LiuFan
/
PrivacyScanData


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
							AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: Amazon S3 Find and Forget Stream Processor

Metadata:
  cfn-lint:
    config:
      ignore_checks:
        - E3002

Globals:
  Function:
    Runtime: python3.9
    Timeout: 900
    Layers: !Ref CommonLayers
    Environment:
      Variables:
        DeletionQueueTable: !Ref DeletionQueueTableName
        GlueDatabase: !Ref GlueDatabase
        GSIBucketCount: "1"
        JobManifestsGlueTable: !Ref JobManifestsGlueTable
        JobTable: !Ref JobTableName
        JobTableDateGSI: !Ref JobTableDateGSI
        LogLevel: !Ref LogLevel
        StateMachineArn: !Ref StateMachineArn

Parameters:
  CommonLayers:
    Type: CommaDelimitedList
    Description: Common layers supplied to all functions
  DeletionQueueTableName:
    Description: Table name for Deletion Queue Table
    Type: String
  GlueDatabase:
    Type: String
  JobManifestsGlueTable:
    Type: String
  JobTableDateGSI:
    Description: Date ordered GSI for Jobs Table
    Type: String
  JobTableName:
    Description: Table name for Jobs Table
    Type: String
  JobTableStreamArn:
    Description: Stream ARN for Jobs Table
    Type: String
  LogLevel:
    Type: String
    Default: INFO
    AllowedValues:
      - CRITICAL
      - FATAL
      - ERROR
      - WARNING
      - INFO
      - DEBUG
      - NOTSET
  ManifestsBucket:
    Type: String
  StateMachineArn:
    Description: State Machine to invoke to process the deletion queue
    Type: String
  
Resources:
  StreamProcessor:
    Type: AWS::Serverless::Function
    Properties:
      Handler: stream_processor.handler
      CodeUri: ../backend/lambdas/jobs/
      MemorySize: 512
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref JobTableName
        - DynamoDBCrudPolicy:
            TableName: !Ref DeletionQueueTableName
        - Statement:
          - Effect: Allow
            Action:
              - "states:DescribeStateMachine"
              - "states:DescribeExecution"
              - "states:StartExecution"
            Resource: !Ref StateMachineArn
          - Effect: Allow
            Action: s3:GetObject*
            Resource: !Sub arn:${AWS::Partition}:s3:::${ManifestsBucket}/manifests/*
          - Effect: Allow
            Action: glue:BatchDeletePartition
            Resource:
            - !Sub "arn:${AWS::Partition}:glue:*:*:catalog*"
            - !Sub "arn:${AWS::Partition}:glue:*:*:database/${GlueDatabase}"
            - !Sub "arn:${AWS::Partition}:glue:*:*:table/${GlueDatabase}/${JobManifestsGlueTable}"  
      Events:
        Stream:
          Type: DynamoDB
          Properties:
            Stream: !Ref JobTableStreamArn
            StartingPosition: TRIM_HORIZON
            BatchSize: 10
            MaximumBatchingWindowInSeconds: 5
            BisectBatchOnFunctionError: true
            ParallelizationFactor: 1
            MaximumRetryAttempts: 3
            MaximumRecordAgeInSeconds: 86400
            DestinationConfig:
              OnFailure:
                Type: SQS
                Destination: !GetAtt EventsDLQ.Arn

  EventsDLQ:
    Type: AWS::SQS::Queue
    Properties:
      KmsMasterKeyId: alias/aws/sqs