102 lines
2.8 KiB
YAML
102 lines
2.8 KiB
YAML
AWSTemplateFormatVersion: '2010-09-09'
|
|
Transform: AWS::Serverless-2016-10-31
|
|
Description: eth-demo — Lambda + Step Functions demo
|
|
|
|
Parameters:
|
|
Prefix:
|
|
Type: String
|
|
Default: 2026/04/
|
|
Description: >-
|
|
S3 key prefix the function scans for PDFs. Matches the seed script's
|
|
default. Override with --parameter-overrides Prefix=other/ to target a
|
|
different prefix without changing the template. Trailing slash required.
|
|
AllowedPattern: ".+/"
|
|
ConstraintDescription: "must end with '/' (e.g. 2026/04/)"
|
|
|
|
Globals:
|
|
Function:
|
|
Runtime: python3.13
|
|
Timeout: 30
|
|
MemorySize: 256
|
|
Architectures: [arm64]
|
|
LoggingConfig:
|
|
LogFormat: JSON
|
|
|
|
Resources:
|
|
|
|
ReportsBucket:
|
|
Type: AWS::S3::Bucket
|
|
Properties:
|
|
BucketName: !Sub eth-demo-reports-${AWS::AccountId}
|
|
LifecycleConfiguration:
|
|
Rules:
|
|
- Id: expire-manifests
|
|
Status: Enabled
|
|
Prefix: manifests/
|
|
ExpirationInDays: 1
|
|
|
|
SignPdfsLogGroup:
|
|
Type: AWS::Logs::LogGroup
|
|
Properties:
|
|
LogGroupName: /aws/lambda/eth-demo-sign-pdfs
|
|
RetentionInDays: 7
|
|
|
|
DedupTable:
|
|
Type: AWS::DynamoDB::Table
|
|
Properties:
|
|
TableName: !Sub ${AWS::StackName}-sign-pdfs-dedup
|
|
BillingMode: PAY_PER_REQUEST
|
|
AttributeDefinitions:
|
|
- AttributeName: id
|
|
AttributeType: S
|
|
KeySchema:
|
|
- AttributeName: id
|
|
KeyType: HASH
|
|
TimeToLiveSpecification:
|
|
AttributeName: ttl
|
|
Enabled: true
|
|
|
|
SignPdfsFunction:
|
|
Type: AWS::Serverless::Function
|
|
Properties:
|
|
FunctionName: eth-demo-sign-pdfs
|
|
CodeUri: functions/sign_pdfs/
|
|
Handler: handler.handler
|
|
LoggingConfig:
|
|
LogFormat: JSON
|
|
LogGroup: !Ref SignPdfsLogGroup
|
|
Environment:
|
|
Variables:
|
|
BUCKET_NAME: !Ref ReportsBucket
|
|
PREFIX: !Ref Prefix
|
|
URL_EXPIRY_SECONDS: "900"
|
|
DEDUP_TABLE: !Ref DedupTable
|
|
Policies:
|
|
- Statement:
|
|
- Sid: ListReportsBucket
|
|
Effect: Allow
|
|
Action: s3:ListBucket
|
|
Resource: !GetAtt ReportsBucket.Arn
|
|
- Sid: ReadReports
|
|
Effect: Allow
|
|
Action: s3:GetObject
|
|
Resource: !Sub "${ReportsBucket.Arn}/*"
|
|
- Sid: WriteManifests
|
|
Effect: Allow
|
|
Action: s3:PutObject
|
|
Resource: !Sub "${ReportsBucket.Arn}/manifests/*"
|
|
- Sid: DedupTableAccess
|
|
Effect: Allow
|
|
Action:
|
|
- dynamodb:GetItem
|
|
- dynamodb:PutItem
|
|
Resource: !GetAtt DedupTable.Arn
|
|
|
|
Outputs:
|
|
ReportsBucketName:
|
|
Description: S3 bucket for seed PDFs and manifest output
|
|
Value: !Ref ReportsBucket
|
|
SignPdfsFunctionArn:
|
|
Description: ARN of the main Lambda
|
|
Value: !GetAtt SignPdfsFunction.Arn
|