateItem' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:dynamodb:' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':table/*' + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter \ No newline at end of file diff --git a/examples/apps/simple-mobile-backend/template.yaml b/examples/apps/simple-mobile-backend/template.yaml index 9fb968911..a211603ef 100644 --- a/examples/apps/simple-mobile-backend/template.yaml +++ b/examples/apps/simple-mobile-backend/template.yaml @@ -1,19 +1,19 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: A simple mobile backend (read/write to DynamoDB). -Parameters: - TableNameParameter: +Parameters: + TableNameParameter: Type: String Resources: simplemobilebackend: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: A simple mobile backend (read/write to DynamoDB). MemorySize: 128 Timeout: 3 Policies: - - DynamoDBCrudPolicy: - TableName: !Ref TableNameParameter + - DynamoDBCrudPolicy: + TableName: !Ref TableNameParameter diff --git a/examples/apps/slack-echo-command-python/template.yaml b/examples/apps/slack-echo-command-python/template.yaml index c1e5e115d..635f0afcf 100644 --- a/examples/apps/slack-echo-command-python/template.yaml +++ b/examples/apps/slack-echo-command-python/template.yaml @@ -3,6 +3,9 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- A function that handles a Slack slash command and echoes the details back to the user. +Parameters: + KeyIdParameter: + Type:String Resources: slackechocommandpython: Type: 'AWS::Serverless::Function' @@ -16,12 +19,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter Events: Api1: Type: Api diff --git a/examples/apps/slack-echo-command/template.yaml b/examples/apps/slack-echo-command/template.yaml index e01a6f6e4..452fa3823 100644 --- a/examples/apps/slack-echo-command/template.yaml +++ b/examples/apps/slack-echo-command/template.yaml @@ -3,12 +3,15 @@ Transform: 'AWS::Serverless-2016-10-31' Description: >- A function that handles a Slack slash command and echoes the details back to the user. +Parameters: + KeyIdParameter: + Type:String Resources: slackechocommand: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- A function that handles a Slack slash command and echoes the details @@ -16,12 +19,8 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'kms:Decrypt' - Resource: '*' + - KMSDecryptPolicy: + KeyId: !Ref KeyIdParameter Events: Api1: Type: Api diff --git a/examples/apps/sns-message/template.yaml b/examples/apps/sns-message/template.yaml index 055e6b653..140c61f9c 100644 --- a/examples/apps/sns-message/template.yaml +++ b/examples/apps/sns-message/template.yaml @@ -6,7 +6,7 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: An Amazon SNS trigger that logs the message pushed to the SNS topic. MemorySize: 128 diff --git a/examples/apps/splunk-cloudwatch-logs-processor/template.yaml b/examples/apps/splunk-cloudwatch-logs-processor/template.yaml index 2d253e8d5..293d5ed1e 100644 --- a/examples/apps/splunk-cloudwatch-logs-processor/template.yaml +++ b/examples/apps/splunk-cloudwatch-logs-processor/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Stream events from AWS CloudWatch Logs to Splunk's HTTP event collector +Parameters: + BucketNameParameter: + Type: String Resources: splunkcloudwatchlogsprocessor: Type: 'AWS::Serverless::Function' @@ -12,12 +15,8 @@ Resources: MemorySize: 512 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter Environment: Variables: SPLUNK_HEC_URL: diff --git a/examples/apps/splunk-elb-application-access-logs-processor/template.yaml b/examples/apps/splunk-elb-application-access-logs-processor/template.yaml index 56b9526a0..1f0e51d0e 100644 --- a/examples/apps/splunk-elb-application-access-logs-processor/template.yaml +++ b/examples/apps/splunk-elb-application-access-logs-processor/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Stream Application ELB access logs from S3 to Splunk's HTTP event collector +Parameters: + BucketNameParameter: + Type:String Resources: splunkelbapplicationaccesslogsprocessor: Type: 'AWS::Serverless::Function' @@ -14,12 +17,8 @@ Resources: MemorySize: 512 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter Events: BucketEvent1: Type: S3 diff --git a/examples/apps/splunk-elb-classic-access-logs-processor/template.yaml b/examples/apps/splunk-elb-classic-access-logs-processor/template.yaml index c6ae9d327..5fd638449 100644 --- a/examples/apps/splunk-elb-classic-access-logs-processor/template.yaml +++ b/examples/apps/splunk-elb-classic-access-logs-processor/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Stream Classic ELB access logs from S3 to Splunk's HTTP event collector +Parameters: + BucketNameParameter: + Type:String Resources: splunkelbclassicaccesslogsprocessor: Type: 'AWS::Serverless::Function' @@ -12,12 +15,8 @@ Resources: MemorySize: 512 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter Events: BucketEvent1: Type: S3 diff --git a/examples/apps/splunk-logging/template.yaml b/examples/apps/splunk-logging/template.yaml index 1452dbb57..5eda5fc28 100644 --- a/examples/apps/splunk-logging/template.yaml +++ b/examples/apps/splunk-logging/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Demonstrates logging from AWS Lambda code to Splunk's HTTP event collector +Parameters: + BucketNameParameter: + Type:String Resources: splunklogging: Type: 'AWS::Serverless::Function' @@ -14,12 +17,8 @@ Resources: MemorySize: 512 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 's3:GetObject' - Resource: 'arn:aws:s3:::*' + - S3CrudPolicy: + BucketName: !Ref BucketNameParameter Environment: Variables: SPLUNK_HEC_URL: diff --git a/examples/apps/sqs-poller/template.yaml b/examples/apps/sqs-poller/template.yaml index 5d35ac80f..cb379166d 100644 --- a/examples/apps/sqs-poller/template.yaml +++ b/examples/apps/sqs-poller/template.yaml @@ -1,37 +1,23 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Periodically polls an SQS queue and asynchronously consumes each message. +Parameters: + QueueNameParameter: + Type: String Resources: sqspoller: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- - Periodically polls an SQS queue and asynchronously consumes each - message. + Periodically polls an SQS queue and asynchronously consumes each message. MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sqs:DeleteMessage' - - 'sqs:ReceiveMessage' - Resource: 'arn:aws:sqs:*' - - Effect: Allow - Action: - - 'lambda:Invoke' - Resource: - 'Fn::Join': - - '' - - - 'arn:aws:sqs:*' - - Ref: 'AWS::Region' - - ':' - - Ref: 'AWS::AccountId' - - ':function:*' + - SQSPollerPolicy: + QueueName: !Ref QueueNameParameter Environment: Variables: queueUrl: diff --git a/examples/apps/step-functions-error-python/template.yaml b/examples/apps/step-functions-error-python/template.yaml index 63b7f6047..cdd996d60 100644 --- a/examples/apps/step-functions-error-python/template.yaml +++ b/examples/apps/step-functions-error-python/template.yaml @@ -1,8 +1,7 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An AWS Lambda function that throws an error. AWS Step Functions state machines - can be configured to handle (catch or retry) this error. + An AWS Lambda function that throws an error. AWS Step Functions state machines can be configured to handle (catch or retry) this error. Resources: stepfunctionserrorpython: Type: 'AWS::Serverless::Function' @@ -11,19 +10,9 @@ Resources: Runtime: python2.7 CodeUri: . Description: >- - An AWS Lambda function that throws an error. AWS Step Functions state - machines can be configured to handle (catch or retry) this error. + An AWS Lambda function that throws an error. AWS Step Functions state machines can be configured to handle (catch or retry) this error. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudwatch:PutMetricData' - Resource: '*' - - Effect: Allow - Action: - - 'ec2:DescribeRegions' - - 'ec2:DescribeVpnConnections' - Resource: '*' + - CloudWatchPutMetricPolicy: {} + - EC2VPNDescribePolicy: {} \ No newline at end of file diff --git a/examples/apps/step-functions-error/template.yaml b/examples/apps/step-functions-error/template.yaml index bcc9ef183..847cce444 100644 --- a/examples/apps/step-functions-error/template.yaml +++ b/examples/apps/step-functions-error/template.yaml @@ -1,8 +1,7 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - An AWS Lambda function that throws an error. AWS Step Functions state machines - can be configured to handle (catch or retry) this error. + An AWS Lambda function that throws an error. AWS Step Functions state machines can be configured to handle (catch or retry) this error. Resources: stepfunctionserror: Type: 'AWS::Serverless::Function' @@ -11,19 +10,9 @@ Resources: Runtime: nodejs6.10 CodeUri: . Description: >- - An AWS Lambda function that throws an error. AWS Step Functions state - machines can be configured to handle (catch or retry) this error. + An AWS Lambda function that throws an error. AWS Step Functions state machines can be configured to handle (catch or retry) this error. MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudwatch:PutMetricData' - Resource: '*' - - Effect: Allow - Action: - - 'ec2:DescribeRegions' - - 'ec2:DescribeVpnConnections' - Resource: '*' + - CloudWatchPutMetricPolicy: {} + - EC2VPNDescribePolicy: {} diff --git a/examples/apps/step-functions-send-to-sns/template.yaml b/examples/apps/step-functions-send-to-sns/template.yaml index 468cd2914..2840cc3d8 100644 --- a/examples/apps/step-functions-send-to-sns/template.yaml +++ b/examples/apps/step-functions-send-to-sns/template.yaml @@ -1,6 +1,9 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Sends an SNS message from input JSON +Parameters: + TopicNameParameter: + Type: String Resources: stepfunctionssendtosns: Type: 'AWS::Serverless::Function' @@ -12,9 +15,5 @@ Resources: MemorySize: 128 Timeout: 3 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'sns:Publish' - Resource: 'arn:aws:sns:*:*:*' + - SNSPublishMessagePolicy: + TopicName: !Ref TopicNameParameter \ No newline at end of file diff --git a/examples/apps/sumologic-process-logs/template.yaml b/examples/apps/sumologic-process-logs/template.yaml index 106a942cc..6e1e6b847 100644 --- a/examples/apps/sumologic-process-logs/template.yaml +++ b/examples/apps/sumologic-process-logs/template.yaml @@ -6,20 +6,11 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Pushes CWL logs to SumoLogic. MemorySize: 128 Timeout: 10 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudwatch:PutMetricData' - Resource: '*' - - Effect: Allow - Action: - - 'ec2:DescribeRegions' - - 'ec2:DescribeVpnConnections' - Resource: '*' + - CloudWatchPutMetricPolicy: {} + - EC2VPNDescribePolicy: {} \ No newline at end of file diff --git a/examples/apps/twilio-conference/template.yaml b/examples/apps/twilio-conference/template.yaml index af1b78459..51f9faece 100644 --- a/examples/apps/twilio-conference/template.yaml +++ b/examples/apps/twilio-conference/template.yaml @@ -6,23 +6,14 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Allows multiple people to chat together in a conference room. MemorySize: 128 Timeout: 15 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudwatch:PutMetricData' - Resource: '*' - - Effect: Allow - Action: - - 'ec2:DescribeRegions' - - 'ec2:DescribeVpnConnections' - Resource: '*' + - CloudWatchPutMetricPolicy: {} + - EC2VPNDescribePolicy: {} Events: Api1: Type: Api diff --git a/examples/apps/twilio-forward/template.yaml b/examples/apps/twilio-forward/template.yaml index b9dec00f3..7d8bf4b8c 100644 --- a/examples/apps/twilio-forward/template.yaml +++ b/examples/apps/twilio-forward/template.yaml @@ -6,23 +6,14 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: Forward a call to another phone number. MemorySize: 128 Timeout: 15 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudwatch:PutMetricData' - Resource: '*' - - Effect: Allow - Action: - - 'ec2:DescribeRegions' - - 'ec2:DescribeVpnConnections' - Resource: '*' + - CloudWatchPutMetricPolicy: {} + - EC2VPNDescribePolicy: {} Events: Api1: Type: Api diff --git a/examples/apps/twilio-menu/template.yaml b/examples/apps/twilio-menu/template.yaml index 175e2e821..33e39100d 100644 --- a/examples/apps/twilio-menu/template.yaml +++ b/examples/apps/twilio-menu/template.yaml @@ -1,32 +1,21 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: >- - Play a greeting, and wait for the caller to press one or more digits on their - keypad. + Play a greeting, and wait for the caller to press one or more digits on their keypad. Resources: twiliomenu: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: >- - Play a greeting, and wait for the caller to press one or more digits on - their keypad. + Play a greeting, and wait for the caller to press one or more digits on their keypad. MemorySize: 128 Timeout: 15 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudwatch:PutMetricData' - Resource: '*' - - Effect: Allow - Action: - - 'ec2:DescribeRegions' - - 'ec2:DescribeVpnConnections' - Resource: '*' + - CloudWatchPutMetricPolicy: {} + - EC2VPNDescribePolicy: {} Events: Api1: Type: Api diff --git a/examples/apps/twilio-simple-blueprint/template.yaml b/examples/apps/twilio-simple-blueprint/template.yaml index 04bade9fa..c83ae347f 100644 --- a/examples/apps/twilio-simple-blueprint/template.yaml +++ b/examples/apps/twilio-simple-blueprint/template.yaml @@ -6,23 +6,14 @@ Resources: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler - Runtime: nodejs4.3 + Runtime: nodejs8.10 CodeUri: . Description: A simple backend for handling events sent from Twilio. MemorySize: 128 Timeout: 15 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudwatch:PutMetricData' - Resource: '*' - - Effect: Allow - Action: - - 'ec2:DescribeRegions' - - 'ec2:DescribeVpnConnections' - Resource: '*' + - CloudWatchPutMetricPolicy: {} + - EC2VPNDescribePolicy: {} Events: Api1: Type: Api diff --git a/examples/apps/vpn-conn-monitor/template.yaml b/examples/apps/vpn-conn-monitor/template.yaml index 6a5bc4ac1..e93d86c25 100644 --- a/examples/apps/vpn-conn-monitor/template.yaml +++ b/examples/apps/vpn-conn-monitor/template.yaml @@ -12,14 +12,5 @@ Resources: MemorySize: 128 Timeout: 120 Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - 'cloudwatch:PutMetricData' - Resource: '*' - - Effect: Allow - Action: - - 'ec2:DescribeRegions' - - 'ec2:DescribeVpnConnections' - Resource: '*' + - CloudWatchPutMetricPolicy: {} + - EC2VPNDescribePolicy: {} \ No newline at end of file