diff --git a/03_Parameters/bucket_name.json b/03_Parameters/bucket_name.json index 7c5f3e2..7baab78 100644 --- a/03_Parameters/bucket_name.json +++ b/03_Parameters/bucket_name.json @@ -1,6 +1,6 @@ { "EmailRestingPlace": { - "Description": "The S3 bucket name where the emails will be stored when they come through AWS SES.", + "Description": "The S3 bucket name where the emails will be stored when they come through AWS SES. (This bucket will be made for you)", "Type": "String" } } diff --git a/03_Parameters/code_pipeline_bucket_name.json b/03_Parameters/code_pipeline_bucket_name.json index a27f78a..b51c4e9 100644 --- a/03_Parameters/code_pipeline_bucket_name.json +++ b/03_Parameters/code_pipeline_bucket_name.json @@ -1,6 +1,6 @@ { "CodePipelineBucketName": { - "Description": "The S3 bucket name where CodePipeline will store the artifacts (this is needed only by CP to work, and pass task results to the next stage).", + "Description": "The S3 bucket name where CodePipeline will store the artifacts (this is needed only by CP to work, and pass task results to the next stage) - (This bucket needs to exist already in S3)", "Type": "String" } } diff --git a/07_Resources/Repos/converter/CodePipeline/pipe_line.json b/07_Resources/Repos/converter/CodePipeline/_index.json similarity index 97% rename from 07_Resources/Repos/converter/CodePipeline/pipe_line.json rename to 07_Resources/Repos/converter/CodePipeline/_index.json index 7a73681..60d2b67 100644 --- a/07_Resources/Repos/converter/CodePipeline/pipe_line.json +++ b/07_Resources/Repos/converter/CodePipeline/_index.json @@ -25,7 +25,7 @@ "Owner": "0x4447", "Repo": "0x4447-product-s3-email-lambda-converter", "Branch": { "Ref": "Stage" }, - "PollForSourceChanges": true, + "PollForSourceChanges": false, "OAuthToken": { "Ref": "GitHubToken" } }, "OutputArtifacts": [ diff --git a/07_Resources/Repos/converter/CodePipeline/webhook.json b/07_Resources/Repos/converter/CodePipeline/webhook.json new file mode 100644 index 0000000..da23a81 --- /dev/null +++ b/07_Resources/Repos/converter/CodePipeline/webhook.json @@ -0,0 +1,21 @@ +{ + "PipelineConverterWebhook": { + "Type": "AWS::CodePipeline::Webhook", + "Properties": { + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": { "Ref": "GitHubToken" } + }, + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}" + } + ], + "TargetPipeline": { "Ref": "PipelineConverter" }, + "TargetAction": "Material", + "TargetPipelineVersion": { "Fn::GetAtt": [ "PipelineConverter", "Version" ]}, + "RegisterWithThirdParty": true + } + } +} diff --git a/07_Resources/Repos/inbound/CodePipeline/pipe_line.json b/07_Resources/Repos/inbound/CodePipeline/_index.json similarity index 97% rename from 07_Resources/Repos/inbound/CodePipeline/pipe_line.json rename to 07_Resources/Repos/inbound/CodePipeline/_index.json index 5799712..b26d7c7 100644 --- a/07_Resources/Repos/inbound/CodePipeline/pipe_line.json +++ b/07_Resources/Repos/inbound/CodePipeline/_index.json @@ -25,7 +25,7 @@ "Owner": "0x4447", "Repo": "0x4447-product-s3-email-lambda-inbound", "Branch": { "Ref": "Stage" }, - "PollForSourceChanges": true, + "PollForSourceChanges": false, "OAuthToken": { "Ref": "GitHubToken" } }, "OutputArtifacts": [ diff --git a/07_Resources/Repos/inbound/CodePipeline/webhook.json b/07_Resources/Repos/inbound/CodePipeline/webhook.json new file mode 100644 index 0000000..e41ffe3 --- /dev/null +++ b/07_Resources/Repos/inbound/CodePipeline/webhook.json @@ -0,0 +1,21 @@ +{ + "PipelineInboundWebhook": { + "Type": "AWS::CodePipeline::Webhook", + "Properties": { + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": { "Ref": "GitHubToken" } + }, + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}" + } + ], + "TargetPipeline": { "Ref": "PipelineInbound" }, + "TargetAction": "Material", + "TargetPipelineVersion": { "Fn::GetAtt": [ "PipelineInbound", "Version" ]}, + "RegisterWithThirdParty": true + } + } +} diff --git a/07_Resources/Repos/outbound/CodePipeline/pipe_line.json b/07_Resources/Repos/outbound/CodePipeline/_index.json similarity index 97% rename from 07_Resources/Repos/outbound/CodePipeline/pipe_line.json rename to 07_Resources/Repos/outbound/CodePipeline/_index.json index 9d67c94..7fcd3be 100644 --- a/07_Resources/Repos/outbound/CodePipeline/pipe_line.json +++ b/07_Resources/Repos/outbound/CodePipeline/_index.json @@ -25,7 +25,7 @@ "Owner": "0x4447", "Repo": "0x4447-product-s3-email-lambda-outbound", "Branch": { "Ref": "Stage" }, - "PollForSourceChanges": true, + "PollForSourceChanges": false, "OAuthToken": { "Ref": "GitHubToken" } }, "OutputArtifacts": [ diff --git a/07_Resources/Repos/outbound/CodePipeline/webhook.json b/07_Resources/Repos/outbound/CodePipeline/webhook.json new file mode 100644 index 0000000..dc298bd --- /dev/null +++ b/07_Resources/Repos/outbound/CodePipeline/webhook.json @@ -0,0 +1,21 @@ +{ + "PipelineOutboundWebhook": { + "Type": "AWS::CodePipeline::Webhook", + "Properties": { + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": { "Ref": "GitHubToken" } + }, + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}" + } + ], + "TargetPipeline": { "Ref": "PipelineOutbound" }, + "TargetAction": "Material", + "TargetPipelineVersion": { "Fn::GetAtt": [ "PipelineOutbound", "Version" ]}, + "RegisterWithThirdParty": true + } + } +} diff --git a/CloudFormation.json b/CloudFormation.json index fbc84c2..f5c3788 100644 --- a/CloudFormation.json +++ b/CloudFormation.json @@ -3,11 +3,11 @@ "Description": "This stack will create a solution where you get infinite emails using AWS SES and S3.", "Parameters": { "EmailRestingPlace": { - "Description": "The S3 bucket name where the emails will be stored when they come through AWS SES.", + "Description": "The S3 bucket name where the emails will be stored when they come through AWS SES. (This bucket will be made for you)", "Type": "String" }, "CodePipelineBucketName": { - "Description": "The S3 bucket name where CodePipeline will store the artifacts (this is needed only by CP to work, and pass task results to the next stage).", + "Description": "The S3 bucket name where CodePipeline will store the artifacts (this is needed only by CP to work, and pass task results to the next stage) - (This bucket needs to exist already in S3)", "Type": "String" }, "GitHubToken": { @@ -251,10 +251,10 @@ } } }, - "PipelineConverter": { + "PipelineOutbound": { "Type": "AWS::CodePipeline::Pipeline", "Properties": { - "Name": "0x4447_s3_email_lambda_converter", + "Name": "0x4447_s3_email_lambda_outbound", "ArtifactStore": { "Location": { "Ref": "CodePipelineBucketName" @@ -263,7 +263,7 @@ }, "RoleArn": { "Fn::GetAtt": [ - "PipelineConverterRole", + "PipelineOutboundRole", "Arn" ] }, @@ -282,11 +282,11 @@ }, "Configuration": { "Owner": "0x4447", - "Repo": "0x4447-product-s3-email-lambda-converter", + "Repo": "0x4447-product-s3-email-lambda-outbound", "Branch": { "Ref": "Stage" }, - "PollForSourceChanges": true, + "PollForSourceChanges": false, "OAuthToken": { "Ref": "GitHubToken" } @@ -312,7 +312,7 @@ ], "Configuration": { "ProjectName": { - "Ref": "CodeBuildConverter" + "Ref": "CodeBuildOutbound" } }, "ActionTypeId": { @@ -327,31 +327,13 @@ ] } }, - "PipelineConverterRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_codepipeline_converter", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - } - }, - "PipelineConverterPolicy": { + "PipelineOutboundPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "default", "Roles": [ { - "Ref": "PipelineConverterRole" + "Ref": "PipelineOutboundRole" } ], "PolicyDocument": { @@ -501,65 +483,118 @@ } } }, - "S3ConverterPermission": { - "Type": "AWS::Lambda::Permission", - "DependsOn": "LambdaEmailConverter", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "LambdaEmailConverter" - }, - "Principal": "s3.amazonaws.com" - } - }, - "LambdaEmailConverterRole": { + "PipelineOutboundRole": { "Type": "AWS::IAM::Role", "Properties": { - "RoleName": "0x4447_s3_email_lambda_converter", + "RoleName": "0x4447_s3_email_codepipeline_outbound", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { - "Service": "lambda.amazonaws.com" + "Service": "codepipeline.amazonaws.com" }, "Action": "sts:AssumeRole" } ] + } + } + }, + "PipelineOutboundWebhook": { + "Type": "AWS::CodePipeline::Webhook", + "Properties": { + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": { + "Ref": "GitHubToken" + } }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}" + } + ], + "TargetPipeline": { + "Ref": "PipelineOutbound" + }, + "TargetAction": "Material", + "TargetPipelineVersion": { + "Fn::GetAtt": [ + "PipelineOutbound", + "Version" + ] + }, + "RegisterWithThirdParty": true } }, - "LambdaEmailConverter": { + "LambdaEmailOutbound": { "Type": "AWS::Lambda::Function", - "Description": "This Lambda converts raw emails files in to HTML and TEXT ones.", + "Description": "Take the JSON and convert it in to an raw email.", "Properties": { - "FunctionName": "0x4447-s3-email-converter", + "FunctionName": "0x4447-s3-email-outbound", "Code": { "ZipFile": "exports.handler = async (event) => {return true;};" }, "Handler": "index.handler", - "MemorySize": 128, + "MemorySize": 256, "Role": { "Fn::GetAtt": [ - "LambdaEmailConverterRole", + "LambdaEmailOutboundRole", "Arn" ] }, "Runtime": "nodejs8.10", - "Timeout": 60 + "Timeout": 60, + "Environment": { + "Variables": { + "BUCKET": { + "Ref": "EmailRestingPlace" + } + } + } } }, - "LambdaEmailConverterPolicyS3": { + "S3OutboundPermission": { + "Type": "AWS::Lambda::Permission", + "DependsOn": "LambdaEmailOutbound", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "LambdaEmailOutbound" + }, + "Principal": "s3.amazonaws.com" + } + }, + "LambdaEmailOutboundRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "RoleName": "0x4447_s3_email_lambda_outbound", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + } + }, + "LambdaEmailOutboundPolicyS3": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "S3_access", "Roles": [ { - "Ref": "LambdaEmailConverterRole" + "Ref": "LambdaEmailOutboundRole" } ], "PolicyDocument": { @@ -581,13 +616,34 @@ } } }, - "CodeBuildConverter": { + "LambdaEmailOutboundPolicySES": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyName": "ses", + "Roles": [ + { + "Ref": "LambdaEmailOutboundRole" + } + ], + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "ses:SendRawEmail", + "Resource": "*" + } + ] + } + } + }, + "CodeBuildOutbound": { "Type": "AWS::CodeBuild::Project", "Properties": { - "Name": "0x4447_s3_email_converter", + "Name": "0x4447_s3_email_outbound", "ServiceRole": { "Fn::GetAtt": [ - "CodeBuildConverterRole", + "CodeBuildOutboundRole", "Arn" ] }, @@ -608,17 +664,17 @@ "Name": "FUNCTION_NAME", "Type": "PLAINTEXT", "Value": { - "Ref": "LambdaEmailConverter" + "Ref": "LambdaEmailOutbound" } } ] } } }, - "CodeBuildConverterRole": { + "CodeBuildOutboundRole": { "Type": "AWS::IAM::Role", "Properties": { - "RoleName": "0x4447_s3_email_codebuild_converter", + "RoleName": "0x4447_s3_email_codebuild_outbound", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -633,12 +689,12 @@ } } }, - "CodeBuildConverterPolicyCWL": { + "CodeBuildOutboundPolicyCWL": { "Type": "AWS::IAM::Policy", "Properties": { "Roles": [ { - "Ref": "CodeBuildConverterRole" + "Ref": "CodeBuildOutboundRole" } ], "PolicyName": "cloud_watch_log_access", @@ -654,10 +710,10 @@ ], "Resource": [ { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_converter" + "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound" }, { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_converter:*" + "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound:*" } ] } @@ -665,46 +721,46 @@ } } }, - "CodeBuildConverterPolicyLambdaUpdate": { + "CodeBuildOutboundPolicyS3": { "Type": "AWS::IAM::Policy", "Properties": { "Roles": [ { - "Ref": "CodeBuildConverterRole" + "Ref": "CodeBuildOutboundRole" } ], - "PolicyName": "update_lambda_code", + "PolicyName": "s3_access", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "lambda:UpdateFunctionCode", + "Action": "s3:*", "Resource": { - "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailConverter}" + "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" } } ] } } }, - "CodeBuildConverterPolicyS3": { + "CodeBuildOutboundPolicyLambdaUpdate": { "Type": "AWS::IAM::Policy", "Properties": { "Roles": [ { - "Ref": "CodeBuildConverterRole" + "Ref": "CodeBuildOutboundRole" } ], - "PolicyName": "s3_access", + "PolicyName": "update_lambda_code", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "s3:*", + "Action": "lambda:UpdateFunctionCode", "Resource": { - "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" + "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailOutbound}" } } ] @@ -746,7 +802,7 @@ "Branch": { "Ref": "Stage" }, - "PollForSourceChanges": true, + "PollForSourceChanges": false, "OAuthToken": { "Ref": "GitHubToken" } @@ -961,6 +1017,34 @@ } } }, + "PipelineInboundWebhook": { + "Type": "AWS::CodePipeline::Webhook", + "Properties": { + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": { + "Ref": "GitHubToken" + } + }, + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}" + } + ], + "TargetPipeline": { + "Ref": "PipelineInbound" + }, + "TargetAction": "Material", + "TargetPipelineVersion": { + "Fn::GetAtt": [ + "PipelineInbound", + "Version" + ] + }, + "RegisterWithThirdParty": true + } + }, "CodeBuildInbound": { "Type": "AWS::CodeBuild::Project", "Properties": { @@ -1091,6 +1175,27 @@ } } }, + "LambdaEmailInboundRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "RoleName": "0x4447_s3_email_lambda_inbound", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + } + }, "LambdaEmailInbound": { "Type": "AWS::Lambda::Function", "Description": "This Lambda organizes all the incoming emails based on the From and To field.", @@ -1100,7 +1205,7 @@ "ZipFile": "exports.handler = async (event) => {return true;};" }, "Handler": "index.handler", - "MemorySize": 128, + "MemorySize": 256, "Role": { "Fn::GetAtt": [ "LambdaEmailInboundRole", @@ -1118,27 +1223,6 @@ } } }, - "LambdaEmailInboundRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "RoleName": "0x4447_s3_email_lambda_inbound", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - } - }, "S3InboundPermission": { "Type": "AWS::Lambda::Permission", "DependsOn": "LambdaEmailInbound", @@ -1199,10 +1283,10 @@ } } }, - "PipelineOutbound": { + "PipelineConverter": { "Type": "AWS::CodePipeline::Pipeline", "Properties": { - "Name": "0x4447_s3_email_lambda_outbound", + "Name": "0x4447_s3_email_lambda_converter", "ArtifactStore": { "Location": { "Ref": "CodePipelineBucketName" @@ -1211,7 +1295,7 @@ }, "RoleArn": { "Fn::GetAtt": [ - "PipelineOutboundRole", + "PipelineConverterRole", "Arn" ] }, @@ -1230,11 +1314,11 @@ }, "Configuration": { "Owner": "0x4447", - "Repo": "0x4447-product-s3-email-lambda-outbound", + "Repo": "0x4447-product-s3-email-lambda-converter", "Branch": { "Ref": "Stage" }, - "PollForSourceChanges": true, + "PollForSourceChanges": false, "OAuthToken": { "Ref": "GitHubToken" } @@ -1260,7 +1344,7 @@ ], "Configuration": { "ProjectName": { - "Ref": "CodeBuildOutbound" + "Ref": "CodeBuildConverter" } }, "ActionTypeId": { @@ -1275,13 +1359,13 @@ ] } }, - "PipelineOutboundPolicy": { + "PipelineConverterPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "default", "Roles": [ { - "Ref": "PipelineOutboundRole" + "Ref": "PipelineConverterRole" } ], "PolicyDocument": { @@ -1431,10 +1515,10 @@ } } }, - "PipelineOutboundRole": { + "PipelineConverterRole": { "Type": "AWS::IAM::Role", "Properties": { - "RoleName": "0x4447_s3_email_codepipeline_outbound", + "RoleName": "0x4447_s3_email_codepipeline_converter", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -1449,31 +1533,41 @@ } } }, - "CodeBuildOutboundRole": { - "Type": "AWS::IAM::Role", + "PipelineConverterWebhook": { + "Type": "AWS::CodePipeline::Webhook", "Properties": { - "RoleName": "0x4447_s3_email_codebuild_outbound", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": { + "Ref": "GitHubToken" + } + }, + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}" + } + ], + "TargetPipeline": { + "Ref": "PipelineConverter" + }, + "TargetAction": "Material", + "TargetPipelineVersion": { + "Fn::GetAtt": [ + "PipelineConverter", + "Version" ] - } + }, + "RegisterWithThirdParty": true } }, - "CodeBuildOutbound": { + "CodeBuildConverter": { "Type": "AWS::CodeBuild::Project", "Properties": { - "Name": "0x4447_s3_email_outbound", + "Name": "0x4447_s3_email_converter", "ServiceRole": { "Fn::GetAtt": [ - "CodeBuildOutboundRole", + "CodeBuildConverterRole", "Arn" ] }, @@ -1494,19 +1588,37 @@ "Name": "FUNCTION_NAME", "Type": "PLAINTEXT", "Value": { - "Ref": "LambdaEmailOutbound" + "Ref": "LambdaEmailConverter" } } ] } } }, - "CodeBuildOutboundPolicyCWL": { + "CodeBuildConverterRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "RoleName": "0x4447_s3_email_codebuild_converter", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + } + }, + "CodeBuildConverterPolicyCWL": { "Type": "AWS::IAM::Policy", "Properties": { "Roles": [ { - "Ref": "CodeBuildOutboundRole" + "Ref": "CodeBuildConverterRole" } ], "PolicyName": "cloud_watch_log_access", @@ -1522,10 +1634,10 @@ ], "Resource": [ { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound" + "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_converter" }, { - "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_outbound:*" + "Fn::Sub": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/0x4447_s3_email_converter:*" } ] } @@ -1533,83 +1645,87 @@ } } }, - "CodeBuildOutboundPolicyS3": { + "CodeBuildConverterPolicyLambdaUpdate": { "Type": "AWS::IAM::Policy", "Properties": { "Roles": [ { - "Ref": "CodeBuildOutboundRole" + "Ref": "CodeBuildConverterRole" } ], - "PolicyName": "s3_access", + "PolicyName": "update_lambda_code", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "s3:*", + "Action": "lambda:UpdateFunctionCode", "Resource": { - "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" + "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailConverter}" } } ] } } }, - "CodeBuildOutboundPolicyLambdaUpdate": { + "CodeBuildConverterPolicyS3": { "Type": "AWS::IAM::Policy", "Properties": { "Roles": [ { - "Ref": "CodeBuildOutboundRole" + "Ref": "CodeBuildConverterRole" } ], - "PolicyName": "update_lambda_code", + "PolicyName": "s3_access", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "lambda:UpdateFunctionCode", + "Action": "s3:*", "Resource": { - "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LambdaEmailOutbound}" + "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*" } } ] } } }, - "LambdaEmailOutbound": { + "LambdaEmailConverter": { "Type": "AWS::Lambda::Function", - "Description": "Take the JSON and convert it in to an raw email.", + "Description": "This Lambda converts raw emails files in to HTML and TEXT ones.", "Properties": { - "FunctionName": "0x4447-s3-email-outbound", + "FunctionName": "0x4447-s3-email-converter", "Code": { "ZipFile": "exports.handler = async (event) => {return true;};" }, "Handler": "index.handler", - "MemorySize": 128, + "MemorySize": 256, "Role": { "Fn::GetAtt": [ - "LambdaEmailOutboundRole", + "LambdaEmailConverterRole", "Arn" ] }, "Runtime": "nodejs8.10", - "Timeout": 60, - "Environment": { - "Variables": { - "BUCKET": { - "Ref": "EmailRestingPlace" - } - } - } + "Timeout": 60 } }, - "LambdaEmailOutboundRole": { + "S3ConverterPermission": { + "Type": "AWS::Lambda::Permission", + "DependsOn": "LambdaEmailConverter", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "LambdaEmailConverter" + }, + "Principal": "s3.amazonaws.com" + } + }, + "LambdaEmailConverterRole": { "Type": "AWS::IAM::Role", "Properties": { - "RoleName": "0x4447_s3_email_lambda_outbound", + "RoleName": "0x4447_s3_email_lambda_converter", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -1627,24 +1743,13 @@ ] } }, - "S3OutboundPermission": { - "Type": "AWS::Lambda::Permission", - "DependsOn": "LambdaEmailOutbound", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "LambdaEmailOutbound" - }, - "Principal": "s3.amazonaws.com" - } - }, - "LambdaEmailOutboundPolicyS3": { + "LambdaEmailConverterPolicyS3": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "S3_access", "Roles": [ { - "Ref": "LambdaEmailOutboundRole" + "Ref": "LambdaEmailConverterRole" } ], "PolicyDocument": { @@ -1665,27 +1770,6 @@ ] } } - }, - "LambdaEmailOutboundPolicySES": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyName": "ses", - "Roles": [ - { - "Ref": "LambdaEmailOutboundRole" - } - ], - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "ses:SendRawEmail", - "Resource": "*" - } - ] - } - } } } } \ No newline at end of file