-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcfn.yaml
181 lines (173 loc) · 5.07 KB
/
cfn.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
AWSTemplateFormatVersion: 2010-09-09
Description: mobile-notifications-football
Parameters:
Stack:
Description: Stack name
Type: String
Default: mobile-notifications
App:
Description: Application name
Type: String
Default: football
Stage:
Description: Stage name
Type: String
AllowedValues:
- CODE
- PROD
Default: CODE
DeployBucket:
Description: Bucket where RiffRaff uploads artifacts on deploy
Type: String
Default: mobile-dist
DynamoNotificationTopic:
Description: SNS topic to notify when there's a dynamo throttling event
Type: String
Resources:
ExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
- PolicyName: logs
PolicyDocument:
Statement:
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- PolicyName: lambda
PolicyDocument:
Statement:
Effect: Allow
Action:
- lambda:InvokeFunction
Resource: "*"
- PolicyName: ssmConfig
PolicyDocument:
Statement:
Effect: Allow
Action:
- ssm:GetParametersByPath
Resource: !Sub arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${App}/${Stage}/${Stack}
- PolicyName: dynamodb
PolicyDocument:
Statement:
Effect: Allow
Action:
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:Query
Resource: !Sub arn:aws:dynamodb:eu-west-1:201359054765:table/${Stack}-${App}-notifications-${Stage}
Lambda:
Type: AWS::Lambda::Function
Properties:
FunctionName: !Sub ${Stack}-${App}-${Stage}
Code:
S3Bucket:
Ref: DeployBucket
S3Key: !Sub ${Stack}/${Stage}/${App}/${App}.jar
Environment:
Variables:
App: !Ref App
Stack: !Ref Stack
Stage: !Ref Stage
Description: Send Goal Alert notifications
Handler: com.gu.mobile.notifications.football.Lambda::handler
MemorySize: 1024
Role: !GetAtt ExecutionRole.Arn
Runtime: java11
Timeout: 60
MinuteEvent:
Type: AWS::Events::Rule
Properties:
Description: Event sent to poll PA for match events
ScheduleExpression: cron(* * * * ? *)
Targets:
- Id: Lambda
Arn: !GetAtt Lambda.Arn
MinuteEventLambdaPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt Lambda.Arn
Principal: events.amazonaws.com
SourceArn: !GetAtt MinuteEvent.Arn
GoalEvent:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Sub "/aws/lambda/${Lambda}"
FilterPattern: "successfully sent"
MetricTransformations:
- MetricNamespace: !Sub "${Stage}/football-notifications"
MetricName: "goal-success"
MetricValue: 1
ErrorEvent:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Sub "/aws/lambda/${Lambda}"
FilterPattern: "Error"
MetricTransformations:
- MetricNamespace: !Sub "${Stage}/football-notifications"
MetricName: "error"
MetricValue: 1
DynamoTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: !Sub ${Stack}-${App}-notifications-${Stage}
AttributeDefinitions:
- AttributeName: notificationId
AttributeType: S
KeySchema:
- AttributeName: notificationId
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 3
WriteCapacityUnits: 3
TimeToLiveSpecification:
AttributeName: ttl
Enabled: true
Tags:
- Key: devx-backup-enabled
Value: true
MobileNotificationsFootballConsumedReadThrottleEvents:
Type: AWS::CloudWatch::Alarm
Properties:
Namespace: AWS/DynamoDB
MetricName: ReadThrottleEvents
Unit: Count
Statistic: Sum
ComparisonOperator: GreaterThanOrEqualToThreshold
Dimensions:
- Name: TableName
Value: !Ref DynamoTable
Threshold: 10
Period: 300
EvaluationPeriods: 1
AlarmActions: [ !Ref DynamoNotificationTopic ]
TreatMissingData: notBreaching
MobileNotificationsFootballConsumedWriteThrottleEvents:
Type: AWS::CloudWatch::Alarm
Properties:
Namespace: AWS/DynamoDB
MetricName: WriteThrottleEvents
Unit: Count
Statistic: Sum
ComparisonOperator: GreaterThanOrEqualToThreshold
Dimensions:
- Name: TableName
Value: !Ref DynamoTable
Threshold: 10
Period: 300
EvaluationPeriods: 1
AlarmActions: [ !Ref DynamoNotificationTopic ]
TreatMissingData: notBreaching