func appendDynamicSNSLambda(api *sparta.API, lambdaFunctions []*sparta.LambdaAWSInfo) []*sparta.LambdaAWSInfo {
snsTopicName := sparta.CloudFormationResourceName("SNSDynamicTopic")
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{}, echoDynamicSNSEvent, nil)
lambdaFn.Permissions = append(lambdaFn.Permissions, sparta.SNSPermission{
BasePermission: sparta.BasePermission{
SourceArn: gocf.Ref(snsTopicName),
},
})
lambdaFn.Decorator = func(serviceName string,
lambdaResourceName string,
lambdaResource gocf.LambdaFunction,
resourceMetadata map[string]interface{},
S3Bucket string,
S3Key string,
buildID string,
template *gocf.Template,
context map[string]interface{},
logger *logrus.Logger) error {
template.AddResource(snsTopicName, &gocf.SNSTopic{
DisplayName: gocf.String("Sparta Application SNS topic"),
})
return nil
}
return append(lambdaFunctions, lambdaFn)
}
func appendKinesisLambda(api *sparta.API, lambdaFunctions []*sparta.LambdaAWSInfo) []*sparta.LambdaAWSInfo {
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{}, echoKinesisEvent, nil)
lambdaFn.EventSourceMappings = append(lambdaFn.EventSourceMappings, &sparta.EventSourceMapping{
EventSourceArn: kinesisTestStream,
StartingPosition: "TRIM_HORIZON",
BatchSize: 100,
})
return append(lambdaFunctions, lambdaFn)
}
func appendSNSLambda(api *sparta.API, lambdaFunctions []*sparta.LambdaAWSInfo) []*sparta.LambdaAWSInfo {
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{}, echoSNSEvent, nil)
lambdaFn.Permissions = append(lambdaFn.Permissions, sparta.SNSPermission{
BasePermission: sparta.BasePermission{
SourceArn: snsTopic,
},
})
return append(lambdaFunctions, lambdaFn)
}
func appendS3Lambda(api *sparta.API, lambdaFunctions []*sparta.LambdaAWSInfo) []*sparta.LambdaAWSInfo {
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{}, echoS3Event, nil)
apiGatewayResource, _ := api.NewResource("/hello/world/test", lambdaFn)
apiGatewayResource.NewMethod("GET", http.StatusOK)
lambdaFn.Permissions = append(lambdaFn.Permissions, sparta.S3Permission{
BasePermission: sparta.BasePermission{
SourceArn: s3Bucket,
},
Events: []string{"s3:ObjectCreated:*", "s3:ObjectRemoved:*"},
})
return append(lambdaFunctions, lambdaFn)
}
func appendCloudWatchLogsHandler(api *sparta.API,
lambdaFunctions []*sparta.LambdaAWSInfo) []*sparta.LambdaAWSInfo {
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{},
echoCloudWatchLogs,
nil)
cloudWatchLogsPermission := sparta.CloudWatchLogsPermission{}
cloudWatchLogsPermission.Filters = make(map[string]sparta.CloudWatchLogsSubscriptionFilter, 1)
cloudWatchLogsPermission.Filters["MyFilter"] = sparta.CloudWatchLogsSubscriptionFilter{
FilterPattern: "",
LogGroupName: "/aws/lambda/versions",
}
lambdaFn.Permissions = append(lambdaFn.Permissions, cloudWatchLogsPermission)
return append(lambdaFunctions, lambdaFn)
}
func appendSESLambda(api *sparta.API,
lambdaFunctions []*sparta.LambdaAWSInfo) []*sparta.LambdaAWSInfo {
// Setup options s.t. the lambda function has time to consume the message body
sesItemInfoOptions := &sparta.LambdaFunctionOptions{
Description: "",
MemorySize: 128,
Timeout: 10,
}
// Our lambda function will need to be able to read from the bucket, which
// will be handled by the S3MessageBodyBucketDecorator below
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{}, echoSESEvent, sesItemInfoOptions)
// Add a Permission s.t. the Lambda function automatically manages SES registration
sesPermission := sparta.SESPermission{
BasePermission: sparta.BasePermission{
SourceArn: "*",
},
InvocationType: "Event",
}
// Store the message body
bodyStorage, _ := sesPermission.NewMessageBodyStorageResource("Special")
sesPermission.MessageBodyStorage = bodyStorage
sesPermission.ReceiptRules = make([]sparta.ReceiptRule, 0)
sesPermission.ReceiptRules = append(sesPermission.ReceiptRules, sparta.ReceiptRule{
Name: "Special",
Recipients: []string{"*****@*****.**"},
TLSPolicy: "Optional",
})
sesPermission.ReceiptRules = append(sesPermission.ReceiptRules, sparta.ReceiptRule{
Name: "Default",
Recipients: []string{},
TLSPolicy: "Optional",
})
// Then add the privilege to the Lambda function s.t. we can actually get at the data
lambdaFn.RoleDefinition.Privileges = append(lambdaFn.RoleDefinition.Privileges,
sparta.IAMRolePrivilege{
Actions: []string{"s3:GetObject", "s3:HeadObject"},
Resource: sesPermission.MessageBodyStorage.BucketArnAllKeys(),
})
// Finally add the SES permission to the lambda function
lambdaFn.Permissions = append(lambdaFn.Permissions, sesPermission)
return append(lambdaFunctions, lambdaFn)
}
////////////////////////////////////////////////////////////////////////////////
// Main
func main() {
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{},
helloWorld,
nil)
var lambdaFunctions []*sparta.LambdaAWSInfo
lambdaFunctions = append(lambdaFunctions, lambdaFn)
err := sparta.Main("SpartaHelloWorld",
fmt.Sprintf("Test HelloWorld resource command"),
lambdaFunctions,
nil,
nil)
if err != nil {
os.Exit(1)
}
}
func appendDynamicS3BucketLambda(api *sparta.API, lambdaFunctions []*sparta.LambdaAWSInfo) []*sparta.LambdaAWSInfo {
s3BucketResourceName := sparta.CloudFormationResourceName("S3DynamicBucket")
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{}, echoS3DynamicBucketEvent, nil)
lambdaFn.Permissions = append(lambdaFn.Permissions, sparta.S3Permission{
BasePermission: sparta.BasePermission{
SourceArn: gocf.Ref(s3BucketResourceName),
},
Events: []string{"s3:ObjectCreated:*", "s3:ObjectRemoved:*"},
})
lambdaFn.DependsOn = append(lambdaFn.DependsOn, s3BucketResourceName)
// Add permission s.t. the lambda function could read from the S3 bucket
lambdaFn.RoleDefinition.Privileges = append(lambdaFn.RoleDefinition.Privileges,
sparta.IAMRolePrivilege{
Actions: []string{"s3:GetObject", "s3:HeadObject"},
Resource: spartaCF.S3AllKeysArnForBucket(gocf.Ref(s3BucketResourceName)),
})
lambdaFn.Decorator = func(serviceName string,
lambdaResourceName string,
lambdaResource gocf.LambdaFunction,
resourceMetadata map[string]interface{},
S3Bucket string,
S3Key string,
buildID string,
template *gocf.Template,
context map[string]interface{},
logger *logrus.Logger) error {
cfResource := template.AddResource(s3BucketResourceName, &gocf.S3Bucket{
AccessControl: gocf.String("PublicRead"),
Tags: []gocf.ResourceTag{
gocf.ResourceTag{
Key: gocf.String("SpecialKey"),
Value: gocf.String("SpecialValue"),
},
},
})
cfResource.DeletionPolicy = "Delete"
return nil
}
return append(lambdaFunctions, lambdaFn)
}
func appendCloudWatchEventHandler(api *sparta.API,
lambdaFunctions []*sparta.LambdaAWSInfo) []*sparta.LambdaAWSInfo {
lambdaFn := sparta.NewLambda(sparta.IAMRoleDefinition{},
echoCloudWatchEvent,
nil)
cloudWatchEventsPermission := sparta.CloudWatchEventsPermission{}
cloudWatchEventsPermission.Rules = make(map[string]sparta.CloudWatchEventsRule, 0)
cloudWatchEventsPermission.Rules["Rate5Mins"] = sparta.CloudWatchEventsRule{
ScheduleExpression: "rate(5 minutes)",
}
cloudWatchEventsPermission.Rules["EC2Activity"] = sparta.CloudWatchEventsRule{
EventPattern: map[string]interface{}{
"source": []string{"aws.ec2"},
"detail-type": []string{"EC2 Instance state change"},
},
}
lambdaFn.Permissions = append(lambdaFn.Permissions, cloudWatchEventsPermission)
return append(lambdaFunctions, lambdaFn)
}
////////////////////////////////////////////////////////////////////////////////
// Return the *[]sparta.LambdaAWSInfo slice
//
func imagerFunctions(api *sparta.API) ([]*sparta.LambdaAWSInfo, error) {
//////////////////////////////////////////////////////////////////////////////
// 1 - Lambda function that listens to S3 events and stamps images
//////////////////////////////////////////////////////////////////////////////
// Provision an IAM::Role as part of this application
var iamRole = sparta.IAMRoleDefinition{}
// Setup the ARN that includes all child keys
resourceArn := fmt.Sprintf("%s/*", s3EventBroadcasterBucket)
iamRole.Privileges = append(iamRole.Privileges, sparta.IAMRolePrivilege{
Actions: []string{"s3:GetObject",
"s3:PutObject",
},
Resource: resourceArn,
})
var lambdaFunctions []*sparta.LambdaAWSInfo
// The default timeout is 3 seconds - increase that to 30 seconds s.t. the
// transform lambda doesn't fail early.
transformOptions := &sparta.LambdaFunctionOptions{
Description: "Stamp assets in S3",
MemorySize: 128,
Timeout: 30,
}
lambdaFn := sparta.NewLambda(iamRole, transformImage, transformOptions)
//////////////////////////////////////////////////////////////////////////////
// S3 configuration
//
lambdaFn.Permissions = append(lambdaFn.Permissions, sparta.S3Permission{
BasePermission: sparta.BasePermission{
SourceArn: s3EventBroadcasterBucket,
},
Events: []string{"s3:ObjectCreated:*", "s3:ObjectRemoved:*"},
})
lambdaFunctions = append(lambdaFunctions, lambdaFn)
//////////////////////////////////////////////////////////////////////////////
// 2 - Lambda function that allows for querying of S3 information
//////////////////////////////////////////////////////////////////////////////
s3ItemInfoOptions := &sparta.LambdaFunctionOptions{
Description: "Get information about an item in S3 via querystring params",
MemorySize: 128,
Timeout: 10,
}
var iamDynamicRole = sparta.IAMRoleDefinition{}
iamDynamicRole.Privileges = append(iamDynamicRole.Privileges, sparta.IAMRolePrivilege{
Actions: []string{"s3:GetObject"},
Resource: resourceArn,
})
s3ItemInfoLambdaFn := sparta.NewLambda(iamDynamicRole, s3ItemInfo, s3ItemInfoOptions)
// Register the function with the API Gateway
apiGatewayResource, _ := api.NewResource("/info", s3ItemInfoLambdaFn)
method, err := apiGatewayResource.NewMethod("GET", http.StatusOK)
if err != nil {
return nil, err
}
// Whitelist query string params
method.Parameters["method.request.querystring.keyName"] = true
method.Parameters["method.request.querystring.bucketName"] = true
lambdaFunctions = append(lambdaFunctions, s3ItemInfoLambdaFn)
return lambdaFunctions, nil
}