Stratus User Profile Manager Augmentations

template.yaml

# ----
# CloudFormation yaml for S3 bucket + Lambda trigger
# ----
Parameters:
  UserProfileArtifactS3BucketName:
    Type: String
    Description: The name of the S3 bucket that contains the user profile images.
  UserProfileLambdaFunctionName:
    Type: String
    Description: The name of the image optimizer S3 trigger lambda function.
  UserProfileLambdaFunctionArchiveS3BucketName:
    Type: String
    Description: The name of the S3 bucket that contains the archive of the image optimizer S3 trigger lambda function. Assumes Stratus already has a bucket for this purpose.
  UserProfileLambdaFunctionArchiveS3KeyName:
    Type: String
    Description: The name of the S3 key that contains the archive of the image optimizer S3 trigger lambda function. Assumes Stratus already has a bucket for this purpose.

Resources:
  UserProfileManagerS3:
    Type: AWS::S3::Bucket
    DependsOn: UserProfileManagerLambdaInvokePermission
    Properties:
      BucketName: !Ref UserProfileArtifactS3BucketName
      NotificationConfiguration:
        LambdaConfigurations:
          - Event: s3:ObjectCreated:Put
            Filter:
              S3Key:
                Rules:
                  - Name: prefix
                    Value: "original/"
            Function: !GetAtt UserProfileManagerLambdaFunction.Arn

  UserProfileManagerLambdaInvokePermission:
    Type: AWS::Lambda::Permission
    DependsOn: UserProfileManagerLambdaFunction
    Properties:
      FunctionName:
        Fn::GetAtt:
          - UserProfileManagerLambdaFunction
          - Arn
      Action: lambda:InvokeFunction
      Principal: s3.amazonaws.com
      SourceArn:
        Fn::Sub: arn:aws:s3:::${UserProfileArtifactS3BucketName}

  UserProfileManagerLambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Policies:
        - PolicyName: allowLogging
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - logs:*
              Resource: arn:aws:logs:*:*:*
        - PolicyName: crudObjects
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - s3:GetObject
              - s3:DeleteObject
              - s3:PutObject
              Resource:  !Sub 'arn:aws:s3:::${UserProfileArtifactS3BucketName}/*'

  UserProfileManagerLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Ref UserProfileLambdaFunctionName
      Handler: index.handler
      Code:
        S3Bucket: !Ref UserProfileLambdaFunctionArchiveS3BucketName
        S3Key: !Ref UserProfileLambdaFunctionArchiveS3KeyName
      Role: !GetAtt UserProfileManagerLambdaExecutionRole.Arn
      Runtime: nodejs16.x
      Timeout: 300
      MemorySize: 256

# ----
# CloudFormation yaml for optional dedicated RDS
# ----

Parameters:
  DedicatedRdsSecurityGroup:
    Type: String
    Description: The security group for the dedicated rds. Assumes Stratus already has a VPC and SG dedicated for this purpose.
  DedicatedRdsMasterUsername:
    Type: String
    Description: The master username for the dedicated rds.
  DedicatedRdsMasterUserSecretKmsKeyId:
    Type: String
    Description: The KMS Key Id of the key that contains the master user secret for the dedicated rds.

Resources:
  DedicatedRds:
    Type: AWS::RDS::DBInstance
    Properties:
      DBSecurityGroups:
        - !Ref DedicatedRdsSecurityGroup
      AllocatedStorage: '5'
      DBInstanceClass: db.t4g
      Engine: MySQL
      MasterUsername: !Ref DedicatedRdsMasterUsername
      ManageMasterUserPassword: true
      MasterUserSecret:
        KmsKeyId: !Ref DedicatedRdsMasterUserSecretKmsKeyId
    DeletionPolicy: Snapshot