AWSTemplateFormatVersion: "2010-09-09" Description: "(SO0097) - The AWS CloudFormation template for deployment of the AWS CloudEndure Migration Factory Solution (Version v2.0.2)" Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: Application Configuration Parameters: - Application - Environment - Tracker - ServiceAccountEmail - Label: default: Configuration for ECS (Default VPC will be used if not provided) Parameters: - SecurityGroup - SubnetId ParameterLabels: Application: default: Application name Environment: default: Environment name Tracker: default: Migration Tracker ServiceAccountEmail: default: Service Account Email address SecurityGroup: default: Security Group Id SubnetId: default: Subnet Id Parameters: Application: Type: String Description: Application name is used to name all AWS resources. Default: migration-factory AllowedPattern: "[-a-z0-9]*" ConstraintDescription: Application parameter must be all lower case characters Environment: Type: String Description: Environment name is used to name all AWS resources (.i.e dev, test, prod) Default: test AllowedPattern: "[-a-z0-9]*" ConstraintDescription: Application parameter must be all lower case characters Tracker: Type: String Description: Deploy Migration tracker dashboard? Default: true AllowedValues: [true, false] ServiceAccountEmail: Type: String Description: Default Factory Service Account Email Address, please replace AllowedPattern: ".+" Default: serviceaccount@yourdomain.com SecurityGroup: Type: String Description: Security Group used to deploy container that builds the frontend code - Outbound Internet access needed Default: default SubnetId: Type: String Description: Subnet used to deploy container that builds the frontend code - Outbound Internet access needed Default: default Mappings: Send: AnonymousUsage: Data: 'Yes' SourceCode: General: S3Bucket: 'solutions' KeyPrefix: 'aws-cloudendure-migration-factory-solution/v2.0.2' Conditions: DeployTracker: !Equals [!Ref Tracker, true] Resources: AccessLoggingBucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub ${Application}-${Environment}-${AWS::AccountId}-access-logs PublicAccessBlockConfiguration: BlockPublicAcls: TRUE BlockPublicPolicy: TRUE IgnorePublicAcls: TRUE RestrictPublicBuckets: TRUE BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: aws:kms Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment VersioningConfiguration: Status: 'Enabled' Metadata: cfn_nag: rules_to_suppress: - id: W35 reason: "This bucket itself is the access logging bucket" - id: W51 reason: "Bucket policy is not required for CloudFront logging bucket" FrontEndBucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub ${Application}-${Environment}-${AWS::AccountId}-front-end PublicAccessBlockConfiguration: BlockPublicAcls: TRUE BlockPublicPolicy: TRUE IgnorePublicAcls: TRUE RestrictPublicBuckets: TRUE Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment VersioningConfiguration: Status: 'Enabled' Metadata: cfn_nag: rules_to_suppress: - id: W41 reason: "This bucket is CloudFront origin, it does not work with KMS encrypted S3 objects." - id: W35 reason: "This bucket is a CloudFront origin, does not allow direct access" FrontEndBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref FrontEndBucket PolicyDocument: Statement: - Action: - "s3:GetObject" Effect: "Allow" Resource: !Sub "${FrontEndBucket.Arn}/*" Principal: AWS: !Sub 'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${CloudfrontOriginAccessIdentity}' CloudfrontOriginAccessIdentity: Type: AWS::CloudFront::CloudFrontOriginAccessIdentity Properties: CloudFrontOriginAccessIdentityConfig: Comment: !Sub access-identity-${FrontEndBucket.DomainName} CloudfrontDistribution: Type: AWS::CloudFront::Distribution Properties: Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-CloudFrontDistribution DistributionConfig: Enabled: true PriceClass: 'PriceClass_100' DefaultRootObject: 'index.html' ViewerCertificate: CloudFrontDefaultCertificate: true MinimumProtocolVersion: TLSv1.2_2018 CustomErrorResponses: - ErrorCachingMinTTL: 300 ErrorCode: 403 ResponseCode: 200 ResponsePagePath: '/index.html' HttpVersion: http2 DefaultCacheBehavior: AllowedMethods: - HEAD - DELETE - POST - GET - OPTIONS - PUT - PATCH ForwardedValues: QueryString: false TargetOriginId: !Sub S3-${FrontEndBucket} ViewerProtocolPolicy: redirect-to-https IPV6Enabled: true Logging: Bucket: !GetAtt AccessLoggingBucket.DomainName Origins: - DomainName: !GetAtt FrontEndBucket.DomainName Id: !Sub S3-${FrontEndBucket} S3OriginConfig: OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudfrontOriginAccessIdentity} Metadata: cfn_nag: rules_to_suppress: - id: W70 reason: "It is already TLSv1.2_2018" RoleDynamoDBTable: Type: AWS::DynamoDB::Table Properties: AttributeDefinitions: - AttributeName: "role_id" AttributeType: "S" KeySchema: - AttributeName: "role_id" KeyType: "HASH" BillingMode: "PAY_PER_REQUEST" TableName: !Sub ${Application}-${Environment}-roles PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: true Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-roles Metadata: cfn_nag: rules_to_suppress: - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify the table" - id: W74 reason: "Default encryption is enabled with no additional charge" SchemaDynamoDBTable: Type: AWS::DynamoDB::Table Properties: AttributeDefinitions: - AttributeName: "schema_name" AttributeType: "S" KeySchema: - AttributeName: "schema_name" KeyType: "HASH" BillingMode: "PAY_PER_REQUEST" TableName: !Sub ${Application}-${Environment}-schema PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: true Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-schema Metadata: cfn_nag: rules_to_suppress: - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify the table" - id: W74 reason: "Default encryption is enabled with no additional charge" StageDynamoDBTable: Type: AWS::DynamoDB::Table Properties: AttributeDefinitions: - AttributeName: "stage_id" AttributeType: "S" KeySchema: - AttributeName: "stage_id" KeyType: "HASH" BillingMode: "PAY_PER_REQUEST" TableName: !Sub ${Application}-${Environment}-stage PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: true Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-stage Metadata: cfn_nag: rules_to_suppress: - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify the table" - id: W74 reason: "Default encryption is enabled with no additional charge" ServersDynamoDBTable: Type: AWS::DynamoDB::Table Properties: AttributeDefinitions: - AttributeName: "server_id" AttributeType: "S" - AttributeName: "app_id" AttributeType: "S" KeySchema: - AttributeName: "server_id" KeyType: "HASH" GlobalSecondaryIndexes: - IndexName: app_id-index KeySchema: - AttributeName: "app_id" KeyType: "HASH" Projection: ProjectionType: ALL BillingMode: "PAY_PER_REQUEST" TableName: !Sub ${Application}-${Environment}-servers PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: true Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-servers Metadata: cfn_nag: rules_to_suppress: - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify the table" - id: W74 reason: "Default encryption is enabled with no additional charge" AppsDynamoDBTable: Type: AWS::DynamoDB::Table Properties: AttributeDefinitions: - AttributeName: "app_id" AttributeType: "S" KeySchema: - AttributeName: "app_id" KeyType: "HASH" BillingMode: "PAY_PER_REQUEST" TableName: !Sub ${Application}-${Environment}-apps PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: true Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-apps Metadata: cfn_nag: rules_to_suppress: - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify the table" - id: W74 reason: "Default encryption is enabled with no additional charge" WavesDynamoDBTable: Type: AWS::DynamoDB::Table Properties: AttributeDefinitions: - AttributeName: "wave_id" AttributeType: "S" KeySchema: - AttributeName: "wave_id" KeyType: "HASH" BillingMode: "PAY_PER_REQUEST" TableName: !Sub ${Application}-${Environment}-waves PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: true Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-waves Metadata: cfn_nag: rules_to_suppress: - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify the table" - id: W74 reason: "Default encryption is enabled with no additional charge" # Cognito CognitoUserPool: Type: AWS::Cognito::UserPool Properties: UserPoolName: !Sub ${Application}-${Environment}-MigrationFactory UsernameAttributes: - email UserPoolTags: application: !Ref Application environment: !Ref Environment CognitoAppClient: Type: AWS::Cognito::UserPoolClient Properties: ClientName: !Sub ${Application}-${Environment}-client ExplicitAuthFlows: - ADMIN_NO_SRP_AUTH - USER_PASSWORD_AUTH GenerateSecret: False UserPoolId: !Ref CognitoUserPool CognitoAdminGroup: Type: AWS::Cognito::UserPoolGroup Properties: Description: Admin group to access all /admin API GroupName: admin UserPoolId: !Ref CognitoUserPool # API Gateway IAM Role, Accont and log group APIGatewayCWRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-apigatewaycw-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - apigateway.amazonaws.com Action: - 'sts:AssumeRole' Path: / ManagedPolicyArns: - 'arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs' Metadata: cfn_nag: rules_to_suppress: - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" APIGatewayAccount: Type: 'AWS::ApiGateway::Account' Properties: CloudWatchRoleArn: !GetAtt APIGatewayCWRole.Arn APIGatewayLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub ${Application}-${Environment}-API-Gateway-Access-Logs RetentionInDays: 90 Metadata: cfn_nag: rules_to_suppress: - id: W84 reason: "SSE is currently not supported, CMK is not ideal for this solution" # Tools API ToolsAPI: Type: 'AWS::ApiGateway::RestApi' Properties: Name: !Sub ${Application}-${Environment}-tools-api ToolsAuthorizer: Type: AWS::ApiGateway::Authorizer Properties: IdentitySource: method.request.header.Authorization Name: !Sub ${Application}-${Environment}-ToolsAPI-Authorizer ProviderARNs: - !GetAtt CognitoUserPool.Arn RestApiId: !Ref ToolsAPI Type: COGNITO_USER_POOLS ToolsAPIDeploy: Type: AWS::ApiGateway::Deployment DependsOn: - APIMethodCloudEndurePost - APIMethodCloudEndureOPTIONS Properties: RestApiId: !Ref ToolsAPI StageName: prod StageDescription: AccessLogSetting: DestinationArn: !GetAtt APIGatewayLogGroup.Arn Format: "$context.requestId" Metadata: cfn_nag: rules_to_suppress: - id: W68 reason: "As this is for internal use only tool, and very low number of API calls, no usage plan is required" APIResourceCloudEndure: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref ToolsAPI ParentId: !GetAtt ToolsAPI.RootResourceId PathPart: "cloudendure" APIMethodCloudEndureOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref ToolsAPI ResourceId: !Ref APIResourceCloudEndure HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodCloudEndurePost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref ToolsAPI ResourceId: !Ref APIResourceCloudEndure HttpMethod: "POST" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref ToolsAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionCloudEndure.Arn}/invocations' APIResourceAMSWIG: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref ToolsAPI ParentId: !GetAtt ToolsAPI.RootResourceId PathPart: "amswig" APIMethodAMSWIGOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref ToolsAPI ResourceId: !Ref APIResourceAMSWIG HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodeAMSWIGPost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref ToolsAPI ResourceId: !Ref APIResourceAMSWIG HttpMethod: "POST" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref ToolsAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionAMSWIG.Arn}/invocations' # Login API LoginAPI: Type: 'AWS::ApiGateway::RestApi' Properties: Name: !Sub ${Application}-${Environment}-login-api LoginAuthorizer: Type: AWS::ApiGateway::Authorizer Properties: AuthorizerUri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionAuth.Arn}/invocations' IdentitySource: method.request.header.Authorization AuthorizerResultTtlInSeconds: 0 Name: !Sub ${Application}-${Environment}-LoginAPI-Authorizer RestApiId: !Ref LoginAPI Type: TOKEN LoginAPIDeploy: Type: AWS::ApiGateway::Deployment DependsOn: - APIMethodLoginPost - APIMethodLoginPwdResetPost - APIMethodLoginOPTIONS - APIMethodLoginPwdResetOPTIONS - APIMethodLoginGroupsOPTIONS - APIMethodLoginGroupsGet Properties: RestApiId: !Ref LoginAPI StageName: prod StageDescription: AccessLogSetting: DestinationArn: !GetAtt APIGatewayLogGroup.Arn Format: "$context.requestId" Metadata: cfn_nag: rules_to_suppress: - id: W68 reason: "As this is for internal use only tool, and very low number of API calls, no usage plan is required" APIResourceLogin: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref LoginAPI ParentId: !GetAtt LoginAPI.RootResourceId PathPart: "login" APIMethodLoginPost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref LoginAPI ResourceId: !Ref APIResourceLogin HttpMethod: "POST" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionLogin.Arn}/invocations' Metadata: cfn_nag: rules_to_suppress: - id: W59 reason: "This method is used to handle authentication, does not need an Authentication type in API gateway" APIMethodLoginOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref LoginAPI ResourceId: !Ref APIResourceLogin HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIResourceLoginPwdReset: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref LoginAPI ParentId: !Ref APIResourceLogin PathPart: "pwdreset" APIMethodLoginPwdResetOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref LoginAPI ResourceId: !Ref APIResourceLoginPwdReset HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodLoginPwdResetPost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref LoginAPI ResourceId: !Ref APIResourceLoginPwdReset HttpMethod: "POST" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionPWDReset.Arn}/invocations' Metadata: cfn_nag: rules_to_suppress: - id: W59 reason: "This method is used to reset password, does not need an Authentication type in API gateway" APIResourceLoginGroups: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref LoginAPI ParentId: !Ref APIResourceLogin PathPart: "groups" APIMethodLoginGroupsOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref LoginAPI ResourceId: !Ref APIResourceLoginGroups HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodLoginGroupsGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref LoginAPI ResourceId: !Ref APIResourceLoginGroups HttpMethod: "GET" AuthorizationType: "CUSTOM" AuthorizerId: !Ref LoginAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionLoginGroups.Arn}/invocations' # Admin API AdminAPI: Type: 'AWS::ApiGateway::RestApi' Properties: Name: !Sub ${Application}-${Environment}-admin-api AdminAuthorizer: Type: AWS::ApiGateway::Authorizer Properties: AuthorizerUri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionAuth.Arn}/invocations' IdentitySource: method.request.header.Authorization AuthorizerResultTtlInSeconds: 0 Name: !Sub ${Application}-${Environment}-AdminAPI-Authorizer RestApiId: !Ref AdminAPI Type: TOKEN AdminGetAuthorizer: Type: AWS::ApiGateway::Authorizer Properties: IdentitySource: method.request.header.Authorization Name: !Sub ${Application}-${Environment}-AdminAPIGet-Authorizer ProviderARNs: - !GetAtt CognitoUserPool.Arn RestApiId: !Ref AdminAPI Type: COGNITO_USER_POOLS AdminAPIDeploy: Type: AWS::ApiGateway::Deployment DependsOn: - APIMethodRoleGet - APIMethodRolePost - APIMethodSchemaWaveGet - APIMethodSchemaWavePost - APIMethodSchemaAppGet - APIMethodSchemaAppPost - APIMethodSchemaServerGet - APIMethodSchemaServerPost - APIMethodStageGet - APIMethodStagePost - APIMethodStageStageIdGet - APIMethodStageStageIdPut - APIMethodStageStageIdDelete - APIMethodStageOPTIONS - APIMethodRoleOPTIONS - APIMethodSchemaWaveOPTIONS - APIMethodSchemaAppOPTIONS - APIMethodSchemaServerOPTIONS - APIMethodStageStageIdOPTIONS - APIMethodSchemaWavePut - APIMethodSchemaAppPut - APIMethodSchemaServerPut Properties: RestApiId: !Ref AdminAPI StageName: prod StageDescription: AccessLogSetting: DestinationArn: !GetAtt APIGatewayLogGroup.Arn Format: "$context.requestId" Metadata: cfn_nag: rules_to_suppress: - id: W68 reason: "As this is for internal use only tool, and very low number of API calls, no usage plan is required" APIResourceAdmin: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !GetAtt AdminAPI.RootResourceId PathPart: "admin" APIResourceAdminRole: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !Ref APIResourceAdmin PathPart: "role" APIMethodRoleOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminRole HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodRoleGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminRole HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref AdminGetAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionRole.Arn}/invocations' APIMethodRolePost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminRole HttpMethod: "POST" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionRole.Arn}/invocations' APIResourceAdminRoleRoleId: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !Ref APIResourceAdminRole PathPart: "{role_id}" APIMethodRoleRoleIdOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminRoleRoleId HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'PUT,GET,DELETE,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodRoleRoleIdGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminRoleRoleId HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref AdminGetAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionRoleItem.Arn}/invocations' APIMethodRoleRoleIdPut: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminRoleRoleId HttpMethod: "PUT" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionRoleItem.Arn}/invocations' APIMethodRoleRoleIdDelete: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminRoleRoleId HttpMethod: "DELETE" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionRoleItem.Arn}/invocations' APIResourceAdminSchema: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !Ref APIResourceAdmin PathPart: "schema" APIResourceAdminSchemaWave: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !Ref APIResourceAdminSchema PathPart: "wave" APIMethodSchemaWaveOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaWave HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,PUT,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodSchemaWaveGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaWave HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref AdminGetAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaWave.Arn}/invocations' APIMethodSchemaWavePut: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaWave HttpMethod: "PUT" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaWave.Arn}/invocations' APIMethodSchemaWavePost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaWave HttpMethod: "POST" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaWave.Arn}/invocations' APIResourceAdminSchemaApp: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !Ref APIResourceAdminSchema PathPart: "app" APIMethodSchemaAppOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaApp HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,PUT,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodSchemaAppGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaApp HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref AdminGetAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaApp.Arn}/invocations' APIMethodSchemaAppPut: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaApp HttpMethod: "PUT" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaApp.Arn}/invocations' APIMethodSchemaAppPost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaApp HttpMethod: "POST" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaApp.Arn}/invocations' APIResourceAdminSchemaServer: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !Ref APIResourceAdminSchema PathPart: "server" APIMethodSchemaServerOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaServer HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,PUT,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodSchemaServerGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaServer HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref AdminGetAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaServer.Arn}/invocations' APIMethodSchemaServerPut: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaServer HttpMethod: "PUT" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaServer.Arn}/invocations' APIMethodSchemaServerPost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminSchemaServer HttpMethod: "POST" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionSchemaServer.Arn}/invocations' APIResourceAdminStage: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !Ref APIResourceAdmin PathPart: "stage" APIMethodStageOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminStage HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodStageGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminStage HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref AdminGetAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionStage.Arn}/invocations' APIMethodStagePost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminStage HttpMethod: "POST" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionStage.Arn}/invocations' APIResourceAdminStageStageId: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref AdminAPI ParentId: !Ref APIResourceAdminStage PathPart: "{stage_id}" APIMethodStageStageIdOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminStageStageId HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'PUT,GET,DELETE,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodStageStageIdGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminStageStageId HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref AdminGetAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionStageAttr.Arn}/invocations' APIMethodStageStageIdPut: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminStageStageId HttpMethod: "PUT" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionStageAttr.Arn}/invocations' APIMethodStageStageIdDelete: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref AdminAPI ResourceId: !Ref APIResourceAdminStageStageId HttpMethod: "DELETE" AuthorizationType: "CUSTOM" AuthorizerId: !Ref AdminAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionStageAttr.Arn}/invocations' # User API UserAPI: Type: 'AWS::ApiGateway::RestApi' Properties: Name: !Sub ${Application}-${Environment}-user-api UserAuthorizer: Type: AWS::ApiGateway::Authorizer Properties: IdentitySource: method.request.header.Authorization Name: !Sub ${Application}-${Environment}-UserAPI-Authorizer ProviderARNs: - !GetAtt CognitoUserPool.Arn RestApiId: !Ref UserAPI Type: COGNITO_USER_POOLS UserAPIDeploy: Type: AWS::ApiGateway::Deployment DependsOn: - APIMethodAppsGet - APIMethodAppsPost - APIMethodAppItemGet - APIMethodAppItemPut - APIMethodAppItemDelete - APIMethodServersGet - APIMethodServersPost - APIMethodServerItemGet - APIMethodServerItemPut - APIMethodServerItemDelete - APIMethodAppsOPTIONS - APIMethodAppItemOPTIONS - APIMethodServerItemOPTIONS - APIMethodServersOPTIONS - APIMethodServerAppidGet - APIMethodServerAppidOPTIONS - APIMethodWavesGet - APIMethodWavesOPTIONS - APIMethodWavesPost - APIMethodWaveItemOPTIONS - APIMethodWaveItemGet - APIMethodWaveItemPut - APIMethodWaveItemDelete Properties: RestApiId: !Ref UserAPI StageName: prod StageDescription: AccessLogSetting: DestinationArn: !GetAtt APIGatewayLogGroup.Arn Format: "$context.requestId" Metadata: cfn_nag: rules_to_suppress: - id: W68 reason: "As this is for internal use only tool, and very low number of API calls, no usage plan is required" APIResourceUser: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !GetAtt UserAPI.RootResourceId PathPart: "user" APIResourceUserApps: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !Ref APIResourceUser PathPart: "apps" APIMethodAppsOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserApps HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodAppsGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserApps HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionApps.Arn}/invocations' APIMethodAppsPost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserApps HttpMethod: "POST" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionApps.Arn}/invocations' APIResourceUserAppsAppid: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !Ref APIResourceUserApps PathPart: "{appid}" APIMethodAppItemOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserAppsAppid HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'PUT,GET,DELETE,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodAppItemGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserAppsAppid HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionAppsItem.Arn}/invocations' APIMethodAppItemPut: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserAppsAppid HttpMethod: "PUT" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionAppsItem.Arn}/invocations' APIMethodAppItemDelete: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserAppsAppid HttpMethod: "DELETE" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionAppsItem.Arn}/invocations' APIResourceUserWaves: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !Ref APIResourceUser PathPart: "waves" APIMethodWavesOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserWaves HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodWavesGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserWaves HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionWaves.Arn}/invocations' APIMethodWavesPost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserWaves HttpMethod: "POST" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionWaves.Arn}/invocations' APIResourceUserWavesWaveid: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !Ref APIResourceUserWaves PathPart: "{waveid}" APIMethodWaveItemOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserWavesWaveid HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'PUT,GET,DELETE,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodWaveItemGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserWavesWaveid HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionWavesItem.Arn}/invocations' APIMethodWaveItemPut: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserWavesWaveid HttpMethod: "PUT" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionWavesItem.Arn}/invocations' APIMethodWaveItemDelete: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserWavesWaveid HttpMethod: "DELETE" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionWavesItem.Arn}/invocations' APIResourceUserServers: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !Ref APIResourceUser PathPart: "servers" APIMethodServersOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServers HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodServersGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServers HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionServers.Arn}/invocations' APIMethodServersPost: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServers HttpMethod: "POST" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionServers.Arn}/invocations' APIResourceUserServersAppid: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !Ref APIResourceUserServers PathPart: "appid" APIResourceUserServersAppidAppid: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !Ref APIResourceUserServersAppid PathPart: "{appid}" APIMethodServerAppidOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServersAppidAppid HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodServerAppidGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServersAppidAppid HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionServerItem.Arn}/invocations' APIResourceUserServersServerid: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref UserAPI ParentId: !Ref APIResourceUserServers PathPart: "{serverid}" APIMethodServerItemOPTIONS: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServersServerid HttpMethod: "OPTIONS" AuthorizationType: "NONE" MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false 'method.response.header.Access-Control-Allow-Methods': false 'method.response.header.Access-Control-Allow-Headers': false Integration: Type: MOCK IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" "method.response.header.Access-Control-Allow-Methods": "'POST,GET,PUT,DELETE,OPTIONS'" "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" ResponseTemplates: 'application/json': '' RequestTemplates: "application/json": "{\"statusCode\": 200}" APIMethodServerItemGet: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServersServerid HttpMethod: "GET" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionServerItem.Arn}/invocations' APIMethodServerItemPut: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServersServerid HttpMethod: "PUT" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionServerItem.Arn}/invocations' APIMethodServerItemDelete: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref UserAPI ResourceId: !Ref APIResourceUserServersServerid HttpMethod: "DELETE" AuthorizationType: "COGNITO_USER_POOLS" AuthorizerId: !Ref UserAuthorizer MethodResponses: - StatusCode: '200' ResponseModels: 'application/json': 'Empty' ResponseParameters: 'method.response.header.Access-Control-Allow-Origin': false Integration: Type: AWS_PROXY IntegrationHttpMethod: POST IntegrationResponses: - StatusCode: '200' ResponseParameters: "method.response.header.Access-Control-Allow-Origin": "'*'" Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionServerItem.Arn}/invocations' # Lambda functions ServersLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-servers-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:DeleteItem' - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:UpdateItem' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt SchemaDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt ServersDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt AppsDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt WavesDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt RoleDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt StageDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - Effect: Allow Action: - 'cognito-idp:Describe*' - 'cognito-idp:AdminGet*' - 'cognito-idp:AdminList*' - 'cognito-idp:List*' - 'cognito-idp:Get*' Resource: - !GetAtt CognitoUserPool.Arn Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" AppsLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-apps-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:DeleteItem' - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:UpdateItem' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt SchemaDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt ServersDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt AppsDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt RoleDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt StageDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt WavesDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - Effect: Allow Action: - 'cognito-idp:Describe*' - 'cognito-idp:AdminGet*' - 'cognito-idp:AdminList*' - 'cognito-idp:List*' - 'cognito-idp:Get*' Resource: - !GetAtt CognitoUserPool.Arn Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" WavesLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-waves-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:DeleteItem' - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:UpdateItem' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt SchemaDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt ServersDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt AppsDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt WavesDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt RoleDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt StageDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - Effect: Allow Action: - 'cognito-idp:Describe*' - 'cognito-idp:AdminGet*' - 'cognito-idp:AdminList*' - 'cognito-idp:List*' - 'cognito-idp:Get*' Resource: - !GetAtt CognitoUserPool.Arn Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" RolesLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-roles-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:DeleteItem' - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:UpdateItem' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt RoleDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt StageDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - Effect: Allow Action: - 'cognito-idp:Describe*' - 'cognito-idp:AdminGet*' - 'cognito-idp:AdminList*' - 'cognito-idp:List*' - 'cognito-idp:Get*' Resource: - !GetAtt CognitoUserPool.Arn Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" SchemaLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-schema-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:DeleteItem' - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:UpdateItem' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt SchemaDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt RoleDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt StageDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" StageLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-stage-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:DeleteItem' - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:UpdateItem' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt SchemaDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt RoleDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt StageDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" CloudEndureLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-cloudendure-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:UpdateItem' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt ServersDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt AppsDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is depends on user input" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" AMSWIGLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-amswig-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:UpdateItem' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt ServersDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt AppsDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is depends on user input" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" CognitoGroupLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-cognitogroup-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'cognito-idp:Describe*' - 'cognito-idp:List*' - 'cognito-idp:Get*' Resource: - !GetAtt CognitoUserPool.Arn - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" DefaultSchemaLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-defaultschema-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt RoleDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt SchemaDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt StageDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" LoginResetLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-loginreset-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'cognito-idp:List*' - 'cognito-idp:Get*' Resource: - !GetAtt CognitoUserPool.Arn - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" AuthLambdaRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-auth-lambda-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:DescribeTable' Resource: - !Join ['', [!GetAtt RoleDynamoDBTable.Arn, '*']] - !Join ['', [!GetAtt StageDynamoDBTable.Arn, '*']] - Effect: Allow Action: - 'cognito-idp:List*' - 'cognito-idp:Get*' Resource: - !GetAtt CognitoUserPool.Arn - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" BuildRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-build-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: BuildRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'ecs:RunTask' - 'ec2:DescribeSecurityGroups' - 'ec2:DescribeSubnets' - 'ec2:DescribeVpcs' - 'iam:GetRole' - 'iam:ListRoles' Resource: '*' - Effect: Allow Action: - 'iam:PassRole' Resource: !GetAtt ExecutionRole.Arn - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is based on user's input" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" HelperRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub ${Application}-${Environment}-helper-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: HelperRolePolicy PolicyDocument: Version: '2012-10-17' Statement: Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is a random value" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" ExecutionRole: Type: AWS::IAM::Role Properties: RoleName: !Sub ${Application}-${Environment}-ecs-execution-role AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ecs-tasks.amazonaws.com Action: - 'sts:AssumeRole' Path: / ManagedPolicyArns: - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy' Policies: - PolicyName: LambdaRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 's3:GetObject' - 's3:ListBucket' Resource: '*' - Effect: Allow Action: - 's3:PutObject' Resource: !Sub "${FrontEndBucket.Arn}/*" Metadata: cfn_nag: rules_to_suppress: - id: W11 reason: "The resources ARN is unknown, because it is based on user's input" - id: W28 reason: "Replacement of this resource is not required, and explicit name of this resource is easy for user to identify" LambdaFunctionRole: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_role.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-role Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_role.zip"]] Role: !GetAtt RolesLambdaRole.Arn Environment: Variables: application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-role ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionRole: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionRole.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AdminAPI}/*" LambdaFunctionRoleItem: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_role_item.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-role-item Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_role_item.zip"]] Role: !GetAtt RolesLambdaRole.Arn Environment: Variables: application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-role-item ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionRoleItem: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionRoleItem.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AdminAPI}/*" LambdaFunctionSchemaWave: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_schema_wave.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-schema-wave Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_schema_wave.zip"]] Role: !GetAtt SchemaLambdaRole.Arn Environment: Variables: application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-schema-wave ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionSchemaWave: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionSchemaWave.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AdminAPI}/*" LambdaFunctionSchemaApp: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_schema_app.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-schema-app Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_schema_app.zip"]] Role: !GetAtt SchemaLambdaRole.Arn Environment: Variables: application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-schema-app ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionSchemaApp: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionSchemaApp.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AdminAPI}/*" LambdaFunctionSchemaServer: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_schema_server.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-schema-server Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_schema_server.zip"]] Role: !GetAtt SchemaLambdaRole.Arn Environment: Variables: application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-schema-server ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionSchemaServer: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionSchemaServer.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AdminAPI}/*" LambdaFunctionStage: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_stage.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-stage Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_stage.zip"]] Role: !GetAtt StageLambdaRole.Arn Environment: Variables: application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-stage ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionStage: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionStage.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AdminAPI}/*" LambdaFunctionStageAttr: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_stage_attr.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-stage-attr Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_stage_attr.zip"]] Role: !GetAtt StageLambdaRole.Arn Environment: Variables: application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-stage-attr ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionStageAttr: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionStageAttr.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AdminAPI}/*" LambdaFunctionApps: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_apps.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-apps Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_apps.zip"]] Role: !GetAtt AppsLambdaRole.Arn Environment: Variables: clientid: !Ref CognitoAppClient region: !Ref "AWS::Region" userpool: !Ref CognitoUserPool application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-apps ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionApps: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionApps.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${UserAPI}/*" LambdaFunctionAppsItem: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_app_item.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-app-item Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_app_item.zip"]] Role: !GetAtt AppsLambdaRole.Arn Environment: Variables: clientid: !Ref CognitoAppClient region: !Ref "AWS::Region" userpool: !Ref CognitoUserPool application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-app-item ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionAppsItem: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionAppsItem.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${UserAPI}/*" LambdaFunctionServers: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_servers.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-servers Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_servers.zip"]] Role: !GetAtt ServersLambdaRole.Arn Environment: Variables: clientid: !Ref CognitoAppClient region: !Ref "AWS::Region" userpool: !Ref CognitoUserPool application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-servers ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionServers: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionServers.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${UserAPI}/*" LambdaFunctionServerItem: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_server_item.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-server-item Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_server_item.zip"]] Role: !GetAtt ServersLambdaRole.Arn Environment: Variables: clientid: !Ref CognitoAppClient region: !Ref "AWS::Region" userpool: !Ref CognitoUserPool application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-server-item ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionServerItem: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionServerItem.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${UserAPI}/*" LambdaFunctionAuth: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_auth.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-auth Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_auth.zip"]] Role: !GetAtt AuthLambdaRole.Arn Environment: Variables: clientid: !Ref CognitoAppClient region: !Ref "AWS::Region" userpool: !Ref CognitoUserPool application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-auth ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionAuth: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionAuth.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AdminAPI}/*" LambdaPermissionAuth2: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionAuth.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${LoginAPI}/*" LambdaFunctionLogin: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_login.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-login Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_login.zip"]] Role: !GetAtt LoginResetLambdaRole.Arn Environment: Variables: clientId: !Ref CognitoAppClient application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-login ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionLogin: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionLogin.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${LoginAPI}/*" LambdaFunctionPWDReset: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_reset.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-reset Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_reset.zip"]] Role: !GetAtt LoginResetLambdaRole.Arn Environment: Variables: clientId: !Ref CognitoAppClient application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-reset ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionPWDReset: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionPWDReset.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${LoginAPI}/*" LambdaFunctionCloudEndure: Type: 'AWS::Lambda::Function' Properties: Handler: CloudEndure.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-cloudendure Timeout: 300 MemorySize: '1024' Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_cloudendure.zip"]] Role: !GetAtt CloudEndureLambdaRole.Arn Environment: Variables: login_api: !Ref LoginAPI user_api: !Ref UserAPI region: !Ref 'AWS::Region' application: !Ref Application environment: !Ref Environment AnonymousUsageData: !FindInMap ["Send", "AnonymousUsage", "Data"] solutionUUID: !GetAtt CreateUniqueID.UUID Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-cloudendure ReservedConcurrentExecutions: 10 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionCloudEndure: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionCloudEndure.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ToolsAPI}/*" LambdaFunctionAMSWIG: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_ams_wig.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-ams-wig Timeout: 300 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_ams_wig.zip"]] Role: !GetAtt AMSWIGLambdaRole.Arn Environment: Variables: application: !Ref Application environment: !Ref Environment region: !Ref 'AWS::Region' Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-ams-wig ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionAMSWIG: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionAMSWIG.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ToolsAPI}/*" LambdaFunctionLoginGroups: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_cognitogroups.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-cognitogroups Timeout: 300 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_cognitogroups.zip"]] Role: !GetAtt CognitoGroupLambdaRole.Arn Environment: Variables: userpool_id: !Ref CognitoUserPool application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-cognitogroups ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionLoginGroups: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionLoginGroups.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${LoginAPI}/*" LambdaFunctionWaves: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_waves.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-waves Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_waves.zip"]] Role: !GetAtt WavesLambdaRole.Arn Environment: Variables: clientid: !Ref CognitoAppClient region: !Ref "AWS::Region" userpool: !Ref CognitoUserPool application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-waves ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionWaves: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionWaves.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${UserAPI}/*" LambdaFunctionWavesItem: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_wave_item.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-wave-item Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_wave_item.zip"]] Role: !GetAtt WavesLambdaRole.Arn Environment: Variables: clientid: !Ref CognitoAppClient region: !Ref "AWS::Region" userpool: !Ref CognitoUserPool application: !Ref Application environment: !Ref Environment Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-wave-item ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" LambdaPermissionWavesItem: Type: 'AWS::Lambda::Permission' Properties: FunctionName: !GetAtt LambdaFunctionWavesItem.Arn Action: 'lambda:InvokeFunction' Principal: 'apigateway.amazonaws.com' SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${UserAPI}/*" DefaultSchema: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_defaultschema.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-default-schema Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_defaultschema_packaged.zip"]] Role: !GetAtt DefaultSchemaLambdaRole.Arn Environment: Variables: RoleDynamoDBTable: !Ref RoleDynamoDBTable SchemaDynamoDBTable: !Ref SchemaDynamoDBTable StageDynamoDBTable: !Ref StageDynamoDBTable Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-default-schema ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" CustomResource: Type: Custom::CustomResource Properties: ServiceToken: !GetAtt 'DefaultSchema.Arn' Test: 'change5' CreateUniqueID: Type: Custom::CreateUuid Properties: ServiceToken: !GetAtt CreateUUID.Arn CreateUUID: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], !Ref "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "helper.zip"]] Handler: helper.lambda_handler FunctionName: !Sub ${Application}-${Environment}-helper Role: !GetAtt BuildRole.Arn Runtime: python3.8 Timeout: 300 ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" FactoryBuild: Type: AWS::ECS::Cluster TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: ExecutionRoleArn: !Ref ExecutionRole TaskRoleArn: !Ref ExecutionRole RequiresCompatibilities: - FARGATE NetworkMode: awsvpc Cpu: 2048 Memory: 4GB ContainerDefinitions: - Name: "factory-build" Image: !Sub 820623783073.dkr.ecr.us-east-1.amazonaws.com/awsmigrationfactoryv2:latest LogConfiguration: LogDriver: awslogs Options: awslogs-region: !Ref AWS::Region awslogs-group: !Ref LogGroup awslogs-stream-prefix: ecs LogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub /ecs/${Application}-${Environment}-deploy RetentionInDays: 90 Metadata: cfn_nag: rules_to_suppress: - id: W84 reason: "SSE is currently not supported, CMK is not ideal for this solution" AppBuild: Type: 'AWS::Lambda::Function' Properties: Handler: lambda_build.lambda_handler Runtime: python3.7 FunctionName: !Sub ${Application}-${Environment}-app-build Timeout: 120 Code: S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"], "lambda_build.zip"]] Role: !GetAtt BuildRole.Arn Environment: Variables: ECS_CLUSTER: !Ref FactoryBuild ECS_TASK: !Ref TaskDefinition USER_API: !Ref UserAPI ADMIN_API: !Ref AdminAPI LOGIN_API: !Ref LoginAPI TOOLS_API: !Ref ToolsAPI USER_POOL_ID: !Ref CognitoUserPool APP_CLIENT_ID: !Ref CognitoAppClient FRONTEND_BUCKET: !Ref FrontEndBucket SOURCE_BUCKET: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] SOURCE_KEY: !Join - / - - !FindInMap - SourceCode - General - KeyPrefix - 'fe-v2.0.2.zip' SUBNET: !Ref SubnetId SG: !Ref SecurityGroup Tags: - Key: application Value: !Ref Application - Key: environment Value: !Ref Environment - Key: Name Value: !Sub ${Application}-${Environment}-app-build ReservedConcurrentExecutions: 5 Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "Deploy in AWS managed environment provides more flexibility for this solution" AppBuildCustomResource: Type: Custom::CustomResource Properties: ServiceToken: !GetAtt AppBuild.Arn # If the version changes it will trigger an update Version: 'v2.0.2' MigrationTracker: Condition: DeployTracker Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}-reference.s3.amazonaws.com/${KeyPrefix}/aws-cloudendure-migration-factory-solution-tracker.template' - S3Bucket: !FindInMap ["SourceCode", "General", "S3Bucket"] KeyPrefix: !FindInMap ["SourceCode", "General", "KeyPrefix"] Parameters: Application: !Ref Application Environment: !Ref Environment CodeBucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] KeyPrefix: !FindInMap ["SourceCode", "General", "KeyPrefix"] AppMigService: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}-reference.s3.amazonaws.com/${KeyPrefix}/aws-cloudendure-migration-factory-solution-mgn.template' - S3Bucket: !FindInMap ["SourceCode", "General", "S3Bucket"] KeyPrefix: !FindInMap ["SourceCode", "General", "KeyPrefix"] Parameters: Application: !Ref Application Environment: !Ref Environment ServiceAccountEmail: !Ref ServiceAccountEmail CodeBucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"], Ref: "AWS::Region"]] KeyPrefix: !FindInMap ["SourceCode", "General", "KeyPrefix"] ToolsAPI: !Ref ToolsAPI ToolsAuthorizer: !Ref ToolsAuthorizer ToolsAPIRootId: !GetAtt ToolsAPI.RootResourceId ServerDynamoTableArn: !GetAtt ServersDynamoDBTable.Arn AppDynamoTableArn: !GetAtt AppsDynamoDBTable.Arn CognitoUserPool: !Ref CognitoUserPool CognitoUserPoolArn: !GetAtt CognitoUserPool.Arn CognitoAdminGroup: !Ref CognitoAdminGroup AnonymousUsageData: !FindInMap ["Send", "AnonymousUsage", "Data"] solutionUUID: !GetAtt CreateUniqueID.UUID Outputs: MigrationFactoryURL: Description: 'Migration Factory Management console URL' Value: !Sub 'https://${CloudfrontDistribution.DomainName}' AdminAPI: Description: 'AdminAPI URL' Value: !Sub 'https://${AdminAPI}.execute-api.${AWS::Region}.amazonaws.com' LoginAPI: Description: 'LoginAPI URL' Value: !Sub 'https://${LoginAPI}.execute-api.${AWS::Region}.amazonaws.com' ToolsAPI: Description: 'ToolsAPI URL' Value: !Sub 'https://${ToolsAPI}.execute-api.${AWS::Region}.amazonaws.com' UserAPI: Description: 'UserAPI URL' Value: !Sub 'https://${UserAPI}.execute-api.${AWS::Region}.amazonaws.com' UserPoolId: Description: 'Cognito User Pool Id' Value: !Ref CognitoUserPool Region: Description: 'AWS Region' Value: !Ref "AWS::Region" ExecutionServerIAMRole: Description: 'IAM Role for Migration Execution Server' Value: !GetAtt - AppMigService - Outputs.ExecutionServerIAMRole ExecutionServerIAMPolicy: Description: 'IAM Policy for Migration Execution Server' Value: !GetAtt - AppMigService - Outputs.ExecutionServerIAMPolicy