init lambda component

Author: Guslington

.gitignore

@@ -0,0 +1,52 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+out/

.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+rvm:
+  - 2.3
+script:
+  - gem install cfhighlander
+  - if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then cfhighlander cfcompile ; else cfhighlander cfcompile --validate; fi

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 theonestack
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,26 @@
+![build-status](https://travis-ci.com/theonestack/hl-component-lambda.svg?branch=master)
+
+### Cfhighlander lambda component
+
+```bash
+
+# install highlander gem
+$ gem install cfhighlander
+
+# build and validate standalone component
+$ cfcompile --validate
+
+```
+
+
+### Parameters
+
+TBD
+
+### Configuration options
+
+TBD
+
+### Outputs
+
+TBD

lambda.cfhighlander.rb

@@ -0,0 +1,29 @@
+CfhighlanderTemplate do
+  Name 'lambda'
+  ComponentVersion component_version
+  Description "#{component_name} - #{component_version}"
+
+  functions.each do |function_name, lambda_config|
+    if (lambda_config.has_key? 'enable_eni') && (lambda_config['enable_eni'])
+      DependsOn 'vpc'
+      break
+    end
+  end if defined? functions
+
+  Parameters do
+    ComponentParam 'EnvironmentName', 'dev', isGlobal: true
+    ComponentParam 'EnvironmentType', 'development', isGlobal: true, allowedValues: ['development', 'production']
+
+    functions.each do |function_name, lambda_config|
+      if (lambda_config.has_key? 'enable_eni') && (lambda_config['enable_eni'])
+        ComponentParam 'VPCId', type: 'AWS::EC2::VPC::Id'
+        maximum_availability_zones.times do |az|
+          ComponentParam "SubnetCompute#{az}"
+        end
+        break
+      end
+    end if defined? functions
+
+  end
+
+end

lambda.cfndsl.rb

@@ -0,0 +1,120 @@
+CloudFormation do
+
+  functions.each do |function_name, lambda_config|
+    if (lambda_config.has_key? 'enable_eni') && (lambda_config['enable_eni'])
+      az_conditions_resources('SubnetCompute', maximum_availability_zones)
+      break
+    end
+  end if defined? functions
+
+  tags = []
+  tags << { Key: 'Environment', Value: Ref(:EnvironmentName) }
+  tags << { Key: 'EnvironmentType', Value: Ref(:EnvironmentType) }
+
+  extra_tags.each { |key,value| tags << { Key: key, Value: value } } if defined? extra_tags
+
+  functions.each do |function_name, lambda_config|
+
+    policies = []
+    lambda_config['policies'].each do |name,policy|
+      policies << iam_policy_allow(name,policy['action'],policy['resource'] || '*')
+    end if lambda_config.has_key?('policies')
+
+    IAM_Role("#{function_name}Role") do
+      AssumeRolePolicyDocument service_role_assume_policy('lambda')
+      Path '/'
+      Policies policies if policies.any?
+      ManagedPolicyArns lambda_config['managed_policies'] if lambda_config.has_key?('managed_policies')
+    end
+
+    if (lambda_config.has_key? 'enable_eni') && (lambda_config['enable_eni'])
+      EC2_SecurityGroup("#{function_name}SecurityGroup") do
+        GroupDescription FnSub("${EnvironmentName}-lambda-#{function_name}")
+        VpcId Ref('VPCId')
+        Tags tags
+      end
+
+      Output("#{function_name}SecurityGroup") {
+        Value(Ref("#{function_name}SecurityGroup"))
+        Export FnSub("${EnvironmentName}-#{component_name}-#{function_name}SecurityGroup")
+      }
+    end
+
+    environment = lambda_config['environment'] || {}
+
+    # Create Lambda function
+    Lambda_Function(function_name) do
+      Code({
+          S3Bucket: distribution['bucket'],
+          S3Key: FnSub("#{distribution['prefix']}/#{lambda_config['code_uri']}")
+      })
+
+      Environment(Variables: Hash[environment.collect { |k, v| [k, v] }])
+
+      Handler(lambda_config['handler'] || 'index.handler')
+      MemorySize(lambda_config['memory'] || 128)
+      Role(FnGetAtt("#{function_name}Role", 'Arn'))
+      Runtime(lambda_config['runtime'])
+      Timeout(lambda_config['timeout'] || 10)
+      if (lambda_config.has_key? 'enable_eni') && (lambda_config['enable_eni'])
+        VpcConfig({
+          SecurityGroupIds: [
+            Ref("#{function_name}SecurityGroup")
+          ],
+          SubnetIds: az_conditional_resources('SubnetCompute', maximum_availability_zones)
+        })
+      end
+
+      if !lambda_config['named'].nil? && lambda_config['named']
+        FunctionName(function_name)
+      end
+      Tags tags
+    end
+
+    lambda_config['events'].each do |name,event|
+
+      case event['type']
+      when 'schedule'
+        Events_Rule("#{function_name}Schedule#{name}") do
+          ScheduleExpression event['expression']
+          State event['disable'] ? 'DISABLED' : 'ENABLED'
+          target = {
+              Arn: FnGetAtt(function_name, 'Arn'),
+              Id: "lambda#{function_name}"
+          }
+          target['Input'] = event['payload'] if event.key?('payload')
+          Targets([target])
+        end
+
+        Lambda_Permission("#{function_name}Permissions") do
+          FunctionName Ref(function_name)
+          Action 'lambda:InvokeFunction'
+          Principal 'events.amazonaws.com'
+          SourceArn FnGetAtt("#{function_name}Schedule#{name}", 'Arn')
+        end
+
+      when 'sns'
+        SNS_Topic("#{function_name}Sns#{name}") do
+          Subscription([
+            {
+              Endpoint: FnGetAtt(function_name, 'Arn'),
+              Protocol: 'lambda'
+            }
+          ])
+        end
+
+        Lambda_Permission("#{function_name}Permissions") do
+          FunctionName Ref(function_name)
+          Action 'lambda:InvokeFunction'
+          Principal 'sns.amazonaws.com'
+          SourceArn Ref("#{function_name}Sns#{name}")
+        end
+      end
+
+    end if lambda_config.has_key?('events')
+
+  end if defined? functions
+
+
+
+end

lambda.config.yaml

@@ -0,0 +1,34 @@
+component_version: 1.0.0
+maximum_availability_zones: 5
+
+# Demo Config
+
+# distribution:
+#   bucket: source.example.dev
+#   key: /lambda
+#
+# functions:
+#   myfunction:
+#       handler: handler.lambda_handler
+#       runtime: python3.6
+#       code_uri: myfunction/${MyFunctionVersion}/src.zip
+#       timeout: 30
+#       environment:
+#         Environment:
+#           Ref: Environment
+#       policies:
+#         logs:
+#           Action:
+#             - logs:PutLogEvents
+#             - logs:DescribeLogStreams
+#             - logs:DescribeLogGroups
+#           Resource:
+#             - '*'
+#       enable_eni: true
+#       events:
+#         cron:
+#           type: schedule
+#           expression: cron(0 12 * * ? *)
+#           payload: "{ 'a': 1, 'b': 2 }"
+#         trigger:
+#           type: sns