seth
/
jam-cloud
mirror of https://bitbucket.org/jamkazam/jam-cloud.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
jam-cloud/lambda/jamtrack-importer/template.yaml

206 lines
5.8 KiB
YAML
Raw Permalink Normal View History

Merged in seth/jamtrack-lambda-importer (pull request #51) Lambda & local importer for jamtracks * # This is a combination of 9 commits. # This is the 1st commit message: inital attempt before upgrading Rails in lambda # The commit message #2 will be skipped: # unzip works # The commit message #3 will be skipped: # wip # The commit message #4 will be skipped: # Add in gemspec # The commit message #5 will be skipped: # wip # The commit message #6 will be skipped: # imported one locally # The commit message #7 will be skipped: # Add in jmep # The commit message #8 will be skipped: # add in some baked in env vars # The commit message #9 will be skipped: # ran a local container build finally * inital attempt before upgrading Rails in lambda * Minor tweak for docker usage case of lambda running in AWS/lambda
2025-02-08 17:20:26 +00:00
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
Environment:
Type: String
AllowedValues:
- dev
- prod
Description: The environment (e.g., dev or prod)
TencyZipsBucket:
Type: String
Description: Where tency uploads their original zips
TencyJamTracksBucket:
Type: String
Description: Where we unzip their zipped files
EfsId:
Type: String
Description: The ID of the EFS to use for scratch
VpcId:
Type: String
Description: The ID of the VPC where the Lambda function and EFS are deployed.
SubnetIds:
Type: CommaDelimitedList
Description: The IDs of the subnets where the Lambda function will be deployed.
SgIds:
Type: CommaDelimitedList
Description: The Id Of the security group
MountPath:
Type: String
Description: The path to mount the EFS volume into the lamdda
JamTrackContainerPath:
Type: String
Description: The local or container registry path to the jamtrack container
DbHost:
Type: String
Description: potsgresql host
DbUser:
Type: String
Description: postgresql user
DbPass:
Type: String
Description: postgresql pass
DbName:
Type: String
Description: db name
AwsBucket:
Type: String
Description: aws bucket
AwsBucketPublic:
Type: String
Description: aws bucket public
Globals:
Function:
#Runtime: ruby3.3
CodeUri: ./
Architectures:
- x86_64
#Handler: app.lambda_handler
Resources:
TencyUnzipFunction:
Type: AWS::Serverless::Function
Properties:
#Handler: lambdas/unzipper/app.lambda_handler
#Runtime: ruby3.3
# Layers:
# - !Ref AssetLayer
# - !Ref PGLayer
# - !Ref SharedLayer
MemorySize: 500
Timeout: 900
PackageType: Image
ImageUri: !Ref JamTrackContainerPath
FileSystemConfigs:
- Arn: !GetAtt EFSMountTarget.Arn
LocalMountPath: /mnt/efs
VpcConfig:
SubnetIds: !Ref SubnetIds
SecurityGroupIds: !Ref SgIds
Role: !GetAtt ZipExtractorFunctionRole.Arn
Environment:
Variables:
ENV: !Ref Environment
DB_HOST: !Ref DbHost
DB_USER: !Ref DbUser
DB_PASS: !Ref DbPass
DB_NAME: !Ref DbName
TENCY_ZIPS_BUCKET: !Ref TencyZipsBucket
TENCY_JAMTRACKS_BUCKET: !Ref TencyJamTracksBucket
AWS_BUCKET: !Ref AwsBucket
AWS_BUCKET_PUBLIC: !Ref AwsBucketPublic
FFMPEG_PATH: /opt/bin/ffmpeg
FFMPEG_PATH_MP3: /opt/bin/ffmpeg
JMEP_DIR: /var/task/shared/jmep
END_ON_FAIL: 1
MOUNT_PATH: !Ref MountPath
# AssetLayer:
# Type: AWS::Serverless::LayerVersion
# Properties:
# LayerName: asset-layer
# ContentUri: s3://jamkazam-repo/lambda-assets/jamtrack-importer-assets.zip
# ContentUri: ./assets/assets.zip
# CompatibleRuntimes:
# - ruby3.3
# PGLayer:
# Type: AWS::Serverless::LayerVersion
# Properties:
# CompatibleRuntimes:
# - ruby3.3
# ContentUri: 'pg_layer'
# Metadata:
# BuildMethod: makefile
# SharedLayer:
# Type: AWS::Serverless::LayerVersion
# Properties:
# LayerName: shared-layer
# Description: Shared code layer for Lambda functions
# ContentUri: shared/
# CompatibleRuntimes:
# - ruby3.3
# IAM Role for Lambda
ZipExtractorFunctionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- !Ref EFSFullAccessPolicy
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
Policies:
- PolicyName: S3AccessPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "s3:ListBucket"
- "s3:GetObject"
Resource:
- !Sub "arn:aws:s3:::${TencyZipsBucket}"
- !Sub "arn:aws:s3:::${TencyZipsBucket}/*"
- Effect: Allow
Action:
- "s3:ListBucket"
- "s3:GetObject"
- "s3:PutObject"
Resource:
- !Sub "arn:aws:s3:::${TencyJamTracksBucket}"
- !Sub "arn:aws:s3:::${TencyJamTracksBucket}/*"
- PolicyName: VPCNetworkingPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "ec2:CreateNetworkInterface"
- "ec2:DescribeNetworkInterfaces"
- "ec2:DeleteNetworkInterface"
Resource: "*" # You can narrow this down by specifying resources if needed
# Managed Policy for EFS Access
EFSFullAccessPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: EFS full access for Lambda
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "elasticfilesystem:ClientMount"
- "elasticfilesystem:ClientWrite"
Resource: !GetAtt EFSMountTarget.Arn
# EFS Mount Target
# MountTaget1:
# Type: AWS::EFS::MountTarget
# Properties:
# FileSystemId: !Ref EfsId
# SubnetId: !Select [0, !Ref SubnetIds] # us-east1
# SecurityGroups: [!Ref SgId]
# EFS Mount Target for Lambda
EFSMountTarget:
Type: AWS::EFS::AccessPoint
Properties:
FileSystemId: !Ref EfsId
PosixUser:
Uid: "1000"
Gid: "1000"
RootDirectory:
CreationInfo:
OwnerUid: "1000"
OwnerGid: "1000"
Permissions: "0777"
Path: !Ref MountPath