generated from Sage-Bionetworks-IT/lambda-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
template.yaml
139 lines (123 loc) · 4.07 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
A lambda for sending monthly cloud-spend emails with a link to cost explorer
Parameters:
ScheduleExpression:
Type: String
Description: Schedule expressions using cron
Default: cron(30 10 2 * ? *)
SenderEmail:
Type: String
Description: Sender Email Address
Default: '"Cloud Cost Notifications" <[email protected]>'
SkipRecipients:
Type: String
Description: Comma-separated list of email recipients to always skip
Default: ''
MinimumValue:
Type: String
Description: 'Minimum total to send an email. Default: $1.0'
Default: '1.0'
AllowedPattern: '^\d+(\.\d+)?$'
ConstraintDescription: 'must be a floating point number'
RestrictRecipients:
Type: String
Description: Whether or not to restict sending emails to approved addresses
Default: "False"
AllowedValues:
- "True"
- "False"
ApprovedRecipients:
Type: String
Description: Comma-separated list of approved email recipients
Default: ''
SynapseTeamId:
Type: String
Description: Synapse ID for Team Sage
Default: '273957'
SynapseTeamDomain:
Type: String
Description: Email domain used by Synapse
Default: '@synapse.org'
AdminEmail:
Type: String
Description: Email recipient for admin notifications (e.g. uncategorized costs)
Default: '"Cloud Cost Notifications" <[email protected]>'
CopyRecipients:
Type: String
Description: Comma-separated list of email recipients to CC on all reports
Default: ''
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 120
Resources:
#lambda execution role config
MonthlyServicesUsageLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: 'LambdaSSMAssume'
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: LambdaAccess
PolicyDocument:
Statement:
- Action:
- "ce:Describe*"
- "ce:Get*"
- "ce:List*"
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:DescribeLogStreams"
- "logs:PutLogEvents"
- "organizations:ListAccounts"
- "organizations:ListTagsForResource"
- "ses:SendEmail"
Resource: "*"
Effect: Allow
#This Lambda Function will fetch Billing details for AWS linked Account and will send it over mail.
MonthlyServicesUsage:
Type: AWS::Serverless::Function
Properties:
Handler: email_totals/app.lambda_handler
CodeUri: .
Runtime: python3.9
MemorySize: 128
Role: !GetAtt MonthlyServicesUsageLambdaRole.Arn
Environment:
Variables:
ADMIN_EMAIL: !Ref AdminEmail
SENDER: !Ref SenderEmail
RESTRICT: !Ref RestrictRecipients
APPROVED: !Ref ApprovedRecipients
SKIPLIST: !Ref SkipRecipients
MINIMUM: !Ref MinimumValue
SYNAPSE_TEAM_ID: !Ref SynapseTeamId
SYNAPSE_TEAM_DOMAIN: !Ref SynapseTeamDomain
CC_LIST: !Ref CopyRecipients
Events:
ScheduledEventTrigger:
Type: Schedule
Properties:
Schedule: !Ref ScheduleExpression
LambdaInvokePermission:
Type: AWS::Lambda::Permission
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !Ref MonthlyServicesUsage
Principal: 'events.amazonaws.com'
Outputs:
MonthlyServicesUsageFunctionArn:
Description: "MonthlyServicesUsage Lambda Function ARN"
Value: !GetAtt MonthlyServicesUsage.Arn
MonthlyServicesUsageFunctionRoleArn:
Description: "IAM Role created for MonthlyServicesUsage function"
Value: !GetAtt MonthlyServicesUsageLambdaRole.Arn