-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcloudformation.yml
174 lines (155 loc) · 4.38 KB
/
cloudformation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
Parameters:
LandsatTopicArn:
Type: String
Sentinel2TopicArn:
Type: String
Hyp3Api:
Type: String
Hyp3JobsTable:
Type: String
LambdaLoggingLevel:
Type: String
Default: INFO
AllowedValues:
- INFO
- DEBUG
EarthdataUsername:
Type: String
EarthdataPassword:
Type: String
NoEcho: true
PublishBucket:
Type: String
AllowedValues:
- its-live-data
- its-live-data-test
MattermostPAT:
Type: String
NoEcho: true
Resources:
DeadLetterQueue:
Type: AWS::SQS::Queue
Properties:
MessageRetentionPeriod: 1209600
Queue:
Type: AWS::SQS::Queue
Properties:
MessageRetentionPeriod: 1209600
VisibilityTimeout: 28800
RedrivePolicy:
deadLetterTargetArn: !GetAtt DeadLetterQueue.Arn
maxReceiveCount: 3
QueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: sns.amazonaws.com
Action: sqs:SendMessage
Resource: !GetAtt Queue.Arn
Condition:
ArnEquals:
aws:SourceArn: [!Ref LandsatTopicArn, !Ref Sentinel2TopicArn]
Queues:
- !Ref Queue
LandsatSubscription:
Type: AWS::SNS::Subscription
Properties:
TopicArn: !Ref LandsatTopicArn
Protocol: sqs
Endpoint: !GetAtt Queue.Arn
FilterPolicyScope: MessageBody
FilterPolicy:
landsat_product_id:
- suffix: '_T1'
- suffix: '_T2'
s3_location:
- prefix: 's3://usgs-landsat/collection02/level-1/standard/oli-tirs/'
Lambda:
Type: AWS::Lambda::Function
Properties:
Code: its_live_monitoring/src/
Handler: main.lambda_handler
MemorySize: 128
Role: !GetAtt LambdaRole.Arn
Runtime: python3.12
Timeout: 900
Environment:
Variables:
HYP3_API: !Ref Hyp3Api
JOBS_TABLE_NAME: !Ref Hyp3JobsTable
LOGGING_LEVEL: !Ref LambdaLoggingLevel
EARTHDATA_USERNAME: !Ref EarthdataUsername
EARTHDATA_PASSWORD: !Ref EarthdataPassword
PUBLISH_BUCKET: !Ref PublishBucket
LambdaEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
FunctionName: !Ref Lambda
BatchSize: 1
EventSourceArn: !GetAtt Queue.Arn
FunctionResponseTypes:
- ReportBatchItemFailures
ScalingConfig:
MaximumConcurrency: 100
LambdaLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/aws/lambda/${Lambda}"
RetentionInDays: 90
LambdaRole:
Type: Custom::JplRole
Properties:
ServiceToken: !ImportValue Custom::JplRole::ServiceToken
Path: /account-managed/hyp3/
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
Action: sts:AssumeRole
Principal:
Service: lambda.amazonaws.com
Effect: Allow
ManagedPolicyArns:
- !Ref LambdaPolicy
LambdaPolicy:
Type: Custom::JplPolicy
Properties:
ServiceToken: !ImportValue Custom::JplPolicy::ServiceToken
Path: /account-managed/hyp3/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:PutLogEvents
Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*"
- Effect: Allow
Action: sqs:*
Resource: !GetAtt Queue.Arn
- Effect: Allow
Action: dynamodb:Query
Resource: !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${Hyp3JobsTable}*"
- Effect: Allow
Action:
- s3:List*
- s3:Get*
Resource:
- !Sub "arn:aws:s3:::${PublishBucket}/*"
- !Sub "arn:aws:s3:::${PublishBucket}"
StatusMessages:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
QueueURL: !Ref DeadLetterQueue
QueueName: !GetAtt DeadLetterQueue.QueueName
MattermostPAT: !Ref MattermostPAT
LambdaLoggingLevel: !Ref LambdaLoggingLevel
TemplateURL: status-messages/cloudformation.yml
Outputs:
ItsLiveMonitoringQueueArn:
Description: "The ARN for its-live-monitoring's SQS queue"
Value: !GetAtt Queue.Arn