template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: An AWS Serverless Specification template describing your function.

Parameters:
  SourceEmail:
    Type: String
    Description: The sending email address for notification emails.
    Default: aws@marek.rocks

  DestEmail:
    Type: String
    Description: The receiving email address for notification emails.
    Default: marek.kuczynski@gmail.com

  SendEmails: 
    Description: Set whether to send SES emails or not (default 'n'). 
    Default: 'n'
    Type: String
    AllowedValues: 
      - 'y'
      - 'n'

  StorePublicS3:
    Description: Store a JSON object of blogposts as a public S3 file (default 'n').
    Default: 'n'
    Type: String
    AllowedValues:
      - 'y'
      - 'n'

  CreateAppSync:
    Description: Create a read only AppSync endpoint for the blogs stored in DynamoDB
    Default: 'n'
    Type: String
    AllowedValues:
      - 'y'
      - 'n'

  EnableAlgolia:
    Description: Optional - enable Algolia search index support
    Default: 'n'
    Type: 'String'
    AllowedValues:
      - 'y'
      - 'n'

  AlgoliaApp: 
    Description: Optional - add the Algolia App ID
    Default: ''
    Type: String

  AlgoliaApikey:
    Description: Optional - add the Algolia API key
    Default: ''
    Type: String

  AlgoliaIndex: 
    Description: Optional - add the Algolia Index name
    Default: ''
    Type: String

# appsync create condition
Conditions: 
  EnableAppSync: !Equals [ !Ref CreateAppSync, y ]

Resources:

  # create per rss feed retrieval function
  rssgetfeed:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: getfeed.handler
      Runtime: python3.8
      CodeUri: lambda-getfeed/
      Description: 'Retrieve RSS feeds and store them in DynamoDB'
      Policies:
        - Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Action:
                - 'ses:SendEmail'
              Resource: '*'
        - ComprehendFullAccess
        - arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy
        - DynamoDBCrudPolicy:
            TableName: !Ref rssfeed
        - S3CrudPolicy:
            BucketName: !Ref PublicJsonBucket
      MemorySize: 512
      Timeout: 30
      Environment:
        Variables:
          dynamo_table: !Ref rssfeed
         
      Tracing: Active
      ReservedConcurrentExecutions: 50
      Layers: 
        - !Ref lambdalayer
        - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:14"

  # create rss feed crawl function
  rsscrawl:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: crawl.handler
      Runtime: python3.8
      CodeUri: lambda-crawl/
      Description: 'Retrieve RSS feeds and check files stored on S3'
      Policies:
        - arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy
        - DynamoDBReadPolicy:
            TableName: !Ref rssfeed
        - S3ReadPolicy:
            BucketName: !Ref PublicJsonBucket
      MemorySize: 256
      Timeout: 30
      Environment:
        Variables:
          algolia_app: !Ref AlgoliaApp
          algolia_apikey: !Ref AlgoliaApikey
          algolia_index: !Ref AlgoliaIndex
          dynamo_region: !Ref 'AWS::Region'
          dynamo_table: !Ref rssfeed
          from_email: !Ref SourceEmail
          to_email: !Ref DestEmail
          s3_bucket: !Ref PublicJsonBucket
          storepublics3: !Ref StorePublicS3
          send_mail: !Ref SendEmails
          enable_algolia: !Ref EnableAlgolia
      Tracing: Active
      ReservedConcurrentExecutions: 1
      Layers: 
        - !Ref lambdalayer
        - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:14"

  # refresh pagecount stored in dynamodb using a manual lambda invoke
  pagecount:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: pagecount.handler
      Runtime: python3.8
      CodeUri: lambda-pagecount/
      Description: 'Retrieve the total article count for blogs stored in DynamoDB'
      Policies:
        - arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy
        - DynamoDBCrudPolicy:
            TableName: !Ref rssfeed
      MemorySize: 256
      Timeout: 30
      Environment:
        Variables:
          dynamo_region: !Ref 'AWS::Region'
          dynamo_table: !Ref rssfeed
          POWERTOOLS_SERVICE_NAME: rssgetpagecount
          POWERTOOLS_TRACE_DISABLED: "false"
      Tracing: Active
      ReservedConcurrentExecutions: 1
      Layers: 
        - !Ref lambdalayer
        - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:14"

  # create lambda layer with dependencies
  lambdalayer:
    Type: AWS::Serverless::LayerVersion
    Properties:
      LayerName: rsslayer
      Description: python3 dependencies for XRay, BeautifulSoup4, feedparser and requests
      ContentUri: lambda-layer/
      CompatibleRuntimes:
        - python3.8
      LicenseInfo: 'MIT-0'
      RetentionPolicy: Delete
    Metadata:
      BuildMethod: python3.8

  # dynamodb table for blog articles
  rssfeed:
    Type: 'AWS::DynamoDB::Table'
    Properties:
      BillingMode: PAY_PER_REQUEST
      AttributeDefinitions:
      - AttributeName: guid
        AttributeType: S
      - AttributeName: timest
        AttributeType: N
      - AttributeName: visible
        AttributeType: S
      - AttributeName: blogsource
        AttributeType: S
      KeySchema:
      - AttributeName: guid
        KeyType: HASH
      - AttributeName: timest
        KeyType: RANGE  
      GlobalSecondaryIndexes:
      - IndexName: visible
        KeySchema:
        - AttributeName: visible
          KeyType: HASH
        - AttributeName: timest
          KeyType: RANGE
        Projection:
          ProjectionType: ALL
      - IndexName: timest
        KeySchema:
        - AttributeName: blogsource
          KeyType: HASH
        - AttributeName: timest
          KeyType: RANGE
        Projection:
          ProjectionType: ALL

  # log group
  rssblog:
    Type: AWS::Logs::LogGroup

  # public s3 bucket
  PublicJsonBucket:
    Type: AWS::S3::Bucket

  # state machine to coordinate the workflow
  blogstatemachine:
    Type: AWS::Serverless::StateMachine
    Properties:
      Type: STANDARD
      Tracing:
        Enabled: true
      DefinitionUri: statemachine/rssblog.asl.json
      DefinitionSubstitutions:
        rsscrawl: !GetAtt rsscrawl.Arn
        rssgetfeed: !GetAtt rssgetfeed.Arn
      Policies: 
        - LambdaInvokePolicy:
            FunctionName: !Ref rsscrawl
        - LambdaInvokePolicy:
            FunctionName: !Ref rssgetfeed
        - CloudWatchFullAccess
      Logging:
        IncludeExecutionData: true
        Destinations:
          - CloudWatchLogsLogGroup:
              LogGroupArn: !GetAtt rssblog.Arn
      Events:
        ScheduledEventEvery15Min:
          Type: Schedule
          Properties:
            Schedule: rate(15 minutes)

  # graphql api role
  GraphQLApiRole:
    Condition: EnableAppSync 
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service: 'appsync.amazonaws.com'
          Action: 'sts:AssumeRole'
      Policies:
      - PolicyName: CWLogs
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - 'logs:CreateLogGroup'
            - 'logs:CreateLogStream'
            - 'logs:PutLogEvents'
            Resource: '*'
      - PolicyName: DDBRead   
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - 'dynamodb:GetItem'
            - 'dynamodb:Query'
            - 'dynamodb:Scan'
            Resource:
            - !GetAtt rssfeed.Arn
            - !Sub '${rssfeed.Arn}/*'

  # create graphql api
  GraphQLApi:
    Condition: EnableAppSync 
    Type: 'AWS::AppSync::GraphQLApi'
    Properties:
      XrayEnabled: true
      Name: !Ref 'AWS::StackName'
      AuthenticationType: API_KEY
      LogConfig:
        CloudWatchLogsRoleArn: !GetAtt 'GraphQLApiRole.Arn'
        FieldLogLevel: ALL

  # define graphql schema
  GraphQLSchema:
    Condition: EnableAppSync 
    Type: 'AWS::AppSync::GraphQLSchema'
    Properties:
      DefinitionS3Location: './graphql/schema.graphql'
      ApiId: !GetAtt 'GraphQLApi.ApiId'

  # define dynamodb source
  DDBDataSource:
    Condition: EnableAppSync 
    Type: 'AWS::AppSync::DataSource'
    Properties:
      Type: AMAZON_DYNAMODB
      ServiceRoleArn: !GetAtt 'GraphQLApiRole.Arn'
      ApiId: !GetAtt 'GraphQLApi.ApiId'
      Name: ddbsourcce
      DynamoDBConfig:
        TableName: !Ref rssfeed
        AwsRegion: !Ref 'AWS::Region'

  # create appsync api key
  ApiKey:
    Condition: EnableAppSync
    Type: 'AWS::AppSync::ApiKey'
    Properties:
      ApiId: !GetAtt 'GraphQLApi.ApiId'

  # create per blogsource resolver for appsync
  BlogSourceResolver:
    Condition: EnableAppSync 
    Type: 'AWS::AppSync::Resolver'
    Properties:
      TypeName: Query
      DataSourceName: !GetAtt 'DDBDataSource.Name'
      RequestMappingTemplateS3Location: './graphql/QueryDdbByBlogsourceAndTimest-request.vtl'
      ResponseMappingTemplateS3Location: './graphql/QueryDdbByBlogsourceAndTimest-response.vtl'
      ApiId: !GetAtt 'GraphQLApi.ApiId'
      FieldName: QueryDdbByBlogsourceAndTimest

  # create visible blogs resolver for appsync
  VisibleResolver:
    Condition: EnableAppSync 
    Type: 'AWS::AppSync::Resolver'
    Properties:
      TypeName: Query
      DataSourceName: !GetAtt 'DDBDataSource.Name'
      RequestMappingTemplateS3Location: './graphql/QueryDdbByVisibleAndTimest-request.vtl'
      ResponseMappingTemplateS3Location: './graphql/QueryDdbByVisibleAndTimest-response.vtl'
      ApiId: !GetAtt 'GraphQLApi.ApiId'
      FieldName: QueryDdbByVisibleAndTimest

  # create single article resolver for appsync
  SingleBlogResolver:
    Condition: EnableAppSync 
    Type: 'AWS::AppSync::Resolver'
    Properties:
      TypeName: Query
      DataSourceName: !GetAtt 'DDBDataSource.Name'
      RequestMappingTemplateS3Location: './graphql/QueryDdbGetDetailText-request.vtl'
      ResponseMappingTemplateS3Location: './graphql/QueryDdbGetDetailText-response.vtl'
      ApiId: !GetAtt 'GraphQLApi.ApiId'
      FieldName: QueryDdbGetDetailText

  # create page count resolver per blog for appsync
  PerBlogPageCountResolver:
    Condition: EnableAppSync 
    Type: 'AWS::AppSync::Resolver'
    Properties:
      TypeName: Query
      DataSourceName: !GetAtt 'DDBDataSource.Name'
      RequestMappingTemplateS3Location: './graphql/QueryDdbItemCountPerBlog-request.vtl'
      ResponseMappingTemplateS3Location: './graphql/QueryDdbItemCountPerBlog-response.vtl'
      ApiId: !GetAtt 'GraphQLApi.ApiId'
      FieldName: QueryDdbItemCountPerBlog

  # create page count resolver for all blogs appsync
  AllBlogsPageCountResolver:
    Condition: EnableAppSync 
    Type: 'AWS::AppSync::Resolver'
    Properties:
      TypeName: Query
      DataSourceName: !GetAtt 'DDBDataSource.Name'
      RequestMappingTemplateS3Location: './graphql/QueryDdbItemCountAll-request.vtl'
      ResponseMappingTemplateS3Location: './graphql/QueryDdbItemCountAll-response.vtl'
      ApiId: !GetAtt 'GraphQLApi.ApiId'
      FieldName: QueryDdbItemCountAll

# print the url of the state machine and graphql details
Outputs:
  StateMachineURL:
    Value: !Sub 'https://${AWS::Region}.console.aws.amazon.com/states/home?region=${AWS::Region}#/statemachines/view/${blogstatemachine}'