From 4682f1718cccd563102209d710863d619e88510d Mon Sep 17 00:00:00 2001 From: Michael Jacobson Date: Wed, 8 Feb 2023 15:19:21 +0000 Subject: [PATCH] remove cloudformation YAML file, leaving only CDK --- .../support-reminders.test.ts.snap | 8568 +++++------------ cdk/lib/support-reminders.ts | 9 - cfn.yaml | 1008 -- 3 files changed, 2499 insertions(+), 7086 deletions(-) delete mode 100644 cfn.yaml diff --git a/cdk/lib/__snapshots__/support-reminders.test.ts.snap b/cdk/lib/__snapshots__/support-reminders.test.ts.snap index 8504218..9fa7a75 100644 --- a/cdk/lib/__snapshots__/support-reminders.test.ts.snap +++ b/cdk/lib/__snapshots__/support-reminders.test.ts.snap @@ -2,30 +2,6 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { - "AWSTemplateFormatVersion": "2010-09-09", - "Conditions": { - "IsProd": { - "Fn::Equals": [ - { - "Ref": "Stage", - }, - "PROD", - ], - }, - }, - "Description": "The lambdas for supporter reminders", - "Mappings": { - "StageMap": { - "CODE": { - "CorsOrigin": "'*'", - "DomainName": "reminders-code.support.guardianapis.com", - }, - "PROD": { - "CorsOrigin": "'*'", - "DomainName": "reminders.support.guardianapis.com", - }, - }, - }, "Metadata": { "gu:cdk:constructs": [ "GuStringParameter", @@ -74,19 +50,6 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, }, "Parameters": { - "CertificateArn": { - "Description": "ARN of the certificate", - "Type": "String", - }, - "DatalakeBucket": { - "Description": "Bucket to upload data for ingestion into BigQuery", - "Type": "String", - }, - "DeployBucket": { - "Default": "membership-dist", - "Description": "Bucket to copy files to", - "Type": "String", - }, "DistributionBucketName": { "Default": "/account/services/artifact.bucket", "Description": "SSM parameter containing the S3 bucket name holding distribution artifacts", @@ -97,98 +60,17 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Description": "A list of private subnets", "Type": "AWS::SSM::Parameter::Value>", }, - "SecurityGroupToAccessPostgres": { - "Description": "Security group to access the RDS instance", - "Type": "String", - }, "SecurityGroupToAccessPostgresCDK": { "Description": "Security group to access the RDS instance", "Type": "String", }, - "Stack": { - "Default": "support", - "Description": "Stack name", - "Type": "String", - }, - "Stage": { - "AllowedValues": [ - "CODE", - "PROD", - ], - "Description": "Set by RiffRaff on each deploy", - "Type": "String", - }, "VpcId": { "Default": "/account/vpc/primary/id", "Description": "Virtual Private Cloud to run EC2 instances within. Should NOT be the account default VPC.", "Type": "AWS::SSM::Parameter::Value", }, - "VpcSubnets": { - "Description": "Subnets for RDS access", - "Type": "List", - }, }, "Resources": { - "ApiGateway4XXAlarm": { - "Condition": "IsProd", - "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", - }, - ], - "AlarmDescription": "Reminders API received an invalid request", - "AlarmName": { - "Fn::Sub": "support-reminders-\${Stage} API gateway 4XX response", - }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "ApiName", - "Value": { - "Fn::Sub": "support-reminders-\${Stage}", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "4XXError", - "Namespace": "AWS/ApiGateway", - "Period": 300, - "Statistic": "Sum", - "Threshold": 8, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "ApiGateway5XXAlarm": { - "Condition": "IsProd", - "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", - }, - ], - "AlarmDescription": "Reminders API failed to create a signup", - "AlarmName": { - "Fn::Sub": "support-reminders-\${Stage} API gateway 5XX response", - }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "ApiName", - "Value": { - "Fn::Sub": "support-reminders-\${Stage}", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "5XXError", - "Namespace": "AWS/ApiGateway", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, "ApiGatewayHigh5xxPercentageAlarmSupportreminders2F3286A8": { "Properties": { "ActionsEnabled": true, @@ -276,36 +158,43 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::ApiGateway::BasePathMapping", }, - "CancelRemindersLambda": { + "DNSRecord": { "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for cancelling pending support reminders", - "Environment": { - "Variables": { - "Stage": { - "Ref": "Stage", - }, + "HostedZoneId": "Z3KO35ELNWZMSX", + "Name": "reminders-code.support.guardianapis.com", + "ResourceRecords": [ + { + "Fn::GetAtt": [ + "DomainName", + "RegionalDomainName", + ], }, + ], + "TTL": "60", + "Type": "CNAME", + }, + "Type": "AWS::Route53::RecordSet", + }, + "DomainName": { + "Properties": { + "DomainName": "reminders-code.support.guardianapis.com", + "EndpointConfiguration": { + "Types": [ + "REGIONAL", + ], }, - "FunctionName": { - "Fn::Sub": "support-reminders-cancel-reminders-\${Stage}", - }, - "Handler": "cancel-reminders/lambda/lambda.handler", - "MemorySize": 128, - "Role": { - "Fn::GetAtt": [ - "CancelRemindersLambdaRole", - "Arn", + "RegionalCertificateArn": { + "Fn::Join": [ + "", + [ + "arn:aws:acm:eu-west-1:", + { + "Ref": "AWS::AccountId", + }, + ":certificate/b384a6a0-2f54-4874-b99b-96eeff96c009", + ], ], }, - "Runtime": "nodejs12.x", "Tags": [ { "Key": "gu:cdk:version", @@ -315,10 +204,6 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Key": "gu:repo", "Value": "guardian/support-reminders", }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, { "Key": "Stack", "Value": "support", @@ -328,125 +213,76 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Value": "CODE", }, ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, - ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, - }, }, - "Type": "AWS::Lambda::Function", + "Type": "AWS::ApiGateway::DomainName", }, - "CancelRemindersLambdaAlarm": { - "Condition": "IsProd", + "RestApi0C43BF4B": { "Properties": { - "AlarmActions": [ + "Name": "support-CODE-support-reminders", + "Tags": [ { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", + "Key": "gu:cdk:version", + "Value": "TEST", }, - ], - "AlarmDescription": "Failed to cancel pending reminders", - "AlarmName": { - "Fn::Sub": "support-reminders-cancel-reminders-\${Stage} lambda error", - }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ { - "Name": "FunctionName", - "Value": { - "Ref": "CancelRemindersLambda", - }, + "Key": "gu:repo", + "Value": "guardian/support-reminders", + }, + { + "Key": "Stack", + "Value": "support", + }, + { + "Key": "Stage", + "Value": "CODE", }, ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::ApiGateway::RestApi", }, - "CancelRemindersLambdaCreateOneOffPermissionProd": { + "RestApiAccount7C83CF5A": { + "DeletionPolicy": "Retain", + "DependsOn": [ + "RestApi0C43BF4B", + ], "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "CancelRemindersLambda", - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/cancel", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", - }, - "__Stage__": "*", - }, + "CloudWatchRoleArn": { + "Fn::GetAtt": [ + "RestApiCloudWatchRoleE3ED6605", + "Arn", ], }, }, - "Type": "AWS::Lambda::Permission", + "Type": "AWS::ApiGateway::Account", + "UpdateReplacePolicy": "Retain", }, - "CancelRemindersLambdaRole": { + "RestApiCloudWatchRoleE3ED6605": { + "DeletionPolicy": "Retain", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { - "Action": [ - "sts:AssumeRole", - ], + "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], + "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/idapi/\${Stage}/*", - }, - ], - }, - }, - "PolicyName": "CancelRemindersLambdaRolePolicy1", - }, { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, - }, - "PolicyName": "CancelRemindersLambdaRolePolicy2", + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", + ], + ], }, ], "Tags": [ @@ -458,10 +294,6 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Key": "gu:repo", "Value": "guardian/support-reminders", }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, { "Key": "Stack", "Value": "support", @@ -473,37 +305,49 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` ], }, "Type": "AWS::IAM::Role", + "UpdateReplacePolicy": "Retain", }, - "CreateReminderSignupLambda": { + "RestApiDeployment180EC503d2cb2be0005db05db147addfa52a7f38": { + "DependsOn": [ + "RestApicancelOPTIONS8CB256F3", + "RestApicancelPOST51F94A62", + "RestApicancel928D6387", + "RestApicreateoneoffOPTIONS1F89A992", + "RestApicreateoneoffPOST41A64A32", + "RestApicreateoneoff2D1FCD3C", + "RestApicreateOPTIONSC3837E5E", + "RestApicreaterecurringOPTIONSFBFDACD1", + "RestApicreaterecurringPOSTC2005445", + "RestApicreaterecurringA327119C", + "RestApicreate68AA2AF0", + "RestApiOPTIONS6AA64D2D", + "RestApireactivateOPTIONS263B776D", + "RestApireactivatePOSTF57FC066", + "RestApireactivateDE09DAB5", + "RestApisearchOPTIONSDF398734", + "RestApisearchPOST5D2A9A4A", + "RestApisearchA0D22340", + ], "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for creating support reminders", - "Environment": { - "Variables": { - "Stage": { - "Ref": "Stage", - }, - }, + "Description": "Automatically created by the RestApi construct", + "RestApiId": { + "Ref": "RestApi0C43BF4B", }, - "FunctionName": { - "Fn::Sub": "support-reminders-create-reminder-signup-\${Stage}", + }, + "Type": "AWS::ApiGateway::Deployment", + }, + "RestApiDeploymentStageprod3855DE66": { + "DependsOn": [ + "RestApiAccount7C83CF5A", + ], + "Properties": { + "DeploymentId": { + "Ref": "RestApiDeployment180EC503d2cb2be0005db05db147addfa52a7f38", }, - "Handler": "create-reminder-signup/lambda/lambda.handler", - "MemorySize": 128, - "Role": { - "Fn::GetAtt": [ - "CreateReminderSignupLambdaRole", - "Arn", - ], + "RestApiId": { + "Ref": "RestApi0C43BF4B", }, - "Runtime": "nodejs12.x", + "StageName": "prod", "Tags": [ { "Key": "gu:cdk:version", @@ -513,10 +357,6 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Key": "gu:repo", "Value": "guardian/support-reminders", }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, { "Key": "Stack", "Value": "support", @@ -526,721 +366,583 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Value": "CODE", }, ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, - ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, - }, }, - "Type": "AWS::Lambda::Function", + "Type": "AWS::ApiGateway::Stage", }, - "CreateReminderSignupLambdaAlarm": { - "Condition": "IsProd", + "RestApiOPTIONS6AA64D2D": { "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + }, + "StatusCode": "204", + }, + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, - ], - "AlarmDescription": "Failed to create a reminder signup", - "AlarmName": { - "Fn::Sub": "support-reminders-create-reminder-signup-\${Stage} lambda error", + "Type": "MOCK", }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ + "MethodResponses": [ { - "Name": "FunctionName", - "Value": { - "Ref": "CreateReminderSignupLambda", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, + "StatusCode": "204", }, ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "CreateReminderSignupLambdaCreateOneOffPermissionProd": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "CreateReminderSignupLambda", - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/create/one-off", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", - }, - "__Stage__": "*", - }, + "ResourceId": { + "Fn::GetAtt": [ + "RestApi0C43BF4B", + "RootResourceId", ], }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::Lambda::Permission", + "Type": "AWS::ApiGateway::Method", }, - "CreateReminderSignupLambdaCreateRecurringPermissionProd": { + "RestApicancel928D6387": { "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "CreateReminderSignupLambda", - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/create/recurring", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", - }, - "__Stage__": "*", - }, + "ParentId": { + "Fn::GetAtt": [ + "RestApi0C43BF4B", + "RootResourceId", ], }, + "PathPart": "cancel", + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::Lambda::Permission", + "Type": "AWS::ApiGateway::Resource", }, - "CreateReminderSignupLambdaRole": { + "RestApicancelOPTIONS8CB256F3": { "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", }, + "StatusCode": "204", }, ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/idapi/\${Stage}/*", - }, - ], - }, - }, - "PolicyName": "CreateReminderSignupLambdaRolePolicy1", + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, + "Type": "MOCK", + }, + "MethodResponses": [ { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, - "PolicyName": "CreateReminderSignupLambdaRolePolicy2", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", + "StatusCode": "204", }, ], + "ResourceId": { + "Ref": "RestApicancel928D6387", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::IAM::Role", + "Type": "AWS::ApiGateway::Method", }, - "DNSRecord": { + "RestApicancelPOST51F94A62": { "Properties": { - "HostedZoneId": "Z3KO35ELNWZMSX", - "Name": "reminders-code.support.guardianapis.com", - "ResourceRecords": [ - { - "Fn::GetAtt": [ - "DomainName", - "RegionalDomainName", + "AuthorizationType": "NONE", + "HttpMethod": "POST", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":apigateway:", + { + "Ref": "AWS::Region", + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "cancelremindersF4DAF18B", + "Arn", + ], + }, + "/invocations", + ], ], }, - ], - "TTL": "60", - "Type": "CNAME", + }, + "ResourceId": { + "Ref": "RestApicancel928D6387", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::Route53::RecordSet", + "Type": "AWS::ApiGateway::Method", }, - "DomainName": { + "RestApicancelPOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTcancel726EFE9A": { "Properties": { - "DomainName": "reminders-code.support.guardianapis.com", - "EndpointConfiguration": { - "Types": [ - "REGIONAL", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "cancelremindersF4DAF18B", + "Arn", ], }, - "RegionalCertificateArn": { + "Principal": "apigateway.amazonaws.com", + "SourceArn": { "Fn::Join": [ "", [ - "arn:aws:acm:eu-west-1:", + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", { "Ref": "AWS::AccountId", }, - ":certificate/b384a6a0-2f54-4874-b99b-96eeff96c009", + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + "/POST/cancel", ], ], }, - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], }, - "Type": "AWS::ApiGateway::DomainName", + "Type": "AWS::Lambda::Permission", }, - "NextRemindersLambda": { + "RestApicancelPOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTcancel7018895A": { "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for getting next reminders data", - "Environment": { - "Variables": { - "Bucket": { - "Ref": "DatalakeBucket", - }, - "Stage": { - "Ref": "Stage", - }, - }, - }, + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::Sub": "support-reminders-next-reminders-\${Stage}", - }, - "Handler": "next-reminders/lambda/lambda.handler", - "MemorySize": 128, - "Role": { "Fn::GetAtt": [ - "NextRemindersLambdaRole", + "cancelremindersF4DAF18B", "Arn", ], }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/test-invoke-stage/POST/cancel", + ], ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, }, }, - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Permission", }, - "NextRemindersLambdaAlarm": { - "Condition": "IsProd", + "RestApicreate68AA2AF0": { "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", - }, - ], - "AlarmDescription": "Failed to create next-reminders snapshot", - "AlarmName": { - "Fn::Sub": "support-reminders-next-reminders-\${Stage} lambda error", + "ParentId": { + "Fn::GetAtt": [ + "RestApi0C43BF4B", + "RootResourceId", + ], + }, + "PathPart": "create", + "RestApiId": { + "Ref": "RestApi0C43BF4B", }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "FunctionName", - "Value": { - "Ref": "NextRemindersLambda", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::ApiGateway::Resource", }, - "NextRemindersLambdaRole": { + "RestApicreateOPTIONSC3837E5E": { "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", }, + "StatusCode": "204", }, ], - "Version": "2012-10-17", + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", + }, + "Type": "MOCK", }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ + "MethodResponses": [ { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - ], - }, + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, - "PolicyName": "NextRemindersLambdaRolePolicy1", + "StatusCode": "204", }, - { - "PolicyDocument": { - "Statement": { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::\${DatalakeBucket}", - }, - { - "Fn::Sub": "arn:aws:s3:::\${DatalakeBucket}/*", - }, - ], + ], + "ResourceId": { + "Ref": "RestApicreate68AA2AF0", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Method", + }, + "RestApicreateoneoff2D1FCD3C": { + "Properties": { + "ParentId": { + "Ref": "RestApicreate68AA2AF0", + }, + "PathPart": "one-off", + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Resource", + }, + "RestApicreateoneoffOPTIONS1F89A992": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", }, + "StatusCode": "204", }, - "PolicyName": "NextRemindersLambdaRolePolicy2", + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, + "Type": "MOCK", + }, + "MethodResponses": [ { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, - "PolicyName": "NextRemindersLambdaRolePolicy3", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", + "StatusCode": "204", }, ], + "ResourceId": { + "Ref": "RestApicreateoneoff2D1FCD3C", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::IAM::Role", + "Type": "AWS::ApiGateway::Method", }, - "NextRemindersLambdaSchedule": { + "RestApicreateoneoffPOST41A64A32": { "Properties": { - "Description": "Run next reminders lambda every day at 00:05", - "Name": { - "Fn::Sub": "NextRemindersSchedule-\${Stage}", - }, - "ScheduleExpression": "cron(05 00 * * ? *)", - "State": "ENABLED", - "Targets": [ - { - "Arn": { - "Fn::GetAtt": [ - "NextRemindersLambda", - "Arn", + "AuthorizationType": "NONE", + "HttpMethod": "POST", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":apigateway:", + { + "Ref": "AWS::Region", + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", + ], + }, + "/invocations", ], - }, - "Id": "NextRemindersLambdaScheduleLambdaTarget", + ], }, - ], + }, + "ResourceId": { + "Ref": "RestApicreateoneoff2D1FCD3C", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::Events::Rule", + "Type": "AWS::ApiGateway::Method", }, - "NextRemindersLambdaSchedulePermission": { + "RestApicreateoneoffPOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTcreateoneoff673C3AFA": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { - "Ref": "NextRemindersLambda", - }, - "Principal": "events.amazonaws.com", - "SourceArn": { "Fn::GetAtt": [ - "NextRemindersLambdaSchedule", + "createreminderssignupB956888C", "Arn", ], }, - }, - "Type": "AWS::Lambda::Permission", - }, - "ReactivateRecurringReminderLambda": { - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for reactivating cancelled recurring support reminders", - "Environment": { - "Variables": { - "Stage": { - "Ref": "Stage", - }, - }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + "/POST/create/one-off", + ], + ], }, + }, + "Type": "AWS::Lambda::Permission", + }, + "RestApicreateoneoffPOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTcreateoneoff90DF1AAD": { + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::Sub": "support-reminders-reactivate-recurring-reminder-\${Stage}", - }, - "Handler": "reactivate-recurring-reminder/lambda/lambda.handler", - "MemorySize": 128, - "Role": { "Fn::GetAtt": [ - "ReactivateRecurringReminderLambdaRole", + "createreminderssignupB956888C", "Arn", ], }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/test-invoke-stage/POST/create/one-off", + ], ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, }, }, - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Permission", }, - "ReactivateRecurringReminderLambdaAlarm": { - "Condition": "IsProd", + "RestApicreaterecurringA327119C": { "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", + "ParentId": { + "Ref": "RestApicreate68AA2AF0", + }, + "PathPart": "recurring", + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Resource", + }, + "RestApicreaterecurringOPTIONSFBFDACD1": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + }, + "StatusCode": "204", + }, + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, - ], - "AlarmDescription": "Failed to reactivate cancelled reminders", - "AlarmName": { - "Fn::Sub": "support-reminders-reactivate-recurring-reminder-\${Stage} lambda error", + "Type": "MOCK", }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ + "MethodResponses": [ { - "Name": "FunctionName", - "Value": { - "Ref": "ReactivateRecurringReminderLambda", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, + "StatusCode": "204", }, ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, + "ResourceId": { + "Ref": "RestApicreaterecurringA327119C", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::ApiGateway::Method", }, - "ReactivateRecurringReminderLambdaReactivatePermissionProd": { + "RestApicreaterecurringPOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTcreaterecurringA978DFB3": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { - "Ref": "ReactivateRecurringReminderLambda", + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", + ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/reactivate", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", }, - "__Stage__": "*", - }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + "/POST/create/recurring", + ], ], }, }, "Type": "AWS::Lambda::Permission", }, - "ReactivateRecurringReminderLambdaRole": { + "RestApicreaterecurringPOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTcreaterecurringE21E016C": { "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], - }, - }, + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", ], - "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/idapi/\${Stage}/*", - }, - ], + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", }, - }, - "PolicyName": "ReactivateRecurringReminderLambdaRolePolicy1", - }, - { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], + ":execute-api:", + { + "Ref": "AWS::Region", }, - }, - "PolicyName": "ReactivateRecurringReminderLambdaRolePolicy2", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/test-invoke-stage/POST/create/recurring", + ], + ], + }, }, - "Type": "AWS::IAM::Role", + "Type": "AWS::Lambda::Permission", }, - "RestApi0C43BF4B": { + "RestApicreaterecurringPOSTC2005445": { "Properties": { - "Name": "support-CODE-support-reminders", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiAccount7C83CF5A": { - "DeletionPolicy": "Retain", - "DependsOn": [ - "RestApi0C43BF4B", - ], - "Properties": { - "CloudWatchRoleArn": { - "Fn::GetAtt": [ - "RestApiCloudWatchRoleE3ED6605", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - "UpdateReplacePolicy": "Retain", - }, - "RestApiCloudWatchRoleE3ED6605": { - "DeletionPolicy": "Retain", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - { + "AuthorizationType": "NONE", + "HttpMethod": "POST", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { "Fn::Join": [ "", [ @@ -1248,130 +950,24 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "AWS::Partition", }, - ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", + ":apigateway:", + { + "Ref": "AWS::Region", + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", + ], + }, + "/invocations", ], ], }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::IAM::Role", - "UpdateReplacePolicy": "Retain", - }, - "RestApiDeployment180EC503d2cb2be0005db05db147addfa52a7f38": { - "DependsOn": [ - "RestApicancelOPTIONS8CB256F3", - "RestApicancelPOST51F94A62", - "RestApicancel928D6387", - "RestApicreateoneoffOPTIONS1F89A992", - "RestApicreateoneoffPOST41A64A32", - "RestApicreateoneoff2D1FCD3C", - "RestApicreateOPTIONSC3837E5E", - "RestApicreaterecurringOPTIONSFBFDACD1", - "RestApicreaterecurringPOSTC2005445", - "RestApicreaterecurringA327119C", - "RestApicreate68AA2AF0", - "RestApiOPTIONS6AA64D2D", - "RestApireactivateOPTIONS263B776D", - "RestApireactivatePOSTF57FC066", - "RestApireactivateDE09DAB5", - "RestApisearchOPTIONSDF398734", - "RestApisearchPOST5D2A9A4A", - "RestApisearchA0D22340", - ], - "Properties": { - "Description": "Automatically created by the RestApi construct", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": { - "DependsOn": [ - "RestApiAccount7C83CF5A", - ], - "Properties": { - "DeploymentId": { - "Ref": "RestApiDeployment180EC503d2cb2be0005db05db147addfa52a7f38", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApiOPTIONS6AA64D2D": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], "ResourceId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], + "Ref": "RestApicreaterecurringA327119C", }, "RestApiId": { "Ref": "RestApi0C43BF4B", @@ -1379,7 +975,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::ApiGateway::Method", }, - "RestApicancel928D6387": { + "RestApireactivateDE09DAB5": { "Properties": { "ParentId": { "Fn::GetAtt": [ @@ -1387,14 +983,14 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "RootResourceId", ], }, - "PathPart": "cancel", + "PathPart": "reactivate", "RestApiId": { "Ref": "RestApi0C43BF4B", }, }, "Type": "AWS::ApiGateway::Resource", }, - "RestApicancelOPTIONS8CB256F3": { + "RestApireactivateOPTIONS263B776D": { "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", @@ -1425,47 +1021,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, ], "ResourceId": { - "Ref": "RestApicancel928D6387", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApicancelPOST51F94A62": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "cancelremindersF4DAF18B", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApicancel928D6387", + "Ref": "RestApireactivateDE09DAB5", }, "RestApiId": { "Ref": "RestApi0C43BF4B", @@ -1473,12 +1029,12 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::ApiGateway::Method", }, - "RestApicancelPOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTcancel726EFE9A": { + "RestApireactivatePOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTreactivate6C81D1C9": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ - "cancelremindersF4DAF18B", + "reactivaterecurringreminder0045F57B", "Arn", ], }, @@ -1507,19 +1063,19 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "RestApiDeploymentStageprod3855DE66", }, - "/POST/cancel", + "/POST/reactivate", ], ], }, }, "Type": "AWS::Lambda::Permission", }, - "RestApicancelPOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTcancel7018895A": { + "RestApireactivatePOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTreactivate026D533F": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ - "cancelremindersF4DAF18B", + "reactivaterecurringreminder0045F57B", "Arn", ], }, @@ -1544,60 +1100,46 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "RestApi0C43BF4B", }, - "/test-invoke-stage/POST/cancel", + "/test-invoke-stage/POST/reactivate", ], ], }, }, "Type": "AWS::Lambda::Permission", }, - "RestApicreate68AA2AF0": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "create", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApicreateOPTIONSC3837E5E": { + "RestApireactivatePOSTF57FC066": { "Properties": { "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", + "HttpMethod": "POST", "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":apigateway:", + { + "Ref": "AWS::Region", + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "reactivaterecurringreminder0045F57B", + "Arn", + ], + }, + "/invocations", + ], + ], }, - "Type": "MOCK", }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], "ResourceId": { - "Ref": "RestApicreate68AA2AF0", + "Ref": "RestApireactivateDE09DAB5", }, "RestApiId": { "Ref": "RestApi0C43BF4B", @@ -1605,19 +1147,22 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::ApiGateway::Method", }, - "RestApicreateoneoff2D1FCD3C": { + "RestApisearchA0D22340": { "Properties": { "ParentId": { - "Ref": "RestApicreate68AA2AF0", + "Fn::GetAtt": [ + "RestApi0C43BF4B", + "RootResourceId", + ], }, - "PathPart": "one-off", + "PathPart": "search", "RestApiId": { "Ref": "RestApi0C43BF4B", }, }, "Type": "AWS::ApiGateway::Resource", }, - "RestApicreateoneoffOPTIONS1F89A992": { + "RestApisearchOPTIONSDF398734": { "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", @@ -1648,7 +1193,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, ], "ResourceId": { - "Ref": "RestApicreateoneoff2D1FCD3C", + "Ref": "RestApisearchA0D22340", }, "RestApiId": { "Ref": "RestApi0C43BF4B", @@ -1656,7 +1201,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::ApiGateway::Method", }, - "RestApicreateoneoffPOST41A64A32": { + "RestApisearchPOST5D2A9A4A": { "Properties": { "AuthorizationType": "NONE", "HttpMethod": "POST", @@ -1678,7 +1223,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ - "createreminderssignupB956888C", + "searchreminders4A6FC4FF", "Arn", ], }, @@ -1688,7 +1233,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, }, "ResourceId": { - "Ref": "RestApicreateoneoff2D1FCD3C", + "Ref": "RestApisearchA0D22340", }, "RestApiId": { "Ref": "RestApi0C43BF4B", @@ -1696,12 +1241,12 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::ApiGateway::Method", }, - "RestApicreateoneoffPOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTcreateoneoff673C3AFA": { + "RestApisearchPOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTsearch072316B8": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ - "createreminderssignupB956888C", + "searchreminders4A6FC4FF", "Arn", ], }, @@ -1730,19 +1275,19 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "RestApiDeploymentStageprod3855DE66", }, - "/POST/create/one-off", + "/POST/search", ], ], }, }, "Type": "AWS::Lambda::Permission", }, - "RestApicreateoneoffPOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTcreateoneoff90DF1AAD": { + "RestApisearchPOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTsearch11E5F691": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ - "createreminderssignupB956888C", + "searchreminders4A6FC4FF", "Arn", ], }, @@ -1767,150 +1312,223 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "RestApi0C43BF4B", }, - "/test-invoke-stage/POST/create/one-off", + "/test-invoke-stage/POST/search", ], ], }, }, "Type": "AWS::Lambda::Permission", }, - "RestApicreaterecurringA327119C": { + "S3inlinepolicy3B07399A": { "Properties": { - "ParentId": { - "Ref": "RestApicreate68AA2AF0", - }, - "PathPart": "recurring", - "RestApiId": { - "Ref": "RestApi0C43BF4B", + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:GetObject", + "Effect": "Allow", + "Resource": "arn:aws:s3::*:membership-dist/*", + }, + ], + "Version": "2012-10-17", }, + "PolicyName": "S3inlinepolicy3B07399A", + "Roles": [ + { + "Ref": "searchremindersServiceRole21E2FC67", + }, + { + "Ref": "createreminderssignupServiceRole14AD0F8F", + }, + { + "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", + }, + { + "Ref": "cancelremindersServiceRole2D334903", + }, + ], }, - "Type": "AWS::ApiGateway::Resource", + "Type": "AWS::IAM::Policy", }, - "RestApicreaterecurringOPTIONSFBFDACD1": { + "SSMinlinepolicyB56CB2A2": { "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ + "PolicyDocument": { + "Statement": [ { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", + "Action": [ + "ssm:GetParametersByPath", + "ssm:GetParameter", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/support-reminders/db-config/CODE", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/support-reminders/idapi/CODE/*", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/CODE/support/support-reminders/db-config", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/CODE/support/support-reminders/idapi/*", + ], + ], + }, + ], }, ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", + "Version": "2012-10-17", }, - "MethodResponses": [ + "PolicyName": "SSMinlinepolicyB56CB2A2", + "Roles": [ { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", + "Ref": "searchremindersServiceRole21E2FC67", + }, + { + "Ref": "createreminderssignupServiceRole14AD0F8F", + }, + { + "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", + }, + { + "Ref": "cancelremindersServiceRole2D334903", }, ], - "ResourceId": { - "Ref": "RestApicreaterecurringA327119C", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, }, - "Type": "AWS::ApiGateway::Method", + "Type": "AWS::IAM::Policy", }, - "RestApicreaterecurringPOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTcreaterecurringA978DFB3": { + "cancelremindersF4DAF18B": { + "DependsOn": [ + "cancelremindersServiceRoleDefaultPolicyC48CB67C", + "cancelremindersServiceRole2D334903", + ], "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "createreminderssignupB956888C", - "Arn", - ], + "Code": { + "S3Bucket": { + "Ref": "DistributionBucketName", + }, + "S3Key": "support/CODE/support-reminders/support-reminders.zip", }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/create/recurring", - ], - ], + "Environment": { + "Variables": { + "APP": "support-reminders", + "Bucket": "contributions-private", + "STACK": "support", + "STAGE": "CODE", + }, }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicreaterecurringPOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTcreaterecurringE21E016C": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { + "FunctionName": "support-reminders-cancel-reminders-CODE-CDK", + "Handler": "cancel-reminders/lambda/lambda.handler", + "MemorySize": 512, + "Role": { "Fn::GetAtt": [ - "createreminderssignupB956888C", + "cancelremindersServiceRole2D334903", "Arn", ], }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/create/recurring", - ], + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "App", + "Value": "support-reminders", + }, + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/support-reminders", + }, + { + "Key": "Stack", + "Value": "support", + }, + { + "Key": "Stage", + "Value": "CODE", + }, + ], + "Timeout": 30, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Ref": "SecurityGroupToAccessPostgresCDK", + }, ], + "SubnetIds": { + "Ref": "PrivateSubnets", + }, }, }, - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Function", }, - "RestApicreaterecurringPOSTC2005445": { + "cancelremindersServiceRole2D334903": { "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": [ + { "Fn::Join": [ "", [ @@ -1918,171 +1536,230 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "AWS::Partition", }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:", { - "Fn::GetAtt": [ - "createreminderssignupB956888C", - "Arn", - ], + "Ref": "AWS::Partition", }, - "/invocations", + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", ], ], }, - }, - "ResourceId": { - "Ref": "RestApicreaterecurringA327119C", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApireactivateDE09DAB5": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "reactivate", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApireactivateOPTIONS263B776D": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", + ], + "Tags": [ + { + "Key": "App", + "Value": "support-reminders", }, - "Type": "MOCK", - }, - "MethodResponses": [ { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/support-reminders", + }, + { + "Key": "Stack", + "Value": "support", + }, + { + "Key": "Stage", + "Value": "CODE", }, ], - "ResourceId": { - "Ref": "RestApireactivateDE09DAB5", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, }, - "Type": "AWS::ApiGateway::Method", + "Type": "AWS::IAM::Role", }, - "RestApireactivatePOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTreactivate6C81D1C9": { + "cancelremindersServiceRoleDefaultPolicyC48CB67C": { "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "reactivaterecurringreminder0045F57B", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":s3:::", + { + "Ref": "DistributionBucketName", + }, + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":s3:::", + { + "Ref": "DistributionBucketName", + }, + "/support/CODE/support-reminders/support-reminders.zip", + ], + ], + }, + ], + }, + { + "Action": "ssm:GetParametersByPath", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/CODE/support/support-reminders", + ], + ], }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", + }, + { + "Action": [ + "ssm:GetParameters", + "ssm:GetParameter", + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/CODE/support/support-reminders/*", + ], + ], }, - "/POST/reactivate", - ], + }, ], + "Version": "2012-10-17", }, + "PolicyName": "cancelremindersServiceRoleDefaultPolicyC48CB67C", + "Roles": [ + { + "Ref": "cancelremindersServiceRole2D334903", + }, + ], }, - "Type": "AWS::Lambda::Permission", + "Type": "AWS::IAM::Policy", }, - "RestApireactivatePOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTreactivate026D533F": { + "createreminderssignupB956888C": { + "DependsOn": [ + "createreminderssignupServiceRoleDefaultPolicyA7184F21", + "createreminderssignupServiceRole14AD0F8F", + ], "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { + "Code": { + "S3Bucket": { + "Ref": "DistributionBucketName", + }, + "S3Key": "support/CODE/support-reminders/support-reminders.zip", + }, + "Environment": { + "Variables": { + "APP": "support-reminders", + "Bucket": "contributions-private", + "STACK": "support", + "STAGE": "CODE", + }, + }, + "FunctionName": "support-reminders-create-reminder-signup-CODE-CDK", + "Handler": "create-reminder-signup/lambda/lambda.handler", + "MemorySize": 512, + "Role": { "Fn::GetAtt": [ - "reactivaterecurringreminder0045F57B", + "createreminderssignupServiceRole14AD0F8F", "Arn", ], }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/reactivate", - ], + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "App", + "Value": "support-reminders", + }, + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/support-reminders", + }, + { + "Key": "Stack", + "Value": "support", + }, + { + "Key": "Stage", + "Value": "CODE", + }, + ], + "Timeout": 30, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Ref": "SecurityGroupToAccessPostgresCDK", + }, ], + "SubnetIds": { + "Ref": "PrivateSubnets", + }, }, }, - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Function", }, - "RestApireactivatePOSTF57FC066": { + "createreminderssignupServiceRole14AD0F8F": { "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": [ + { "Fn::Join": [ "", [ @@ -2090,241 +1767,57 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "AWS::Partition", }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:", { - "Fn::GetAtt": [ - "reactivaterecurringreminder0045F57B", - "Arn", - ], + "Ref": "AWS::Partition", }, - "/invocations", + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", ], ], }, - }, - "ResourceId": { - "Ref": "RestApireactivateDE09DAB5", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApisearchA0D22340": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "search", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApisearchOPTIONSDF398734": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", - }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, ], - "ResourceId": { - "Ref": "RestApisearchA0D22340", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApisearchPOST5D2A9A4A": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "searchreminders4A6FC4FF", - "Arn", - ], - }, - "/invocations", - ], - ], + "Tags": [ + { + "Key": "App", + "Value": "support-reminders", }, - }, - "ResourceId": { - "Ref": "RestApisearchA0D22340", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApisearchPOSTApiPermissionSupportRemindersCODERestApi2446198FPOSTsearch072316B8": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "searchreminders4A6FC4FF", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/search", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApisearchPOSTApiPermissionTestSupportRemindersCODERestApi2446198FPOSTsearch11E5F691": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "searchreminders4A6FC4FF", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/search", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "S3inlinepolicy3B07399A": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": "arn:aws:s3::*:membership-dist/*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "S3inlinepolicy3B07399A", - "Roles": [ { - "Ref": "searchremindersServiceRole21E2FC67", + "Key": "gu:cdk:version", + "Value": "TEST", }, { - "Ref": "createreminderssignupServiceRole14AD0F8F", + "Key": "gu:repo", + "Value": "guardian/support-reminders", }, { - "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", + "Key": "Stack", + "Value": "support", }, { - "Ref": "cancelremindersServiceRole2D334903", + "Key": "Stage", + "Value": "CODE", }, ], }, - "Type": "AWS::IAM::Policy", + "Type": "AWS::IAM::Role", }, - "SSMinlinepolicyB56CB2A2": { + "createreminderssignupServiceRoleDefaultPolicyA7184F21": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", ], "Effect": "Allow", "Resource": [ @@ -2332,47 +1825,14 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Fn::Join": [ "", [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/support-reminders/db-config/CODE", - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/support-reminders/idapi/CODE/*", - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", + "arn:", { - "Ref": "AWS::Region", + "Ref": "AWS::Partition", }, - ":", + ":s3:::", { - "Ref": "AWS::AccountId", + "Ref": "DistributionBucketName", }, - ":parameter/CODE/support/support-reminders/db-config", ], ], }, @@ -2380,72 +1840,110 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Fn::Join": [ "", [ - "arn:aws:ssm:", + "arn:", { - "Ref": "AWS::Region", + "Ref": "AWS::Partition", }, - ":", + ":s3:::", { - "Ref": "AWS::AccountId", + "Ref": "DistributionBucketName", }, - ":parameter/CODE/support/support-reminders/idapi/*", + "/support/CODE/support-reminders/support-reminders.zip", ], ], }, ], }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SSMinlinepolicyB56CB2A2", - "Roles": [ - { - "Ref": "searchremindersServiceRole21E2FC67", - }, - { - "Ref": "createreminderssignupServiceRole14AD0F8F", - }, - { - "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", - }, + { + "Action": "ssm:GetParametersByPath", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/CODE/support/support-reminders", + ], + ], + }, + }, + { + "Action": [ + "ssm:GetParameters", + "ssm:GetParameter", + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/CODE/support/support-reminders/*", + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "createreminderssignupServiceRoleDefaultPolicyA7184F21", + "Roles": [ { - "Ref": "cancelremindersServiceRole2D334903", + "Ref": "createreminderssignupServiceRole14AD0F8F", }, ], }, "Type": "AWS::IAM::Policy", }, - "SearchRemindersLambda": { + "nextreminders1BF0BB76": { + "DependsOn": [ + "nextremindersServiceRoleDefaultPolicy13BE068C", + "nextremindersServiceRole39CF7574", + ], "Properties": { "Code": { "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", + "Ref": "DistributionBucketName", }, + "S3Key": "support/CODE/support-reminders/support-reminders.zip", }, - "Description": "A lambda for searching for reminders", "Environment": { "Variables": { - "Stage": { - "Ref": "Stage", - }, + "APP": "support-reminders", + "Bucket": "contributions-private", + "STACK": "support", + "STAGE": "CODE", }, }, - "FunctionName": { - "Fn::Sub": "support-reminders-search-reminders-\${Stage}", - }, - "Handler": "search-reminders/lambda/lambda.handler", - "MemorySize": 128, + "FunctionName": "support-reminders-next-reminders-CODE-CDK", + "Handler": "next-reminders/lambda/lambda.handler", + "MemorySize": 512, "Role": { "Fn::GetAtt": [ - "SearchRemindersLambdaRole", + "nextremindersServiceRole39CF7574", "Arn", ], }, "Runtime": "nodejs12.x", "Tags": [ + { + "Key": "App", + "Value": "support-reminders", + }, { "Key": "gu:cdk:version", "Value": "TEST", @@ -2454,10 +1952,6 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Key": "gu:repo", "Value": "guardian/support-reminders", }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, { "Key": "Stack", "Value": "support", @@ -2471,73 +1965,169 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "VpcConfig": { "SecurityGroupIds": [ { - "Ref": "SecurityGroupToAccessPostgres", + "Ref": "SecurityGroupToAccessPostgresCDK", }, ], "SubnetIds": { - "Ref": "VpcSubnets", + "Ref": "PrivateSubnets", }, }, }, "Type": "AWS::Lambda::Function", }, - "SearchRemindersLambdaRole": { + "nextremindersErrorPercentageAlarmForLambdaB1934EC0": { "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": [ - "sts:AssumeRole", + "ActionsEnabled": true, + "AlarmActions": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:sns:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":conversion-dev", ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], + ], + }, + ], + "AlarmDescription": { + "Fn::Join": [ + "", + [ + { + "Ref": "nextreminders1BF0BB76", }, - }, + " exceeded 1% error rate", + ], ], - "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ + "AlarmName": { + "Fn::Join": [ + "", + [ + "High error % from ", + { + "Ref": "nextreminders1BF0BB76", + }, + " lambda in CODE", + ], + ], + }, + "ComparisonOperator": "GreaterThanThreshold", + "EvaluationPeriods": 1, + "Metrics": [ { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ + "Expression": "100*m1/m2", + "Id": "expr_1", + "Label": { + "Fn::Join": [ + "", + [ + "Error % of ", { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", + "Ref": "nextreminders1BF0BB76", }, + ], + ], + }, + }, + { + "Id": "m1", + "MetricStat": { + "Metric": { + "Dimensions": [ { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/idapi/\${Stage}/*", + "Name": "FunctionName", + "Value": { + "Ref": "nextreminders1BF0BB76", + }, }, ], + "MetricName": "Errors", + "Namespace": "AWS/Lambda", }, + "Period": 60, + "Stat": "Sum", }, - "PolicyName": "SearchRemindersLambdaRolePolicy1", + "ReturnData": false, }, { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", + "Id": "m2", + "MetricStat": { + "Metric": { + "Dimensions": [ + { + "Name": "FunctionName", + "Value": { + "Ref": "nextreminders1BF0BB76", + }, + }, ], + "MetricName": "Invocations", + "Namespace": "AWS/Lambda", + }, + "Period": 60, + "Stat": "Sum", + }, + "ReturnData": false, + }, + ], + "Threshold": 1, + "TreatMissingData": "notBreaching", + }, + "Type": "AWS::CloudWatch::Alarm", + }, + "nextremindersServiceRole39CF7574": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com", }, }, - "PolicyName": "SearchRemindersLambdaRolePolicy2", + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", + ], + ], }, ], "Tags": [ + { + "Key": "App", + "Value": "support-reminders", + }, { "Key": "gu:cdk:version", "Value": "TEST", @@ -2546,10 +2136,6 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Key": "gu:repo", "Value": "guardian/support-reminders", }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, { "Key": "Stack", "Value": "support", @@ -2562,475 +2148,178 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::IAM::Role", }, - "SearchRemindersLambdaSearchPermissionProd": { + "nextremindersServiceRoleDefaultPolicy13BE068C": { "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "SearchRemindersLambda", - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/search", + "PolicyDocument": { + "Statement": [ { - "__ApiId__": { - "Ref": "ServerlessRestApi", - }, - "__Stage__": "*", - }, - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "ServerlessRestApi": { - "Properties": { - "Body": { - "info": { - "title": { - "Ref": "AWS::StackName", - }, - "version": "1.0", - }, - "paths": { - "/cancel": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, - }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", - }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${CancelRemindersLambda.Arn}/invocations", - }, - }, - }, - }, - "/create/one-off": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", }, - "Access-Control-Allow-Origin": { - "type": "string", + ":s3:::", + { + "Ref": "DistributionBucketName", }, - }, - }, + ], + ], }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", }, - "responseTemplates": { - "application/json": "{} -", + ":s3:::", + { + "Ref": "DistributionBucketName", }, - "statusCode": "200", - }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${CreateReminderSignupLambda.Arn}/invocations", - }, + "/support/CODE/support-reminders/support-reminders.zip", + ], + ], }, - }, + ], }, - "/create/recurring": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, + { + "Action": "ssm:GetParametersByPath", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", + ":", + { + "Ref": "AWS::AccountId", }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${CreateReminderSignupLambda.Arn}/invocations", - }, - }, - }, - }, - "/reactivate": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", + ":parameter/CODE/support/support-reminders", + ], ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, - }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", - }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${ReactivateRecurringReminderLambda.Arn}/invocations", - }, - }, }, }, - "/search": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, + { + "Action": [ + "ssm:GetParameters", + "ssm:GetParameter", + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", + ":", + { + "Ref": "AWS::AccountId", }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${SearchRemindersLambda.Arn}/invocations", - }, - }, + ":parameter/CODE/support/support-reminders/*", + ], + ], }, }, - }, - "swagger": "2.0", + ], + "Version": "2012-10-17", }, - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, + "PolicyName": "nextremindersServiceRoleDefaultPolicy13BE068C", + "Roles": [ { - "Key": "Stage", - "Value": "CODE", + "Ref": "nextremindersServiceRole39CF7574", }, ], }, - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::IAM::Policy", }, - "ServerlessRestApiDeployment35164ab9c6": { + "nextremindersnextreminderscron05000AllowEventRuleSupportRemindersCODEnextremindersCEEC74A609E30C1C": { "Properties": { - "Description": "RestApi deployment id: 35164ab9c69e7ad25b481304f695a6fca30e4980", - "RestApiId": { - "Ref": "ServerlessRestApi", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "nextreminders1BF0BB76", + "Arn", + ], + }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "nextremindersnextreminderscron05000EB5DF789", + "Arn", + ], }, - "StageName": "Stage", }, - "Type": "AWS::ApiGateway::Deployment", + "Type": "AWS::Lambda::Permission", }, - "ServerlessRestApiProdStage": { + "nextremindersnextreminderscron05000EB5DF789": { "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment35164ab9c6", - }, - "RestApiId": { - "Ref": "ServerlessRestApi", - }, - "StageName": "Prod", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, + "ScheduleExpression": "cron(05 00 * * ? *)", + "State": "ENABLED", + "Targets": [ { - "Key": "Stage", - "Value": "CODE", + "Arn": { + "Fn::GetAtt": [ + "nextreminders1BF0BB76", + "Arn", + ], + }, + "Id": "Target0", }, ], }, - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::Events::Rule", }, - "SignupExportsLambda": { + "reactivaterecurringreminder0045F57B": { + "DependsOn": [ + "reactivaterecurringreminderServiceRoleDefaultPolicyA6827EC3", + "reactivaterecurringreminderServiceRoleA9652C4C", + ], "Properties": { "Code": { "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", + "Ref": "DistributionBucketName", }, + "S3Key": "support/CODE/support-reminders/support-reminders.zip", }, - "Description": "A lambda for exporting signups data", "Environment": { "Variables": { - "Bucket": { - "Ref": "DatalakeBucket", - }, - "Stage": { - "Ref": "Stage", - }, + "APP": "support-reminders", + "Bucket": "contributions-private", + "STACK": "support", + "STAGE": "CODE", }, }, - "FunctionName": { - "Fn::Sub": "support-reminders-signup-exports-\${Stage}", - }, - "Handler": "signup-exports/lambda/lambda.handler", + "FunctionName": "support-reminders-reactivate-recurring-reminder-CODE-CDK", + "Handler": "reactivate-recurring-reminder/lambda/lambda.handler", "MemorySize": 512, "Role": { "Fn::GetAtt": [ - "SignupExportsLambdaRole", + "reactivaterecurringreminderServiceRoleA9652C4C", "Arn", ], }, "Runtime": "nodejs12.x", "Tags": [ + { + "Key": "App", + "Value": "support-reminders", + }, { "Key": "gu:cdk:version", "Value": "TEST", @@ -3039,10 +2328,6 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Key": "gu:repo", "Value": "guardian/support-reminders", }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, { "Key": "Stack", "Value": "support", @@ -3052,253 +2337,21 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Value": "CODE", }, ], - "Timeout": 900, + "Timeout": 30, "VpcConfig": { "SecurityGroupIds": [ { - "Ref": "SecurityGroupToAccessPostgres", + "Ref": "SecurityGroupToAccessPostgresCDK", }, ], "SubnetIds": { - "Ref": "VpcSubnets", + "Ref": "PrivateSubnets", }, }, }, "Type": "AWS::Lambda::Function", }, - "SignupExportsLambdaAlarm": { - "Condition": "IsProd", - "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", - }, - ], - "AlarmDescription": "Failed to create signups exports", - "AlarmName": { - "Fn::Sub": "support-reminders-signup-exports-\${Stage} lambda error", - }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "FunctionName", - "Value": { - "Ref": "SignupExportsLambda", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "SignupExportsLambdaRole": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - ], - }, - }, - "PolicyName": "SignupExportsLambdaRolePolicy1", - }, - { - "PolicyDocument": { - "Statement": { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::\${DatalakeBucket}", - }, - { - "Fn::Sub": "arn:aws:s3:::\${DatalakeBucket}/*", - }, - ], - }, - }, - "PolicyName": "SignupExportsLambdaRolePolicy2", - }, - { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, - }, - "PolicyName": "SignupExportsLambdaRolePolicy3", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "SignupExportsLambdaSchedule": { - "Properties": { - "Description": "Run sigup exports lambda every day at 00:05", - "Name": { - "Fn::Sub": "RemindersExportSchedule-\${Stage}", - }, - "ScheduleExpression": "cron(05 00 * * ? *)", - "State": "ENABLED", - "Targets": [ - { - "Arn": { - "Fn::GetAtt": [ - "SignupExportsLambda", - "Arn", - ], - }, - "Id": "SignupExportsLambdaScheduleLambdaTarget", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "SignupExportsLambdaSchedulePermission": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "SignupExportsLambda", - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "SignupExportsLambdaSchedule", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "cancelremindersF4DAF18B": { - "DependsOn": [ - "cancelremindersServiceRoleDefaultPolicyC48CB67C", - "cancelremindersServiceRole2D334903", - ], - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DistributionBucketName", - }, - "S3Key": "support/CODE/support-reminders/support-reminders.zip", - }, - "Environment": { - "Variables": { - "APP": "support-reminders", - "Bucket": "contributions-private", - "STACK": "support", - "STAGE": "CODE", - }, - }, - "FunctionName": "support-reminders-cancel-reminders-CODE-CDK", - "Handler": "cancel-reminders/lambda/lambda.handler", - "MemorySize": 512, - "Role": { - "Fn::GetAtt": [ - "cancelremindersServiceRole2D334903", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "App", - "Value": "support-reminders", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgresCDK", - }, - ], - "SubnetIds": { - "Ref": "PrivateSubnets", - }, - }, - }, - "Type": "AWS::Lambda::Function", - }, - "cancelremindersServiceRole2D334903": { + "reactivaterecurringreminderServiceRoleA9652C4C": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ @@ -3363,7 +2416,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::IAM::Role", }, - "cancelremindersServiceRoleDefaultPolicyC48CB67C": { + "reactivaterecurringreminderServiceRoleDefaultPolicyA6827EC3": { "Properties": { "PolicyDocument": { "Statement": [ @@ -3454,19 +2507,19 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` ], "Version": "2012-10-17", }, - "PolicyName": "cancelremindersServiceRoleDefaultPolicyC48CB67C", + "PolicyName": "reactivaterecurringreminderServiceRoleDefaultPolicyA6827EC3", "Roles": [ { - "Ref": "cancelremindersServiceRole2D334903", + "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", }, ], }, "Type": "AWS::IAM::Policy", }, - "createreminderssignupB956888C": { + "searchreminders4A6FC4FF": { "DependsOn": [ - "createreminderssignupServiceRoleDefaultPolicyA7184F21", - "createreminderssignupServiceRole14AD0F8F", + "searchremindersServiceRoleDefaultPolicy16C0FEC5", + "searchremindersServiceRole21E2FC67", ], "Properties": { "Code": { @@ -3483,12 +2536,12 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "STAGE": "CODE", }, }, - "FunctionName": "support-reminders-create-reminder-signup-CODE-CDK", - "Handler": "create-reminder-signup/lambda/lambda.handler", + "FunctionName": "support-reminders-search-reminders-CODE-CDK", + "Handler": "search-reminders/lambda/lambda.handler", "MemorySize": 512, "Role": { "Fn::GetAtt": [ - "createreminderssignupServiceRole14AD0F8F", + "searchremindersServiceRole21E2FC67", "Arn", ], }, @@ -3529,7 +2582,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::Lambda::Function", }, - "createreminderssignupServiceRole14AD0F8F": { + "searchremindersServiceRole21E2FC67": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ @@ -3594,7 +2647,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::IAM::Role", }, - "createreminderssignupServiceRoleDefaultPolicyA7184F21": { + "searchremindersServiceRoleDefaultPolicy16C0FEC5": { "Properties": { "PolicyDocument": { "Statement": [ @@ -3685,19 +2738,19 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` ], "Version": "2012-10-17", }, - "PolicyName": "createreminderssignupServiceRoleDefaultPolicyA7184F21", + "PolicyName": "searchremindersServiceRoleDefaultPolicy16C0FEC5", "Roles": [ { - "Ref": "createreminderssignupServiceRole14AD0F8F", + "Ref": "searchremindersServiceRole21E2FC67", }, ], }, "Type": "AWS::IAM::Policy", }, - "nextreminders1BF0BB76": { + "signupexportsDBFAB572": { "DependsOn": [ - "nextremindersServiceRoleDefaultPolicy13BE068C", - "nextremindersServiceRole39CF7574", + "signupexportsServiceRoleDefaultPolicy7B14F7DA", + "signupexportsServiceRole7E76A5F3", ], "Properties": { "Code": { @@ -3714,12 +2767,12 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "STAGE": "CODE", }, }, - "FunctionName": "support-reminders-next-reminders-CODE-CDK", - "Handler": "next-reminders/lambda/lambda.handler", + "FunctionName": "support-reminders-signup-exports-CODE-CDK", + "Handler": "signup-exports/lambda/lambda.handler", "MemorySize": 512, "Role": { "Fn::GetAtt": [ - "nextremindersServiceRole39CF7574", + "signupexportsServiceRole7E76A5F3", "Arn", ], }, @@ -3760,7 +2813,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::Lambda::Function", }, - "nextremindersErrorPercentageAlarmForLambdaB1934EC0": { + "signupexportsErrorPercentageAlarmForLambda89F69AC3": { "Properties": { "ActionsEnabled": true, "AlarmActions": [ @@ -3786,7 +2839,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "", [ { - "Ref": "nextreminders1BF0BB76", + "Ref": "signupexportsDBFAB572", }, " exceeded 1% error rate", ], @@ -3798,7 +2851,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` [ "High error % from ", { - "Ref": "nextreminders1BF0BB76", + "Ref": "signupexportsDBFAB572", }, " lambda in CODE", ], @@ -3816,7 +2869,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` [ "Error % of ", { - "Ref": "nextreminders1BF0BB76", + "Ref": "signupexportsDBFAB572", }, ], ], @@ -3830,7 +2883,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Name": "FunctionName", "Value": { - "Ref": "nextreminders1BF0BB76", + "Ref": "signupexportsDBFAB572", }, }, ], @@ -3850,7 +2903,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Name": "FunctionName", "Value": { - "Ref": "nextreminders1BF0BB76", + "Ref": "signupexportsDBFAB572", }, }, ], @@ -3868,7 +2921,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::CloudWatch::Alarm", }, - "nextremindersServiceRole39CF7574": { + "signupexportsServiceRole7E76A5F3": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ @@ -3933,7 +2986,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::IAM::Role", }, - "nextremindersServiceRoleDefaultPolicy13BE068C": { + "signupexportsServiceRoleDefaultPolicy7B14F7DA": { "Properties": { "PolicyDocument": { "Statement": [ @@ -4024,35 +3077,16 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` ], "Version": "2012-10-17", }, - "PolicyName": "nextremindersServiceRoleDefaultPolicy13BE068C", + "PolicyName": "signupexportsServiceRoleDefaultPolicy7B14F7DA", "Roles": [ { - "Ref": "nextremindersServiceRole39CF7574", + "Ref": "signupexportsServiceRole7E76A5F3", }, ], }, "Type": "AWS::IAM::Policy", }, - "nextremindersnextreminderscron05000AllowEventRuleSupportRemindersCODEnextremindersCEEC74A609E30C1C": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "nextreminders1BF0BB76", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "nextremindersnextreminderscron05000EB5DF789", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "nextremindersnextreminderscron05000EB5DF789": { + "signupexportssignupexportscron05000AADDEB89": { "Properties": { "ScheduleExpression": "cron(05 00 * * ? *)", "State": "ENABLED", @@ -4060,7 +3094,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Arn": { "Fn::GetAtt": [ - "nextreminders1BF0BB76", + "signupexportsDBFAB572", "Arn", ], }, @@ -4070,272 +3104,249 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, "Type": "AWS::Events::Rule", }, - "reactivaterecurringreminder0045F57B": { - "DependsOn": [ - "reactivaterecurringreminderServiceRoleDefaultPolicyA6827EC3", - "reactivaterecurringreminderServiceRoleA9652C4C", - ], + "signupexportssignupexportscron05000AllowEventRuleSupportRemindersCODEsignupexportsAD9773DB716A9DE6": { "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DistributionBucketName", - }, - "S3Key": "support/CODE/support-reminders/support-reminders.zip", - }, - "Environment": { - "Variables": { - "APP": "support-reminders", - "Bucket": "contributions-private", - "STACK": "support", - "STAGE": "CODE", - }, - }, - "FunctionName": "support-reminders-reactivate-recurring-reminder-CODE-CDK", - "Handler": "reactivate-recurring-reminder/lambda/lambda.handler", - "MemorySize": 512, - "Role": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "reactivaterecurringreminderServiceRoleA9652C4C", + "signupexportsDBFAB572", "Arn", ], }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "App", - "Value": "support-reminders", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgresCDK", - }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "signupexportssignupexportscron05000AADDEB89", + "Arn", ], - "SubnetIds": { - "Ref": "PrivateSubnets", - }, }, }, - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Permission", }, - "reactivaterecurringreminderServiceRoleA9652C4C": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + }, +} +`; + +exports[`The SupportReminders stack matches the snapshot 2`] = ` +{ + "Metadata": { + "gu:cdk:constructs": [ + "GuStringParameter", + "GuVpcParameter", + "GuSubnetListParameter", + "GuDistributionBucketParameter", + "GuLambdaFunction", + "GuLambdaFunction", + "GuLambdaFunction", + "GuLambdaFunction", + "GuApiGatewayWithLambdaByPath", + "GuApiGateway5xxPercentageAlarm", + "GuScheduledLambda", + "GuLambdaErrorPercentageAlarm", + "GuScheduledLambda", + "GuLambdaErrorPercentageAlarm", + ], + "gu:cdk:version": "TEST", + }, + "Outputs": { + "RestApiEndpoint0551178A": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com", - }, + "Ref": "RestApi0C43BF4B", + }, + ".execute-api.", + { + "Ref": "AWS::Region", + }, + ".", + { + "Ref": "AWS::URLSuffix", + }, + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", }, + "/", ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ + ], + }, + }, + }, + "Parameters": { + "DistributionBucketName": { + "Default": "/account/services/artifact.bucket", + "Description": "SSM parameter containing the S3 bucket name holding distribution artifacts", + "Type": "AWS::SSM::Parameter::Value", + }, + "PrivateSubnets": { + "Default": "/account/vpc/primary/subnets/private", + "Description": "A list of private subnets", + "Type": "AWS::SSM::Parameter::Value>", + }, + "SecurityGroupToAccessPostgresCDK": { + "Description": "Security group to access the RDS instance", + "Type": "String", + }, + "VpcId": { + "Default": "/account/vpc/primary/id", + "Description": "Virtual Private Cloud to run EC2 instances within. Should NOT be the account default VPC.", + "Type": "AWS::SSM::Parameter::Value", + }, + }, + "Resources": { + "ApiGatewayHigh5xxPercentageAlarmSupportreminders2F3286A8": { + "Properties": { + "ActionsEnabled": true, + "AlarmActions": [ { "Fn::Join": [ "", [ - "arn:", + "arn:aws:sns:", { - "Ref": "AWS::Partition", + "Ref": "AWS::Region", }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", + ":", { - "Ref": "AWS::Partition", + "Ref": "AWS::AccountId", }, - ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", + ":conversion-dev", ], ], }, ], - "Tags": [ - { - "Key": "App", - "Value": "support-reminders", - }, + "AlarmDescription": "support-reminders exceeded 1% error rate", + "AlarmName": "High 5XX error % from support-reminders (ApiGateway) in PROD", + "ComparisonOperator": "GreaterThanThreshold", + "EvaluationPeriods": 1, + "Metrics": [ { - "Key": "gu:cdk:version", - "Value": "TEST", + "Expression": "100*m1/m2", + "Id": "expr_1", + "Label": "% of 5XX responses served for support-reminders", }, { - "Key": "gu:repo", - "Value": "guardian/support-reminders", + "Id": "m1", + "MetricStat": { + "Metric": { + "Dimensions": [ + { + "Name": "ApiName", + "Value": "support-PROD-support-reminders", + }, + ], + "MetricName": "5XXError", + "Namespace": "AWS/ApiGateway", + }, + "Period": 60, + "Stat": "Sum", + }, + "ReturnData": false, }, { - "Key": "Stack", - "Value": "support", + "Id": "m2", + "MetricStat": { + "Metric": { + "Dimensions": [ + { + "Name": "ApiName", + "Value": "support-PROD-support-reminders", + }, + ], + "MetricName": "Count", + "Namespace": "AWS/ApiGateway", + }, + "Period": 60, + "Stat": "SampleCount", + }, + "ReturnData": false, }, + ], + "Threshold": 1, + "TreatMissingData": "notBreaching", + }, + "Type": "AWS::CloudWatch::Alarm", + }, + "BasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "DomainName", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + "Stage": { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + }, + "Type": "AWS::ApiGateway::BasePathMapping", + }, + "DNSRecord": { + "Properties": { + "HostedZoneId": "Z3KO35ELNWZMSX", + "Name": "reminders.support.guardianapis.com", + "ResourceRecords": [ { - "Key": "Stage", - "Value": "CODE", + "Fn::GetAtt": [ + "DomainName", + "RegionalDomainName", + ], }, ], + "TTL": "60", + "Type": "CNAME", }, - "Type": "AWS::IAM::Role", + "Type": "AWS::Route53::RecordSet", }, - "reactivaterecurringreminderServiceRoleDefaultPolicyA6827EC3": { + "DomainName": { "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - "/support/CODE/support-reminders/support-reminders.zip", - ], - ], - }, - ], - }, - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/support-reminders", - ], - ], - }, - }, - { - "Action": [ - "ssm:GetParameters", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/support-reminders/*", - ], - ], + "DomainName": "reminders.support.guardianapis.com", + "EndpointConfiguration": { + "Types": [ + "REGIONAL", + ], + }, + "RegionalCertificateArn": { + "Fn::Join": [ + "", + [ + "arn:aws:acm:eu-west-1:", + { + "Ref": "AWS::AccountId", }, - }, + ":certificate/b384a6a0-2f54-4874-b99b-96eeff96c009", + ], ], - "Version": "2012-10-17", }, - "PolicyName": "reactivaterecurringreminderServiceRoleDefaultPolicyA6827EC3", - "Roles": [ + "Tags": [ { - "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/support-reminders", + }, + { + "Key": "Stack", + "Value": "support", + }, + { + "Key": "Stage", + "Value": "PROD", }, ], }, - "Type": "AWS::IAM::Policy", + "Type": "AWS::ApiGateway::DomainName", }, - "searchreminders4A6FC4FF": { - "DependsOn": [ - "searchremindersServiceRoleDefaultPolicy16C0FEC5", - "searchremindersServiceRole21E2FC67", - ], + "RestApi0C43BF4B": { "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DistributionBucketName", - }, - "S3Key": "support/CODE/support-reminders/support-reminders.zip", - }, - "Environment": { - "Variables": { - "APP": "support-reminders", - "Bucket": "contributions-private", - "STACK": "support", - "STAGE": "CODE", - }, - }, - "FunctionName": "support-reminders-search-reminders-CODE-CDK", - "Handler": "search-reminders/lambda/lambda.handler", - "MemorySize": 512, - "Role": { - "Fn::GetAtt": [ - "searchremindersServiceRole21E2FC67", - "Arn", - ], - }, - "Runtime": "nodejs12.x", + "Name": "support-PROD-support-reminders", "Tags": [ - { - "Key": "App", - "Value": "support-reminders", - }, { "Key": "gu:cdk:version", "Value": "TEST", @@ -4350,24 +3361,30 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, { "Key": "Stage", - "Value": "CODE", + "Value": "PROD", }, ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgresCDK", - }, + }, + "Type": "AWS::ApiGateway::RestApi", + }, + "RestApiAccount7C83CF5A": { + "DeletionPolicy": "Retain", + "DependsOn": [ + "RestApi0C43BF4B", + ], + "Properties": { + "CloudWatchRoleArn": { + "Fn::GetAtt": [ + "RestApiCloudWatchRoleE3ED6605", + "Arn", ], - "SubnetIds": { - "Ref": "PrivateSubnets", - }, }, }, - "Type": "AWS::Lambda::Function", + "Type": "AWS::ApiGateway::Account", + "UpdateReplacePolicy": "Retain", }, - "searchremindersServiceRole21E2FC67": { + "RestApiCloudWatchRoleE3ED6605": { + "DeletionPolicy": "Retain", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ @@ -4375,7 +3392,7 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "lambda.amazonaws.com", + "Service": "apigateway.amazonaws.com", }, }, ], @@ -4390,28 +3407,12 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "AWS::Partition", }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", + ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], "Tags": [ - { - "Key": "App", - "Value": "support-reminders", - }, { "Key": "gu:cdk:version", "Value": "TEST", @@ -4426,147 +3427,55 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, { "Key": "Stage", - "Value": "CODE", + "Value": "PROD", }, ], }, "Type": "AWS::IAM::Role", + "UpdateReplacePolicy": "Retain", }, - "searchremindersServiceRoleDefaultPolicy16C0FEC5": { + "RestApiDeployment180EC50325978d599f094bee7f49dcd96a332604": { + "DependsOn": [ + "RestApicancelOPTIONS8CB256F3", + "RestApicancelPOST51F94A62", + "RestApicancel928D6387", + "RestApicreateoneoffOPTIONS1F89A992", + "RestApicreateoneoffPOST41A64A32", + "RestApicreateoneoff2D1FCD3C", + "RestApicreateOPTIONSC3837E5E", + "RestApicreaterecurringOPTIONSFBFDACD1", + "RestApicreaterecurringPOSTC2005445", + "RestApicreaterecurringA327119C", + "RestApicreate68AA2AF0", + "RestApiOPTIONS6AA64D2D", + "RestApireactivateOPTIONS263B776D", + "RestApireactivatePOSTF57FC066", + "RestApireactivateDE09DAB5", + "RestApisearchOPTIONSDF398734", + "RestApisearchPOST5D2A9A4A", + "RestApisearchA0D22340", + ], "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - "/support/CODE/support-reminders/support-reminders.zip", - ], - ], - }, - ], - }, - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/support-reminders", - ], - ], - }, - }, - { - "Action": [ - "ssm:GetParameters", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/support-reminders/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", + "Description": "Automatically created by the RestApi construct", + "RestApiId": { + "Ref": "RestApi0C43BF4B", }, - "PolicyName": "searchremindersServiceRoleDefaultPolicy16C0FEC5", - "Roles": [ - { - "Ref": "searchremindersServiceRole21E2FC67", - }, - ], }, - "Type": "AWS::IAM::Policy", + "Type": "AWS::ApiGateway::Deployment", }, - "signupexportsDBFAB572": { + "RestApiDeploymentStageprod3855DE66": { "DependsOn": [ - "signupexportsServiceRoleDefaultPolicy7B14F7DA", - "signupexportsServiceRole7E76A5F3", + "RestApiAccount7C83CF5A", ], "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DistributionBucketName", - }, - "S3Key": "support/CODE/support-reminders/support-reminders.zip", - }, - "Environment": { - "Variables": { - "APP": "support-reminders", - "Bucket": "contributions-private", - "STACK": "support", - "STAGE": "CODE", - }, + "DeploymentId": { + "Ref": "RestApiDeployment180EC50325978d599f094bee7f49dcd96a332604", }, - "FunctionName": "support-reminders-signup-exports-CODE-CDK", - "Handler": "signup-exports/lambda/lambda.handler", - "MemorySize": 512, - "Role": { - "Fn::GetAtt": [ - "signupexportsServiceRole7E76A5F3", - "Arn", - ], + "RestApiId": { + "Ref": "RestApi0C43BF4B", }, - "Runtime": "nodejs12.x", + "StageName": "prod", "Tags": [ - { - "Key": "App", - "Value": "support-reminders", - }, { "Key": "gu:cdk:version", "Value": "TEST", @@ -4581,147 +3490,339 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` }, { "Key": "Stage", - "Value": "CODE", + "Value": "PROD", }, ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ + }, + "Type": "AWS::ApiGateway::Stage", + }, + "RestApiOPTIONS6AA64D2D": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ { - "Ref": "SecurityGroupToAccessPostgresCDK", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + }, + "StatusCode": "204", }, ], - "SubnetIds": { - "Ref": "PrivateSubnets", + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, + "Type": "MOCK", + }, + "MethodResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, + }, + "StatusCode": "204", + }, + ], + "ResourceId": { + "Fn::GetAtt": [ + "RestApi0C43BF4B", + "RootResourceId", + ], + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", }, }, - "Type": "AWS::Lambda::Function", + "Type": "AWS::ApiGateway::Method", }, - "signupexportsErrorPercentageAlarmForLambda89F69AC3": { + "RestApicancel928D6387": { "Properties": { - "ActionsEnabled": true, - "AlarmActions": [ + "ParentId": { + "Fn::GetAtt": [ + "RestApi0C43BF4B", + "RootResourceId", + ], + }, + "PathPart": "cancel", + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Resource", + }, + "RestApicancelOPTIONS8CB256F3": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + }, + "StatusCode": "204", + }, + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", + }, + "Type": "MOCK", + }, + "MethodResponses": [ { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, + }, + "StatusCode": "204", + }, + ], + "ResourceId": { + "Ref": "RestApicancel928D6387", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Method", + }, + "RestApicancelPOST51F94A62": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "POST", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { "Fn::Join": [ "", [ - "arn:aws:sns:", + "arn:", + { + "Ref": "AWS::Partition", + }, + ":apigateway:", { "Ref": "AWS::Region", }, - ":", + ":lambda:path/2015-03-31/functions/", { - "Ref": "AWS::AccountId", + "Fn::GetAtt": [ + "cancelremindersF4DAF18B", + "Arn", + ], }, - ":conversion-dev", + "/invocations", ], ], }, - ], - "AlarmDescription": { + }, + "ResourceId": { + "Ref": "RestApicancel928D6387", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Method", + }, + "RestApicancelPOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTcancelDEED3D9C": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "cancelremindersF4DAF18B", + "Arn", + ], + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { "Fn::Join": [ "", [ + "arn:", { - "Ref": "signupexportsDBFAB572", + "Ref": "AWS::Partition", }, - " exceeded 1% error rate", - ], + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + "/POST/cancel", + ], ], }, - "AlarmName": { + }, + "Type": "AWS::Lambda::Permission", + }, + "RestApicancelPOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTcancel9F0D4BD7": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "cancelremindersF4DAF18B", + "Arn", + ], + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { "Fn::Join": [ "", [ - "High error % from ", + "arn:", { - "Ref": "signupexportsDBFAB572", + "Ref": "AWS::Partition", }, - " lambda in CODE", + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/test-invoke-stage/POST/cancel", ], ], }, - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "Metrics": [ - { - "Expression": "100*m1/m2", - "Id": "expr_1", - "Label": { - "Fn::Join": [ - "", - [ - "Error % of ", - { - "Ref": "signupexportsDBFAB572", - }, - ], - ], - }, - }, - { - "Id": "m1", - "MetricStat": { - "Metric": { - "Dimensions": [ - { - "Name": "FunctionName", - "Value": { - "Ref": "signupexportsDBFAB572", - }, - }, - ], - "MetricName": "Errors", - "Namespace": "AWS/Lambda", + }, + "Type": "AWS::Lambda::Permission", + }, + "RestApicreate68AA2AF0": { + "Properties": { + "ParentId": { + "Fn::GetAtt": [ + "RestApi0C43BF4B", + "RootResourceId", + ], + }, + "PathPart": "create", + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Resource", + }, + "RestApicreateOPTIONSC3837E5E": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", }, - "Period": 60, - "Stat": "Sum", + "StatusCode": "204", }, - "ReturnData": false, + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, + "Type": "MOCK", + }, + "MethodResponses": [ { - "Id": "m2", - "MetricStat": { - "Metric": { - "Dimensions": [ - { - "Name": "FunctionName", - "Value": { - "Ref": "signupexportsDBFAB572", - }, - }, - ], - "MetricName": "Invocations", - "Namespace": "AWS/Lambda", - }, - "Period": 60, - "Stat": "Sum", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, - "ReturnData": false, + "StatusCode": "204", }, ], - "Threshold": 1, - "TreatMissingData": "notBreaching", + "ResourceId": { + "Ref": "RestApicreate68AA2AF0", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::ApiGateway::Method", }, - "signupexportsServiceRole7E76A5F3": { + "RestApicreateoneoff2D1FCD3C": { "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "ParentId": { + "Ref": "RestApicreate68AA2AF0", + }, + "PathPart": "one-off", + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Resource", + }, + "RestApicreateoneoffOPTIONS1F89A992": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", }, + "StatusCode": "204", }, ], - "Version": "2012-10-17", + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", + }, + "Type": "MOCK", }, - "ManagedPolicyArns": [ + "MethodResponses": [ { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, + }, + "StatusCode": "204", + }, + ], + "ResourceId": { + "Ref": "RestApicreateoneoff2D1FCD3C", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, + }, + "Type": "AWS::ApiGateway::Method", + }, + "RestApicreateoneoffPOST41A64A32": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "POST", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { "Fn::Join": [ "", [ @@ -4729,3420 +3830,749 @@ exports[`The SupportReminders stack matches the snapshot 1`] = ` { "Ref": "AWS::Partition", }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", + ":apigateway:", { - "Ref": "AWS::Partition", + "Ref": "AWS::Region", }, - ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", + ], + }, + "/invocations", ], ], }, - ], - "Tags": [ - { - "Key": "App", - "Value": "support-reminders", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], + }, + "ResourceId": { + "Ref": "RestApicreateoneoff2D1FCD3C", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::IAM::Role", + "Type": "AWS::ApiGateway::Method", }, - "signupexportsServiceRoleDefaultPolicy7B14F7DA": { + "RestApicreateoneoffPOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTcreateoneoffCB9C5A56": { "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - "/support/CODE/support-reminders/support-reminders.zip", - ], - ], - }, - ], - }, - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/support-reminders", - ], - ], + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", + ], + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", }, - }, - { - "Action": [ - "ssm:GetParameters", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/support-reminders/*", - ], - ], + ":execute-api:", + { + "Ref": "AWS::Region", }, - }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + "/POST/create/one-off", + ], ], - "Version": "2012-10-17", }, - "PolicyName": "signupexportsServiceRoleDefaultPolicy7B14F7DA", - "Roles": [ - { - "Ref": "signupexportsServiceRole7E76A5F3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "signupexportssignupexportscron05000AADDEB89": { - "Properties": { - "ScheduleExpression": "cron(05 00 * * ? *)", - "State": "ENABLED", - "Targets": [ - { - "Arn": { - "Fn::GetAtt": [ - "signupexportsDBFAB572", - "Arn", - ], - }, - "Id": "Target0", - }, - ], }, - "Type": "AWS::Events::Rule", + "Type": "AWS::Lambda::Permission", }, - "signupexportssignupexportscron05000AllowEventRuleSupportRemindersCODEsignupexportsAD9773DB716A9DE6": { + "RestApicreateoneoffPOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTcreateoneoff02BE2CEA": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ - "signupexportsDBFAB572", + "createreminderssignupB956888C", "Arn", ], }, - "Principal": "events.amazonaws.com", + "Principal": "apigateway.amazonaws.com", "SourceArn": { - "Fn::GetAtt": [ - "signupexportssignupexportscron05000AADDEB89", - "Arn", + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/test-invoke-stage/POST/create/one-off", + ], ], }, }, "Type": "AWS::Lambda::Permission", }, - }, -} -`; - -exports[`The SupportReminders stack matches the snapshot 2`] = ` -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Conditions": { - "IsProd": { - "Fn::Equals": [ - { - "Ref": "Stage", - }, - "PROD", - ], - }, - }, - "Description": "The lambdas for supporter reminders", - "Mappings": { - "StageMap": { - "CODE": { - "CorsOrigin": "'*'", - "DomainName": "reminders-code.support.guardianapis.com", - }, - "PROD": { - "CorsOrigin": "'*'", - "DomainName": "reminders.support.guardianapis.com", + "RestApicreaterecurringA327119C": { + "Properties": { + "ParentId": { + "Ref": "RestApicreate68AA2AF0", + }, + "PathPart": "recurring", + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, + "Type": "AWS::ApiGateway::Resource", }, - }, - "Metadata": { - "gu:cdk:constructs": [ - "GuStringParameter", - "GuVpcParameter", - "GuSubnetListParameter", - "GuDistributionBucketParameter", - "GuLambdaFunction", - "GuLambdaFunction", - "GuLambdaFunction", - "GuLambdaFunction", - "GuApiGatewayWithLambdaByPath", - "GuApiGateway5xxPercentageAlarm", - "GuScheduledLambda", - "GuLambdaErrorPercentageAlarm", - "GuScheduledLambda", - "GuLambdaErrorPercentageAlarm", - ], - "gu:cdk:version": "TEST", - }, - "Outputs": { - "RestApiEndpoint0551178A": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", + "RestApicreaterecurringOPTIONSFBFDACD1": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ { - "Ref": "AWS::Region", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + }, + "StatusCode": "204", }, - ".", - { - "Ref": "AWS::URLSuffix", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", ], - ], - }, - }, - }, - "Parameters": { - "CertificateArn": { - "Description": "ARN of the certificate", - "Type": "String", - }, - "DatalakeBucket": { - "Description": "Bucket to upload data for ingestion into BigQuery", - "Type": "String", - }, - "DeployBucket": { - "Default": "membership-dist", - "Description": "Bucket to copy files to", - "Type": "String", - }, - "DistributionBucketName": { - "Default": "/account/services/artifact.bucket", - "Description": "SSM parameter containing the S3 bucket name holding distribution artifacts", - "Type": "AWS::SSM::Parameter::Value", - }, - "PrivateSubnets": { - "Default": "/account/vpc/primary/subnets/private", - "Description": "A list of private subnets", - "Type": "AWS::SSM::Parameter::Value>", - }, - "SecurityGroupToAccessPostgres": { - "Description": "Security group to access the RDS instance", - "Type": "String", - }, - "SecurityGroupToAccessPostgresCDK": { - "Description": "Security group to access the RDS instance", - "Type": "String", - }, - "Stack": { - "Default": "support", - "Description": "Stack name", - "Type": "String", - }, - "Stage": { - "AllowedValues": [ - "CODE", - "PROD", - ], - "Description": "Set by RiffRaff on each deploy", - "Type": "String", - }, - "VpcId": { - "Default": "/account/vpc/primary/id", - "Description": "Virtual Private Cloud to run EC2 instances within. Should NOT be the account default VPC.", - "Type": "AWS::SSM::Parameter::Value", - }, - "VpcSubnets": { - "Description": "Subnets for RDS access", - "Type": "List", - }, - }, - "Resources": { - "ApiGateway4XXAlarm": { - "Condition": "IsProd", - "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, - ], - "AlarmDescription": "Reminders API received an invalid request", - "AlarmName": { - "Fn::Sub": "support-reminders-\${Stage} API gateway 4XX response", + "Type": "MOCK", }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ + "MethodResponses": [ { - "Name": "ApiName", - "Value": { - "Fn::Sub": "support-reminders-\${Stage}", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, + "StatusCode": "204", }, ], - "EvaluationPeriods": 1, - "MetricName": "4XXError", - "Namespace": "AWS/ApiGateway", - "Period": 300, - "Statistic": "Sum", - "Threshold": 8, + "ResourceId": { + "Ref": "RestApicreaterecurringA327119C", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::ApiGateway::Method", }, - "ApiGateway5XXAlarm": { - "Condition": "IsProd", + "RestApicreaterecurringPOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTcreaterecurringF86752F5": { "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", - }, - ], - "AlarmDescription": "Reminders API failed to create a signup", - "AlarmName": { - "Fn::Sub": "support-reminders-\${Stage} API gateway 5XX response", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", + ], + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + "/POST/create/recurring", + ], + ], }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "ApiName", - "Value": { - "Fn::Sub": "support-reminders-\${Stage}", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "5XXError", - "Namespace": "AWS/ApiGateway", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::Lambda::Permission", }, - "ApiGatewayHigh5xxPercentageAlarmSupportreminders2F3286A8": { + "RestApicreaterecurringPOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTcreaterecurring6220A329": { "Properties": { - "ActionsEnabled": true, - "AlarmActions": [ - { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", + ], + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/test-invoke-stage/POST/create/recurring", + ], + ], + }, + }, + "Type": "AWS::Lambda::Permission", + }, + "RestApicreaterecurringPOSTC2005445": { + "Properties": { + "AuthorizationType": "NONE", + "HttpMethod": "POST", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { "Fn::Join": [ "", [ - "arn:aws:sns:", + "arn:", + { + "Ref": "AWS::Partition", + }, + ":apigateway:", { "Ref": "AWS::Region", }, - ":", + ":lambda:path/2015-03-31/functions/", { - "Ref": "AWS::AccountId", + "Fn::GetAtt": [ + "createreminderssignupB956888C", + "Arn", + ], }, - ":conversion-dev", + "/invocations", ], ], }, - ], - "AlarmDescription": "support-reminders exceeded 1% error rate", - "AlarmName": "High 5XX error % from support-reminders (ApiGateway) in PROD", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "Metrics": [ - { - "Expression": "100*m1/m2", - "Id": "expr_1", - "Label": "% of 5XX responses served for support-reminders", - }, - { - "Id": "m1", - "MetricStat": { - "Metric": { - "Dimensions": [ - { - "Name": "ApiName", - "Value": "support-PROD-support-reminders", - }, - ], - "MetricName": "5XXError", - "Namespace": "AWS/ApiGateway", - }, - "Period": 60, - "Stat": "Sum", - }, - "ReturnData": false, - }, - { - "Id": "m2", - "MetricStat": { - "Metric": { - "Dimensions": [ - { - "Name": "ApiName", - "Value": "support-PROD-support-reminders", - }, - ], - "MetricName": "Count", - "Namespace": "AWS/ApiGateway", - }, - "Period": 60, - "Stat": "SampleCount", - }, - "ReturnData": false, - }, - ], - "Threshold": 1, - "TreatMissingData": "notBreaching", + }, + "ResourceId": { + "Ref": "RestApicreaterecurringA327119C", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::ApiGateway::Method", }, - "BasePathMapping": { + "RestApireactivateDE09DAB5": { "Properties": { - "DomainName": { - "Ref": "DomainName", + "ParentId": { + "Fn::GetAtt": [ + "RestApi0C43BF4B", + "RootResourceId", + ], }, + "PathPart": "reactivate", "RestApiId": { "Ref": "RestApi0C43BF4B", }, - "Stage": { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, }, - "Type": "AWS::ApiGateway::BasePathMapping", + "Type": "AWS::ApiGateway::Resource", }, - "CancelRemindersLambda": { + "RestApireactivateOPTIONS263B776D": { "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for cancelling pending support reminders", - "Environment": { - "Variables": { - "Stage": { - "Ref": "Stage", - }, - }, - }, - "FunctionName": { - "Fn::Sub": "support-reminders-cancel-reminders-\${Stage}", - }, - "Handler": "cancel-reminders/lambda/lambda.handler", - "MemorySize": 128, - "Role": { - "Fn::GetAtt": [ - "CancelRemindersLambdaRole", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ { - "Ref": "SecurityGroupToAccessPostgres", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + }, + "StatusCode": "204", }, ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, - }, - }, - "Type": "AWS::Lambda::Function", - }, - "CancelRemindersLambdaAlarm": { - "Condition": "IsProd", - "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, - ], - "AlarmDescription": "Failed to cancel pending reminders", - "AlarmName": { - "Fn::Sub": "support-reminders-cancel-reminders-\${Stage} lambda error", + "Type": "MOCK", }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ + "MethodResponses": [ { - "Name": "FunctionName", - "Value": { - "Ref": "CancelRemindersLambda", + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, + "StatusCode": "204", }, ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, + "ResourceId": { + "Ref": "RestApireactivateDE09DAB5", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::ApiGateway::Method", }, - "CancelRemindersLambdaCreateOneOffPermissionProd": { + "RestApireactivatePOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTreactivate1A555DC2": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { - "Ref": "CancelRemindersLambda", + "Fn::GetAtt": [ + "reactivaterecurringreminder0045F57B", + "Arn", + ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/cancel", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", }, - "__Stage__": "*", - }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + "/POST/reactivate", + ], ], }, }, "Type": "AWS::Lambda::Permission", }, - "CancelRemindersLambdaRole": { + "RestApireactivatePOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTreactivateEE85DD31": { "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], - }, - }, + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "reactivaterecurringreminder0045F57B", + "Arn", ], - "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/idapi/\${Stage}/*", - }, - ], + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", }, - }, - "PolicyName": "CancelRemindersLambdaRolePolicy1", - }, - { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], + ":execute-api:", + { + "Ref": "AWS::Region", }, - }, - "PolicyName": "CancelRemindersLambdaRolePolicy2", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/test-invoke-stage/POST/reactivate", + ], + ], + }, }, - "Type": "AWS::IAM::Role", + "Type": "AWS::Lambda::Permission", }, - "CreateReminderSignupLambda": { + "RestApireactivatePOSTF57FC066": { "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", + "AuthorizationType": "NONE", + "HttpMethod": "POST", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":apigateway:", + { + "Ref": "AWS::Region", + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "reactivaterecurringreminder0045F57B", + "Arn", + ], + }, + "/invocations", + ], + ], }, }, - "Description": "A lambda for creating support reminders", - "Environment": { - "Variables": { - "Stage": { - "Ref": "Stage", - }, - }, + "ResourceId": { + "Ref": "RestApireactivateDE09DAB5", }, - "FunctionName": { - "Fn::Sub": "support-reminders-create-reminder-signup-\${Stage}", + "RestApiId": { + "Ref": "RestApi0C43BF4B", }, - "Handler": "create-reminder-signup/lambda/lambda.handler", - "MemorySize": 128, - "Role": { + }, + "Type": "AWS::ApiGateway::Method", + }, + "RestApisearchA0D22340": { + "Properties": { + "ParentId": { "Fn::GetAtt": [ - "CreateReminderSignupLambdaRole", - "Arn", + "RestApi0C43BF4B", + "RootResourceId", ], }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, - ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, - }, - }, - "Type": "AWS::Lambda::Function", - }, - "CreateReminderSignupLambdaAlarm": { - "Condition": "IsProd", - "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", - }, - ], - "AlarmDescription": "Failed to create a reminder signup", - "AlarmName": { - "Fn::Sub": "support-reminders-create-reminder-signup-\${Stage} lambda error", - }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "FunctionName", - "Value": { - "Ref": "CreateReminderSignupLambda", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "CreateReminderSignupLambdaCreateOneOffPermissionProd": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "CreateReminderSignupLambda", - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/create/one-off", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", - }, - "__Stage__": "*", - }, - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "CreateReminderSignupLambdaCreateRecurringPermissionProd": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "CreateReminderSignupLambda", - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/create/recurring", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", - }, - "__Stage__": "*", - }, - ], + "PathPart": "search", + "RestApiId": { + "Ref": "RestApi0C43BF4B", }, }, - "Type": "AWS::Lambda::Permission", + "Type": "AWS::ApiGateway::Resource", }, - "CreateReminderSignupLambdaRole": { + "RestApisearchOPTIONSDF398734": { "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Allow-Origin": "'*'", }, + "StatusCode": "204", }, ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/idapi/\${Stage}/*", - }, - ], - }, - }, - "PolicyName": "CreateReminderSignupLambdaRolePolicy1", + "RequestTemplates": { + "application/json": "{ statusCode: 200 }", }, + "Type": "MOCK", + }, + "MethodResponses": [ { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Allow-Origin": true, }, - "PolicyName": "CreateReminderSignupLambdaRolePolicy2", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", + "StatusCode": "204", }, ], + "ResourceId": { + "Ref": "RestApisearchA0D22340", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::IAM::Role", + "Type": "AWS::ApiGateway::Method", }, - "DNSRecord": { + "RestApisearchPOST5D2A9A4A": { "Properties": { - "HostedZoneId": "Z3KO35ELNWZMSX", - "Name": "reminders.support.guardianapis.com", - "ResourceRecords": [ - { - "Fn::GetAtt": [ - "DomainName", - "RegionalDomainName", + "AuthorizationType": "NONE", + "HttpMethod": "POST", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":apigateway:", + { + "Ref": "AWS::Region", + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "searchreminders4A6FC4FF", + "Arn", + ], + }, + "/invocations", + ], ], }, - ], - "TTL": "60", - "Type": "CNAME", + }, + "ResourceId": { + "Ref": "RestApisearchA0D22340", + }, + "RestApiId": { + "Ref": "RestApi0C43BF4B", + }, }, - "Type": "AWS::Route53::RecordSet", + "Type": "AWS::ApiGateway::Method", }, - "DomainName": { + "RestApisearchPOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTsearchF4AED988": { "Properties": { - "DomainName": "reminders.support.guardianapis.com", - "EndpointConfiguration": { - "Types": [ - "REGIONAL", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "searchreminders4A6FC4FF", + "Arn", ], }, - "RegionalCertificateArn": { + "Principal": "apigateway.amazonaws.com", + "SourceArn": { "Fn::Join": [ "", [ - "arn:aws:acm:eu-west-1:", + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", { "Ref": "AWS::AccountId", }, - ":certificate/b384a6a0-2f54-4874-b99b-96eeff96c009", - ], - ], - }, - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::ApiGateway::DomainName", - }, - "NextRemindersLambda": { - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for getting next reminders data", - "Environment": { - "Variables": { - "Bucket": { - "Ref": "DatalakeBucket", - }, - "Stage": { - "Ref": "Stage", - }, - }, - }, - "FunctionName": { - "Fn::Sub": "support-reminders-next-reminders-\${Stage}", - }, - "Handler": "next-reminders/lambda/lambda.handler", - "MemorySize": 128, - "Role": { - "Fn::GetAtt": [ - "NextRemindersLambdaRole", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, - ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, - }, - }, - "Type": "AWS::Lambda::Function", - }, - "NextRemindersLambdaAlarm": { - "Condition": "IsProd", - "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", - }, - ], - "AlarmDescription": "Failed to create next-reminders snapshot", - "AlarmName": { - "Fn::Sub": "support-reminders-next-reminders-\${Stage} lambda error", - }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "FunctionName", - "Value": { - "Ref": "NextRemindersLambda", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "NextRemindersLambdaRole": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - ], - }, - }, - "PolicyName": "NextRemindersLambdaRolePolicy1", - }, - { - "PolicyDocument": { - "Statement": { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::\${DatalakeBucket}", - }, - { - "Fn::Sub": "arn:aws:s3:::\${DatalakeBucket}/*", - }, - ], - }, - }, - "PolicyName": "NextRemindersLambdaRolePolicy2", - }, - { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, - }, - "PolicyName": "NextRemindersLambdaRolePolicy3", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "NextRemindersLambdaSchedule": { - "Properties": { - "Description": "Run next reminders lambda every day at 00:05", - "Name": { - "Fn::Sub": "NextRemindersSchedule-\${Stage}", - }, - "ScheduleExpression": "cron(05 00 * * ? *)", - "State": "ENABLED", - "Targets": [ - { - "Arn": { - "Fn::GetAtt": [ - "NextRemindersLambda", - "Arn", - ], - }, - "Id": "NextRemindersLambdaScheduleLambdaTarget", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "NextRemindersLambdaSchedulePermission": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "NextRemindersLambda", - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "NextRemindersLambdaSchedule", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "ReactivateRecurringReminderLambda": { - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for reactivating cancelled recurring support reminders", - "Environment": { - "Variables": { - "Stage": { - "Ref": "Stage", - }, - }, - }, - "FunctionName": { - "Fn::Sub": "support-reminders-reactivate-recurring-reminder-\${Stage}", - }, - "Handler": "reactivate-recurring-reminder/lambda/lambda.handler", - "MemorySize": 128, - "Role": { - "Fn::GetAtt": [ - "ReactivateRecurringReminderLambdaRole", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, - ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, - }, - }, - "Type": "AWS::Lambda::Function", - }, - "ReactivateRecurringReminderLambdaAlarm": { - "Condition": "IsProd", - "Properties": { - "AlarmActions": [ - { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", - }, - ], - "AlarmDescription": "Failed to reactivate cancelled reminders", - "AlarmName": { - "Fn::Sub": "support-reminders-reactivate-recurring-reminder-\${Stage} lambda error", - }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "FunctionName", - "Value": { - "Ref": "ReactivateRecurringReminderLambda", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "ReactivateRecurringReminderLambdaReactivatePermissionProd": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "ReactivateRecurringReminderLambda", - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/reactivate", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", - }, - "__Stage__": "*", - }, - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "ReactivateRecurringReminderLambdaRole": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/idapi/\${Stage}/*", - }, - ], - }, - }, - "PolicyName": "ReactivateRecurringReminderLambdaRolePolicy1", - }, - { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, - }, - "PolicyName": "ReactivateRecurringReminderLambdaRolePolicy2", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApi0C43BF4B": { - "Properties": { - "Name": "support-PROD-support-reminders", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiAccount7C83CF5A": { - "DeletionPolicy": "Retain", - "DependsOn": [ - "RestApi0C43BF4B", - ], - "Properties": { - "CloudWatchRoleArn": { - "Fn::GetAtt": [ - "RestApiCloudWatchRoleE3ED6605", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - "UpdateReplacePolicy": "Retain", - }, - "RestApiCloudWatchRoleE3ED6605": { - "DeletionPolicy": "Retain", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", - ], - ], - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::IAM::Role", - "UpdateReplacePolicy": "Retain", - }, - "RestApiDeployment180EC50325978d599f094bee7f49dcd96a332604": { - "DependsOn": [ - "RestApicancelOPTIONS8CB256F3", - "RestApicancelPOST51F94A62", - "RestApicancel928D6387", - "RestApicreateoneoffOPTIONS1F89A992", - "RestApicreateoneoffPOST41A64A32", - "RestApicreateoneoff2D1FCD3C", - "RestApicreateOPTIONSC3837E5E", - "RestApicreaterecurringOPTIONSFBFDACD1", - "RestApicreaterecurringPOSTC2005445", - "RestApicreaterecurringA327119C", - "RestApicreate68AA2AF0", - "RestApiOPTIONS6AA64D2D", - "RestApireactivateOPTIONS263B776D", - "RestApireactivatePOSTF57FC066", - "RestApireactivateDE09DAB5", - "RestApisearchOPTIONSDF398734", - "RestApisearchPOST5D2A9A4A", - "RestApisearchA0D22340", - ], - "Properties": { - "Description": "Automatically created by the RestApi construct", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": { - "DependsOn": [ - "RestApiAccount7C83CF5A", - ], - "Properties": { - "DeploymentId": { - "Ref": "RestApiDeployment180EC50325978d599f094bee7f49dcd96a332604", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApiOPTIONS6AA64D2D": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", - }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], - "ResourceId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApicancel928D6387": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "cancel", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApicancelOPTIONS8CB256F3": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", - }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], - "ResourceId": { - "Ref": "RestApicancel928D6387", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApicancelPOST51F94A62": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "cancelremindersF4DAF18B", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApicancel928D6387", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApicancelPOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTcancelDEED3D9C": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "cancelremindersF4DAF18B", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/cancel", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicancelPOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTcancel9F0D4BD7": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "cancelremindersF4DAF18B", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/cancel", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicreate68AA2AF0": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "create", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApicreateOPTIONSC3837E5E": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", - }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], - "ResourceId": { - "Ref": "RestApicreate68AA2AF0", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApicreateoneoff2D1FCD3C": { - "Properties": { - "ParentId": { - "Ref": "RestApicreate68AA2AF0", - }, - "PathPart": "one-off", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApicreateoneoffOPTIONS1F89A992": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", - }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], - "ResourceId": { - "Ref": "RestApicreateoneoff2D1FCD3C", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApicreateoneoffPOST41A64A32": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "createreminderssignupB956888C", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApicreateoneoff2D1FCD3C", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApicreateoneoffPOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTcreateoneoffCB9C5A56": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "createreminderssignupB956888C", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/create/one-off", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicreateoneoffPOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTcreateoneoff02BE2CEA": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "createreminderssignupB956888C", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/create/one-off", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicreaterecurringA327119C": { - "Properties": { - "ParentId": { - "Ref": "RestApicreate68AA2AF0", - }, - "PathPart": "recurring", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApicreaterecurringOPTIONSFBFDACD1": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", - }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], - "ResourceId": { - "Ref": "RestApicreaterecurringA327119C", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApicreaterecurringPOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTcreaterecurringF86752F5": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "createreminderssignupB956888C", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/create/recurring", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicreaterecurringPOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTcreaterecurring6220A329": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "createreminderssignupB956888C", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/create/recurring", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicreaterecurringPOSTC2005445": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "createreminderssignupB956888C", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApicreaterecurringA327119C", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApireactivateDE09DAB5": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "reactivate", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApireactivateOPTIONS263B776D": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", - }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], - "ResourceId": { - "Ref": "RestApireactivateDE09DAB5", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApireactivatePOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTreactivate1A555DC2": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "reactivaterecurringreminder0045F57B", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/reactivate", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApireactivatePOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTreactivateEE85DD31": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "reactivaterecurringreminder0045F57B", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/reactivate", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApireactivatePOSTF57FC066": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "reactivaterecurringreminder0045F57B", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApireactivateDE09DAB5", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApisearchA0D22340": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "search", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApisearchOPTIONSDF398734": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "OPTIONS", - "Integration": { - "IntegrationResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", - "method.response.header.Access-Control-Allow-Origin": "'*'", - }, - "StatusCode": "204", - }, - ], - "RequestTemplates": { - "application/json": "{ statusCode: 200 }", - }, - "Type": "MOCK", - }, - "MethodResponses": [ - { - "ResponseParameters": { - "method.response.header.Access-Control-Allow-Headers": true, - "method.response.header.Access-Control-Allow-Methods": true, - "method.response.header.Access-Control-Allow-Origin": true, - }, - "StatusCode": "204", - }, - ], - "ResourceId": { - "Ref": "RestApisearchA0D22340", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApisearchPOST5D2A9A4A": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "searchreminders4A6FC4FF", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApisearchA0D22340", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApisearchPOSTApiPermissionSupportRemindersPRODRestApi318F04F5POSTsearchF4AED988": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "searchreminders4A6FC4FF", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/search", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApisearchPOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTsearch947A3EAB": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "searchreminders4A6FC4FF", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/search", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "S3inlinepolicy3B07399A": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": "arn:aws:s3::*:membership-dist/*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "S3inlinepolicy3B07399A", - "Roles": [ - { - "Ref": "searchremindersServiceRole21E2FC67", - }, - { - "Ref": "createreminderssignupServiceRole14AD0F8F", - }, - { - "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", - }, - { - "Ref": "cancelremindersServiceRole2D334903", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "SSMinlinepolicyB56CB2A2": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/support-reminders/db-config/PROD", - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/support-reminders/idapi/PROD/*", - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/PROD/support/support-reminders/db-config", - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/PROD/support/support-reminders/idapi/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SSMinlinepolicyB56CB2A2", - "Roles": [ - { - "Ref": "searchremindersServiceRole21E2FC67", - }, - { - "Ref": "createreminderssignupServiceRole14AD0F8F", - }, - { - "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", - }, - { - "Ref": "cancelremindersServiceRole2D334903", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "SearchRemindersLambda": { - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for searching for reminders", - "Environment": { - "Variables": { - "Stage": { - "Ref": "Stage", - }, - }, - }, - "FunctionName": { - "Fn::Sub": "support-reminders-search-reminders-\${Stage}", - }, - "Handler": "search-reminders/lambda/lambda.handler", - "MemorySize": 128, - "Role": { - "Fn::GetAtt": [ - "SearchRemindersLambdaRole", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - "Timeout": 30, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, - ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, - }, - }, - "Type": "AWS::Lambda::Function", - }, - "SearchRemindersLambdaRole": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": [ - "sts:AssumeRole", - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/idapi/\${Stage}/*", - }, - ], - }, - }, - "PolicyName": "SearchRemindersLambdaRolePolicy1", - }, - { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, - }, - "PolicyName": "SearchRemindersLambdaRolePolicy2", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "SearchRemindersLambdaSearchPermissionProd": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "SearchRemindersLambda", - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:\${AWS::Region}:\${AWS::AccountId}:\${__ApiId__}/\${__Stage__}/POST/search", - { - "__ApiId__": { - "Ref": "ServerlessRestApi", - }, - "__Stage__": "*", - }, - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "ServerlessRestApi": { - "Properties": { - "Body": { - "info": { - "title": { - "Ref": "AWS::StackName", - }, - "version": "1.0", - }, - "paths": { - "/cancel": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, - }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", - }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${CancelRemindersLambda.Arn}/invocations", - }, - }, - }, - }, - "/create/one-off": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, - }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", - }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${CreateReminderSignupLambda.Arn}/invocations", - }, - }, - }, - }, - "/create/recurring": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, - }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", - }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${CreateReminderSignupLambda.Arn}/invocations", - }, - }, - }, - }, - "/reactivate": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, - }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", - }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${ReactivateRecurringReminderLambda.Arn}/invocations", - }, - }, - }, - }, - "/search": { - "options": { - "consumes": [ - "application/json", - ], - "produces": [ - "application/json", - ], - "responses": { - "200": { - "description": "Default response for CORS method", - "headers": { - "Access-Control-Allow-Headers": { - "type": "string", - }, - "Access-Control-Allow-Methods": { - "type": "string", - }, - "Access-Control-Allow-Origin": { - "type": "string", - }, - }, - }, - }, - "summary": "CORS support", - "x-amazon-apigateway-integration": { - "requestTemplates": { - "application/json": "{ - "statusCode" : 200 -} -", - }, - "responses": { - "default": { - "responseParameters": { - "method.response.header.Access-Control-Allow-Headers": "'Content-Type'", - "method.response.header.Access-Control-Allow-Methods": "'*'", - "method.response.header.Access-Control-Allow-Origin": { - "Fn::FindInMap": [ - "StageMap", - { - "Ref": "Stage", - }, - "CorsOrigin", - ], - }, - }, - "responseTemplates": { - "application/json": "{} -", - }, - "statusCode": "200", - }, - }, - "type": "mock", - }, - }, - "post": { - "responses": {}, - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:\${AWS::Region}:lambda:path/2015-03-31/functions/\${SearchRemindersLambda.Arn}/invocations", - }, - }, + ":", + { + "Ref": "RestApi0C43BF4B", }, - }, - }, - "swagger": "2.0", - }, - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "ServerlessRestApiDeployment35164ab9c6": { - "Properties": { - "Description": "RestApi deployment id: 35164ab9c69e7ad25b481304f695a6fca30e4980", - "RestApiId": { - "Ref": "ServerlessRestApi", - }, - "StageName": "Stage", - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "ServerlessRestApiProdStage": { - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment35164ab9c6", - }, - "RestApiId": { - "Ref": "ServerlessRestApi", - }, - "StageName": "Prod", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], + "/", + { + "Ref": "RestApiDeploymentStageprod3855DE66", + }, + "/POST/search", + ], + ], + }, }, - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::Lambda::Permission", }, - "SignupExportsLambda": { + "RestApisearchPOSTApiPermissionTestSupportRemindersPRODRestApi318F04F5POSTsearch947A3EAB": { "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DeployBucket", - }, - "S3Key": { - "Fn::Sub": "\${Stack}/\${Stage}/support-reminders/support-reminders.zip", - }, - }, - "Description": "A lambda for exporting signups data", - "Environment": { - "Variables": { - "Bucket": { - "Ref": "DatalakeBucket", - }, - "Stage": { - "Ref": "Stage", - }, - }, - }, + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::Sub": "support-reminders-signup-exports-\${Stage}", - }, - "Handler": "signup-exports/lambda/lambda.handler", - "MemorySize": 512, - "Role": { "Fn::GetAtt": [ - "SignupExportsLambdaRole", + "searchreminders4A6FC4FF", "Arn", ], }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, - { - "Key": "lambda:createdBy", - "Value": "SAM", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - "Timeout": 900, - "VpcConfig": { - "SecurityGroupIds": [ - { - "Ref": "SecurityGroupToAccessPostgres", - }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":execute-api:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":", + { + "Ref": "RestApi0C43BF4B", + }, + "/test-invoke-stage/POST/search", + ], ], - "SubnetIds": { - "Ref": "VpcSubnets", - }, }, }, - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Permission", }, - "SignupExportsLambdaAlarm": { - "Condition": "IsProd", + "S3inlinepolicy3B07399A": { "Properties": { - "AlarmActions": [ + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:GetObject", + "Effect": "Allow", + "Resource": "arn:aws:s3::*:membership-dist/*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "S3inlinepolicy3B07399A", + "Roles": [ { - "Fn::Sub": "arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:contributions-dev", + "Ref": "searchremindersServiceRole21E2FC67", }, - ], - "AlarmDescription": "Failed to create signups exports", - "AlarmName": { - "Fn::Sub": "support-reminders-signup-exports-\${Stage} lambda error", - }, - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ { - "Name": "FunctionName", - "Value": { - "Ref": "SignupExportsLambda", - }, + "Ref": "createreminderssignupServiceRole14AD0F8F", + }, + { + "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", + }, + { + "Ref": "cancelremindersServiceRole2D334903", }, ], - "EvaluationPeriods": 1, - "MetricName": "Errors", - "Namespace": "AWS/Lambda", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, }, - "Type": "AWS::CloudWatch::Alarm", + "Type": "AWS::IAM::Policy", }, - "SignupExportsLambdaRole": { + "SSMinlinepolicyB56CB2A2": { "Properties": { - "AssumeRolePolicyDocument": { + "PolicyDocument": { "Statement": [ { "Action": [ - "sts:AssumeRole", + "ssm:GetParametersByPath", + "ssm:GetParameter", ], "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com", - ], - }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/support-reminders/db-config/PROD", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/support-reminders/idapi/PROD/*", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/PROD/support/support-reminders/db-config", + ], + ], + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:ssm:", + { + "Ref": "AWS::Region", + }, + ":", + { + "Ref": "AWS::AccountId", + }, + ":parameter/PROD/support/support-reminders/idapi/*", + ], + ], + }, + ], }, ], "Version": "2012-10-17", }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ], - "Policies": [ - { - "PolicyDocument": { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/support-reminders/db-config/\${Stage}", - }, - ], - }, - }, - "PolicyName": "SignupExportsLambdaRolePolicy1", - }, - { - "PolicyDocument": { - "Statement": { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:s3:::\${DatalakeBucket}", - }, - { - "Fn::Sub": "arn:aws:s3:::\${DatalakeBucket}/*", - }, - ], - }, - }, - "PolicyName": "SignupExportsLambdaRolePolicy2", - }, - { - "PolicyDocument": { - "Statement": { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, - }, - "PolicyName": "SignupExportsLambdaRolePolicy3", - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-reminders", - }, + "PolicyName": "SSMinlinepolicyB56CB2A2", + "Roles": [ { - "Key": "lambda:createdBy", - "Value": "SAM", + "Ref": "searchremindersServiceRole21E2FC67", }, { - "Key": "Stack", - "Value": "support", + "Ref": "createreminderssignupServiceRole14AD0F8F", }, { - "Key": "Stage", - "Value": "PROD", + "Ref": "reactivaterecurringreminderServiceRoleA9652C4C", }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "SignupExportsLambdaSchedule": { - "Properties": { - "Description": "Run sigup exports lambda every day at 00:05", - "Name": { - "Fn::Sub": "RemindersExportSchedule-\${Stage}", - }, - "ScheduleExpression": "cron(05 00 * * ? *)", - "State": "ENABLED", - "Targets": [ { - "Arn": { - "Fn::GetAtt": [ - "SignupExportsLambda", - "Arn", - ], - }, - "Id": "SignupExportsLambdaScheduleLambdaTarget", + "Ref": "cancelremindersServiceRole2D334903", }, ], }, - "Type": "AWS::Events::Rule", - }, - "SignupExportsLambdaSchedulePermission": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Ref": "SignupExportsLambda", - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "SignupExportsLambdaSchedule", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", + "Type": "AWS::IAM::Policy", }, "cancelremindersF4DAF18B": { "DependsOn": [ diff --git a/cdk/lib/support-reminders.ts b/cdk/lib/support-reminders.ts index 597d055..03f8418 100644 --- a/cdk/lib/support-reminders.ts +++ b/cdk/lib/support-reminders.ts @@ -1,4 +1,3 @@ -import path from "path"; import {GuApiGatewayWithLambdaByPath, GuScheduledLambda} from "@guardian/cdk"; import type {GuStackProps} from "@guardian/cdk/lib/constructs/core"; import {GuStack, GuStringParameter} from "@guardian/cdk/lib/constructs/core"; @@ -11,7 +10,6 @@ import {Schedule} from "aws-cdk-lib/aws-events"; import {Effect, ManagedPolicy, Policy, PolicyStatement} from "aws-cdk-lib/aws-iam"; import {Runtime} from "aws-cdk-lib/aws-lambda"; import {CfnRecordSet} from "aws-cdk-lib/aws-route53"; -import {CfnInclude} from "aws-cdk-lib/cloudformation-include"; export interface SupportRemindersProps extends GuStackProps { certificateId: string; @@ -25,13 +23,6 @@ export class SupportReminders extends GuStack { super(scope, id, props); - // ---- CFN template resources ---- // - const yamlTemplateFilePath = path.join(__dirname, "../..", "cfn.yaml"); - new CfnInclude(this, "YamlTemplate", { - templateFile: yamlTemplateFilePath, - }); - - // ---- Parameters ---- // const securityGroupToAccessPostgres = new GuStringParameter( this, diff --git a/cfn.yaml b/cfn.yaml deleted file mode 100644 index 10076b6..0000000 --- a/cfn.yaml +++ /dev/null @@ -1,1008 +0,0 @@ ---- -AWSTemplateFormatVersion: '2010-09-09' -Description: The lambdas for supporter reminders -Parameters: - CertificateArn: - Description: ARN of the certificate - Type: String - DatalakeBucket: - Description: Bucket to upload data for ingestion into BigQuery - Type: String - DeployBucket: - Description: Bucket to copy files to - Type: String - Default: membership-dist - SecurityGroupToAccessPostgres: - Description: Security group to access the RDS instance - Type: String - Stage: - Description: Set by RiffRaff on each deploy - Type: String - AllowedValues: - - CODE - - PROD - Stack: - Description: Stack name - Type: String - Default: support - VpcSubnets: - Description: Subnets for RDS access - Type: List -Mappings: - StageMap: - CODE: - DomainName: reminders-code.support.guardianapis.com - CorsOrigin: "'*'" - PROD: - DomainName: reminders.support.guardianapis.com - CorsOrigin: "'*'" -Resources: - NextRemindersLambdaAlarm: - Type: AWS::CloudWatch::Alarm - Condition: IsProd - Properties: - AlarmActions: - - Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:contributions-dev - AlarmName: - Fn::Sub: support-reminders-next-reminders-${Stage} lambda error - AlarmDescription: Failed to create next-reminders snapshot - MetricName: Errors - Namespace: AWS/Lambda - Dimensions: - - Name: FunctionName - Value: - Ref: NextRemindersLambda - ComparisonOperator: GreaterThanOrEqualToThreshold - Threshold: 1 - Period: 60 - EvaluationPeriods: 1 - Statistic: Sum - CreateReminderSignupLambdaRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole - Policies: - - PolicyName: CreateReminderSignupLambdaRolePolicy1 - PolicyDocument: - Statement: - Effect: Allow - Action: - - ssm:GetParametersByPath - - ssm:GetParameter - Resource: - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/db-config/${Stage} - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/idapi/${Stage}/* - - PolicyName: CreateReminderSignupLambdaRolePolicy2 - PolicyDocument: - Statement: - Effect: Allow - Action: s3:GetObject - Resource: - - arn:aws:s3::*:membership-dist/* - Tags: - - Key: lambda:createdBy - Value: SAM - SignupExportsLambdaRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole - Policies: - - PolicyName: SignupExportsLambdaRolePolicy1 - PolicyDocument: - Statement: - Effect: Allow - Action: - - ssm:GetParametersByPath - - ssm:GetParameter - Resource: - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/db-config/${Stage} - - PolicyName: SignupExportsLambdaRolePolicy2 - PolicyDocument: - Statement: - Effect: Allow - Action: - - s3:PutObject - - s3:PutObjectAcl - Resource: - - Fn::Sub: arn:aws:s3:::${DatalakeBucket} - - Fn::Sub: arn:aws:s3:::${DatalakeBucket}/* - - PolicyName: SignupExportsLambdaRolePolicy3 - PolicyDocument: - Statement: - Effect: Allow - Action: s3:GetObject - Resource: - - arn:aws:s3::*:membership-dist/* - Tags: - - Key: lambda:createdBy - Value: SAM - SearchRemindersLambda: - Type: AWS::Lambda::Function - Properties: - Code: - S3Bucket: - Ref: DeployBucket - S3Key: - Fn::Sub: "${Stack}/${Stage}/support-reminders/support-reminders.zip" - Description: A lambda for searching for reminders - FunctionName: - Fn::Sub: support-reminders-search-reminders-${Stage} - Handler: search-reminders/lambda/lambda.handler - MemorySize: 128 - Role: - Fn::GetAtt: - - SearchRemindersLambdaRole - - Arn - Runtime: nodejs12.x - Timeout: 30 - VpcConfig: - SecurityGroupIds: - - Ref: SecurityGroupToAccessPostgres - SubnetIds: - Ref: VpcSubnets - Environment: - Variables: - Stage: - Ref: Stage - Tags: - - Key: lambda:createdBy - Value: SAM - SignupExportsLambdaSchedule: - Type: AWS::Events::Rule - Properties: - Description: Run sigup exports lambda every day at 00:05 - Name: - Fn::Sub: RemindersExportSchedule-${Stage} - ScheduleExpression: cron(05 00 * * ? *) - State: ENABLED - Targets: - - Arn: - Fn::GetAtt: - - SignupExportsLambda - - Arn - Id: SignupExportsLambdaScheduleLambdaTarget - ServerlessRestApiProdStage: - Type: AWS::ApiGateway::Stage - Properties: - DeploymentId: - Ref: ServerlessRestApiDeployment35164ab9c6 - RestApiId: - Ref: ServerlessRestApi - StageName: Prod - NextRemindersLambdaSchedulePermission: - Type: AWS::Lambda::Permission - Properties: - Action: lambda:InvokeFunction - FunctionName: - Ref: NextRemindersLambda - Principal: events.amazonaws.com - SourceArn: - Fn::GetAtt: - - NextRemindersLambdaSchedule - - Arn -# DomainName: -# Type: AWS::ApiGateway::DomainName -# Properties: -# RegionalCertificateArn: -# Ref: CertificateArn -# DomainName: -# Fn::FindInMap: -# - StageMap -# - Ref: Stage -# - DomainName -# EndpointConfiguration: -# Types: -# - REGIONAL - NextRemindersLambdaSchedule: - Type: AWS::Events::Rule - Properties: - Description: Run next reminders lambda every day at 00:05 - Name: - Fn::Sub: NextRemindersSchedule-${Stage} - ScheduleExpression: cron(05 00 * * ? *) - State: ENABLED - Targets: - - Arn: - Fn::GetAtt: - - NextRemindersLambda - - Arn - Id: NextRemindersLambdaScheduleLambdaTarget - ReactivateRecurringReminderLambdaAlarm: - Type: AWS::CloudWatch::Alarm - Condition: IsProd - Properties: - AlarmActions: - - Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:contributions-dev - AlarmName: - Fn::Sub: support-reminders-reactivate-recurring-reminder-${Stage} lambda error - AlarmDescription: Failed to reactivate cancelled reminders - MetricName: Errors - Namespace: AWS/Lambda - Dimensions: - - Name: FunctionName - Value: - Ref: ReactivateRecurringReminderLambda - ComparisonOperator: GreaterThanOrEqualToThreshold - Threshold: 1 - Period: 60 - EvaluationPeriods: 1 - Statistic: Sum - ApiGateway4XXAlarm: - Type: AWS::CloudWatch::Alarm - Condition: IsProd - Properties: - AlarmActions: - - Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:contributions-dev - AlarmName: - Fn::Sub: support-reminders-${Stage} API gateway 4XX response - AlarmDescription: Reminders API received an invalid request - MetricName: 4XXError - Namespace: AWS/ApiGateway - Dimensions: - - Name: ApiName - Value: - Fn::Sub: support-reminders-${Stage} - ComparisonOperator: GreaterThanOrEqualToThreshold - Threshold: 8 - Period: 300 - EvaluationPeriods: 1 - Statistic: Sum - CancelRemindersLambdaCreateOneOffPermissionProd: - Type: AWS::Lambda::Permission - Properties: - Action: lambda:InvokeFunction - FunctionName: - Ref: CancelRemindersLambda - Principal: apigateway.amazonaws.com - SourceArn: - Fn::Sub: - - arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/cancel - - __ApiId__: - Ref: ServerlessRestApi - __Stage__: "*" - CreateReminderSignupLambdaAlarm: - Type: AWS::CloudWatch::Alarm - Condition: IsProd - Properties: - AlarmActions: - - Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:contributions-dev - AlarmName: - Fn::Sub: support-reminders-create-reminder-signup-${Stage} lambda error - AlarmDescription: Failed to create a reminder signup - MetricName: Errors - Namespace: AWS/Lambda - Dimensions: - - Name: FunctionName - Value: - Ref: CreateReminderSignupLambda - ComparisonOperator: GreaterThanOrEqualToThreshold - Threshold: 1 - Period: 60 - EvaluationPeriods: 1 - Statistic: Sum - CreateReminderSignupLambdaCreateOneOffPermissionProd: - Type: AWS::Lambda::Permission - Properties: - Action: lambda:InvokeFunction - FunctionName: - Ref: CreateReminderSignupLambda - Principal: apigateway.amazonaws.com - SourceArn: - Fn::Sub: - - arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/create/one-off - - __ApiId__: - Ref: ServerlessRestApi - __Stage__: "*" - SignupExportsLambdaSchedulePermission: - Type: AWS::Lambda::Permission - Properties: - Action: lambda:InvokeFunction - FunctionName: - Ref: SignupExportsLambda - Principal: events.amazonaws.com - SourceArn: - Fn::GetAtt: - - SignupExportsLambdaSchedule - - Arn - ApiGateway5XXAlarm: - Type: AWS::CloudWatch::Alarm - Condition: IsProd - Properties: - AlarmActions: - - Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:contributions-dev - AlarmName: - Fn::Sub: support-reminders-${Stage} API gateway 5XX response - AlarmDescription: Reminders API failed to create a signup - MetricName: 5XXError - Namespace: AWS/ApiGateway - Dimensions: - - Name: ApiName - Value: - Fn::Sub: support-reminders-${Stage} - ComparisonOperator: GreaterThanOrEqualToThreshold - Threshold: 1 - Period: 60 - EvaluationPeriods: 1 - Statistic: Sum - NextRemindersLambda: - Type: AWS::Lambda::Function - Properties: - Code: - S3Bucket: - Ref: DeployBucket - S3Key: - Fn::Sub: "${Stack}/${Stage}/support-reminders/support-reminders.zip" - Description: A lambda for getting next reminders data - FunctionName: - Fn::Sub: support-reminders-next-reminders-${Stage} - Handler: next-reminders/lambda/lambda.handler - MemorySize: 128 - Role: - Fn::GetAtt: - - NextRemindersLambdaRole - - Arn - Runtime: nodejs12.x - Timeout: 30 - VpcConfig: - SecurityGroupIds: - - Ref: SecurityGroupToAccessPostgres - SubnetIds: - Ref: VpcSubnets - Environment: - Variables: - Stage: - Ref: Stage - Bucket: - Ref: DatalakeBucket - Tags: - - Key: lambda:createdBy - Value: SAM -# DNSRecord: -# Type: AWS::Route53::RecordSet -# Properties: -# HostedZoneName: support.guardianapis.com. -# Name: -# Fn::FindInMap: -# - StageMap -# - Ref: Stage -# - DomainName -# Comment: -# Fn::Sub: CNAME for contributions reminders endpoint ${Stage} -# Type: CNAME -# TTL: '120' -# ResourceRecords: -# - Fn::GetAtt: -# - DomainName -# - RegionalDomainName - ServerlessRestApiDeployment35164ab9c6: - Type: AWS::ApiGateway::Deployment - Properties: - Description: 'RestApi deployment id: 35164ab9c69e7ad25b481304f695a6fca30e4980' - RestApiId: - Ref: ServerlessRestApi - StageName: Stage - SearchRemindersLambdaSearchPermissionProd: - Type: AWS::Lambda::Permission - Properties: - Action: lambda:InvokeFunction - FunctionName: - Ref: SearchRemindersLambda - Principal: apigateway.amazonaws.com - SourceArn: - Fn::Sub: - - arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/search - - __ApiId__: - Ref: ServerlessRestApi - __Stage__: "*" - CreateReminderSignupLambda: - Type: AWS::Lambda::Function - Properties: - Code: - S3Bucket: - Ref: DeployBucket - S3Key: - Fn::Sub: "${Stack}/${Stage}/support-reminders/support-reminders.zip" - Description: A lambda for creating support reminders - FunctionName: - Fn::Sub: support-reminders-create-reminder-signup-${Stage} - Handler: create-reminder-signup/lambda/lambda.handler - MemorySize: 128 - Role: - Fn::GetAtt: - - CreateReminderSignupLambdaRole - - Arn - Runtime: nodejs12.x - Timeout: 30 - VpcConfig: - SecurityGroupIds: - - Ref: SecurityGroupToAccessPostgres - SubnetIds: - Ref: VpcSubnets - Environment: - Variables: - Stage: - Ref: Stage - Tags: - - Key: lambda:createdBy - Value: SAM - NextRemindersLambdaRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole - Policies: - - PolicyName: NextRemindersLambdaRolePolicy1 - PolicyDocument: - Statement: - Effect: Allow - Action: - - ssm:GetParametersByPath - - ssm:GetParameter - Resource: - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/db-config/${Stage} - - PolicyName: NextRemindersLambdaRolePolicy2 - PolicyDocument: - Statement: - Effect: Allow - Action: - - s3:PutObject - - s3:PutObjectAcl - Resource: - - Fn::Sub: arn:aws:s3:::${DatalakeBucket} - - Fn::Sub: arn:aws:s3:::${DatalakeBucket}/* - - PolicyName: NextRemindersLambdaRolePolicy3 - PolicyDocument: - Statement: - Effect: Allow - Action: s3:GetObject - Resource: - - arn:aws:s3::*:membership-dist/* - Tags: - - Key: lambda:createdBy - Value: SAM - ReactivateRecurringReminderLambda: - Type: AWS::Lambda::Function - Properties: - Code: - S3Bucket: - Ref: DeployBucket - S3Key: - Fn::Sub: "${Stack}/${Stage}/support-reminders/support-reminders.zip" - Description: A lambda for reactivating cancelled recurring support reminders - FunctionName: - Fn::Sub: support-reminders-reactivate-recurring-reminder-${Stage} - Handler: reactivate-recurring-reminder/lambda/lambda.handler - MemorySize: 128 - Role: - Fn::GetAtt: - - ReactivateRecurringReminderLambdaRole - - Arn - Runtime: nodejs12.x - Timeout: 30 - VpcConfig: - SecurityGroupIds: - - Ref: SecurityGroupToAccessPostgres - SubnetIds: - Ref: VpcSubnets - Environment: - Variables: - Stage: - Ref: Stage - Tags: - - Key: lambda:createdBy - Value: SAM - ReactivateRecurringReminderLambdaReactivatePermissionProd: - Type: AWS::Lambda::Permission - Properties: - Action: lambda:InvokeFunction - FunctionName: - Ref: ReactivateRecurringReminderLambda - Principal: apigateway.amazonaws.com - SourceArn: - Fn::Sub: - - arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/reactivate - - __ApiId__: - Ref: ServerlessRestApi - __Stage__: "*" - CancelRemindersLambda: - Type: AWS::Lambda::Function - Properties: - Code: - S3Bucket: - Ref: DeployBucket - S3Key: - Fn::Sub: "${Stack}/${Stage}/support-reminders/support-reminders.zip" - Description: A lambda for cancelling pending support reminders - FunctionName: - Fn::Sub: support-reminders-cancel-reminders-${Stage} - Handler: cancel-reminders/lambda/lambda.handler - MemorySize: 128 - Role: - Fn::GetAtt: - - CancelRemindersLambdaRole - - Arn - Runtime: nodejs12.x - Timeout: 30 - VpcConfig: - SecurityGroupIds: - - Ref: SecurityGroupToAccessPostgres - SubnetIds: - Ref: VpcSubnets - Environment: - Variables: - Stage: - Ref: Stage - Tags: - - Key: lambda:createdBy - Value: SAM - SearchRemindersLambdaRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole - Policies: - - PolicyName: SearchRemindersLambdaRolePolicy1 - PolicyDocument: - Statement: - Effect: Allow - Action: - - ssm:GetParametersByPath - - ssm:GetParameter - Resource: - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/db-config/${Stage} - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/idapi/${Stage}/* - - PolicyName: SearchRemindersLambdaRolePolicy2 - PolicyDocument: - Statement: - Effect: Allow - Action: s3:GetObject - Resource: - - arn:aws:s3::*:membership-dist/* - Tags: - - Key: lambda:createdBy - Value: SAM - SignupExportsLambda: - Type: AWS::Lambda::Function - Properties: - Code: - S3Bucket: - Ref: DeployBucket - S3Key: - Fn::Sub: "${Stack}/${Stage}/support-reminders/support-reminders.zip" - Description: A lambda for exporting signups data - FunctionName: - Fn::Sub: support-reminders-signup-exports-${Stage} - Handler: signup-exports/lambda/lambda.handler - MemorySize: 512 - Role: - Fn::GetAtt: - - SignupExportsLambdaRole - - Arn - Runtime: nodejs12.x - Timeout: 900 - VpcConfig: - SecurityGroupIds: - - Ref: SecurityGroupToAccessPostgres - SubnetIds: - Ref: VpcSubnets - Environment: - Variables: - Stage: - Ref: Stage - Bucket: - Ref: DatalakeBucket - Tags: - - Key: lambda:createdBy - Value: SAM -# BasePathMapping: -# Type: AWS::ApiGateway::BasePathMapping -# Properties: -# RestApiId: -# Ref: ServerlessRestApi -# DomainName: -# Ref: DomainName -# Stage: -# Fn::Sub: Prod -# DependsOn: ServerlessRestApiProdStage - CreateReminderSignupLambdaCreateRecurringPermissionProd: - Type: AWS::Lambda::Permission - Properties: - Action: lambda:InvokeFunction - FunctionName: - Ref: CreateReminderSignupLambda - Principal: apigateway.amazonaws.com - SourceArn: - Fn::Sub: - - arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/create/recurring - - __ApiId__: - Ref: ServerlessRestApi - __Stage__: "*" - SignupExportsLambdaAlarm: - Type: AWS::CloudWatch::Alarm - Condition: IsProd - Properties: - AlarmActions: - - Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:contributions-dev - AlarmName: - Fn::Sub: support-reminders-signup-exports-${Stage} lambda error - AlarmDescription: Failed to create signups exports - MetricName: Errors - Namespace: AWS/Lambda - Dimensions: - - Name: FunctionName - Value: - Ref: SignupExportsLambda - ComparisonOperator: GreaterThanOrEqualToThreshold - Threshold: 1 - Period: 60 - EvaluationPeriods: 1 - Statistic: Sum - CancelRemindersLambdaRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole - Policies: - - PolicyName: CancelRemindersLambdaRolePolicy1 - PolicyDocument: - Statement: - Effect: Allow - Action: - - ssm:GetParametersByPath - - ssm:GetParameter - Resource: - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/db-config/${Stage} - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/idapi/${Stage}/* - - PolicyName: CancelRemindersLambdaRolePolicy2 - PolicyDocument: - Statement: - Effect: Allow - Action: s3:GetObject - Resource: - - arn:aws:s3::*:membership-dist/* - Tags: - - Key: lambda:createdBy - Value: SAM - ServerlessRestApi: - Type: AWS::ApiGateway::RestApi - Properties: - Body: - info: - version: '1.0' - title: - Ref: AWS::StackName - paths: - "/reactivate": - post: - x-amazon-apigateway-integration: - httpMethod: POST - type: aws_proxy - uri: - Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ReactivateRecurringReminderLambda.Arn}/invocations - responses: {} - options: - x-amazon-apigateway-integration: - type: mock - requestTemplates: - application/json: | - { - "statusCode" : 200 - } - responses: - default: - statusCode: '200' - responseTemplates: - application/json: "{}\n" - responseParameters: - method.response.header.Access-Control-Allow-Origin: - Fn::FindInMap: - - StageMap - - Ref: Stage - - CorsOrigin - method.response.header.Access-Control-Allow-Methods: "'*'" - method.response.header.Access-Control-Allow-Headers: "'Content-Type'" - consumes: - - application/json - summary: CORS support - responses: - '200': - headers: - Access-Control-Allow-Origin: - type: string - Access-Control-Allow-Headers: - type: string - Access-Control-Allow-Methods: - type: string - description: Default response for CORS method - produces: - - application/json - "/create/recurring": - post: - x-amazon-apigateway-integration: - httpMethod: POST - type: aws_proxy - uri: - Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${CreateReminderSignupLambda.Arn}/invocations - responses: {} - options: - x-amazon-apigateway-integration: - type: mock - requestTemplates: - application/json: | - { - "statusCode" : 200 - } - responses: - default: - statusCode: '200' - responseTemplates: - application/json: "{}\n" - responseParameters: - method.response.header.Access-Control-Allow-Origin: - Fn::FindInMap: - - StageMap - - Ref: Stage - - CorsOrigin - method.response.header.Access-Control-Allow-Methods: "'*'" - method.response.header.Access-Control-Allow-Headers: "'Content-Type'" - consumes: - - application/json - summary: CORS support - responses: - '200': - headers: - Access-Control-Allow-Origin: - type: string - Access-Control-Allow-Headers: - type: string - Access-Control-Allow-Methods: - type: string - description: Default response for CORS method - produces: - - application/json - "/search": - post: - x-amazon-apigateway-integration: - httpMethod: POST - type: aws_proxy - uri: - Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${SearchRemindersLambda.Arn}/invocations - responses: {} - options: - x-amazon-apigateway-integration: - type: mock - requestTemplates: - application/json: | - { - "statusCode" : 200 - } - responses: - default: - statusCode: '200' - responseTemplates: - application/json: "{}\n" - responseParameters: - method.response.header.Access-Control-Allow-Origin: - Fn::FindInMap: - - StageMap - - Ref: Stage - - CorsOrigin - method.response.header.Access-Control-Allow-Methods: "'*'" - method.response.header.Access-Control-Allow-Headers: "'Content-Type'" - consumes: - - application/json - summary: CORS support - responses: - '200': - headers: - Access-Control-Allow-Origin: - type: string - Access-Control-Allow-Headers: - type: string - Access-Control-Allow-Methods: - type: string - description: Default response for CORS method - produces: - - application/json - "/create/one-off": - post: - x-amazon-apigateway-integration: - httpMethod: POST - type: aws_proxy - uri: - Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${CreateReminderSignupLambda.Arn}/invocations - responses: {} - options: - x-amazon-apigateway-integration: - type: mock - requestTemplates: - application/json: | - { - "statusCode" : 200 - } - responses: - default: - statusCode: '200' - responseTemplates: - application/json: "{}\n" - responseParameters: - method.response.header.Access-Control-Allow-Origin: - Fn::FindInMap: - - StageMap - - Ref: Stage - - CorsOrigin - method.response.header.Access-Control-Allow-Methods: "'*'" - method.response.header.Access-Control-Allow-Headers: "'Content-Type'" - consumes: - - application/json - summary: CORS support - responses: - '200': - headers: - Access-Control-Allow-Origin: - type: string - Access-Control-Allow-Headers: - type: string - Access-Control-Allow-Methods: - type: string - description: Default response for CORS method - produces: - - application/json - "/cancel": - post: - x-amazon-apigateway-integration: - httpMethod: POST - type: aws_proxy - uri: - Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${CancelRemindersLambda.Arn}/invocations - responses: {} - options: - x-amazon-apigateway-integration: - type: mock - requestTemplates: - application/json: | - { - "statusCode" : 200 - } - responses: - default: - statusCode: '200' - responseTemplates: - application/json: "{}\n" - responseParameters: - method.response.header.Access-Control-Allow-Origin: - Fn::FindInMap: - - StageMap - - Ref: Stage - - CorsOrigin - method.response.header.Access-Control-Allow-Methods: "'*'" - method.response.header.Access-Control-Allow-Headers: "'Content-Type'" - consumes: - - application/json - summary: CORS support - responses: - '200': - headers: - Access-Control-Allow-Origin: - type: string - Access-Control-Allow-Headers: - type: string - Access-Control-Allow-Methods: - type: string - description: Default response for CORS method - produces: - - application/json - swagger: '2.0' - CancelRemindersLambdaAlarm: - Type: AWS::CloudWatch::Alarm - Condition: IsProd - Properties: - AlarmActions: - - Fn::Sub: arn:aws:sns:${AWS::Region}:${AWS::AccountId}:contributions-dev - AlarmName: - Fn::Sub: support-reminders-cancel-reminders-${Stage} lambda error - AlarmDescription: Failed to cancel pending reminders - MetricName: Errors - Namespace: AWS/Lambda - Dimensions: - - Name: FunctionName - Value: - Ref: CancelRemindersLambda - ComparisonOperator: GreaterThanOrEqualToThreshold - Threshold: 1 - Period: 60 - EvaluationPeriods: 1 - Statistic: Sum - ReactivateRecurringReminderLambdaRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole - Policies: - - PolicyName: ReactivateRecurringReminderLambdaRolePolicy1 - PolicyDocument: - Statement: - Effect: Allow - Action: - - ssm:GetParametersByPath - - ssm:GetParameter - Resource: - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/db-config/${Stage} - - Fn::Sub: arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/support-reminders/idapi/${Stage}/* - - PolicyName: ReactivateRecurringReminderLambdaRolePolicy2 - PolicyDocument: - Statement: - Effect: Allow - Action: s3:GetObject - Resource: - - arn:aws:s3::*:membership-dist/* - Tags: - - Key: lambda:createdBy - Value: SAM -Conditions: - IsProd: - Fn::Equals: - - Ref: Stage - - PROD