-
Notifications
You must be signed in to change notification settings - Fork 3
/
template.yml
115 lines (107 loc) · 4.41 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# This is the SAM template that represents the architecture of your serverless application
# https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-template-basics.html
# The AWSTemplateFormatVersion identifies the capabilities of the template
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/format-version-structure.html
AWSTemplateFormatVersion: 2010-09-09
Description: >-
Public Editor algorithms for responding to messages:
1. Task created
2. Taskrun submitted
3. Determine task consensus
4. Generate visualizations (if all tasks done) and update newsfeed.
# Transform section specifies one or more macros that AWS CloudFormation uses to process your template
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html
Transform: AWS::Serverless-2016-10-31
# Shared configuration for all resources, more in
# https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
# The PermissionsBoundary allows users to safely develop with their function's permissions constrained
# to their current application. All the functions and roles in this application have to include it and
# it has to be manually updated when you add resources to your application.
# More information in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
PermissionsBoundary: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/${AppId}-${AWS::Region}-PermissionsBoundary'
Timeout: 300
Parameters:
AppId:
Description: Application ID.
Type: String
Default: public-editor-alg
AllowedPattern: ^([a-zA-Z0-9-])+$
ConstraintDescription: Application IDs must be between 2 and 20 characters, begin with a letter, and only contain lowercase letters, numbers, and hyphens (-).
MinLength: 2
MaxLength: 20
LayerARN:
Description: A layer ARN with the dependencies numpy and pandas.
Type: AWS::SSM::Parameter::Value<String>
Default: pe-consensus-scoring-layer-arn:1
QueueStackName:
Description: Name of an active CloudFormation stack that contains the input and output queues.
Type: String
MinLength: 1
MaxLength: 255
AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9]*$"
Default: "pe-task-queues"
KMSKey:
Description: The key to encrypt queues with.
Type: AWS::SSM::Parameter::Value<String>
Default: public-editor-queues-key:1
# Resources declares the AWS resources that you want to include in the stack
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html
Resources:
# Each Lambda function is defined by properties:
# https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
PublicEditorDispatcher:
Type: AWS::Serverless::Function
Properties:
CodeUri: consensus_and_scoring/
Handler: app.lambda_handler
Runtime: python3.8
Layers:
- !Ref LayerARN
MemorySize: 1024
Timeout: 300
Description: Listens to an SQS queue and dispatches events to algorithms.
Policies:
- AWSLambdaBasicExecutionRole
- SQSPollerPolicy:
QueueName:
Fn::ImportValue:
!Sub '${QueueStackName}-InputQueueName'
- SQSSendMessagePolicy:
QueueName:
Fn::ImportValue:
!Sub '${QueueStackName}-OutputQueueName'
- Statement:
- Sid: AllowKMSForQueue
Effect: Allow
Action:
- kms:Decrypt
- kms:GenerateDataKey
Resource: !Ref KMSKey
Events:
InputSQSEvents:
Type: SQS
Properties:
Queue:
Fn::ImportValue:
!Sub '${QueueStackName}-InputQueueARN'
BatchSize: 1
Enabled: true
LambdaInvokePermission:
Type: 'AWS::Lambda::Permission'
Properties:
FunctionName: !GetAtt PublicEditorDispatcher.Arn
Action: 'lambda:InvokeFunction'
Principal: 'sqs.amazonaws.com'
SourceAccount: !Sub ${AWS::AccountId}
SourceArn:
Fn::ImportValue:
!Sub '${QueueStackName}-InputQueueARN'
Outputs:
PublicEditorDispatcherARN:
Description: "Public Editor Task Processor ARN"
Value: !GetAtt PublicEditorDispatcher.Arn
PublicEditorDispatcherNAME:
Description: "Public Editor Task Processor Name"
Value: !Ref PublicEditorDispatcher