-
Notifications
You must be signed in to change notification settings - Fork 1
/
template.yaml
131 lines (125 loc) · 3.94 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: |
Starling Bank transaction round-up application
Globals:
Function:
Timeout: 3
MemorySize: 128
Handler: main
Runtime: go1.x
Parameters:
CodeBucketParameter:
Type: String
Default: me.billglover.starling
Description: the s3 bucket where code packages are stored for Lambda functions
HookHandlerCodePackage:
Type: String
Default: hook.zip
Description: the package containing the code for the web-hook handler
RecordHandlerCodePackage:
Type: String
Default: record.zip
Description: the package containing the code for the record handler
Resources:
# WebHookHandler handles inbound web-hook requests by writing them directly
# to a DynamoDB table. It returns success unless unable to write to the DB.
WebHookHandler:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri:
Bucket:
Ref: CodeBucketParameter
Key:
Ref: HookHandlerCodePackage
Policies:
# access required to write records to the DB
- DynamoDBCrudPolicy:
TableName:
Ref: Table
# access required to read values in the parameter store
- Statement:
- Effect: Allow
Action:
- 'ssm:GetParameter*'
- 'ssm:DescribeParameters'
Resource: !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/starling-*"
Events:
CatchAll:
Type: Api
Properties:
Path: /callback
Method: POST
Environment:
Variables:
STARLING_TABLE:
Ref: Table
STARLING_REGION:
Ref: 'AWS::Region'
# RecordHandler handles changes to records in the transaction database, rounding
# them up where appropriate and moving the delta to a savings account.
RecordHandler:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri:
Bucket:
Ref: CodeBucketParameter
Key:
Ref: RecordHandlerCodePackage
Policies:
# access required to the DB event stream
- DynamoDBStreamReadPolicy:
TableName:
Ref: Table
StreamName:
Fn::GetAtt: [Table, StreamArn]
# access required to write records to the DB
- DynamoDBCrudPolicy:
TableName:
Ref: Table
# access required to read values in the parameter store
- Statement:
- Effect: Allow
Action:
- 'ssm:GetParameter*'
- 'ssm:DescribeParameters'
Resource: !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/starling-*"
Events:
Stream:
Type: DynamoDB
Properties:
Stream:
Fn::GetAtt: [Table, StreamArn]
BatchSize: 1
StartingPosition: TRIM_HORIZON
# Table is the DynamoDB table where inbound transactions are stored. An event stream
# is configured to allow processing to be triggered whenever a new or updated
# record gets written to the table.
Table:
Type: 'AWS::DynamoDB::Table'
Properties:
AttributeDefinitions:
- AttributeName: uid
AttributeType: S
KeySchema:
- AttributeName: uid
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
StreamSpecification:
StreamViewType: NEW_IMAGE
Outputs:
WebHook:
Description: The web-hook you need to provide to Starling Bank
Value:
'Fn::Sub': >-
https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/callback/
WebHookHandlerFunction:
Description: The lambda function that handles the web-hook requests
Value:
Ref: WebHookHandler
RecordHandlerFunction:
Description: The lambda function that handles the database records
Value:
Ref: RecordHandler