Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "AWSTemplateFormatVersion": "2010-09-09",
- "Description": "Git Webhooks to clone repository contents to S3. For integrating 3rd party git products with AWS Services like CodePipeline/CodeBuild (qs-1nfhrd9bh)",
- "Metadata": {
- "AWS::CloudFormation::Interface": {
- "ParameterGroups": [
- {
- "Label": {
- "default": "General Settings"
- },
- "Parameters": [
- "OutputBucketName",
- "CustomDomainName"
- ]
- },
- {
- "Label": {
- "default": "Git Pull Settings"
- },
- "Parameters": [
- "ApiSecret",
- "AllowedIps"
- ]
- },
- {
- "Label": {
- "default": "Zip Download Settings"
- },
- "Parameters": [
- "GitToken",
- "OauthKey",
- "OauthSecret"
- ]
- },
- {
- "Label": {
- "default": "AWS Quick Start Configuration"
- },
- "Parameters": [
- "QSS3BucketName",
- "QSS3KeyPrefix"
- ]
- }
- ],
- "ParameterLabels": {
- "AllowedIps": {
- "default": "Allowed IPs"
- },
- "ApiSecret": {
- "default": "API Secret"
- },
- "CustomDomainName": {
- "default": "Custom Domain Name"
- },
- "GitToken": {
- "default": "Git Personal Access Token"
- },
- "OauthKey": {
- "default": "OAuth2 Key"
- },
- "OauthSecret": {
- "default": "OAuth2 Secret"
- },
- "OutputBucketName": {
- "default": "Output S3 Bucket Name"
- },
- "QSS3BucketName": {
- "default": "Quick Start S3 Bucket Name"
- },
- "QSS3KeyPrefix": {
- "default": "Quick Start S3 Key Prefix"
- }
- }
- }
- },
- "Parameters": {
- "AllowedIps": {
- "Description": "gitpull method only. Comma seperated list of IP CIDR blocks for source IP authentication. The BitBucket Cloud IP ranges are provided as defaults.",
- "Type": "String",
- "Default": "34.198.203.127/32,34.198.178.64/32,34.198.32.85/32,104.192.136.0/21"
- },
- "ApiSecret": {
- "Description": "gitpull method only. WebHook Secrets for use with GitHub Enterprise and GitLab. If a secret is matched IP range authentication is bypassed. Cannot contain: , \\ \"",
- "Type": "String",
- "Default": "",
- "NoEcho": "true"
- },
- "CustomDomainName": {
- "Description": "Use a custom domain name for the webhook endpoint, if left blank API Gateway will create a domain name for you",
- "Type": "String",
- "Default": ""
- },
- "GitToken": {
- "NoEcho": "true",
- "Description": "zipdl method only. Personal access token, needed for GitHub Enterprise and GitLab",
- "Type": "String",
- "Default": "",
- "ConstraintDescription": "this token must be generated from the git server/provider"
- },
- "OauthKey": {
- "Description": "zipdl method only. OAuth2 Key needed for BitBucket",
- "Type": "String",
- "Default": "",
- "ConstraintDescription": "this key must be generated from the git server/provider"
- },
- "OauthSecret": {
- "NoEcho": "true",
- "Description": "zipdl method only. OAuth2 Secret needed for BitBucket",
- "Type": "String",
- "Default": "",
- "ConstraintDescription": "this secret must be generated from the git server/provider"
- },
- "OutputBucketName": {
- "Description": "OPTIONAL: Bucket Name where the zip file output should be placed, if left blank a bucket name will be automatically generated.",
- "Type": "String",
- "Default": ""
- },
- "QSS3BucketName": {
- "AllowedPattern": "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$",
- "ConstraintDescription": "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).",
- "Default": "aws-quickstart",
- "Description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).",
- "Type": "String"
- },
- "QSS3KeyPrefix": {
- "AllowedPattern": "^[0-9a-zA-Z-/]*$",
- "ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).",
- "Default": "quickstart-git2s3/",
- "Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).",
- "Type": "String"
- }
- },
- "Conditions": {
- "UseAllowedIps": {
- "Fn::Not": [
- {
- "Fn::Equals": [
- {
- "Ref": "AllowedIps"
- },
- ""
- ]
- }
- ]
- },
- "UseApiSecret": {
- "Fn::Not": [
- {
- "Fn::Equals": [
- {
- "Ref": "ApiSecret"
- },
- ""
- ]
- }
- ]
- },
- "UseCustomDomain": {
- "Fn::Not": [
- {
- "Fn::Equals": [
- {
- "Ref": "CustomDomainName"
- },
- ""
- ]
- }
- ]
- },
- "UseGitToken": {
- "Fn::Not": [
- {
- "Fn::Equals": [
- {
- "Ref": "GitToken"
- },
- ""
- ]
- }
- ]
- },
- "UseOauthKey": {
- "Fn::Not": [
- {
- "Fn::Equals": [
- {
- "Ref": "OauthKey"
- },
- ""
- ]
- }
- ]
- },
- "UseOauthSecret": {
- "Fn::Not": [
- {
- "Fn::Equals": [
- {
- "Ref": "OauthSecret"
- },
- ""
- ]
- }
- ]
- },
- "AutoGenOutputBucketName": {
- "Fn::Not": [
- {
- "Fn::Equals": [
- {
- "Ref": "OutputBucketName"
- },
- ""
- ]
- }
- ]
- }
- },
- "Resources": {
- "LambdaZipsBucket": {
- "Type": "AWS::S3::Bucket",
- "Properties": {
- "Tags": []
- }
- },
- "CopyZips": {
- "Type": "AWS::CloudFormation::CustomResource",
- "Properties": {
- "ServiceToken": {
- "Fn::GetAtt": [
- "CopyZipsFunction",
- "Arn"
- ]
- },
- "DestBucket": {
- "Ref": "LambdaZipsBucket"
- },
- "SourceBucket": {
- "Ref": "QSS3BucketName"
- },
- "Prefix": {
- "Ref": "QSS3KeyPrefix"
- },
- "Objects": [
- "functions/packages/CreateSSHKey/lambda.zip",
- "functions/packages/DeleteBucketContents/lambda.zip",
- "functions/packages/GitPullS3/lambda.zip",
- "functions/packages/ZipDl/lambda.zip"
- ]
- }
- },
- "CopyZipsRole": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Service": "lambda.amazonaws.com"
- },
- "Action": "sts:AssumeRole"
- }
- ]
- },
- "ManagedPolicyArns": [
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
- ],
- "Path": "/",
- "Policies": [
- {
- "PolicyName": "lambda-copier",
- "PolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "s3:GetObject"
- ],
- "Resource": [
- {
- "Fn::Sub": "arn:aws:s3:::${QSS3BucketName}/${QSS3KeyPrefix}*"
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:PutObject",
- "s3:DeleteObject"
- ],
- "Resource": [
- {
- "Fn::Sub": "arn:aws:s3:::${LambdaZipsBucket}/${QSS3KeyPrefix}*"
- }
- ]
- }
- ]
- }
- }
- ]
- }
- },
- "CopyZipsFunction": {
- "Type": "AWS::Lambda::Function",
- "Properties": {
- "Description": "Copies objects from a source S3 bucket to a destination",
- "Handler": "index.handler",
- "Runtime": "python2.7",
- "Role": {
- "Fn::GetAtt": [
- "CopyZipsRole",
- "Arn"
- ]
- },
- "Timeout": 240,
- "Code": {
- "ZipFile": {
- "Fn::Join": [
- "\n",
- [
- "import json",
- "import logging",
- "import threading",
- "import boto3",
- "import cfnresponse",
- "",
- "",
- "def copy_objects(source_bucket, dest_bucket, prefix, objects):",
- " s3 = boto3.client('s3')",
- " for o in objects:",
- " key = prefix + o",
- " copy_source = {",
- " 'Bucket': source_bucket,",
- " 'Key': key",
- " }",
- " s3.copy_object(CopySource=copy_source, Bucket=dest_bucket, Key=key)",
- "",
- "",
- "def delete_objects(bucket, prefix, objects):",
- " s3 = boto3.client('s3')",
- " objects = {'Objects': [{'Key': prefix + o} for o in objects]}",
- " s3.delete_objects(Bucket=bucket, Delete=objects)",
- "",
- "",
- "def timeout(event, context):",
- " logging.error('Execution is about to time out, sending failure response to CloudFormation')",
- " cfnresponse.send(event, context, cfnresponse.FAILED, {}, None)",
- "",
- "",
- "def handler(event, context):",
- " # make sure we send a failure to CloudFormation if the function is going to timeout",
- " timer = threading.Timer((context.get_remaining_time_in_millis() / 1000.00) - 0.5, timeout, args=[event, context])",
- " timer.start()",
- "",
- " print('Received event: %s' % json.dumps(event))",
- " status = cfnresponse.SUCCESS",
- " try:",
- " source_bucket = event['ResourceProperties']['SourceBucket']",
- " dest_bucket = event['ResourceProperties']['DestBucket']",
- " prefix = event['ResourceProperties']['Prefix']",
- " objects = event['ResourceProperties']['Objects']",
- " if event['RequestType'] == 'Delete':",
- " delete_objects(dest_bucket, prefix, objects)",
- " else:",
- " copy_objects(source_bucket, dest_bucket, prefix, objects)",
- " except Exception as e:",
- " logging.error('Exception: %s' % e, exc_info=True)",
- " status = cfnresponse.FAILED",
- " finally:",
- " timer.cancel()",
- " cfnresponse.send(event, context, status, {}, None)",
- ""
- ]
- ]
- }
- }
- }
- },
- "KeyBucket": {
- "Type": "AWS::S3::Bucket",
- "Properties": {
- "Tags": []
- }
- },
- "OutputBucket": {
- "Type": "AWS::S3::Bucket",
- "Properties": {
- "BucketName": {
- "Fn::If": [
- "AutoGenOutputBucketName",
- {
- "Ref": "OutputBucketName"
- },
- {
- "Ref": "AWS::NoValue"
- }
- ]
- },
- "VersioningConfiguration": {
- "Status": "Enabled"
- },
- "Tags": []
- }
- },
- "KMSKey": {
- "Type": "AWS::KMS::Key",
- "Properties": {
- "Description": "git CodePipeline integration, used to encrypt/decrypt ssh keys stored in S3",
- "KeyPolicy": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "Allow access for Key Administrators",
- "Effect": "Allow",
- "Principal": {
- "AWS": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
- }
- ]
- },
- "Action": [
- "kms:Create*",
- "kms:Describe*",
- "kms:Enable*",
- "kms:List*",
- "kms:Put*",
- "kms:Update*",
- "kms:Revoke*",
- "kms:Disable*",
- "kms:Get*",
- "kms:Delete*",
- "kms:ScheduleKeyDeletion",
- "kms:CancelKeyDeletion"
- ],
- "Resource": "*"
- },
- {
- "Sid": "Allow use of the key",
- "Effect": "Allow",
- "Principal": {
- "AWS": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
- }
- ]
- },
- "Action": [
- "kms:Encrypt",
- "kms:Decrypt",
- "kms:ReEncrypt*",
- "kms:GenerateDataKey*",
- "kms:DescribeKey"
- ],
- "Resource": "*"
- },
- {
- "Sid": "Allow attachment of persistent resources",
- "Effect": "Allow",
- "Principal": {
- "AWS": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:iam::",
- {
- "Ref": "AWS::AccountId"
- },
- ":root"
- ]
- ]
- }
- ]
- },
- "Action": [
- "kms:CreateGrant",
- "kms:ListGrants",
- "kms:RevokeGrant"
- ],
- "Resource": "*",
- "Condition": {
- "Bool": {
- "kms:GrantIsForAWSResource": true
- }
- }
- }
- ]
- }
- }
- },
- "CreateSSHKeyRole": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Service": "lambda.amazonaws.com"
- },
- "Action": "sts:AssumeRole"
- }
- ]
- },
- "Path": "/",
- "Policies": [
- {
- "PolicyName": "git2cp-sshkeygen",
- "PolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "s3:GetObject"
- ],
- "Resource": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "KeyBucket"
- },
- "/crypto.zip"
- ]
- ]
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:PutObject"
- ],
- "Resource": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "KeyBucket"
- },
- "/enc_key"
- ]
- ]
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "kms:Encrypt"
- ],
- "Resource": [
- {
- "Fn::GetAtt": [
- "KMSKey",
- "Arn"
- ]
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "logs:CreateLogGroup",
- "logs:CreateLogStream",
- "logs:PutLogEvents"
- ],
- "Resource": [
- "arn:aws:logs:*:*:*"
- ]
- }
- ]
- }
- }
- ]
- }
- },
- "CreateSSHKeyLambda": {
- "DependsOn": "CopyZips",
- "Type": "AWS::Lambda::Function",
- "Properties": {
- "Handler": "lambda_function.lambda_handler",
- "MemorySize": "128",
- "Role": {
- "Fn::GetAtt": [
- "CreateSSHKeyRole",
- "Arn"
- ]
- },
- "Runtime": "python2.7",
- "Timeout": "300",
- "Code": {
- "S3Bucket": {
- "Ref": "LambdaZipsBucket"
- },
- "S3Key": {
- "Fn::Sub": "${QSS3KeyPrefix}functions/packages/CreateSSHKey/lambda.zip"
- }
- }
- }
- },
- "CreateSSHKey": {
- "Type": "AWS::CloudFormation::CustomResource",
- "Version": "1.0",
- "Properties": {
- "ServiceToken": {
- "Fn::GetAtt": [
- "CreateSSHKeyLambda",
- "Arn"
- ]
- },
- "KeyBucket": {
- "Ref": "KeyBucket"
- },
- "Region": {
- "Ref": "AWS::Region"
- },
- "KMSKey": {
- "Ref": "KMSKey"
- }
- }
- },
- "DeleteBucketContentsRole": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Service": "lambda.amazonaws.com"
- },
- "Action": "sts:AssumeRole"
- }
- ]
- },
- "Path": "/",
- "Policies": [
- {
- "PolicyName": "git2cp-deletebucketcontents",
- "PolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "s3:*"
- ],
- "Resource": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "KeyBucket"
- },
- "/*"
- ]
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "OutputBucket"
- },
- "/*"
- ]
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "KeyBucket"
- }
- ]
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "OutputBucket"
- }
- ]
- ]
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "logs:CreateLogGroup",
- "logs:CreateLogStream",
- "logs:PutLogEvents"
- ],
- "Resource": [
- "arn:aws:logs:*:*:*"
- ]
- }
- ]
- }
- }
- ]
- }
- },
- "DeleteBucketContentsLambda": {
- "DependsOn": "CopyZips",
- "Type": "AWS::Lambda::Function",
- "Properties": {
- "Handler": "lambda_function.lambda_handler",
- "MemorySize": "128",
- "Role": {
- "Fn::GetAtt": [
- "DeleteBucketContentsRole",
- "Arn"
- ]
- },
- "Runtime": "python2.7",
- "Timeout": "300",
- "Code": {
- "S3Bucket": {
- "Ref": "LambdaZipsBucket"
- },
- "S3Key": {
- "Fn::Sub": "${QSS3KeyPrefix}functions/packages/DeleteBucketContents/lambda.zip"
- }
- }
- }
- },
- "DeleteBucketContents": {
- "Type": "AWS::CloudFormation::CustomResource",
- "Version": "1.0",
- "DependsOn": [
- "KeyBucket",
- "OutputBucket"
- ],
- "Properties": {
- "ServiceToken": {
- "Fn::GetAtt": [
- "DeleteBucketContentsLambda",
- "Arn"
- ]
- },
- "KeyBucket": {
- "Ref": "KeyBucket"
- },
- "OutputBucket": {
- "Ref": "OutputBucket"
- }
- }
- },
- "GitPullRole": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Service": "lambda.amazonaws.com"
- },
- "Action": "sts:AssumeRole"
- }
- ]
- },
- "Path": "/",
- "Policies": [
- {
- "PolicyName": "git2cp-gitpull",
- "PolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "kms:Decrypt"
- ],
- "Resource": [
- {
- "Fn::GetAtt": [
- "KMSKey",
- "Arn"
- ]
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:PutObject"
- ],
- "Resource": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "OutputBucket"
- }
- ]
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "OutputBucket"
- },
- "/*"
- ]
- ]
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:GetObject"
- ],
- "Resource": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "KeyBucket"
- },
- "/enc_key"
- ]
- ]
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "logs:CreateLogGroup",
- "logs:CreateLogStream",
- "logs:PutLogEvents"
- ],
- "Resource": [
- "arn:aws:logs:*:*:*"
- ]
- }
- ]
- }
- }
- ]
- }
- },
- "GitPullLambda": {
- "DependsOn": "CopyZips",
- "Type": "AWS::Lambda::Function",
- "Properties": {
- "Handler": "lambda_function.lambda_handler",
- "MemorySize": "128",
- "Role": {
- "Fn::GetAtt": [
- "GitPullRole",
- "Arn"
- ]
- },
- "Runtime": "python2.7",
- "Timeout": "300",
- "Code": {
- "S3Bucket": {
- "Ref": "LambdaZipsBucket"
- },
- "S3Key": {
- "Fn::Sub": "${QSS3KeyPrefix}functions/packages/GitPullS3/lambda.zip"
- }
- }
- }
- },
- "ZipDlRole": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Statement": [
- {
- "Sid": "",
- "Effect": "Allow",
- "Principal": {
- "Service": [
- "lambda.amazonaws.com"
- ]
- },
- "Action": "sts:AssumeRole"
- }
- ]
- },
- "Path": "/",
- "Policies": [
- {
- "PolicyName": "git2cp-zipdl",
- "PolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "s3:PutObject"
- ],
- "Resource": [
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "OutputBucket"
- }
- ]
- ]
- },
- {
- "Fn::Join": [
- "",
- [
- "arn:aws:s3:::",
- {
- "Ref": "OutputBucket"
- },
- "/*"
- ]
- ]
- }
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "logs:CreateLogGroup",
- "logs:CreateLogStream",
- "logs:PutLogEvents"
- ],
- "Resource": [
- "arn:aws:logs:*:*:*"
- ]
- }
- ]
- }
- }
- ]
- }
- },
- "ZipDlLambda": {
- "DependsOn": "CopyZips",
- "Type": "AWS::Lambda::Function",
- "Properties": {
- "Handler": "lambda_function.lambda_handler",
- "Role": {
- "Fn::GetAtt": [
- "ZipDlRole",
- "Arn"
- ]
- },
- "Code": {
- "S3Bucket": {
- "Ref": "LambdaZipsBucket"
- },
- "S3Key": {
- "Fn::Sub": "${QSS3KeyPrefix}functions/packages/ZipDl/lambda.zip"
- }
- },
- "Runtime": "python2.7",
- "MemorySize": 128,
- "Timeout": 30
- }
- },
- "WebHookRole": {
- "Type": "AWS::IAM::Role",
- "Properties": {
- "AssumeRolePolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Service": "apigateway.amazonaws.com"
- },
- "Action": "sts:AssumeRole"
- }
- ]
- },
- "Path": "/",
- "ManagedPolicyArns": [
- "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
- ],
- "Policies": [
- {
- "PolicyName": "git2cp-webhook",
- "PolicyDocument": {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "lambda:InvokeAsync",
- "lambda:InvokeFunction"
- ],
- "Resource": [
- {
- "Fn::GetAtt": [
- "GitPullLambda",
- "Arn"
- ]
- },
- {
- "Fn::GetAtt": [
- "ZipDlLambda",
- "Arn"
- ]
- }
- ]
- }
- ]
- }
- }
- ]
- }
- },
- "WebHookApi": {
- "Type": "AWS::ApiGateway::RestApi",
- "Properties": {
- "Body": {
- "swagger": "2.0",
- "info": {
- "version": "2016-07-26T07:34:38Z",
- "title": {
- "Fn::Join": [
- "",
- [
- "G2CP-",
- {
- "Ref": "AWS::StackName"
- }
- ]
- ]
- }
- },
- "schemes": [
- "https"
- ],
- "paths": {
- "/gitpull": {
- "post": {
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "responses": {
- "200": {
- "description": "200 response",
- "schema": {
- "$ref": "#/definitions/Empty"
- }
- }
- },
- "x-amazon-apigateway-integration": {
- "type": "aws",
- "credentials": {
- "Fn::GetAtt": [
- "WebHookRole",
- "Arn"
- ]
- },
- "responses": {
- "default": {
- "statusCode": "200"
- }
- },
- "requestParameters": {
- "integration.request.header.X-Amz-Invocation-Type": "'Event'"
- },
- "passthroughBehavior": "when_no_templates",
- "httpMethod": "POST",
- "uri": {
- "Fn::Join": [
- "",
- [
- "arn:aws:apigateway:",
- {
- "Ref": "AWS::Region"
- },
- ":lambda:path//2015-03-31/functions/",
- {
- "Fn::GetAtt": [
- "GitPullLambda",
- "Arn"
- ]
- },
- "/invocations"
- ]
- ]
- },
- "requestTemplates": {
- "application/json": {
- "Fn::Join": [
- "",
- [
- "#set($allParams = $input.params())\n",
- "{\n",
- "\"body-json\" : $input.json('$'),\n",
- "\"params\" : {\n",
- "#foreach($type in $allParams.keySet())\n",
- " #set($params = $allParams.get($type))\n",
- "\"$type\" : {\n",
- " #foreach($paramName in $params.keySet())\n",
- " \"$paramName\" : \"$util.escapeJavaScript($params.get($paramName))\"\n",
- " #if($foreach.hasNext),#end\n",
- " #end\n",
- "}\n",
- " #if($foreach.hasNext),#end\n",
- "#end\n",
- "},\n",
- "\"stage-variables\" : {\n",
- "#foreach($key in $stageVariables.keySet())\n",
- "\"$key\" : \"$util.escapeJavaScript($stageVariables.get($key))\"\n",
- " #if($foreach.hasNext),#end\n",
- "#end\n",
- "},\n",
- "\"context\" : {\n",
- " \"account-id\" : \"$context.identity.accountId\",\n",
- " \"api-id\" : \"$context.apiId\",\n",
- " \"api-key\" : \"$context.identity.apiKey\",\n",
- " \"authorizer-principal-id\" : \"$context.authorizer.principalId\",\n",
- " \"caller\" : \"$context.identity.caller\",\n",
- " \"cognito-authentication-provider\" : \"$context.identity.cognitoAuthenticationProvider\",\n",
- " \"cognito-authentication-type\" : \"$context.identity.cognitoAuthenticationType\",\n",
- " \"cognito-identity-id\" : \"$context.identity.cognitoIdentityId\",\n",
- " \"cognito-identity-pool-id\" : \"$context.identity.cognitoIdentityPoolId\",\n",
- " \"http-method\" : \"$context.httpMethod\",\n",
- " \"stage\" : \"$context.stage\",\n",
- " \"source-ip\" : \"$context.identity.sourceIp\",\n",
- " \"user\" : \"$context.identity.user\",\n",
- " \"user-agent\" : \"$context.identity.userAgent\",\n",
- " \"user-arn\" : \"$context.identity.userArn\",\n",
- " \"request-id\" : \"$context.requestId\",\n",
- " \"resource-id\" : \"$context.resourceId\",\n",
- " \"resource-path\" : \"$context.resourcePath\",\n",
- " \"allowed-ips\" : \"$stageVariables.allowedips\",\n",
- " \"api-secrets\" : \"$stageVariables.apisecrets\",\n",
- " \"key-bucket\" : \"",
- {
- "Ref": "KeyBucket"
- },
- "\",\n",
- " \"output-bucket\" : \"$stageVariables.outputbucket\",\n",
- " \"public-key\" : \"",
- {
- "Ref": "CreateSSHKey"
- },
- "\",\n",
- " \"raw-body\" : \"$util.escapeJavaScript($input.body).replace(\"\\'\",\"'\")\"\n",
- " }\n",
- "}"
- ]
- ]
- }
- }
- }
- }
- },
- "/zipdl": {
- "post": {
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "responses": {
- "200": {
- "description": "200 response",
- "schema": {
- "$ref": "#/definitions/Empty"
- }
- }
- },
- "x-amazon-apigateway-integration": {
- "type": "aws",
- "credentials": {
- "Fn::GetAtt": [
- "WebHookRole",
- "Arn"
- ]
- },
- "responses": {
- "default": {
- "statusCode": "200"
- }
- },
- "requestParameters": {
- "integration.request.header.X-Amz-Invocation-Type": "'Event'"
- },
- "passthroughBehavior": "when_no_templates",
- "httpMethod": "POST",
- "uri": {
- "Fn::Join": [
- "",
- [
- "arn:aws:apigateway:",
- {
- "Ref": "AWS::Region"
- },
- ":lambda:path//2015-03-31/functions/",
- {
- "Fn::GetAtt": [
- "ZipDlLambda",
- "Arn"
- ]
- },
- "/invocations"
- ]
- ]
- },
- "requestTemplates": {
- "application/json": {
- "Fn::Join": [
- "",
- [
- "#set($allParams = $input.params())\n",
- "{\n",
- "\"body-json\" : $input.json('$'),\n",
- "\"params\" : {\n",
- "#foreach($type in $allParams.keySet())\n",
- " #set($params = $allParams.get($type))\n",
- "\"$type\" : {\n",
- " #foreach($paramName in $params.keySet())\n",
- " \"$paramName\" : \"$util.escapeJavaScript($params.get($paramName))\"\n",
- " #if($foreach.hasNext),#end\n",
- " #end\n",
- "}\n",
- " #if($foreach.hasNext),#end\n",
- "#end\n",
- "},\n",
- "\"stage-variables\" : {\n",
- "#foreach($key in $stageVariables.keySet())\n",
- "\"$key\" : \"$util.escapeJavaScript($stageVariables.get($key))\"\n",
- " #if($foreach.hasNext),#end\n",
- "#end\n",
- "},\n",
- "\"context\" : {\n",
- " \"account-id\" : \"$context.identity.accountId\",\n",
- " \"api-id\" : \"$context.apiId\",\n",
- " \"api-key\" : \"$context.identity.apiKey\",\n",
- " \"authorizer-principal-id\" : \"$context.authorizer.principalId\",\n",
- " \"caller\" : \"$context.identity.caller\",\n",
- " \"cognito-authentication-provider\" : \"$context.identity.cognitoAuthenticationProvider\",\n",
- " \"cognito-authentication-type\" : \"$context.identity.cognitoAuthenticationType\",\n",
- " \"cognito-identity-id\" : \"$context.identity.cognitoIdentityId\",\n",
- " \"cognito-identity-pool-id\" : \"$context.identity.cognitoIdentityPoolId\",\n",
- " \"http-method\" : \"$context.httpMethod\",\n",
- " \"stage\" : \"$context.stage\",\n",
- " \"source-ip\" : \"$context.identity.sourceIp\",\n",
- " \"user\" : \"$context.identity.user\",\n",
- " \"user-agent\" : \"$context.identity.userAgent\",\n",
- " \"user-arn\" : \"$context.identity.userArn\",\n",
- " \"request-id\" : \"$context.requestId\",\n",
- " \"resource-id\" : \"$context.resourceId\",\n",
- " \"resource-path\" : \"$context.resourcePath\",\n",
- " \"oauth-key\" : \"$stageVariables.oauthkey\",\n",
- " \"oauth-secret\" : \"$stageVariables.oauthsecret\",\n",
- " \"output-bucket\" : \"$stageVariables.outputbucket\",\n",
- " \"git-token\" : \"$stageVariables.gittoken\"\n",
- " }\n",
- "}"
- ]
- ]
- }
- }
- }
- }
- }
- },
- "securityDefinitions": {
- "sigv4": {
- "type": "apiKey",
- "name": "Authorization",
- "in": "header",
- "x-amazon-apigateway-authtype": "awsSigv4"
- }
- },
- "definitions": {
- "Empty": {
- "type": "object"
- }
- }
- }
- }
- },
- "WebHookApiDeployment": {
- "Type": "AWS::ApiGateway::Deployment",
- "Properties": {
- "RestApiId": {
- "Ref": "WebHookApi"
- },
- "StageName": "DummyStage"
- }
- },
- "WebHookApiProdStage": {
- "Type": "AWS::ApiGateway::Stage",
- "Properties": {
- "DeploymentId": {
- "Ref": "WebHookApiDeployment"
- },
- "RestApiId": {
- "Ref": "WebHookApi"
- },
- "StageName": "Prod",
- "Variables": {
- "outputbucket": {
- "Ref": "OutputBucket"
- },
- "allowedips": {
- "Fn::If": [
- "UseAllowedIps",
- {
- "Ref": "AllowedIps"
- },
- {
- "Ref": "AWS::NoValue"
- }
- ]
- },
- "apisecrets": {
- "Fn::If": [
- "UseApiSecret",
- {
- "Ref": "ApiSecret"
- },
- {
- "Ref": "AWS::NoValue"
- }
- ]
- },
- "gittoken": {
- "Fn::If": [
- "UseGitToken",
- {
- "Ref": "GitToken"
- },
- {
- "Ref": "AWS::NoValue"
- }
- ]
- },
- "oauthkey": {
- "Fn::If": [
- "UseOauthKey",
- {
- "Ref": "OauthKey"
- },
- {
- "Ref": "AWS::NoValue"
- }
- ]
- },
- "oauthsecret": {
- "Fn::If": [
- "UseOauthSecret",
- {
- "Ref": "OauthSecret"
- },
- {
- "Ref": "AWS::NoValue"
- }
- ]
- }
- }
- }
- },
- "CustomDomainCertificate": {
- "Condition": "UseCustomDomain",
- "Type": "AWS::CertificateManager::Certificate",
- "Properties": {
- "DomainName": {
- "Ref": "CustomDomainName"
- }
- }
- },
- "WebHookApiCustomDomainName": {
- "Condition": "UseCustomDomain",
- "Type": "AWS::ApiGateway::DomainName",
- "Properties": {
- "CertificateArn": {
- "Ref": "CustomDomainCertificate"
- },
- "DomainName": {
- "Ref": "CustomDomainName"
- }
- }
- },
- "WebHookApiCustomDomainNameMapping": {
- "Condition": "UseCustomDomain",
- "Type": "AWS::ApiGateway::BasePathMapping",
- "Properties": {
- "DomainName": {
- "Ref": "CustomDomainName"
- },
- "RestApiId": {
- "Ref": "WebHookApi"
- }
- }
- }
- },
- "Outputs": {
- "CustomDomainNameCNAME": {
- "Value": {
- "Fn::If": [
- "UseCustomDomain",
- {
- "Fn::GetAtt": [
- "WebHookApiCustomDomainName",
- "DistributionDomainName"
- ]
- },
- ""
- ]
- }
- },
- "PublicSSHKey": {
- "Value": {
- "Ref": "CreateSSHKey"
- }
- },
- "GitPullWebHookApi": {
- "Value": {
- "Fn::Join": [
- "",
- [
- " https://",
- {
- "Fn::If": [
- "UseCustomDomain",
- {
- "Ref": "CustomDomainName"
- },
- {
- "Fn::Join": [
- "",
- [
- {
- "Ref": "WebHookApi"
- },
- ".execute-api.",
- {
- "Ref": "AWS::Region"
- },
- ".amazonaws.com"
- ]
- ]
- }
- ]
- },
- "/",
- {
- "Ref": "WebHookApiProdStage"
- },
- "/gitpull"
- ]
- ]
- }
- },
- "ZipDownloadWebHookApi": {
- "Value": {
- "Fn::Join": [
- "",
- [
- " https://",
- {
- "Fn::If": [
- "UseCustomDomain",
- {
- "Ref": "CustomDomainName"
- },
- {
- "Fn::Join": [
- "",
- [
- {
- "Ref": "WebHookApi"
- },
- ".execute-api.",
- {
- "Ref": "AWS::Region"
- },
- ".amazonaws.com"
- ]
- ]
- }
- ]
- },
- "/",
- {
- "Ref": "WebHookApiProdStage"
- },
- "/zipdl"
- ]
- ]
- }
- },
- "OutputBucketName": {
- "Value": {
- "Ref": "OutputBucket"
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement