mirror of
https://github.com/serverless/serverless.git
synced 2026-01-18 14:58:43 +00:00
200 lines
4.7 KiB
JSON
200 lines
4.7 KiB
JSON
{
|
|
"AWSTemplateFormatVersion": "2010-09-09",
|
|
"Description": "JAWS",
|
|
"Parameters": {
|
|
"aaaStage": {
|
|
"Type": "String",
|
|
"Default": "test"
|
|
},
|
|
"aaaDataModelPrefix": {
|
|
"Type": "String",
|
|
"Default": "test",
|
|
"AllowedValues": [
|
|
"test",
|
|
"prod"
|
|
]
|
|
},
|
|
"aaaProjectName": {
|
|
"Type": "String",
|
|
"Default": "jaws",
|
|
"AllowedValues": [
|
|
"jaws"
|
|
]
|
|
},
|
|
"HostedZoneName": {
|
|
"Type": "String",
|
|
"Default": "myapp.com"
|
|
}
|
|
},
|
|
"Resources": {
|
|
"LambdaRole": {
|
|
"Type": "AWS::IAM::Role",
|
|
"Properties": {
|
|
"AssumeRolePolicyDocument": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": [
|
|
"lambda.amazonaws.com"
|
|
]
|
|
},
|
|
"Action": [
|
|
"sts:AssumeRole"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"Path": "/"
|
|
}
|
|
},
|
|
"Profile": {
|
|
"Type": "AWS::IAM::InstanceProfile",
|
|
"Properties": {
|
|
"Path": "/",
|
|
"Roles": [
|
|
{
|
|
"Ref": "LambdaRole"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"Group": {
|
|
"Type": "AWS::IAM::Group",
|
|
"Properties": {
|
|
"Path": "/dataModel/"
|
|
}
|
|
},
|
|
"DataModelPolicy": {
|
|
"Type": "AWS::IAM::Policy",
|
|
"Properties": {
|
|
"PolicyName": {
|
|
"Fn::Join": [
|
|
"-",
|
|
[
|
|
{
|
|
"Ref": "aaaStage"
|
|
},
|
|
{
|
|
"Ref": "aaaProjectName"
|
|
}
|
|
]
|
|
]
|
|
},
|
|
"PolicyDocument": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"logs:CreateLogGroup",
|
|
"logs:CreateLogStream",
|
|
"logs:PutLogEvents"
|
|
],
|
|
"Resource": "arn:aws:logs:*:*:*"
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:Get*",
|
|
"s3:List*",
|
|
"s3:Put*"
|
|
],
|
|
"Resource": [
|
|
{
|
|
"Fn::Join": [
|
|
"",
|
|
[
|
|
"arn:aws:s3:::",
|
|
{
|
|
"Ref": "aaaProjectName"
|
|
},
|
|
"-images.",
|
|
{
|
|
"Ref": "HostedZoneName"
|
|
},
|
|
"/",
|
|
{
|
|
"Ref": "aaaDataModelPrefix"
|
|
},
|
|
"*"
|
|
]
|
|
]
|
|
}
|
|
],
|
|
"Effect": "Allow"
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"dynamodb:BatchGetItem",
|
|
"dynamodb:BatchWriteItem",
|
|
"dynamodb:DeleteItem",
|
|
"dynamodb:DescribeTable",
|
|
"dynamodb:Get*",
|
|
"dynamodb:List*",
|
|
"dynamodb:PutItem",
|
|
"dynamodb:Query",
|
|
"dynamodb:Scan",
|
|
"dynamodb:UpdateItem",
|
|
"dynamodb:UpdateTable"
|
|
],
|
|
"Resource": [
|
|
{
|
|
"Fn::Join": [
|
|
"",
|
|
[
|
|
"arn:aws:dynamodb:us-east-1:",
|
|
{
|
|
"Ref": "AWS::AccountId"
|
|
},
|
|
":table/",
|
|
{
|
|
"Ref": "aaaDataModelPrefix"
|
|
},
|
|
"-",
|
|
{
|
|
"Ref": "aaaProjectName"
|
|
},
|
|
"-users*"
|
|
]
|
|
]
|
|
},
|
|
{
|
|
"Fn::Join": [
|
|
"",
|
|
[
|
|
"arn:aws:dynamodb:us-east-1:",
|
|
{
|
|
"Ref": "AWS::AccountId"
|
|
},
|
|
":table/",
|
|
{
|
|
"Ref": "aaaDataModelPrefix"
|
|
},
|
|
"-",
|
|
{
|
|
"Ref": "aaaProjectName"
|
|
},
|
|
"-images*"
|
|
]
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"Roles": [
|
|
{
|
|
"Ref": "LambdaRole"
|
|
}
|
|
],
|
|
"Groups": [
|
|
{
|
|
"Ref": "Group"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
} |