sample templates

mwunderl · mwunderl · commit 500357fdc87f · 2019-09-05T16:16:03.000-07:00
diff --git a/sample-apps/blank/cleanup.sh b/sample-apps/blank/cleanup.sh
@@ -1,5 +1,15 @@
 #!/bin/bash
 set -eo pipefail
+OUTPUT_BUCKET=$(aws cloudformation describe-stack-resource --stack-name blank --logical-resource-id bucket --query 'StackResourceDetail.PhysicalResourceId' --output text)
+while true; do
+    read -p "Delete output bucket ($OUTPUT_BUCKET)?" response
+    case $response in
+        [Yy]* ) aws s3 rb --force s3://$OUTPUT_BUCKET; aws cloudformation delete-stack --stack-name blank; break;;
+        [Nn]* ) aws cloudformation delete-stack --stack-name blank --retain-resources bucket; exit;;
+        * ) echo "Response must start with y or n.";;
+    esac
+done
+echo "Deleted function stack"
 aws cloudformation delete-stack --stack-name blank
 if [ -f bucket-name.txt ]; then
     ARTIFACT_BUCKET=$(cat bucket-name.txt)
diff --git a/sample-apps/blank/deploy.sh.template b/sample-apps/blank/deploy.sh.template
@@ -1,4 +1,7 @@
 #!/bin/bash
 set -eo pipefail
+cd function 
+npm install --production
+cd ../
 aws cloudformation package --template-file template.yaml --s3-bucket MY_BUCKET --output-template-file out.yml
 aws cloudformation deploy --template-file out.yml --stack-name blank --capabilities CAPABILITY_NAMED_IAM
diff --git a/sample-apps/blank/template.yaml b/sample-apps/blank/template.yaml
@@ -4,24 +4,6 @@ Description: An AWS Lambda application that uses AWS X-Ray and Amazon S3.
 Resources:
   bucket:
     Type: AWS::S3::Bucket
-  role:
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        Version: "2012-10-17"
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              Service:
-                - lambda.amazonaws.com
-            Action:
-              - sts:AssumeRole
-      ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess
-        - arn:aws:iam::aws:policy/AmazonS3FullAccess
-        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-      Path: /service-role/
   function:
     Type: AWS::Serverless::Function
     Properties:
@@ -31,7 +13,18 @@ Resources:
       Description: Write a file to S3.
       MemorySize: 128
       Timeout: 10
-      Role: !GetAtt role.Arn
+      # Function's execution role
+      Policies:
+        - AWSLambdaBasicExecutionRole
+        - AmazonS3FullAccess
+        - AWSXrayWriteOnlyAccess
+        - AWSLambdaVPCAccessExecutionRole
+      VpcConfig:
+        SecurityGroupIds:
+          - Fn::ImportValue: lambda-vpc-private-vpc-sg
+        SubnetIds:
+          - Fn::ImportValue: lambda-vpc-private-subnet-a
+          - Fn::ImportValue: lambda-vpc-private-subnet-b
       Environment:
         Variables:
           bucket: !Ref bucket
diff --git a/templates/vpc-private.yaml b/templates/vpc-private.yaml
@@ -94,4 +94,9 @@ Outputs:
     Description: Private Subnet B ID
     Value: !Ref privateSubnet2
     Export:
-      Name: !Join ["-", [!Ref "AWS::StackName","subnet-b"]]
+      Name: !Join ["-", [!Ref "AWS::StackName","subnet-b"]]
+  privateVPCSecurityGroup:
+    Description: Default security for Lambda VPC
+    Value: !GetAtt privateVPC.DefaultSecurityGroup
+    Export:
+      Name: !Join ["-", [!Ref "AWS::StackName","vpc-sg"]]
diff --git a/templates/vpc-privatepublic.yaml b/templates/vpc-privatepublic.yaml
@@ -137,7 +137,7 @@ Resources:
       ServiceName: !Sub com.amazonaws.${AWS::Region}.dynamodb
       VpcId: !Ref pubPrivateVPC
 Outputs:
-  privateVPCID:
+  pubPrivateVPCID:
     Description: VPC ID
     Value: !Ref pubPrivateVPC
     Export:
@@ -157,5 +157,10 @@ Outputs:
     Value: !Ref privateSubnet2
     Export:
       Name: !Join ["-", [!Ref "AWS::StackName","private-subnet-b"]]
+  privateVPCSecurityGroup:
+    Description: Default security for Lambda VPC
+    Value: !GetAtt pubPrivateVPC.DefaultSecurityGroup
+    Export:
+      Name: !Join ["-", [!Ref "AWS::StackName","vpc-sg"]]
 
 
