diff --git a/07_Resources/Repos/converter/Lambda/lambda.json b/07_Resources/Repos/converter/Lambda/lambda.json index 69c537c..c8425d6 100644 --- a/07_Resources/Repos/converter/Lambda/lambda.json +++ b/07_Resources/Repos/converter/Lambda/lambda.json @@ -10,7 +10,7 @@ "Handler": "index.handler", "MemorySize": 256, "Role": { "Fn::GetAtt": ["LambdaEmailConverterRole", "Arn"] }, - "Runtime": "nodejs8.10", + "Runtime": "nodejs12.x", "Timeout": 60 } } diff --git a/07_Resources/Repos/inbound/Lambda/lambda.json b/07_Resources/Repos/inbound/Lambda/lambda.json index 9c12c21..c28364f 100644 --- a/07_Resources/Repos/inbound/Lambda/lambda.json +++ b/07_Resources/Repos/inbound/Lambda/lambda.json @@ -10,7 +10,7 @@ "Handler": "index.handler", "MemorySize": 256, "Role": { "Fn::GetAtt": ["LambdaEmailInboundRole", "Arn"] }, - "Runtime": "nodejs8.10", + "Runtime": "nodejs12.x", "Timeout": 60, "Environment": { "Variables" : { diff --git a/07_Resources/Repos/outbound/Lambda/lambda.json b/07_Resources/Repos/outbound/Lambda/lambda.json index a152d35..3f57595 100644 --- a/07_Resources/Repos/outbound/Lambda/lambda.json +++ b/07_Resources/Repos/outbound/Lambda/lambda.json @@ -10,7 +10,7 @@ "Handler": "index.handler", "MemorySize": 256, "Role": { "Fn::GetAtt": ["LambdaEmailOutboundRole", "Arn"] }, - "Runtime": "nodejs8.10", + "Runtime": "nodejs12.x", "Timeout": 60, "Environment": { "Variables" : { diff --git a/CloudFormation.json b/CloudFormation.json deleted file mode 100644 index 5d211ad..0000000 --- a/CloudFormation.json +++ /dev/null @@ -1,1804 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "This stack will create a solution where you get infinite emails using AWS SES and S3.", - "Parameters": { - "EmailRestingPlace": { - "Description": "The S3 bucket name where the emails will be stored when they come through AWS SES. (This bucket will be made for you)", - "Type": "String" - }, - "CodePipelineBucketName": { - "Description": "The S3 bucket name where CodePipeline will store the artifacts (this is needed only by CP to work, and pass task results to the next stage) - (This bucket needs to exist already in S3)", - "Type": "String" - }, - "ParamGitHubAccountName": { - "Description": "The name of the GitHub account, it is the same names that you find in the URL. Organization or private account.", - "Type": "String", - "Default": "0x4447" - }, - "GitHubToken": { - "Description": "You need to create a Personal access tokens (https://github.com/settings/tokens) for CodePipeline to have access to the GitHub repo even if they are public, and the Scope has to have: repo and admin:repo_hook", - "NoEcho": true, - "Type": "String" - }, - "Stage": { - "Description": "Select what Stage are you deploying.", - "Type": "String", - "AllowedValues": [ - "master", - "development" - ], - "Default": "master", - "ConstraintDescription": "must only contain lowercase letters and numbers, and can't start with a number." - } - }, - "Resources": { - "IAMGroup": { - "Type": "AWS::IAM::Group", - "Properties": { - "GroupName": "0x4447_s3_email", - "Policies": [ - { - "PolicyName": "l_r_w_d_plus_rename", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:ListBucket", - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:GetObjectAcl", - "s3:GetObjectVersionAcl", - "s3:PutObjectAcl", - "s3:PutObjectVersionAcl" - ], - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::${S3Email}" - }, - { - "Fn::Sub": "arn:aws:s3:::${S3Email}/*" - } - ] - }, - { - "Effect": "Allow", - "Action": "s3:ListAllMyBuckets", - "Resource": "*" - } - ] - } - } - ] - } - }, - "SESReceiptRule": { - "Type": "AWS::SES::ReceiptRule", - "Properties": { - "RuleSetName": { - "Ref": "SESReceiptRuleSet" - }, - "Rule": { - "Name": "Inbound", - "Enabled": true, - "Actions": [ - { - "S3Action": { - "BucketName": { - "Ref": "S3Email" - }, - "ObjectKeyPrefix": "TMP/email_in" - } - } - ] - } - } - }, - "SESReceiptRuleSet": { - "Type": "AWS::SES::ReceiptRuleSet", - "Properties": { - "RuleSetName": "0x4447_S3_Email" - } - }, - "S3Email": { - "Type": "AWS::S3::Bucket", - "DependsOn": [ - "LambdaEmailOutbound", - "LambdaEmailConverter", - "LambdaEmailInbound" - ], - "Properties": { - "BucketName": { - "Fn::Sub": "${EmailRestingPlace}" - }, - "LifecycleConfiguration": { - "Rules": [ - { - "Id": "24h", - "ExpirationInDays": 1, - "NoncurrentVersionExpirationInDays": 1, - "Prefix": "Today/", - "Status": "Enabled" - }, - { - "Id": "Intelligent transition for Inbox", - "Status": "Enabled", - "Prefix": "Inbox/", - "Transition": { - "StorageClass": "INTELLIGENT_TIERING", - "TransitionInDays": 0 - } - }, - { - "Id": "Intelligent transition for Sent", - "Status": "Enabled", - "Prefix": "Sent/", - "Transition": { - "StorageClass": "INTELLIGENT_TIERING", - "TransitionInDays": 0 - } - } - ] - }, - "NotificationConfiguration": { - "LambdaConfigurations": [ - { - "Function": { - "Fn::GetAtt": [ - "LambdaEmailInbound", - "Arn" - ] - }, - "Event": "s3:ObjectCreated:Put", - "Filter": { - "S3Key": { - "Rules": [ - { - "Name": "prefix", - "Value": "TMP/email_in" - } - ] - } - } - }, - { - "Function": { - "Fn::GetAtt": [ - "LambdaEmailOutbound", - "Arn" - ] - }, - "Event": "s3:ObjectCreated:Put", - "Filter": { - "S3Key": { - "Rules": [ - { - "Name": "prefix", - "Value": "TMP/email_out/json" - } - ] - } - } - }, - { - "Function": { - "Fn::GetAtt": [ - "LambdaEmailConverter", - "Arn" - ] - }, - "Event": "s3:ObjectCreated:Copy", - "Filter": { - "S3Key": { - "Rules": [ - { - "Name": "prefix", - "Value": "Sent/" - } - ] - } - } - }, - { - "Function": { - "Fn::GetAtt": [ - "LambdaEmailConverter", - "Arn" - ] - }, - "Event": "s3:ObjectCreated:Copy", - "Filter": { - "S3Key": { - "Rules": [ - { - "Name": "prefix", - "Value": "Inbox/" - } - ] - } - } - }, - { - "Function": { - "Fn::GetAtt": [ - "LambdaEmailConverter", - "Arn" - ] - }, - "Event": "s3:ObjectCreated:Copy", - "Filter": { - "S3Key": { - "Rules": [ - { - "Name": "prefix", - "Value": "Today/" - } - ] - } - } - } - ] - } - } - }, - "S3EmailPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "S3Email" - }, - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowSESPuts", - "Effect": "Allow", - "Principal": { - "Service": "ses.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": { - "Fn::Sub": "arn:aws:s3:::${S3Email}/TMP/email_in/*" - }, - "Condition": { - "StringEquals": { - "aws:Referer": { - "Ref": "AWS::AccountId" - } - } - } - } - ] - } - } - }, - "PipelineConverter": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "Name": "0x4447_s3_email_lambda_converter", - "ArtifactStore": { - "Location": { - "Ref": "CodePipelineBucketName" - }, - "Type": "S3" - }, - "RoleArn": { - "Fn::GetAtt": [ - "PipelineConverterRole", - "Arn" - ] - }, - "Stages": [ - { - "Name": "Get", - "Actions": [ - { - "Name": "Material", - "RunOrder": 1, - "ActionTypeId": { - "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", - "Version": "1" - }, - "Configuration": { - "Owner": { - "Ref": "ParamGitHubAccountName" - }, - "Repo": "0x4447-product-s3-email-lambda-converter", - "Branch": { - "Ref": "Stage" - }, - "PollForSourceChanges": false, - "OAuthToken": { - "Ref": "GitHubToken" - } - }, - "OutputArtifacts": [ - { - "Name": "source_code" - } - ] - } - ] - }, - { - "Name": "Cast", - "Actions": [ - { - "Name": "Mold", - "RunOrder": 1, - "InputArtifacts": [ - { - "Name": "source_code" - } - ], - "Configuration": { - "ProjectName": { - "Ref": "CodeBuildConverter" - } - }, - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - } - } - ] - } - ] - } - }, - "PipelineConverterPolicy": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "default", - "Roles": [ - { - "Ref": "PipelineConverterRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "iam:PassRole" - ], - "Resource": "*", - "Effect": "Allow", - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": [ - "cloudformation.amazonaws.com", - "elasticbeanstalk.amazonaws.com", - "ec2.amazonaws.com", - "ecs-tasks.amazonaws.com" - ] - } - } - }, - { - "Action": [ - "codecommit:CancelUploadArchive", - "codecommit:GetBranch", - "codecommit:GetCommit", - "codecommit:GetUploadArchiveStatus", - "codecommit:UploadArchive" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "codedeploy:CreateDeployment", - "codedeploy:GetApplication", - "codedeploy:GetApplicationRevision", - "codedeploy:GetDeployment", - "codedeploy:GetDeploymentConfig", - "codedeploy:RegisterApplicationRevision" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "elasticbeanstalk:*", - "ec2:*", - "elasticloadbalancing:*", - "autoscaling:*", - "cloudwatch:*", - "s3:*", - "sns:*", - "cloudformation:*", - "rds:*", - "sqs:*", - "ecs:*" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "lambda:InvokeFunction", - "lambda:ListFunctions" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "opsworks:CreateDeployment", - "opsworks:DescribeApps", - "opsworks:DescribeCommands", - "opsworks:DescribeDeployments", - "opsworks:DescribeInstances", - "opsworks:DescribeStacks", - "opsworks:UpdateApp", - "opsworks:UpdateStack" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStacks", - "cloudformation:UpdateStack", - "cloudformation:CreateChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:SetStackPolicy", - "cloudformation:ValidateTemplate" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Effect": "Allow", - "Action": [ - "devicefarm:ListProjects", - "devicefarm:ListDevicePools", - "devicefarm:GetRun", - "devicefarm:GetUpload", - "devicefarm:CreateUpload", - "devicefarm:ScheduleRun" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "servicecatalog:ListProvisioningArtifacts", - "servicecatalog:CreateProvisioningArtifact", - "servicecatalog:DescribeProvisioningArtifact", - "servicecatalog:DeleteProvisioningArtifact", - "servicecatalog:UpdateProduct" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "cloudformation:ValidateTemplate" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ecr:DescribeImages" - ], - "Resource": "*" - } - ] - } - } - }, - "PipelineConverterRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_codepipeline_converter", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - } - }, - "PipelineConverterWebhook": { - "Type": "AWS::CodePipeline::Webhook", - "Properties": { - "Authentication": "GITHUB_HMAC", - "AuthenticationConfiguration": { - "SecretToken": { - "Ref": "GitHubToken" - } - }, - "Filters": [ - { - "JsonPath": "$.ref", - "MatchEquals": "refs/heads/{Branch}" - } - ], - "TargetPipeline": { - "Ref": "PipelineConverter" - }, - "TargetAction": "Material", - "TargetPipelineVersion": { - "Fn::GetAtt": [ - "PipelineConverter", - "Version" - ] - }, - "RegisterWithThirdParty": true - } - }, - "CodeBuildConverter": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Name": "0x4447_s3_email_converter", - "ServiceRole": { - "Fn::GetAtt": [ - "CodeBuildConverterRole", - "Arn" - ] - }, - "TimeoutInMinutes": 60, - "Source": { - "Type": "CODEPIPELINE", - "BuildSpec": "buildspec.yml" - }, - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Environment": { - "Type": "LINUX_CONTAINER", - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/nodejs:8.11.0", - "EnvironmentVariables": [ - { - "Name": "FUNCTION_NAME", - "Type": "PLAINTEXT", - "Value": { - "Ref": "LambdaEmailConverter" - } - } - ] - } - } - }, - "CodeBuildConverterRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_codebuild_converter", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - } - }, - "CodeBuildConverterPolicyCWL": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildConverterRole" - } - ], - "PolicyName": "cloud_watch_log_access", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Resource": [ - { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_converter" - }, - { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_converter:*" - } - ] - } - ] - } - } - }, - "CodeBuildConverterPolicyS3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildConverterRole" - } - ], - "PolicyName": "s3_access", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "s3:*", - "Resource": { - "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" - } - } - ] - } - } - }, - "CodeBuildConverterPolicyLambdaUpdate": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildConverterRole" - } - ], - "PolicyName": "update_lambda_code", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "lambda:UpdateFunctionCode", - "Resource": { - "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailConverter}" - } - } - ] - } - } - }, - "LambdaEmailConverter": { - "Type": "AWS::Lambda::Function", - "Description": "This Lambda converts raw emails files in to HTML and TEXT ones.", - "Properties": { - "FunctionName": "0x4447-s3-email-converter", - "Code": { - "ZipFile": "exports.handler = async (event) => {return true;};" - }, - "Handler": "index.handler", - "MemorySize": 256, - "Role": { - "Fn::GetAtt": [ - "LambdaEmailConverterRole", - "Arn" - ] - }, - "Runtime": "nodejs8.10", - "Timeout": 60 - } - }, - "S3ConverterPermission": { - "Type": "AWS::Lambda::Permission", - "DependsOn": "LambdaEmailConverter", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "LambdaEmailConverter" - }, - "Principal": "s3.amazonaws.com" - } - }, - "LambdaEmailConverterRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_lambda_converter", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - } - }, - "LambdaEmailConverterPolicyS3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "S3_access", - "Roles": [ - { - "Ref": "LambdaEmailConverterRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "s3:*", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::${S3Email}" - }, - { - "Fn::Sub": "arn:aws:s3:::${S3Email}/*" - } - ] - } - ] - } - } - }, - "PipelineOutbound": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "Name": "0x4447_s3_email_lambda_outbound", - "ArtifactStore": { - "Location": { - "Ref": "CodePipelineBucketName" - }, - "Type": "S3" - }, - "RoleArn": { - "Fn::GetAtt": [ - "PipelineOutboundRole", - "Arn" - ] - }, - "Stages": [ - { - "Name": "Get", - "Actions": [ - { - "Name": "Material", - "RunOrder": 1, - "ActionTypeId": { - "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", - "Version": "1" - }, - "Configuration": { - "Owner": { - "Ref": "ParamGitHubAccountName" - }, - "Repo": "0x4447-product-s3-email-lambda-outbound", - "Branch": { - "Ref": "Stage" - }, - "PollForSourceChanges": false, - "OAuthToken": { - "Ref": "GitHubToken" - } - }, - "OutputArtifacts": [ - { - "Name": "source_code" - } - ] - } - ] - }, - { - "Name": "Cast", - "Actions": [ - { - "Name": "Mold", - "RunOrder": 1, - "InputArtifacts": [ - { - "Name": "source_code" - } - ], - "Configuration": { - "ProjectName": { - "Ref": "CodeBuildOutbound" - } - }, - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - } - } - ] - } - ] - } - }, - "PipelineOutboundPolicy": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "default", - "Roles": [ - { - "Ref": "PipelineOutboundRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "iam:PassRole" - ], - "Resource": "*", - "Effect": "Allow", - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": [ - "cloudformation.amazonaws.com", - "elasticbeanstalk.amazonaws.com", - "ec2.amazonaws.com", - "ecs-tasks.amazonaws.com" - ] - } - } - }, - { - "Action": [ - "codecommit:CancelUploadArchive", - "codecommit:GetBranch", - "codecommit:GetCommit", - "codecommit:GetUploadArchiveStatus", - "codecommit:UploadArchive" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "codedeploy:CreateDeployment", - "codedeploy:GetApplication", - "codedeploy:GetApplicationRevision", - "codedeploy:GetDeployment", - "codedeploy:GetDeploymentConfig", - "codedeploy:RegisterApplicationRevision" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "elasticbeanstalk:*", - "ec2:*", - "elasticloadbalancing:*", - "autoscaling:*", - "cloudwatch:*", - "s3:*", - "sns:*", - "cloudformation:*", - "rds:*", - "sqs:*", - "ecs:*" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "lambda:InvokeFunction", - "lambda:ListFunctions" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "opsworks:CreateDeployment", - "opsworks:DescribeApps", - "opsworks:DescribeCommands", - "opsworks:DescribeDeployments", - "opsworks:DescribeInstances", - "opsworks:DescribeStacks", - "opsworks:UpdateApp", - "opsworks:UpdateStack" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStacks", - "cloudformation:UpdateStack", - "cloudformation:CreateChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:SetStackPolicy", - "cloudformation:ValidateTemplate" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Effect": "Allow", - "Action": [ - "devicefarm:ListProjects", - "devicefarm:ListDevicePools", - "devicefarm:GetRun", - "devicefarm:GetUpload", - "devicefarm:CreateUpload", - "devicefarm:ScheduleRun" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "servicecatalog:ListProvisioningArtifacts", - "servicecatalog:CreateProvisioningArtifact", - "servicecatalog:DescribeProvisioningArtifact", - "servicecatalog:DeleteProvisioningArtifact", - "servicecatalog:UpdateProduct" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "cloudformation:ValidateTemplate" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ecr:DescribeImages" - ], - "Resource": "*" - } - ] - } - } - }, - "PipelineOutboundRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_codepipeline_outbound", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - } - }, - "PipelineOutboundWebhook": { - "Type": "AWS::CodePipeline::Webhook", - "Properties": { - "Authentication": "GITHUB_HMAC", - "AuthenticationConfiguration": { - "SecretToken": { - "Ref": "GitHubToken" - } - }, - "Filters": [ - { - "JsonPath": "$.ref", - "MatchEquals": "refs/heads/{Branch}" - } - ], - "TargetPipeline": { - "Ref": "PipelineOutbound" - }, - "TargetAction": "Material", - "TargetPipelineVersion": { - "Fn::GetAtt": [ - "PipelineOutbound", - "Version" - ] - }, - "RegisterWithThirdParty": true - } - }, - "CodeBuildOutbound": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Name": "0x4447_s3_email_outbound", - "ServiceRole": { - "Fn::GetAtt": [ - "CodeBuildOutboundRole", - "Arn" - ] - }, - "TimeoutInMinutes": 60, - "Source": { - "Type": "CODEPIPELINE", - "BuildSpec": "buildspec.yml" - }, - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Environment": { - "Type": "LINUX_CONTAINER", - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/nodejs:8.11.0", - "EnvironmentVariables": [ - { - "Name": "FUNCTION_NAME", - "Type": "PLAINTEXT", - "Value": { - "Ref": "LambdaEmailOutbound" - } - } - ] - } - } - }, - "CodeBuildOutboundRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_codebuild_outbound", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - } - }, - "CodeBuildOutboundPolicyCWL": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildOutboundRole" - } - ], - "PolicyName": "cloud_watch_log_access", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Resource": [ - { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound" - }, - { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound:*" - } - ] - } - ] - } - } - }, - "CodeBuildOutboundPolicyS3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildOutboundRole" - } - ], - "PolicyName": "s3_access", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "s3:*", - "Resource": { - "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" - } - } - ] - } - } - }, - "CodeBuildOutboundPolicyLambdaUpdate": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildOutboundRole" - } - ], - "PolicyName": "update_lambda_code", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "lambda:UpdateFunctionCode", - "Resource": { - "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailOutbound}" - } - } - ] - } - } - }, - "LambdaEmailOutbound": { - "Type": "AWS::Lambda::Function", - "Description": "Take the JSON and convert it in to an raw email.", - "Properties": { - "FunctionName": "0x4447-s3-email-outbound", - "Code": { - "ZipFile": "exports.handler = async (event) => {return true;};" - }, - "Handler": "index.handler", - "MemorySize": 256, - "Role": { - "Fn::GetAtt": [ - "LambdaEmailOutboundRole", - "Arn" - ] - }, - "Runtime": "nodejs8.10", - "Timeout": 60, - "Environment": { - "Variables": { - "BUCKET": { - "Ref": "EmailRestingPlace" - } - } - } - } - }, - "S3OutboundPermission": { - "Type": "AWS::Lambda::Permission", - "DependsOn": "LambdaEmailOutbound", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "LambdaEmailOutbound" - }, - "Principal": "s3.amazonaws.com" - } - }, - "LambdaEmailOutboundRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_lambda_outbound", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - } - }, - "LambdaEmailOutboundPolicyS3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "S3_access", - "Roles": [ - { - "Ref": "LambdaEmailOutboundRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "s3:*", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::${S3Email}" - }, - { - "Fn::Sub": "arn:aws:s3:::${S3Email}/*" - } - ] - } - ] - } - } - }, - "LambdaEmailOutboundPolicySES": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "ses", - "Roles": [ - { - "Ref": "LambdaEmailOutboundRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "ses:SendRawEmail", - "Resource": "*" - } - ] - } - } - }, - "PipelineInbound": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "Name": "0x4447_s3_email_lambda_inbound", - "ArtifactStore": { - "Location": { - "Ref": "CodePipelineBucketName" - }, - "Type": "S3" - }, - "RoleArn": { - "Fn::GetAtt": [ - "PipelineInboundRole", - "Arn" - ] - }, - "Stages": [ - { - "Name": "Get", - "Actions": [ - { - "Name": "Material", - "RunOrder": 1, - "ActionTypeId": { - "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", - "Version": "1" - }, - "Configuration": { - "Owner": { - "Ref": "ParamGitHubAccountName" - }, - "Repo": "0x4447-product-s3-email-lambda-inbound", - "Branch": { - "Ref": "Stage" - }, - "PollForSourceChanges": false, - "OAuthToken": { - "Ref": "GitHubToken" - } - }, - "OutputArtifacts": [ - { - "Name": "source_code" - } - ] - } - ] - }, - { - "Name": "Cast", - "Actions": [ - { - "Name": "Mold", - "RunOrder": 1, - "InputArtifacts": [ - { - "Name": "source_code" - } - ], - "Configuration": { - "ProjectName": { - "Ref": "CodeBuildInbound" - } - }, - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1" - } - } - ] - } - ] - } - }, - "PipelineInboundPolicy": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "default", - "Roles": [ - { - "Ref": "PipelineInboundRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "iam:PassRole" - ], - "Resource": "*", - "Effect": "Allow", - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": [ - "cloudformation.amazonaws.com", - "elasticbeanstalk.amazonaws.com", - "ec2.amazonaws.com", - "ecs-tasks.amazonaws.com" - ] - } - } - }, - { - "Action": [ - "codecommit:CancelUploadArchive", - "codecommit:GetBranch", - "codecommit:GetCommit", - "codecommit:GetUploadArchiveStatus", - "codecommit:UploadArchive" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "codedeploy:CreateDeployment", - "codedeploy:GetApplication", - "codedeploy:GetApplicationRevision", - "codedeploy:GetDeployment", - "codedeploy:GetDeploymentConfig", - "codedeploy:RegisterApplicationRevision" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "elasticbeanstalk:*", - "ec2:*", - "elasticloadbalancing:*", - "autoscaling:*", - "cloudwatch:*", - "s3:*", - "sns:*", - "cloudformation:*", - "rds:*", - "sqs:*", - "ecs:*" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "lambda:InvokeFunction", - "lambda:ListFunctions" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "opsworks:CreateDeployment", - "opsworks:DescribeApps", - "opsworks:DescribeCommands", - "opsworks:DescribeDeployments", - "opsworks:DescribeInstances", - "opsworks:DescribeStacks", - "opsworks:UpdateApp", - "opsworks:UpdateStack" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStacks", - "cloudformation:UpdateStack", - "cloudformation:CreateChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:SetStackPolicy", - "cloudformation:ValidateTemplate" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Effect": "Allow", - "Action": [ - "devicefarm:ListProjects", - "devicefarm:ListDevicePools", - "devicefarm:GetRun", - "devicefarm:GetUpload", - "devicefarm:CreateUpload", - "devicefarm:ScheduleRun" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "servicecatalog:ListProvisioningArtifacts", - "servicecatalog:CreateProvisioningArtifact", - "servicecatalog:DescribeProvisioningArtifact", - "servicecatalog:DeleteProvisioningArtifact", - "servicecatalog:UpdateProduct" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "cloudformation:ValidateTemplate" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ecr:DescribeImages" - ], - "Resource": "*" - } - ] - } - } - }, - "PipelineInboundRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_codepipeline_inbound", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - } - }, - "PipelineInboundWebhook": { - "Type": "AWS::CodePipeline::Webhook", - "Properties": { - "Authentication": "GITHUB_HMAC", - "AuthenticationConfiguration": { - "SecretToken": { - "Ref": "GitHubToken" - } - }, - "Filters": [ - { - "JsonPath": "$.ref", - "MatchEquals": "refs/heads/{Branch}" - } - ], - "TargetPipeline": { - "Ref": "PipelineInbound" - }, - "TargetAction": "Material", - "TargetPipelineVersion": { - "Fn::GetAtt": [ - "PipelineInbound", - "Version" - ] - }, - "RegisterWithThirdParty": true - } - }, - "CodeBuildInbound": { - "Type": "AWS::CodeBuild::Project", - "Properties": { - "Name": "0x4447_s3_email_inbound", - "ServiceRole": { - "Fn::GetAtt": [ - "CodeBuildInboundRole", - "Arn" - ] - }, - "TimeoutInMinutes": 60, - "Source": { - "Type": "CODEPIPELINE", - "BuildSpec": "buildspec.yml" - }, - "Artifacts": { - "Type": "CODEPIPELINE" - }, - "Environment": { - "Type": "LINUX_CONTAINER", - "ComputeType": "BUILD_GENERAL1_SMALL", - "Image": "aws/codebuild/nodejs:8.11.0", - "EnvironmentVariables": [ - { - "Name": "FUNCTION_NAME", - "Type": "PLAINTEXT", - "Value": { - "Ref": "LambdaEmailInbound" - } - } - ] - } - } - }, - "CodeBuildInboundRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_codebuild_inbound", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - } - }, - "CodeBuildDeployPolicyCWL": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildInboundRole" - } - ], - "PolicyName": "cloud_watch_log_access", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Resource": [ - { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound" - }, - { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_inbound:*" - } - ] - } - ] - } - } - }, - "CodeBuildDeployPolicyS3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildInboundRole" - } - ], - "PolicyName": "s3_access", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "s3:*", - "Resource": { - "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" - } - } - ] - } - } - }, - "CodeBuildDeployPolicyLambdaUpdate": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "CodeBuildInboundRole" - } - ], - "PolicyName": "update_lambda_code", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "lambda:UpdateFunctionCode", - "Resource": { - "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailInbound}" - } - } - ] - } - } - }, - "LambdaEmailInbound": { - "Type": "AWS::Lambda::Function", - "Description": "This Lambda organizes all the incoming emails based on the From and To field.", - "Properties": { - "FunctionName": "0x4447-s3-email-inbound", - "Code": { - "ZipFile": "exports.handler = async (event) => {return true;};" - }, - "Handler": "index.handler", - "MemorySize": 256, - "Role": { - "Fn::GetAtt": [ - "LambdaEmailInboundRole", - "Arn" - ] - }, - "Runtime": "nodejs8.10", - "Timeout": 60, - "Environment": { - "Variables": { - "BUCKET": { - "Ref": "EmailRestingPlace" - } - } - } - } - }, - "S3InboundPermission": { - "Type": "AWS::Lambda::Permission", - "DependsOn": "LambdaEmailInbound", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "LambdaEmailInbound" - }, - "Principal": "s3.amazonaws.com" - } - }, - "LambdaEmailInboundRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_lambda_inbound", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - } - }, - "LambdaEmailInboundPolicyS3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "S3_access", - "Roles": [ - { - "Ref": "LambdaEmailInboundRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "s3:*", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::${S3Email}" - }, - { - "Fn::Sub": "arn:aws:s3:::${S3Email}/*" - } - ] - } - ] - } - } - }, - "LambdaEmailInboundPolicySES": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "ses_access", - "Roles": [ - { - "Ref": "LambdaEmailInboundRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "ses:ListIdentities", - "Resource": "*" - } - ] - } - } - } - } -} \ No newline at end of file