Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[sdlf-foundations] remove object metadata dynamo table #454

Merged
merged 1 commit into from
Nov 15, 2024
Merged

[sdlf-foundations] remove object metadata dynamo table #454

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
265 changes: 0 additions & 265 deletions sdlf-foundations/src/foundations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,63 +26,9 @@ Parameters:
Description: Name of the IAM role used to deploy SDLF constructs
Type: String
Default: sdlf-cicd-domain
pCloudWatchLogsRetentionInDays:
Description: The number of days log events are kept in CloudWatch Logs
Type: Number
Default: 30
AllowedValues:
[
1,
3,
5,
7,
14,
30,
60,
90,
120,
150,
180,
365,
400,
545,
731,
1827,
3653,
]
# the ideal would be to fetch ssm:/SDLF/VPC/Enabled and not ask the user to set this variable to true manually.
# however between AWS::SSM::Parameter::Value<String> not working in CloudFormation modules,
# Fn::ImportValue not being accepted in CloudFormation modules template fragments,
# {{resolve:}} being evaluated later than the Conditions block, options are limited.
pEnableVpc:
Description: Deploy SDLF resources in a VPC
Type: String
Default: false
# pVpcSecurityGroupIds and pVpcSubnetIds are passed explicitly (unlike in sdlf-cicd/template-cicd-sdlf-repositories.yaml for example)
# due to Fn::ImportValue not being accepted in CloudFormation modules template fragments
pVpcSecurityGroupIds:
Description: VPC Security Groups Ids
Type: String
Default: ""
pVpcSubnetIds:
Description: VPC Subnet Ids
Type: String
Default: ""

Conditions:
UseCustomBucketPrefix: !Not [!Equals [!Ref pCustomBucketPrefix, sdlf]]
RunInVpc: !Equals [!Ref pEnableVpc, true]

Globals:
Function:
Runtime: python3.12
Handler: lambda_function.lambda_handler
KmsKeyArn: !GetAtt rKMSKey.Arn
VpcConfig: !If
- RunInVpc
- SecurityGroupIds: !Split [",", !Ref pVpcSecurityGroupIds]
SubnetIds: !Split [",", !Ref pVpcSubnetIds]
- !Ref "AWS::NoValue"

Resources:
rOrganizationSsm:
Expand Down Expand Up @@ -705,217 +651,6 @@ Resources:
Roles:
- !Ref rLakeFormationDataAccessRole

######## DYNAMODB #########
rDynamoObjectMetadata:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
BillingMode: PAY_PER_REQUEST
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
SSESpecification:
SSEEnabled: True
SSEType: KMS
KMSMasterKeyId: !GetAtt rKMSKey.Arn
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: True
UpdateReplacePolicy: Retain
DeletionPolicy: Delete

rDynamoObjectMetadataSsm:
Type: AWS::SSM::Parameter
Properties:
Name: /sdlf/storage/rDynamoObjectMetadata
Type: String
Value: !Ref rDynamoObjectMetadata
Description: Name of the DynamoDB used to store metadata

######## Lambda & SQS #########
rQueueCatalog:
Type: AWS::SQS::Queue
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
QueueName: sdlf-catalog-queue
RedrivePolicy:
deadLetterTargetArn: !GetAtt rDeadLetterQueueCatalog.Arn
maxReceiveCount: 1
VisibilityTimeout: 60
MessageRetentionPeriod: 604800
KmsMasterKeyId: !GetAtt rKMSKey.Arn

rDeadLetterQueueCatalog:
Type: AWS::SQS::Queue
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
QueueName: sdlf-catalog-dlq
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
KmsMasterKeyId: !GetAtt rKMSKey.Arn

rQueueCatalogPolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: events.amazonaws.com
Action:
- SQS:SendMessage
Resource: !GetAtt rQueueCatalog.Arn
Condition:
ArnEquals:
"aws:SourceArn": !GetAtt rS3ObjectTriggerRule.Arn
Queues:
- !Ref rQueueCatalog

rS3ObjectTriggerRule:
Type: AWS::Events::Rule
Properties:
State: ENABLED
EventPattern:
source:
- aws.s3
detail-type:
- Object Created
- Object Deleted
detail:
bucket:
name:
- !Ref rRawBucket
- !Ref rStageBucket
- !Ref rAnalyticsBucket
Targets:
- Arn: !GetAtt rQueueCatalog.Arn
RetryPolicy:
MaximumRetryAttempts: 3
MaximumEventAgeInSeconds: 600
DeadLetterConfig:
Arn: !GetAtt rDeadLetterQueueCatalog.Arn
Id: sdlf-catalog

rQueueLambdaCatalogEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
BatchSize: 10
Enabled: True
EventSourceArn: !GetAtt rQueueCatalog.Arn
FunctionName: !GetAtt rLambdaCatalog.Arn

rRoleLambdaExecution:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- !If
- RunInVpc
- !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
- !Ref "AWS::NoValue"
Policies:
- PolicyName: sdlf-catalog
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/sdlf-catalog*
- Effect: Allow
Action:
- sqs:DeleteMessage
- sqs:GetQueueAttributes
- sqs:GetQueueUrl
- sqs:ListQueues
- sqs:ListDeadLetterSourceQueues
- sqs:ListQueueTags
- sqs:ReceiveMessage
- sqs:SendMessage
Resource:
- !GetAtt rQueueCatalog.Arn
- !GetAtt rDeadLetterQueueCatalog.Arn
- Effect: Allow
Action:
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
- dynamodb:DeleteItem
- dynamodb:DescribeTable
- dynamodb:GetItem
- dynamodb:GetRecords
- dynamodb:PutItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:UpdateItem
Resource:
- !Sub arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/octagon-*
- Effect: Allow
Action:
- kms:CreateGrant
- kms:Decrypt
- kms:DescribeKey
- kms:Encrypt
- kms:GenerateDataKey*
- kms:ReEncrypt*
Resource: !GetAtt rKMSKey.Arn
- Effect: Allow
Action:
- ssm:GetParameter
- ssm:GetParameters
Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/EventBridge/*

rLambdaCatalog:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./lambda/catalog/src
FunctionName: sdlf-catalog
Environment:
Variables:
OBJECTMETADATA_TABLE: !Ref rDynamoObjectMetadata
Description: Catalogs S3 Put and Delete to ObjectMetaDataCatalog
MemorySize: 256
Timeout: 60
Role: !GetAtt rRoleLambdaExecution.Arn

rLambdaCatalogRedrive:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./lambda/catalog-redrive/src
FunctionName: sdlf-catalog-redrive
Environment:
Variables:
QUEUE: !GetAtt rQueueCatalog.QueueName
DLQ: !GetAtt rDeadLetterQueueCatalog.QueueName
Description: Redrives Failed S3 Put/Delete to Catalog Lambda
MemorySize: 256
Timeout: 60
Role: !GetAtt rRoleLambdaExecution.Arn

rLambdaCatalogRedriveLogGroup:
Type: AWS::Logs::LogGroup
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
LogGroupName: !Sub /aws/lambda/${rLambdaCatalogRedrive}
RetentionInDays: !Ref pCloudWatchLogsRetentionInDays
KmsKeyId: !GetAtt rKMSKey.Arn



Outputs:
oPipelineReference:
Description: CodePipeline reference this stack has been deployed with
Expand Down
Loading