Template and workflow to create cloudformation stack

heaven00 · heaven00 · commit aac2869d99ab · 2025-02-09T18:09:33.000-05:00
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
@@ -32,10 +32,11 @@ jobs:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
   deploy-serverless-infra:
-    # needs: build-validation-lambda-ecr
+    needs: build-validation-lambda-ecr
     runs-on: ubuntu-latest
     env:
       aws-region: ca-central-1
+      commit-sha: ${{ github.sha }}
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -50,7 +51,8 @@ jobs:
       - name: Deploy to AWS CloudFormation
         uses: aws-actions/aws-cloudformation-github-deploy@v1
         with:
-          name: fraud-detection-serverless
+          name: fraud-detection
           template: template.yaml
-          parameter-overrides: "Environment=dev,Region=${{ env.aws-region }}"
+          parameter-overrides: "Environment=dev,Region=${{ env.aws-region }},ECRRepositoryTag=${{ env.commit-sha }}"
           capabilities: "CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND"
+          disable-rollback: true # handle it manually and rollbacks are weird
diff --git a/template.yaml b/template.yaml
@@ -1,57 +1,66 @@
 AWSTemplateFormatVersion: '2010-09-09'
-Transform: AWS::Serverless-2016-10-31
-Description: AWS SAM template for serverless application with nested stacks
 
 Parameters:
   Environment:
     Type: String
-    Description: Environment on which we are working
+    Description: deployment environment
   Region:
     Type: String
-    Description: Region in which we are setting up
+    Description: AWS region
+  ECRRepositoryTag:
+    Type: String
+    Description: ECR repository URI
+  
 
 Resources:
-  KinesisStreamStack:
-    Type: AWS::CloudFormation::Stack
-    Properties:
-      TemplateURL: resources/kinesis-stream-stack.yaml
-      Parameters:
-        Environment: !Ref Environment
-        Region: !Ref Region
-  
-  S3Stack:
-    Type: AWS::CloudFormation::Stack
+  KinesisStream:
+    Type: AWS::Kinesis::Stream
     Properties:
-      TemplateURL: resources/s3-stack.yaml
-      Parameters:
-        Environment: !Ref Environment
-        Region: !Ref Region
-  
-  LambdaStack:
-    Type: AWS::CloudFormation::Stack
-    Properties:
-      TemplateURL: resources/lambda-stack.yaml
-      Parameters:
-        Environment: !Ref Environment
-        Region: !Ref Region
-        KinesisStreamArn: !GetAtt KinesisStreamStack.Outputs.KinesisStreamArn
+      Name: !Sub "${AWS::AccountId}-kinesis-stream"
+      ShardCount: 1
 
-  IAMStack:
-    Type: AWS::CloudFormation::Stack
+  LambdaExecutionRole:
+    Type: AWS::IAM::Role
     Properties:
-      TemplateURL: resources/iam-stack.yaml
-      Parameters:
-        KinesisStreamArn: !GetAtt KinesisStreamStack.Outputs.KinesisStreamArn
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: lambda.amazonaws.com
+            Action: sts:AssumeRole
+      Policies:
+        - PolicyName: execution-role-policy
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - logs:CreateLogGroup
+                  - logs:CreateLogStream
+                  - logs:PutLogEvents
+                Resource: arn:aws:logs:*:*:*
+              - Effect: Allow
+                Action:
+                  - s3:PutObject
+                Resource: !Sub "arn:aws:s3:::${Region}-${Environment}-fraud-detection-data/processed/*"
 
-# Outputs:
-#   KinesisStreamName:
-#     Value: !GetAtt KinesisStream.Outputs.KinesisStreamName
-#     Description: Name of the Kinesis stream
+  LambdaFunction:
+    Type: AWS::Lambda::Function
+    Properties:
+      Role: !GetAtt LambdaExecutionRole.Arn
+      Code:
+        ImageUri: !Sub "294331937131.dkr.ecr.ca-central-1.amazonaws.com/fraud-detection/validation-lambda:${ECRRepositoryTag}"
+      PackageType: Image
 
-#   ValidationLambdaArn:
-#     Value: !GetAtt LambdaStack.Outputs.ValidationLambdaArn
-#     Description: ARN of the validation Lambda function
+  LambdaPermission:
+    Type: AWS::Lambda::Permission
+    Properties:
+      FunctionName: !Ref LambdaFunction
+      Action: lambda:InvokeFunction
+      Principal: kinesis.amazonaws.com
 
-#   RawDataLambdaArn:
-#     Value: !GetAtt LambdaStack.Outputs.RawDataLambdaArn
-#     Description: ARN of the raw data Lambda function
+Outputs:
+  KinesisStreamName:
+    Value: !Ref KinesisStream
+    Description: Name of the Kinesis stream created
