generated from Sage-Bionetworks-IT/lambda-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
template.yaml
94 lines (85 loc) · 2.63 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
A lambda for sending monthly cloud-spend emails for STRIDES accounts
Parameters:
Sender:
Type: String
Description: Sender email address
Recipients:
Type: String
Description: Comma-separated list of email recipients
OmitCostsLessThan:
Type: Number
Description: 'Totals less than this amount will not be reported. Default: $0.01'
Default: '0.01'
ScheduleExpression:
Type: String
Description: EventBridge Schedule Expression
Default: cron(30 10 2 * ? *)
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 120
Resources:
#lambda execution role config
MonthlyS3UsageLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: 'LambdaSSMAssume'
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: LambdaAccess
PolicyDocument:
Statement:
- Action:
- "ce:Describe*"
- "ce:Get*"
- "ce:List*"
- "iam:ListAccountAliases"
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:DescribeLogStreams"
- "logs:PutLogEvents"
- "ses:SendEmail"
Resource: "*"
Effect: Allow
# This Lambda will query Cost Explorer for costs related to S3
MonthlyS3Usage:
Type: AWS::Serverless::Function
Properties:
Handler: s3_cost_report/app.lambda_handler
CodeUri: .
Runtime: python3.12
MemorySize: 128
Role: !GetAtt MonthlyS3UsageLambdaRole.Arn
Environment:
Variables:
SENDER: !Ref Sender
RECIPIENTS: !Ref Recipients
MINIMUM: !Ref OmitCostsLessThan
Events:
ScheduledEventTrigger:
Type: Schedule
Properties:
Schedule: !Ref ScheduleExpression
LambdaInvokePermission:
Type: AWS::Lambda::Permission
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !Ref MonthlyS3Usage
Principal: 'events.amazonaws.com'
Outputs:
MonthlySe3UsageFunctionArn:
Description: "MonthlyS3Usage Lambda Function ARN"
Value: !GetAtt MonthlyS3Usage.Arn
MonthlyS3UsageFunctionRoleArn:
Description: "IAM Role created for MonthlyS3Usage function"
Value: !GetAtt MonthlyS3UsageLambdaRole.Arn