{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Lambda resource stack creation using Amplify CLI", "Parameters": { "env": { "Type": "String" }<%if (props.dependsOn && props.dependsOn.length > 0) { %>,<% } %> <% for(var i=0; i < props.dependsOn.length; i++) { %> <% for(var j=0; j < props.dependsOn[i].attributes.length; j++) { %> "<%= props.dependsOn[i].category %><%= props.dependsOn[i].resourceName %><%= props.dependsOn[i].attributes[j] %>": { "Type": "String", "Default": "<%= props.dependsOn[i].category %><%= props.dependsOn[i].resourceName %><%= props.dependsOn[i].attributes[j] %>" }<%if (i !== props.dependsOn.length - 1 || j !== props.dependsOn[i].attributes.length - 1) { %>,<% } %> <% } %> <% } %> }, "Conditions": { "ShouldNotCreateEnvResources": { "Fn::Equals": [ { "Ref": "env" }, "NONE" ] } }, "Resources": { "LambdaFunction": { "Type": "AWS::Lambda::Function", "Metadata": { "aws:asset:path": "./src", "aws:asset:property": "Code" }, "Properties": { "Handler": "index.handler", "FunctionName": { "Fn::If": [ "ShouldNotCreateEnvResources", "<%= props.functionName %>", { "Fn::Join": [ "", [ "<%= props.functionName %>", "-", { "Ref": "env" } ] ] } ] }, "Environment": { "Variables" : { "ENV": { "Ref": "env" }, "GROUP": "<%= props.lambdaGroupVar %>", "USERPOOL" : { "Ref": "auth<%= props.authResourceName %>UserPoolId" } } }, "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] }, "Runtime": "nodejs22.x", "Timeout": 25 } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": { "Fn::If": [ "ShouldNotCreateEnvResources", "<%=props.roleName %>", { "Fn::Join": [ "", [ "<%=props.roleName %>", "-", { "Ref": "env" } ] ] } ] }, "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] } } } ,"lambdaexecutionpolicy": { "DependsOn": ["LambdaExecutionRole"], "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "lambda-execution-policy", "Roles": [{ "Ref": "LambdaExecutionRole" }], "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"], "Resource": { "Fn::Sub" : [ "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", { "region": {"Ref": "AWS::Region"}, "account": {"Ref": "AWS::AccountId"}, "lambda": {"Ref": "LambdaFunction"}} ]} }, { "Effect": "Allow", "Action": [ "cognito-idp:ListUsersInGroup", "cognito-idp:AdminUserGlobalSignOut", "cognito-idp:AdminEnableUser", "cognito-idp:AdminDisableUser", "cognito-idp:AdminRemoveUserFromGroup", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminListGroupsForUser", "cognito-idp:AdminGetUser", "cognito-idp:AdminConfirmSignUp", "cognito-idp:ListUsers", "cognito-idp:ListGroups" ], "Resource": { "Fn::Join": [ "", [ "arn:aws:cognito-idp:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":userpool/", { "Ref": "auth<%= props.authResourceName %>UserPoolId" } ] ] } } ] } } } }, "Outputs": { "Name": { "Value": { "Ref": "LambdaFunction" } }, "Arn": { "Value": {"Fn::GetAtt": ["LambdaFunction", "Arn"]} }, "Region": { "Value": { "Ref": "AWS::Region" } }, "LambdaExecutionRole": { "Value": { "Ref": "LambdaExecutionRole" } } } }