-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
142 lines (133 loc) · 3.77 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
SAM Template for documentation chatbot serverless application
Globals:
Function:
Runtime: python3.11
Handler: main.lambda_handler
Architectures:
- arm64
Tracing: Active
Environment:
Variables:
LOG_LEVEL: INFO
Layers:
- !Sub arn:aws:lambda:${AWS::Region}:017000801446:layer:AWSLambdaPowertoolsPythonV2-Arm64:37
Parameters:
OpensearchURL:
Type: String
Resources:
DocumentBucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Sub "${AWS::StackName}-${AWS::Region}-${AWS::AccountId}"
NotificationConfiguration:
QueueConfigurations:
- Event: 's3:ObjectCreated:*'
Queue: !GetAtt EmbeddingQueue.Arn
CorsConfiguration:
CorsRules:
- AllowedHeaders:
- "*"
AllowedMethods:
- GET
- PUT
- HEAD
- POST
- DELETE
AllowedOrigins:
- "*"
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
DocumentBucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
PolicyDocument:
Id: EnforceHttpsPolicy
Version: "2012-10-17"
Statement:
- Sid: EnforceHttpsSid
Effect: Deny
Principal: "*"
Action: "s3:*"
Resource:
- !Sub "arn:aws:s3:::${DocumentBucket}/*"
- !Sub "arn:aws:s3:::${DocumentBucket}"
Condition:
Bool:
"aws:SecureTransport": "false"
Bucket: !Ref DocumentBucket
EmbeddingQueue:
Type: AWS::SQS::Queue
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
VisibilityTimeout: 180
MessageRetentionPeriod: 3600
EmbeddingQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
Queues:
- !Ref EmbeddingQueue
PolicyDocument:
Version: "2012-10-17"
Id: SecureTransportPolicy
Statement:
Effect: Allow
Principal:
Service: "s3.amazonaws.com"
Action:
- "sqs:SendMessage"
Resource: !GetAtt EmbeddingQueue.Arn
GenerateEmbeddingsFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/generate_embeddings/
Timeout: 180
MemorySize: 2048
Policies:
- SQSPollerPolicy:
QueueName: !GetAtt EmbeddingQueue.QueueName
- S3CrudPolicy:
BucketName: !Ref DocumentBucket
- Statement:
- Sid: "BedrockScopedAccess"
Effect: "Allow"
Action: "bedrock:InvokeModel"
Resource: "arn:aws:bedrock:*::foundation-model/amazon.titan-embed-text-v1"
Environment:
Variables:
OPENSEARCH_URL: !Ref OpensearchURL
BUCKET: !Ref DocumentBucket
Events:
EmbeddingQueueEvent:
Type: SQS
Properties:
Queue: !GetAtt EmbeddingQueue.Arn
BatchSize: 1
GenerateResponseStreaming:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/generate_response_streaming
Handler: index.handler
Runtime: nodejs18.x
Timeout: 30
MemorySize: 256
Policies:
- Statement:
- Effect: Allow
Action: 'bedrock:*'
Resource: '*'
Environment:
Variables:
OPENSEARCH_URL: !Ref OpensearchURL
GenerateResponseStreamingInvocationURL:
Type: AWS::Lambda::Url
Properties:
TargetFunctionArn: !Ref GenerateResponseStreaming
AuthType: AWS_IAM
InvokeMode: RESPONSE_STREAM