boilerplate-lambda-container/sam/template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Docker Container Lambda Function

Globals:
  Function:
    Timeout: 10

Parameters:
  DeployECROnly:
    Type: String
    Default: "false"
    AllowedValues: ["true", "false"]
    Description: If true, only deploys the ECR repository

Conditions:
  DeployFullStack: !Equals [!Ref DeployECROnly, "false"]

Resources:

  HelloWorldRepository:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName: hello-world
      ImageScanningConfiguration:
        ScanOnPush: true

  HelloWorldFunctionRole:
    Condition: DeployFullStack
    Type: AWS::IAM::Role
    Properties: 
      AssumeRolePolicyDocument: 
        Version: "2012-10-17"
        Statement: 
          - Effect: "Allow"
            Principal: 
              Service: 
                - "lambda.amazonaws.com"
            Action: 
              - "sts:AssumeRole"
      Policies:
        - PolicyName: HelloWorldFunctionAccess
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: 
                  - "secretsmanager:GetSecretValue"
                Resource: 
                  - "arn:aws:secretsmanager:us-west-1:003525187774:secret:*"
      ManagedPolicyArns:
      # - arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
        - arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs

  HelloWorldFunction:
    Condition: DeployFullStack
    Type: AWS::Serverless::Function
    Properties:
      PackageType: Image
      ImageUri: !Sub "${HelloWorldRepository.RepositoryUri}:latest"
#     ImageUri: !Sub "${HelloWorldRepository.RepositoryUri}@sha256:c195f0c7d0bb2a5bdf408f149f4cf558e3376128a4887b5cd0a6fb2196992bf3"
      Role: !GetAtt HelloWorldFunctionRole.Arn
      Environment:
        Variables:
          PORT: 8000
      Architectures:
        - x86_64
      FunctionUrlConfig:
        AuthType: NONE
        Cors:
          AllowOrigins:
            - '*'

  HelloWorldFunctionPermission:
    Condition: DeployFullStack
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName: !Ref HelloWorldFunction
      Action: lambda:InvokeFunctionUrl
      Principal: '*'
      FunctionUrlAuthType: NONE

Outputs:
  HelloWorldRepositoryUri:
    Description: ECR Repository URI
    Value: !GetAtt HelloWorldRepository.RepositoryUri
  HelloWorldFunctionName:
    Condition: DeployFullStack
    Description: Lambda Function Name
    Value: !Ref HelloWorldFunction

# Error: Requested attribute FunctionUrl does not exist in schema for AWS::Lambda::Function
# HelloWorldFunctionUrl:
#   Condition: DeployFullStack
#   Description: "The URL of the Lambda Function"
#   Value: !GetAtt HelloWorldFunction.FunctionUrl
New boilerplate for an openapi stack running via AWS Lambda Function 2024-12-11 23:17:45 +00:00			`AWSTemplateFormatVersion: '2010-09-09'`
			`Transform: AWS::Serverless-2016-10-31`
			`Description: Docker Container Lambda Function`

			`Globals:`
			`Function:`
			`Timeout: 10`

			`Parameters:`
			`DeployECROnly:`
			`Type: String`
			`Default: "false"`
			`AllowedValues: ["true", "false"]`
			`Description: If true, only deploys the ECR repository`

			`Conditions:`
			`DeployFullStack: !Equals [!Ref DeployECROnly, "false"]`

			`Resources:`

			`HelloWorldRepository:`
			`Type: AWS::ECR::Repository`
			`Properties:`
			`RepositoryName: hello-world`
			`ImageScanningConfiguration:`
			`ScanOnPush: true`

			`HelloWorldFunctionRole:`
			`Condition: DeployFullStack`
			`Type: AWS::IAM::Role`
			`Properties:`
			`AssumeRolePolicyDocument:`
			`Version: "2012-10-17"`
			`Statement:`
			`- Effect: "Allow"`
			`Principal:`
			`Service:`
			`- "lambda.amazonaws.com"`
			`Action:`
			`- "sts:AssumeRole"`
			`Policies:`
			`- PolicyName: HelloWorldFunctionAccess`
			`PolicyDocument:`
			`Version: "2012-10-17"`
			`Statement:`
			`- Effect: "Allow"`
			`Action:`
			`- "secretsmanager:GetSecretValue"`
			`Resource:`
			`- "arn:aws:secretsmanager:us-west-1:003525187774:secret:*"`
			`ManagedPolicyArns:`
			`# - arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess`
			`- arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs`

			`HelloWorldFunction:`
			`Condition: DeployFullStack`
			`Type: AWS::Serverless::Function`
			`Properties:`
			`PackageType: Image`
			`ImageUri: !Sub "${HelloWorldRepository.RepositoryUri}:latest"`
			`# ImageUri: !Sub "${HelloWorldRepository.RepositoryUri}@sha256:c195f0c7d0bb2a5bdf408f149f4cf558e3376128a4887b5cd0a6fb2196992bf3"`
			`Role: !GetAtt HelloWorldFunctionRole.Arn`
			`Environment:`
			`Variables:`
			`PORT: 8000`
			`Architectures:`
			`- x86_64`
			`FunctionUrlConfig:`
			`AuthType: NONE`
			`Cors:`
			`AllowOrigins:`
			`- '*'`

			`HelloWorldFunctionPermission:`
			`Condition: DeployFullStack`
			`Type: AWS::Lambda::Permission`
			`Properties:`
			`FunctionName: !Ref HelloWorldFunction`
			`Action: lambda:InvokeFunctionUrl`
			`Principal: '*'`
			`FunctionUrlAuthType: NONE`

			`Outputs:`
			`HelloWorldRepositoryUri:`
			`Description: ECR Repository URI`
			`Value: !GetAtt HelloWorldRepository.RepositoryUri`
			`HelloWorldFunctionName:`
			`Condition: DeployFullStack`
			`Description: Lambda Function Name`
			`Value: !Ref HelloWorldFunction`

			`# Error: Requested attribute FunctionUrl does not exist in schema for AWS::Lambda::Function`
			`# HelloWorldFunctionUrl:`
			`# Condition: DeployFullStack`
			`# Description: "The URL of the Lambda Function"`
			`# Value: !GetAtt HelloWorldFunction.FunctionUrl`