diff --git a/07_Resources/Repos/converter/CodeBuild/Policies/s3.json b/07_Resources/Repos/converter/CodeBuild/Policies/s3.json index e7b4fcf..7019440 100644 --- a/07_Resources/Repos/converter/CodeBuild/Policies/s3.json +++ b/07_Resources/Repos/converter/CodeBuild/Policies/s3.json @@ -10,7 +10,7 @@ { "Effect": "Allow", "Action": "s3:*", - "Resource": { "Fn::Sub": "arn:aws:s3:::${S3Code}/*"} + "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"} } ] } diff --git a/07_Resources/Repos/converter/CodePipeline/pipe_line.json b/07_Resources/Repos/converter/CodePipeline/pipe_line.json index 4857279..7a73681 100644 --- a/07_Resources/Repos/converter/CodePipeline/pipe_line.json +++ b/07_Resources/Repos/converter/CodePipeline/pipe_line.json @@ -4,7 +4,7 @@ "Properties": { "Name": "0x4447_s3_email_lambda_converter", "ArtifactStore": { - "Location": { "Ref": "S3Code" }, + "Location": { "Ref": "CodePipelineBucketName" }, "Type": "S3" }, "RoleArn": { "Fn::GetAtt": ["PipelineConverterRole", "Arn"] }, diff --git a/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json b/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json index d3485cc..b7cbcfb 100644 --- a/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json +++ b/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json @@ -10,7 +10,7 @@ { "Effect": "Allow", "Action": "s3:*", - "Resource": { "Fn::Sub": "arn:aws:s3:::${S3Code}/*"} + "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"} } ] } diff --git a/07_Resources/Repos/inbound/CodePipeline/pipe_line.json b/07_Resources/Repos/inbound/CodePipeline/pipe_line.json index d60d53d..5799712 100644 --- a/07_Resources/Repos/inbound/CodePipeline/pipe_line.json +++ b/07_Resources/Repos/inbound/CodePipeline/pipe_line.json @@ -4,7 +4,7 @@ "Properties": { "Name": "0x4447_s3_email_lambda_inbound", "ArtifactStore": { - "Location": { "Ref": "S3Code" }, + "Location": { "Ref": "CodePipelineBucketName" }, "Type": "S3" }, "RoleArn": { "Fn::GetAtt": ["PipelineInboundRole", "Arn"] }, diff --git a/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json b/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json index ca8e12a..ada9053 100644 --- a/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json +++ b/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json @@ -10,7 +10,7 @@ { "Effect": "Allow", "Action": "s3:*", - "Resource": { "Fn::Sub": "arn:aws:s3:::${S3Code}/*"} + "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"} } ] } diff --git a/07_Resources/Repos/outbound/CodePipeline/pipe_line.json b/07_Resources/Repos/outbound/CodePipeline/pipe_line.json index 326b665..9d67c94 100644 --- a/07_Resources/Repos/outbound/CodePipeline/pipe_line.json +++ b/07_Resources/Repos/outbound/CodePipeline/pipe_line.json @@ -4,7 +4,7 @@ "Properties": { "Name": "0x4447_s3_email_lambda_outbound", "ArtifactStore": { - "Location": { "Ref": "S3Code" }, + "Location": { "Ref": "CodePipelineBucketName" }, "Type": "S3" }, "RoleArn": { "Fn::GetAtt": ["PipelineOutboundRole", "Arn"] }, diff --git a/07_Resources/S3/Artifact/bucket.json b/07_Resources/S3/Artifact/bucket.json deleted file mode 100644 index b39dfba..0000000 --- a/07_Resources/S3/Artifact/bucket.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "S3Code": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketName": { "Fn::Sub": "${CodePipelineBucketName}" } - } - } -} \ No newline at end of file diff --git a/CloudFormation.json b/CloudFormation.json index ae654b8..5649d36 100644 --- a/CloudFormation.json +++ b/CloudFormation.json @@ -12,6 +12,7 @@ }, "GitHubToken": { "Description": "You need to create a Personal access tokens (https://github.com/settings/tokens) for CodePipeline to have access to the GitHub repo despite it being public.", + "NoEcho": true, "Type": "String" }, "Stage": { @@ -54,14 +55,6 @@ "RuleSetName": "0x4447_S3_Email" } }, - "S3Code": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketName": { - "Fn::Sub": "${CodePipelineBucketName}" - } - } - }, "S3Email": { "Type": "AWS::S3::Bucket", "DependsOn": [ @@ -222,7 +215,7 @@ "Name": "0x4447_s3_email_lambda_converter", "ArtifactStore": { "Location": { - "Ref": "S3Code" + "Ref": "CodePipelineBucketName" }, "Type": "S3" }, @@ -466,6 +459,86 @@ } } }, + "LambdaEmailConverter": { + "Type": "AWS::Lambda::Function", + "Description": "This Lambda converts raw emails files in to HTML and TEXT ones.", + "Properties": { + "FunctionName": "0x4447-s3-email-converter", + "Code": { + "ZipFile": "exports.handler = async (event) => {return true;};" + }, + "Handler": "index.handler", + "MemorySize": 128, + "Role": { + "Fn::GetAtt": [ + "LambdaEmailConverterRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Timeout": 60 + } + }, + "S3ConverterPermission": { + "Type": "AWS::Lambda::Permission", + "DependsOn": "LambdaEmailConverter", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "LambdaEmailConverter" + }, + "Principal": "s3.amazonaws.com" + } + }, + "LambdaEmailConverterRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "RoleName": "0x4447_s3_email_lambda_converter", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + } + }, + "LambdaEmailConverterPolicyS3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyName": "S3_access", + "Roles": [ + { + "Ref": "LambdaEmailConverterRole" + } + ], + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "s3:*", + "Resource": [ + { + "Fn::Sub": "arn:aws:s3:::${S3Email}" + }, + { + "Fn::Sub": "arn:aws:s3:::${S3Email}/*" + } + ] + } + ] + } + } + }, "CodeBuildConverter": { "Type": "AWS::CodeBuild::Project", "Properties": { @@ -566,7 +639,7 @@ "Effect": "Allow", "Action": "s3:*", "Resource": { - "Fn::Sub": "arn:aws:s3:::${S3Code}/*" + "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" } } ] @@ -596,93 +669,13 @@ } } }, - "LambdaEmailConverter": { - "Type": "AWS::Lambda::Function", - "Description": "This Lambda converts raw emails files in to HTML and TEXT ones.", - "Properties": { - "FunctionName": "0x4447-s3-email-converter", - "Code": { - "ZipFile": "exports.handler = async (event) => {return true;};" - }, - "Handler": "index.handler", - "MemorySize": 128, - "Role": { - "Fn::GetAtt": [ - "LambdaEmailConverterRole", - "Arn" - ] - }, - "Runtime": "nodejs8.10", - "Timeout": 60 - } - }, - "S3ConverterPermission": { - "Type": "AWS::Lambda::Permission", - "DependsOn": "LambdaEmailConverter", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "LambdaEmailConverter" - }, - "Principal": "s3.amazonaws.com" - } - }, - "LambdaEmailConverterRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_lambda_converter", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - } - }, - "LambdaEmailConverterPolicyS3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "S3_access", - "Roles": [ - { - "Ref": "LambdaEmailConverterRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "s3:*", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::${S3Email}" - }, - { - "Fn::Sub": "arn:aws:s3:::${S3Email}/*" - } - ] - } - ] - } - } - }, "PipelineOutbound": { "Type": "AWS::CodePipeline::Pipeline", "Properties": { "Name": "0x4447_s3_email_lambda_outbound", "ArtifactStore": { "Location": { - "Ref": "S3Code" + "Ref": "CodePipelineBucketName" }, "Type": "S3" }, @@ -926,86 +919,83 @@ } } }, - "LambdaEmailOutboundRole": { + "CodeBuildOutboundRole": { "Type": "AWS::IAM::Role", "Properties": { - "RoleName": "0x4447_s3_email_lambda_outbound", + "RoleName": "0x4447_s3_email_codebuild_outbound", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { - "Service": "lambda.amazonaws.com" + "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] + } } }, - "LambdaEmailOutbound": { - "Type": "AWS::Lambda::Function", - "Description": "Take the JSON and convert it in to an raw email.", + "CodeBuildOutbound": { + "Type": "AWS::CodeBuild::Project", "Properties": { - "FunctionName": "0x4447-s3-email-outbound", - "Code": { - "ZipFile": "exports.handler = async (event) => {return true;};" - }, - "Handler": "index.handler", - "MemorySize": 128, - "Role": { + "Name": "0x4447_s3_email_outbound", + "ServiceRole": { "Fn::GetAtt": [ - "LambdaEmailOutboundRole", + "CodeBuildOutboundRole", "Arn" ] }, - "Runtime": "nodejs8.10", - "Timeout": 60, + "TimeoutInMinutes": 60, + "Source": { + "Type": "CODEPIPELINE", + "BuildSpec": "buildspec.yml" + }, + "Artifacts": { + "Type": "CODEPIPELINE" + }, "Environment": { - "Variables": { - "BUCKET": { - "Ref": "EmailRestingPlace" + "Type": "LINUX_CONTAINER", + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/nodejs:8.11.0", + "EnvironmentVariables": [ + { + "Name": "FUNCTION_NAME", + "Type": "PLAINTEXT", + "Value": { + "Ref": "LambdaEmailOutbound" + } } - } + ] } } }, - "S3OutboundPermission": { - "Type": "AWS::Lambda::Permission", - "DependsOn": "LambdaEmailOutbound", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "LambdaEmailOutbound" - }, - "Principal": "s3.amazonaws.com" - } - }, - "LambdaEmailOutboundPolicyS3": { + "CodeBuildOutboundPolicyCWL": { "Type": "AWS::IAM::Policy", "Properties": { - "PolicyName": "S3_access", "Roles": [ { - "Ref": "LambdaEmailOutboundRole" + "Ref": "CodeBuildOutboundRole" } ], + "PolicyName": "cloud_watch_log_access", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "s3:*", + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], "Resource": [ { - "Fn::Sub": "arn:aws:s3:::${S3Email}" + "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound" }, { - "Fn::Sub": "arn:aws:s3:::${S3Email}/*" + "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound:*" } ] } @@ -1013,104 +1003,132 @@ } } }, - "LambdaEmailOutboundPolicySES": { + "CodeBuildOutboundPolicyS3": { "Type": "AWS::IAM::Policy", "Properties": { - "PolicyName": "ses", "Roles": [ { - "Ref": "LambdaEmailOutboundRole" + "Ref": "CodeBuildOutboundRole" } ], + "PolicyName": "s3_access", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "ses:SendRawEmail", - "Resource": "*" + "Action": "s3:*", + "Resource": { + "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" + } } ] } } }, - "CodeBuildOutbound": { - "Type": "AWS::CodeBuild::Project", + "CodeBuildOutboundPolicyLambdaUpdate": { + "Type": "AWS::IAM::Policy", "Properties": { - "Name": "0x4447_s3_email_outbound", - "ServiceRole": { + "Roles": [ + { + "Ref": "CodeBuildOutboundRole" + } + ], + "PolicyName": "update_lambda_code", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "lambda:UpdateFunctionCode", + "Resource": { + "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailOutbound}" + } + } + ] + } + } + }, + "LambdaEmailOutbound": { + "Type": "AWS::Lambda::Function", + "Description": "Take the JSON and convert it in to an raw email.", + "Properties": { + "FunctionName": "0x4447-s3-email-outbound", + "Code": { + "ZipFile": "exports.handler = async (event) => {return true;};" + }, + "Handler": "index.handler", + "MemorySize": 128, + "Role": { "Fn::GetAtt": [ - "CodeBuildOutboundRole", + "LambdaEmailOutboundRole", "Arn" ] }, - "TimeoutInMinutes": 60, - "Source": { - "Type": "CODEPIPELINE", - "BuildSpec": "buildspec.yml" - }, - "Artifacts": { - "Type": "CODEPIPELINE" - }, + "Runtime": "nodejs8.10", + "Timeout": 60, "Environment": { - "Type": "LINUX_CONTAINER", - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/nodejs:8.11.0", - "EnvironmentVariables": [ - { - "Name": "FUNCTION_NAME", - "Type": "PLAINTEXT", - "Value": { - "Ref": "LambdaEmailOutbound" - } + "Variables": { + "BUCKET": { + "Ref": "EmailRestingPlace" } - ] + } } } }, - "CodeBuildOutboundRole": { + "S3OutboundPermission": { + "Type": "AWS::Lambda::Permission", + "DependsOn": "LambdaEmailOutbound", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "LambdaEmailOutbound" + }, + "Principal": "s3.amazonaws.com" + } + }, + "LambdaEmailOutboundRole": { "Type": "AWS::IAM::Role", "Properties": { - "RoleName": "0x4447_s3_email_codebuild_outbound", + "RoleName": "0x4447_s3_email_lambda_outbound", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { - "Service": "codebuild.amazonaws.com" + "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] } }, - "CodeBuildOutboundPolicyCWL": { + "LambdaEmailOutboundPolicyS3": { "Type": "AWS::IAM::Policy", "Properties": { + "PolicyName": "S3_access", "Roles": [ { - "Ref": "CodeBuildOutboundRole" + "Ref": "LambdaEmailOutboundRole" } ], - "PolicyName": "cloud_watch_log_access", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], + "Action": "s3:*", "Resource": [ { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound" + "Fn::Sub": "arn:aws:s3:::${S3Email}" }, { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound:*" + "Fn::Sub": "arn:aws:s3:::${S3Email}/*" } ] } @@ -1118,47 +1136,22 @@ } } }, - "CodeBuildOutboundPolicyS3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildOutboundRole" - } - ], - "PolicyName": "s3_access", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "s3:*", - "Resource": { - "Fn::Sub": "arn:aws:s3:::${S3Code}/*" - } - } - ] - } - } - }, - "CodeBuildOutboundPolicyLambdaUpdate": { + "LambdaEmailOutboundPolicySES": { "Type": "AWS::IAM::Policy", "Properties": { + "PolicyName": "ses", "Roles": [ { - "Ref": "CodeBuildOutboundRole" + "Ref": "LambdaEmailOutboundRole" } ], - "PolicyName": "update_lambda_code", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "lambda:UpdateFunctionCode", - "Resource": { - "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailOutbound}" - } + "Action": "ses:SendRawEmail", + "Resource": "*" } ] } @@ -1170,7 +1163,7 @@ "Name": "0x4447_s3_email_lambda_inbound", "ArtifactStore": { "Location": { - "Ref": "S3Code" + "Ref": "CodePipelineBucketName" }, "Type": "S3" }, @@ -1414,83 +1407,86 @@ } } }, - "CodeBuildInbound": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Name": "0x4447_s3_email_inbound", - "ServiceRole": { - "Fn::GetAtt": [ - "CodeBuildInboundRole", - "Arn" - ] - }, - "TimeoutInMinutes": 60, - "Source": { - "Type": "CODEPIPELINE", - "BuildSpec": "buildspec.yml" - }, - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Environment": { - "Type": "LINUX_CONTAINER", - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/nodejs:8.11.0", - "EnvironmentVariables": [ - { - "Name": "FUNCTION_NAME", - "Type": "PLAINTEXT", - "Value": { - "Ref": "LambdaEmailInbound" - } - } - ] - } - } - }, - "CodeBuildInboundRole": { + "LambdaEmailInboundRole": { "Type": "AWS::IAM::Role", "Properties": { - "RoleName": "0x4447_s3_email_codebuild_inbound", + "RoleName": "0x4447_s3_email_lambda_inbound", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { - "Service": "codebuild.amazonaws.com" + "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + } + }, + "S3InboundPermission": { + "Type": "AWS::Lambda::Permission", + "DependsOn": "LambdaEmailInbound", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "LambdaEmailInbound" + }, + "Principal": "s3.amazonaws.com" + } + }, + "LambdaEmailInbound": { + "Type": "AWS::Lambda::Function", + "Description": "This Lambda organizes all the incoming emails based on the From and To field.", + "Properties": { + "FunctionName": "0x4447-s3-email-inbound", + "Code": { + "ZipFile": "exports.handler = async (event) => {return true;};" + }, + "Handler": "index.handler", + "MemorySize": 128, + "Role": { + "Fn::GetAtt": [ + "LambdaEmailInboundRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Timeout": 60, + "Environment": { + "Variables": { + "BUCKET": { + "Ref": "EmailRestingPlace" + } + } } } }, - "CodeBuildDeployPolicyCWL": { + "LambdaEmailInboundPolicyS3": { "Type": "AWS::IAM::Policy", "Properties": { + "PolicyName": "S3_access", "Roles": [ { - "Ref": "CodeBuildInboundRole" + "Ref": "LambdaEmailInboundRole" } ], - "PolicyName": "cloud_watch_log_access", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], + "Action": "s3:*", "Resource": [ { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound" + "Fn::Sub": "arn:aws:s3:::${S3Email}" }, { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound:*" + "Fn::Sub": "arn:aws:s3:::${S3Email}/*" } ] } @@ -1498,155 +1494,152 @@ } } }, - "CodeBuildDeployPolicyLambdaUpdate": { + "LambdaEmailInboundPolicySES": { "Type": "AWS::IAM::Policy", "Properties": { + "PolicyName": "ses_access", "Roles": [ { - "Ref": "CodeBuildInboundRole" + "Ref": "LambdaEmailInboundRole" } ], - "PolicyName": "update_lambda_code", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "lambda:UpdateFunctionCode", - "Resource": { - "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailInbound}" - } + "Action": "ses:ListIdentities", + "Resource": "*" } ] } } }, - "CodeBuildDeployPolicyS3": { - "Type": "AWS::IAM::Policy", + "CodeBuildInboundRole": { + "Type": "AWS::IAM::Role", "Properties": { - "Roles": [ - { - "Ref": "CodeBuildInboundRole" - } - ], - "PolicyName": "s3_access", - "PolicyDocument": { + "RoleName": "0x4447_s3_email_codebuild_inbound", + "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "s3:*", - "Resource": { - "Fn::Sub": "arn:aws:s3:::${S3Code}/*" - } + "Principal": { + "Service": "codebuild.amazonaws.com" + }, + "Action": "sts:AssumeRole" } ] } } }, - "S3InboundPermission": { - "Type": "AWS::Lambda::Permission", - "DependsOn": "LambdaEmailInbound", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "LambdaEmailInbound" - }, - "Principal": "s3.amazonaws.com" - } - }, - "LambdaEmailInbound": { - "Type": "AWS::Lambda::Function", - "Description": "This Lambda organizes all the incoming emails based on the From and To field.", + "CodeBuildInbound": { + "Type": "AWS::CodeBuild::Project", "Properties": { - "FunctionName": "0x4447-s3-email-inbound", - "Code": { - "ZipFile": "exports.handler = async (event) => {return true;};" - }, - "Handler": "index.handler", - "MemorySize": 128, - "Role": { + "Name": "0x4447_s3_email_inbound", + "ServiceRole": { "Fn::GetAtt": [ - "LambdaEmailInboundRole", + "CodeBuildInboundRole", "Arn" ] }, - "Runtime": "nodejs8.10", - "Timeout": 60, + "TimeoutInMinutes": 60, + "Source": { + "Type": "CODEPIPELINE", + "BuildSpec": "buildspec.yml" + }, + "Artifacts": { + "Type": "CODEPIPELINE" + }, "Environment": { - "Variables": { - "BUCKET": { - "Ref": "EmailRestingPlace" + "Type": "LINUX_CONTAINER", + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/nodejs:8.11.0", + "EnvironmentVariables": [ + { + "Name": "FUNCTION_NAME", + "Type": "PLAINTEXT", + "Value": { + "Ref": "LambdaEmailInbound" + } } - } + ] } } }, - "LambdaEmailInboundRole": { - "Type": "AWS::IAM::Role", + "CodeBuildDeployPolicyCWL": { + "Type": "AWS::IAM::Policy", "Properties": { - "RoleName": "0x4447_s3_email_lambda_inbound", - "AssumeRolePolicyDocument": { + "Roles": [ + { + "Ref": "CodeBuildInboundRole" + } + ], + "PolicyName": "cloud_watch_log_access", + "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource": [ + { + "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound" + }, + { + "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound:*" + } + ] } ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] + } } }, - "LambdaEmailInboundPolicyS3": { + "CodeBuildDeployPolicyS3": { "Type": "AWS::IAM::Policy", "Properties": { - "PolicyName": "S3_access", "Roles": [ { - "Ref": "LambdaEmailInboundRole" + "Ref": "CodeBuildInboundRole" } ], + "PolicyName": "s3_access", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::${S3Email}" - }, - { - "Fn::Sub": "arn:aws:s3:::${S3Email}/*" - } - ] + "Resource": { + "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" + } } ] } } }, - "LambdaEmailInboundPolicySES": { + "CodeBuildDeployPolicyLambdaUpdate": { "Type": "AWS::IAM::Policy", "Properties": { - "PolicyName": "ses_access", "Roles": [ { - "Ref": "LambdaEmailInboundRole" + "Ref": "CodeBuildInboundRole" } ], + "PolicyName": "update_lambda_code", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "ses:ListIdentities", - "Resource": "*" + "Action": "lambda:UpdateFunctionCode", + "Resource": { + "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailInbound}" + } } ] }