1+ AWSTemplateFormatVersion : ' 2010-09-09'
2+ Description : Resources for Wild Ryde rider photo processing workflow.
3+ Transform : ' AWS::Serverless-2016-10-31'
4+
5+ Parameters :
6+ RekognitionCollectionID :
7+ Description : ID for the Rekognition collection used to index faces
8+ Type : String
9+ Default : rider-photos
10+ MinLength : 1
11+ MaxLength : 255
12+ AllowedPattern : " [a-zA-Z0-9_.-]+"
13+
14+ TestImagesBucket :
15+ Type : String
16+ Default : wild-rydes-sfn-module-us-west-2
17+ Description : S3 bucket containing the test images to copy over
18+
19+ TestImagesPrefix :
20+ Type : String
21+ Default : test-images/
22+ Description : Key prefix for test images to copy over
23+
24+ Resources :
25+ RiderPhotoS3Bucket :
26+ Type : AWS::S3::Bucket
27+ Properties :
28+ CorsConfiguration :
29+ CorsRules :
30+ -
31+ AllowedHeaders :
32+ - " *"
33+ AllowedMethods :
34+ - PUT
35+ - GET
36+ - POST
37+ - HEAD
38+ AllowedOrigins :
39+ - " *"
40+ ExposedHeaders :
41+ - ETag
42+
43+ ThumbnailS3Bucket :
44+ Type : AWS::S3::Bucket
45+ Properties :
46+ CorsConfiguration :
47+ CorsRules :
48+ -
49+ AllowedHeaders :
50+ - " *"
51+ AllowedMethods :
52+ - PUT
53+ - GET
54+ - POST
55+ - HEAD
56+ AllowedOrigins :
57+ - " *"
58+ ExposedHeaders :
59+ - ETag
60+
61+ RiderPhotoDDBTable :
62+ Type : AWS::DynamoDB::Table
63+ Properties :
64+ AttributeDefinitions :
65+ - AttributeName : Username
66+ AttributeType : S
67+ KeySchema :
68+ - AttributeName : Username
69+ KeyType : HASH
70+ ProvisionedThroughput :
71+ ReadCapacityUnits : ' 3'
72+ WriteCapacityUnits : ' 3'
73+
74+ FaceDetectionFunction :
75+ Type : AWS::Serverless::Function
76+ Properties :
77+ Description : " Use Amazon Rekognition to detect faces"
78+ Handler : index.handler
79+ Runtime : nodejs8.10
80+ MemorySize : 256
81+ Timeout : 60
82+ Policies :
83+ Statement :
84+ -
85+ Sid : " ReadFromS3Bucket"
86+ Effect : " Allow"
87+ Action :
88+ - s3:GetObject
89+ Resource : " *"
90+ -
91+ Sid : " RekognitionFace"
92+ Effect : Allow
93+ Action :
94+ - rekognition:DetectFaces
95+ Resource : " *"
96+ CodeUri :
97+ ../lambda-functions/face-detection
98+
99+ NotificationPlaceholderFunction :
100+ Type : AWS::Serverless::Function
101+ Properties :
102+ Description : " mock notification sender"
103+ Handler : index.handler
104+ Runtime : nodejs8.10
105+ MemorySize : 256
106+ Timeout : 60
107+ CodeUri :
108+ ../lambda-functions/mock-notification
109+
110+ FaceSearchFunction :
111+ Type : AWS::Serverless::Function
112+ Properties :
113+ Description : " Use Amazon Rekognition to check if the face is already in the collection"
114+ Handler : index.handler
115+ Runtime : nodejs8.10
116+ MemorySize : 256
117+ Timeout : 60
118+ Policies :
119+ Statement :
120+ -
121+ Sid : " ReadFromS3Bucket"
122+ Effect : " Allow"
123+ Action :
124+ - s3:GetObject
125+ Resource : !Sub "arn:aws:s3:::${RiderPhotoS3Bucket}/*"
126+ -
127+ Sid : " SearchFace"
128+ Effect : Allow
129+ Action :
130+ - rekognition:SearchFacesByImage
131+ Resource : " *"
132+ CodeUri :
133+ ../lambda-functions/face-search
134+ Environment :
135+ Variables :
136+ REKOGNITION_COLLECTION_ID : !Ref RekognitionCollectionID
137+
138+ IndexFaceFunction :
139+ Properties :
140+ Description : " Index the photo into Rekognition collection"
141+ Handler : index.handler
142+ Runtime : nodejs8.10
143+ MemorySize : 256
144+ Timeout : 60
145+ Policies :
146+ Statement :
147+ -
148+ Sid : " ReadFromS3Bucket"
149+ Effect : " Allow"
150+ Action :
151+ - s3:GetObject
152+ Resource : !Sub "arn:aws:s3:::${RiderPhotoS3Bucket}/*"
153+ -
154+ Sid : " SearchFace"
155+ Effect : Allow
156+ Action :
157+ - rekognition:IndexFaces
158+ Resource : " *"
159+ CodeUri :
160+ ../lambda-functions/index-face
161+ Environment :
162+ Variables :
163+ REKOGNITION_COLLECTION_ID : !Ref RekognitionCollectionID
164+ Type : AWS::Serverless::Function
165+
166+ ThumbnailFunction :
167+ Type : AWS::Serverless::Function
168+ Properties :
169+ Handler : index.handler
170+ Runtime : nodejs8.10
171+ MemorySize : 1536
172+ Timeout : 300
173+ Policies :
174+ Statement :
175+ -
176+ Sid : " WritetoS3ThumbnailBucket"
177+ Effect : Allow
178+ Action :
179+ - s3:PutObject
180+ Resource : !Sub "arn:aws:s3:::${ThumbnailS3Bucket}/*"
181+ -
182+ Sid : " ReadFromS3"
183+ Effect : Allow
184+ Action :
185+ - s3:GetObject
186+ Resource : !Sub "arn:aws:s3:::${RiderPhotoS3Bucket}/*"
187+ CodeUri : ../lambda-functions/thumbnail
188+ Environment :
189+ Variables :
190+ THUMBNAIL_BUCKET : !Ref ThumbnailS3Bucket
191+ MAX_WIDTH : 300
192+ MAX_HEIGHT : 300
193+
194+ PersistMetadataFunction :
195+ Properties :
196+ Description : " Save metadata of the photo to DynamoDB table"
197+ Handler : index.handler
198+ Runtime : nodejs8.10
199+ MemorySize : 256
200+ Timeout : 60
201+ Environment :
202+ Variables :
203+ RIDER_PHOTOS_DDB_TABLE : !Ref RiderPhotoDDBTable
204+ Policies :
205+ Statement :
206+ -
207+ Sid : " WriteToRiderPhotoDDBTable"
208+ Effect : Allow
209+ Action :
210+ - dynamodb:PutItem
211+ Resource : !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${RiderPhotoDDBTable}"
212+ CodeUri :
213+ ../lambda-functions/persist-metadata
214+ Type : AWS::Serverless::Function
215+
216+ PopulateTestImages :
217+ Properties :
218+ ServiceToken : !GetAtt CopyS3ObjectsFunction.Arn
219+ SourceBucket : !Ref TestImagesBucket
220+ SourcePrefix : !Sub "${TestImagesPrefix}"
221+ Bucket : !Ref RiderPhotoS3Bucket
222+ Type : " Custom::S3Objects"
223+
224+ EmptyThumbnailBucket :
225+ Type : " Custom::S3Objects"
226+ Properties :
227+ ServiceToken : !GetAtt CopyS3ObjectsFunction.Arn
228+ Bucket : !Ref ThumbnailS3Bucket
229+
230+ CopyS3ObjectsFunction :
231+ Properties :
232+ Description : Copies objects from a source S3 bucket to a destination
233+ Handler : index.handler
234+ Runtime : python2.7
235+ Timeout : 120
236+ Policies :
237+ Statement :
238+ -
239+ Sid : SourceBucketReadAccess
240+ Effect : Allow
241+ Action :
242+ - " s3:ListBucket"
243+ - " s3:GetObject"
244+ Resource :
245+ - !Sub " arn:aws:s3:::${TestImagesBucket}"
246+ - !Sub " arn:aws:s3:::${TestImagesBucket}/${TestImagesPrefix}*"
247+ -
248+ Sid : DestBucketWriteAccess
249+ Effect : Allow
250+ Action :
251+ - " s3:ListBucket"
252+ - " s3:ListBucketVersions"
253+ - " s3:GetBucketVersioning"
254+ - " s3:GetObject"
255+ - " s3:GetObjectVersion"
256+ - " s3:PutObject"
257+ - " s3:PutObjectAcl"
258+ - " s3:PutObjectVersionAcl"
259+ - " s3:DeleteObject"
260+ - " s3:DeleteObjectVersion"
261+ - " s3:CopyObject"
262+ Resource :
263+ - !Sub " arn:aws:s3:::${RiderPhotoS3Bucket}"
264+ - !Sub " arn:aws:s3:::${RiderPhotoS3Bucket}/*"
265+ - !Sub " arn:aws:s3:::${ThumbnailS3Bucket}"
266+ - !Sub " arn:aws:s3:::${ThumbnailS3Bucket}/*"
267+ CodeUri :
268+ ../lambda-functions/copy-s3-object
269+ Type : AWS::Serverless::Function
270+
271+
272+
273+ StateMachineRole :
274+ Type : " AWS::IAM::Role"
275+ Properties :
276+ AssumeRolePolicyDocument :
277+ Version : " 2012-10-17"
278+ Statement :
279+ -
280+ Effect : " Allow"
281+ Principal :
282+ Service :
283+ !Sub states.${AWS::Region}.amazonaws.com
284+ Action :
285+ - " sts:AssumeRole"
286+ Path : " /WildRydes/"
287+ Policies :
288+ -
289+ PolicyName : " InvokeLambda"
290+ PolicyDocument :
291+ Version : " 2012-10-17"
292+ Statement :
293+ -
294+ Sid : " InvokeLambda"
295+ Effect : " Allow"
296+ Action :
297+ - " lambda:InvokeFunction"
298+ Resource : " *"
299+
300+
301+ Outputs :
302+ FaceDetectionFunctionArn :
303+ Value : !GetAtt FaceDetectionFunction.Arn
304+ NotificationPlaceholderFunctionArn :
305+ Value : !GetAtt NotificationPlaceholderFunction.Arn
306+ FaceSearchFunctionArn :
307+ Value : !GetAtt FaceSearchFunction.Arn
308+ IndexFaceFunctionArn :
309+ Value : !GetAtt IndexFaceFunction.Arn
310+ ThumbnailFunctionArn :
311+ Value : !GetAtt ThumbnailFunction.Arn
312+ PersistMetadataFunctionArn :
313+ Value : !GetAtt PersistMetadataFunction.Arn
314+ RiderPhotoS3Bucket :
315+ Value : !Ref RiderPhotoS3Bucket
316+ ThumbnailS3Bucket :
317+ Value : !Ref ThumbnailS3Bucket
318+ RiderPhotoDDBTable :
319+ Value : !Ref RiderPhotoDDBTable
320+ StateMachineRole :
321+ Value : !GetAtt StateMachineRole.Arn
0 commit comments