-
Notifications
You must be signed in to change notification settings - Fork 7
/
get_forecast_cf.yaml
146 lines (125 loc) · 3.9 KB
/
get_forecast_cf.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
Parameters:
slackUrlParameter:
NoEcho: true
Type: String
Default: ""
Description: Enter slack url if you want slack sent.
teamsUrlParameter:
NoEcho: true
Type: String
Default: ""
Description: Enter Teams url if you want Teams sent.
cronParameter:
Type: String
Default: "cron(0 14 * * ? *)"
Description: Schedule expression.
snsArnParameter:
Type: String
Default: ""
Description: Enter sns ARN,used to send slack or teams
columnsToDisplayParameter:
Type: String
Default: "Account,MTD,Forecast,Change"
Description: Specify column order and columns to display.
getForecastAccountNameColumnWidth:
Type: Number
Default: 17
Description: Specify max width for account names.
Conditions:
useSnsCondition: !Not [ !Equals [ !Ref snsArnParameter , "" ] ]
Resources:
awsGenieSecretManager:
Type: 'AWS::SecretsManager::Secret'
Properties:
Name: awsgenie_secret_manager
SecretString: !Join [ '', [ '{"slack_url": "', !Ref slackUrlParameter, '", "sns_arn": "', !Ref snsArnParameter, '", "teams_url": "', !Ref teamsUrlParameter, '"}' ]]
#create a role for lambda
getForecastFunctionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:*
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- organizations:DescribeAccount
Resource: "*"
- Effect: Allow
Action:
- ce:GetCostAndUsage
Resource: "*"
- Effect: Allow
Action:
- secretsmanager:GetSecretValue
Resource: !Ref awsGenieSecretManager
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
getForecastLambda:
Type: AWS::Lambda::Function
Properties:
FunctionName: getForecastLambda
Role: !GetAtt getForecastFunctionRole.Arn
Timeout: 30
Handler: get_forecast.lambda_handler
Runtime: python3.9
Code:
S3Bucket: jimzucker-github-getforecast
S3Key: get_forecast.zip
Description: Post current forecast to slack.
getForecastLambdaPermission:
Condition: useSnsCondition
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !Ref getForecastLambda
Principal: sns.amazonaws.com
SourceArn: !Ref snsArnParameter
# if you dont define this it will get created but will have a indefinite retention
# so we define it to ensure lgos roll
getForecastLambdaLogGroup:
Type: 'AWS::Logs::LogGroup'
DependsOn: getForecastLambda
Properties:
LogGroupName: !Sub "/aws/lambda/${getForecastLambda}"
RetentionInDays: '7'
getForecastScheduledRule:
Type: AWS::Events::Rule
Properties:
Description: "Crontab schedule for daily forecast"
ScheduleExpression: !Ref cronParameter
# ScheduleExpression: "cron(0 14 * * ? *)"
State: "ENABLED"
Targets:
-
Arn:
Fn::GetAtt:
- "getForecastLambda"
- "Arn"
Id: "TargetFunctionV1"
getForecastScheduledRulePermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref "getForecastLambda"
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn:
Fn::GetAtt:
- "getForecastScheduledRule"
- "Arn"
################################################################################################