Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "AWSTemplateFormatVersion": "2010-09-09",
- "Metadata": {
- "AWS::CloudFormation::Interface": {
- "ParameterGroups": [
- {
- "Label": {
- "default": "HelloWorld Parameters"
- },
- "Parameters": [
- "PanoUsername",
- "PanoPassword",
- "LambdaRoleName"
- ]
- }
- ]
- }
- },
- "Parameters": {
- "PanoUsername": {
- "Description": "PanoUsername",
- "Type": "String",
- "NoEcho": true
- },
- "PanoPassword": {
- "Description": "PanoPassword",
- "Type": "String",
- "NoEcho": true
- }
- },
- "Resources": {
- "SSMPanoUser": {
- "Type": "AWS::SSM::Parameter",
- "Properties": {
- "Name": "pano-username",
- "Type": "String",
- "Value": {
- "Ref": "PanoUsername"
- },
- "Description": "SSM Parameter for Pano UserName",
- "AllowedPattern": "^[a-zA-Z]{1,10}$"
- }
- },
- "SSMPanoPassword": {
- "Type": "AWS::SSM::Parameter",
- "Properties": {
- "Name": "pano-password",
- "Type": "String",
- "Value": {
- "Ref": "PanoPassword"
- },
- "Description": "SSM Parameter for Password",
- "AllowedPattern": "^[a-zA-Z]{1,10}$"
- }
- },
- "LambdaExecutionRole": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "RoleName": {
- "Fn::Join": [
- "-",
- [
- "LambdaExecutionRole",
- {
- "Ref": "AWS::StackName"
- }
- ]
- ]
- },
- "AssumeRolePolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Service": [
- "lambda.amazonaws.com"
- ]
- },
- "Action": [
- "sts:AssumeRole"
- ]
- }
- ]
- },
- "Path": "/"
- }
- },
- "LambdaExecutionPolicy": {
- "Type": "AWS::IAM::ManagedPolicy",
- "DependsOn": [
- "LambdaExecutionRole"
- ],
- "Properties": {
- "ManagedPolicyName": {
- "Fn::Join": [
- "-",
- [
- "LambdaExecutionPolicy",
- {
- "Ref": "AWS::StackName"
- }
- ]
- ]
- },
- "Roles": [
- {
- "Ref": "LambdaExecutionRole"
- }
- ],
- "PolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "VisualEditor0",
- "Effect": "Allow",
- "Action": [
- "sqs:DeleteMessage",
- "dynamodb:PutItem",
- "states:ListExecutions",
- "dynamodb:DeleteItem",
- "ssm:Get*",
- "sqs:ReceiveMessage",
- "ec2:DeleteNetworkInterface",
- "sqs:SendMessage",
- "dynamodb:Scan",
- "dynamodb:Query",
- "dynamodb:UpdateItem",
- "sqs:GetQueueAttributes",
- "logs:CreateLogGroup",
- "logs:PutLogEvents",
- "ec2:CreateNetworkInterface",
- "logs:CreateLogStream",
- "ec2:DescribeNetworkInterfaces",
- "dynamodb:DescribeTable",
- "ssm:Describe*",
- "dynamodb:GetItem",
- "states:StartExecution",
- "ssm:List*",
- "dynamodb:UpdateTable",
- "dynamodb:GetRecords"
- ],
- "Resource": "*"
- }
- ]
- }
- }
- },
- "HelloWorld": {
- "Type": "AWS::Lambda::Function",
- "Properties": {
- "FunctionName": "HelloWorld",
- "Description": "HelloWorld",
- "Handler": "index.handler",
- "Role": {
- "Fn::GetAtt": [
- "LambdaExecutionRole",
- "Arn"
- ]
- },
- "Code": {
- "ZipFile": {
- "Fn::Join": [
- "\n",
- [
- "import os,boto3,sys",
- "user = os.environ['user']",
- "password = os.environ['password']",
- "def get_ssm_parameter(parameter_name):",
- " try:",
- " ssm_client = boto3.client('ssm')",
- " response = ssm_client.get_parameters(Names=[parameter_name],WithDecryption=True)",
- " if len(response['Parameters']) == 0:",
- " print('Error Getting the value for parameter {}.'.format(parameter_name))",
- " sys.exit(1)",
- " else:",
- " value=response['Parameters'][0]['Value']",
- " return value",
- " except Exception as e:",
- " print('Error Getting the value for parameter {}, Error : {}'.format(parameter_name,str(e)))",
- " sys.exit(1)",
- "def handler(event,context):",
- " print(event)",
- " db_username = get_ssm_parameter(user)",
- " db_password = get_ssm_parameter(password)",
- " print('DB User name is {} and password is {}'.format(db_username,db_password))"
- ]
- ]
- }
- },
- "Environment": {
- "Variables": {
- "user": {
- "Ref": "SSMPanoUser"
- },
- "password": {
- "Ref": "SSMPanoPassword"
- }
- }
- },
- "Runtime": "python3.6",
- "Timeout": "300"
- }
- }
- },
- "Outputs": {
- "PanoUser": {
- "Value": {
- "Ref": "SSMPanoUser"
- }
- }
- }
- }
Add Comment
Please, Sign In to add comment