diff --git a/cdk/bin/cdk.ts b/cdk/bin/cdk.ts index 6e6fe59e10..fd4053cb42 100644 --- a/cdk/bin/cdk.ts +++ b/cdk/bin/cdk.ts @@ -11,8 +11,7 @@ import { APP_NAME as SINGLE_CONTRIBUTION_SALESFORCE_WRITES_APP_NAME, SingleContributionSalesforceWrites, } from '../lib/single-contribution-salesforce-writes'; -import type { StripeWebhookEndpointsProps } from '../lib/stripe-webhook-endpoints'; -import { StripeWebhookEndpoints } from '../lib/stripe-webhook-endpoints'; +import { StripeWebhookEndpoints } from '../lib/stripe-webhook-endpoints'; const app = new App(); const membershipHostedZoneId = 'Z1E4V12LQGXFEC'; @@ -143,25 +142,11 @@ new GenerateProductCatalog(app, 'generate-product-catalog-PROD', { domainName: 'product-catalog.guardianapis.com', }); -export const stripeWebhookEndpointsCodeProps: StripeWebhookEndpointsProps = { - stack: "support", - stage: "CODE", - deployBucket: "membership-dist", - certificateId: supportCertificateId, - domainName: `stripe-webhook-endpoints-code.${supportApisDomain}`, - hostedZoneId: supportHostedZoneId, - -} -export const stripeWebhookEndpointsProdProps: StripeWebhookEndpointsProps = { - stack: "support", - stage: "PROD", - deployBucket: "membership-dist", - certificateId: supportCertificateId, - domainName: `stripe-webhook-endpoints-prod.${supportApisDomain}`, - hostedZoneId: supportHostedZoneId, -} - - -new StripeWebhookEndpoints(app, "stripe-webhook-endpoints-CODE",stripeWebhookEndpointsCodeProps); -new StripeWebhookEndpoints(app, "stripe-webhook-endpoints-PROD",stripeWebhookEndpointsProdProps); - +new StripeWebhookEndpoints(app, 'stripe-webhook-endpoints-CODE', { + stack: 'membership', + stage: 'CODE', +}); +new StripeWebhookEndpoints(app, 'stripe-webhook-endpoints-PROD', { + stack: 'membership', + stage: 'PROD', +}); diff --git a/cdk/lib/__snapshots__/stripe-webhook-endpoints.test.ts.snap b/cdk/lib/__snapshots__/stripe-webhook-endpoints.test.ts.snap index 67c0fb0d4c..2639309bb4 100644 --- a/cdk/lib/__snapshots__/stripe-webhook-endpoints.test.ts.snap +++ b/cdk/lib/__snapshots__/stripe-webhook-endpoints.test.ts.snap @@ -15,45 +15,9 @@ exports[`The StripeWebhookEndpoints stack matches the snapshot 1`] = ` }, "Description": "Endpoints to handle stripe webhooks", "Metadata": { - "gu:cdk:constructs": [ - "GuDistributionBucketParameter", - "GuLambdaFunction", - "GuLambdaFunction", - "GuApiGatewayWithLambdaByPath", - "GuApiGateway5xxPercentageAlarm", - "GuAlarm", - "GuAlarm", - ], + "gu:cdk:constructs": [], "gu:cdk:version": "TEST", }, - "Outputs": { - "RestApiEndpoint0551178A": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - { - "Ref": "AWS::Region", - }, - ".", - { - "Ref": "AWS::URLSuffix", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - }, - }, "Parameters": { "App": { "Default": "stripe-webhook-endpoints", @@ -65,11 +29,6 @@ exports[`The StripeWebhookEndpoints stack matches the snapshot 1`] = ` "Description": "Bucket to copy files to", "Type": "String", }, - "DistributionBucketName": { - "Default": "/account/services/artifact.bucket", - "Description": "SSM parameter containing the S3 bucket name holding distribution artifacts", - "Type": "AWS::SSM::Parameter::Value", - }, "Stack": { "Default": "membership", "Description": "Stack name", @@ -85,171 +44,6 @@ exports[`The StripeWebhookEndpoints stack matches the snapshot 1`] = ` }, }, "Resources": { - "ApiGateway4XXAlarmCDKC83EACCA": { - "Properties": { - "ActionsEnabled": false, - "AlarmActions": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:sns:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":conversion-dev", - ], - ], - }, - ], - "AlarmDescription": "Impact - Stripe Webhook Endpoints received an invalid request. Follow the process in https://docs.google.com/document/d/1_3El3cly9d7u_jPgTcRjLxmdG2e919zCLvmcFCLOYAk/edit", - "AlarmName": "STRIPE-WEBHOOK-ENDPOINTS-CDK- CODE API gateway 4XX response", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "ApiName", - "Value": "stripe-webhook-endpoints-CODE", - }, - ], - "EvaluationPeriods": 1, - "MetricName": "4XXError", - "Namespace": "AWS/ApiGateway", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "ApiGateway5XXAlarmCDK11905206": { - "Properties": { - "ActionsEnabled": false, - "AlarmActions": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:sns:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":conversion-dev", - ], - ], - }, - ], - "AlarmDescription": "stripe-webhook-endpoints-CODE exceeded 1% 5XX error rate", - "AlarmName": "STRIPE-WEBHOOK-ENDPOINTS-CDK- CODE API gateway 5XX error", - "ComparisonOperator": "GreaterThanThreshold", - "Dimensions": [ - { - "Name": "ApiName", - "Value": "stripe-webhook-endpoints-CODE", - }, - ], - "EvaluationPeriods": 1, - "MetricName": "5XXError", - "Namespace": "AWS/ApiGateway", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "ApiGatewayHigh5xxPercentageAlarmStripewebhookendpointsD4B32CBF": { - "Properties": { - "ActionsEnabled": true, - "AlarmActions": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:sns:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":conversion-dev", - ], - ], - }, - ], - "AlarmDescription": "stripe-webhook-endpoints exceeded 1% error rate", - "AlarmName": "High 5XX error percentage from stripe-webhook-endpoints (ApiGateway) in CODE", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "Metrics": [ - { - "Expression": "100*m1/m2", - "Id": "expr_1", - "Label": "% of 5XX responses served for stripe-webhook-endpoints", - }, - { - "Id": "m1", - "MetricStat": { - "Metric": { - "Dimensions": [ - { - "Name": "ApiName", - "Value": "support-CODE-stripe-webhook-endpoints", - }, - ], - "MetricName": "5XXError", - "Namespace": "AWS/ApiGateway", - }, - "Period": 60, - "Stat": "Sum", - }, - "ReturnData": false, - }, - { - "Id": "m2", - "MetricStat": { - "Metric": { - "Dimensions": [ - { - "Name": "ApiName", - "Value": "support-CODE-stripe-webhook-endpoints", - }, - ], - "MetricName": "Count", - "Namespace": "AWS/ApiGateway", - }, - "Period": 60, - "Stat": "SampleCount", - }, - "ReturnData": false, - }, - ], - "Threshold": 1, - "TreatMissingData": "notBreaching", - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "BasePathMapping": { - "Properties": { - "DomainName": { - "Ref": "StripeWebhookEndpointsDomainName", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - "Stage": { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - }, - "Type": "AWS::ApiGateway::BasePathMapping", - }, "CustomerUpdatedLambda": { "Properties": { "CodeUri": { @@ -327,8 +121,8 @@ exports[`The StripeWebhookEndpoints stack matches the snapshot 1`] = ` ], "Runtime": "java21", "Tags": { - "Stack": "support", - "Stage": "CODE", + "Stack": "membership", + "Stage": "TEST", "gu:cdk:version": "TEST", "gu:repo": "guardian/support-service-lambdas", }, @@ -336,23 +130,6 @@ exports[`The StripeWebhookEndpoints stack matches the snapshot 1`] = ` }, "Type": "AWS::Serverless::Function", }, - "DNSRecord": { - "Properties": { - "HostedZoneId": "Z3KO35ELNWZMSX", - "Name": "stripe-webhook-endpoints-code.support.guardianapis.com", - "ResourceRecords": [ - { - "Fn::GetAtt": [ - "StripeWebhookEndpointsDomainName", - "RegionalDomainName", - ], - }, - ], - "TTL": "120", - "Type": "CNAME", - }, - "Type": "AWS::Route53::RecordSet", - }, "PaymentIntentIssuesLambda": { "Properties": { "CodeUri": { @@ -418,8 +195,8 @@ exports[`The StripeWebhookEndpoints stack matches the snapshot 1`] = ` ], "Runtime": "java21", "Tags": { - "Stack": "support", - "Stage": "CODE", + "Stack": "membership", + "Stage": "TEST", "gu:cdk:version": "TEST", "gu:repo": "guardian/support-service-lambdas", }, @@ -427,2358 +204,6 @@ exports[`The StripeWebhookEndpoints stack matches the snapshot 1`] = ` }, "Type": "AWS::Serverless::Function", }, - "RestApi0C43BF4B": { - "Properties": { - "Name": "support-CODE-stripe-webhook-endpoints", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiAccount7C83CF5A": { - "DeletionPolicy": "Retain", - "DependsOn": [ - "RestApi0C43BF4B", - ], - "Properties": { - "CloudWatchRoleArn": { - "Fn::GetAtt": [ - "RestApiCloudWatchRoleE3ED6605", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - "UpdateReplacePolicy": "Retain", - }, - "RestApiCloudWatchRoleE3ED6605": { - "DeletionPolicy": "Retain", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", - ], - ], - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::IAM::Role", - "UpdateReplacePolicy": "Retain", - }, - "RestApiDeployment180EC503c90b732ee97acfdb2915856bb85ced68": { - "DependsOn": [ - "RestApicustomerupdatedPOSTC990C432", - "RestApicustomerupdatedD991BA1D", - "RestApipaymentintentissuePOSTA78C3986", - "RestApipaymentintentissue6417F57B", - ], - "Properties": { - "Description": "Automatically created by the RestApi construct", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": { - "DependsOn": [ - "RestApiAccount7C83CF5A", - ], - "Properties": { - "DeploymentId": { - "Ref": "RestApiDeployment180EC503c90b732ee97acfdb2915856bb85ced68", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApicustomerupdatedD991BA1D": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "customer-updated", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApicustomerupdatedPOSTApiPermissionStripeWebhookEndpointsCODERestApi55309A7CPOSTcustomerupdatedBDC2C077": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "customerupdatedcdklambda94E6ED36", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/customer-updated", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicustomerupdatedPOSTApiPermissionTestStripeWebhookEndpointsCODERestApi55309A7CPOSTcustomerupdated17E14F5E": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "customerupdatedcdklambda94E6ED36", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/customer-updated", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicustomerupdatedPOSTC990C432": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "customerupdatedcdklambda94E6ED36", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApicustomerupdatedD991BA1D", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApipaymentintentissue6417F57B": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "payment-intent-issue", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApipaymentintentissuePOSTA78C3986": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "paymentintentissuescdklambdaD549B87A", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApipaymentintentissue6417F57B", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApipaymentintentissuePOSTApiPermissionStripeWebhookEndpointsCODERestApi55309A7CPOSTpaymentintentissue004976C5": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "paymentintentissuescdklambdaD549B87A", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/payment-intent-issue", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApipaymentintentissuePOSTApiPermissionTestStripeWebhookEndpointsCODERestApi55309A7CPOSTpaymentintentissue1D1335F6": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "paymentintentissuescdklambdaD549B87A", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/payment-intent-issue", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "S3inlinepolicy3B07399A": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": "arn:aws:s3::*:membership-dist/*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "S3inlinepolicy3B07399A", - "Roles": [ - { - "Ref": "paymentintentissuescdklambdaServiceRole5EF38E3E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "S3inlinepolicyForCustomerUpdatedlambdaD4D663D2": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/CODE/zuoraRest-CODE.*.json", - "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/CODE/trustedApi-CODE.*.json", - "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/CODE/stripe-CODE.*.json", - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "S3inlinepolicyForCustomerUpdatedlambdaD4D663D2", - "Roles": [ - { - "Ref": "customerupdatedcdklambdaServiceRole70F25448", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "SSMinlinepolicyB56CB2A2": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/membership/payment-intent-issues/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SSMinlinepolicyB56CB2A2", - "Roles": [ - { - "Ref": "paymentintentissuescdklambdaServiceRole5EF38E3E", - }, - { - "Ref": "customerupdatedcdklambdaServiceRole70F25448", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "StripeWebhookEndpointsDomainName": { - "Properties": { - "DomainName": "stripe-webhook-endpoints-code.support.guardianapis.com", - "EndpointConfiguration": { - "Types": [ - "REGIONAL", - ], - }, - "RegionalCertificateArn": { - "Fn::Join": [ - "", - [ - "arn:aws:acm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":certificate/b384a6a0-2f54-4874-b99b-96eeff96c009", - ], - ], - }, - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::ApiGateway::DomainName", - }, - "customerupdatedcdklambda94E6ED36": { - "DependsOn": [ - "customerupdatedcdklambdaServiceRoleDefaultPolicy50D952D7", - "customerupdatedcdklambdaServiceRole70F25448", - ], - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DistributionBucketName", - }, - "S3Key": "support/CODE/stripe-webhook-endpoints/stripe-webhook-endpoints.jar", - }, - "Description": "A lambda for handling customer updates", - "Environment": { - "Variables": { - "APP": "stripe-webhook-endpoints", - "App": "stripe-webhook-endpoints", - "STACK": "support", - "STAGE": "CODE", - "Stack": "support", - "Stage": "CODE", - }, - }, - "FunctionName": "stripe-customer-updated-cdk-CODE", - "Handler": "com.gu.stripeCardUpdated.Lambda::apply", - "MemorySize": 1536, - "Role": { - "Fn::GetAtt": [ - "customerupdatedcdklambdaServiceRole70F25448", - "Arn", - ], - }, - "Runtime": "java11", - "Tags": [ - { - "Key": "App", - "Value": "stripe-webhook-endpoints", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - "Timeout": 900, - }, - "Type": "AWS::Lambda::Function", - }, - "customerupdatedcdklambdaServiceRole70F25448": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - "Tags": [ - { - "Key": "App", - "Value": "stripe-webhook-endpoints", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "customerupdatedcdklambdaServiceRoleDefaultPolicy50D952D7": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - "/support/CODE/stripe-webhook-endpoints/stripe-webhook-endpoints.jar", - ], - ], - }, - ], - }, - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/stripe-webhook-endpoints", - ], - ], - }, - }, - { - "Action": [ - "ssm:GetParameters", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/stripe-webhook-endpoints/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "customerupdatedcdklambdaServiceRoleDefaultPolicy50D952D7", - "Roles": [ - { - "Ref": "customerupdatedcdklambdaServiceRole70F25448", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "paymentintentissuescdklambdaD549B87A": { - "DependsOn": [ - "paymentintentissuescdklambdaServiceRoleDefaultPolicyD200FB2D", - "paymentintentissuescdklambdaServiceRole5EF38E3E", - ], - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DistributionBucketName", - }, - "S3Key": "support/CODE/stripe-webhook-endpoints/stripe-webhook-endpoints.jar", - }, - "Description": "A lambda for handling payment intent issues (cancellation, failure, action required)", - "Environment": { - "Variables": { - "APP": "stripe-webhook-endpoints", - "App": "stripe-webhook-endpoints", - "STACK": "support", - "STAGE": "CODE", - "Stack": "support", - "Stage": "CODE", - }, - }, - "FunctionName": "stripe-payment-intent-issues-cdk-CODE", - "Handler": "com.gu.paymentIntentIssues.Lambda::handler", - "MemorySize": 512, - "Role": { - "Fn::GetAtt": [ - "paymentintentissuescdklambdaServiceRole5EF38E3E", - "Arn", - ], - }, - "Runtime": "java11", - "Tags": [ - { - "Key": "App", - "Value": "stripe-webhook-endpoints", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - "Timeout": 300, - }, - "Type": "AWS::Lambda::Function", - }, - "paymentintentissuescdklambdaServiceRole5EF38E3E": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - "Tags": [ - { - "Key": "App", - "Value": "stripe-webhook-endpoints", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "CODE", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "paymentintentissuescdklambdaServiceRoleDefaultPolicyD200FB2D": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - "/support/CODE/stripe-webhook-endpoints/stripe-webhook-endpoints.jar", - ], - ], - }, - ], - }, - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/stripe-webhook-endpoints", - ], - ], - }, - }, - { - "Action": [ - "ssm:GetParameters", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/CODE/support/stripe-webhook-endpoints/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "paymentintentissuescdklambdaServiceRoleDefaultPolicyD200FB2D", - "Roles": [ - { - "Ref": "paymentintentissuescdklambdaServiceRole5EF38E3E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, - "Transform": "AWS::Serverless-2016-10-31", -} -`; - -exports[`The StripeWebhookEndpoints stack matches the snapshot 2`] = ` -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Conditions": { - "IsProd": { - "Fn::Equals": [ - { - "Ref": "Stage", - }, - "PROD", - ], - }, - }, - "Description": "Endpoints to handle stripe webhooks", - "Metadata": { - "gu:cdk:constructs": [ - "GuDistributionBucketParameter", - "GuLambdaFunction", - "GuLambdaFunction", - "GuApiGatewayWithLambdaByPath", - "GuApiGateway5xxPercentageAlarm", - "GuAlarm", - "GuAlarm", - ], - "gu:cdk:version": "TEST", - }, - "Outputs": { - "RestApiEndpoint0551178A": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - { - "Ref": "AWS::Region", - }, - ".", - { - "Ref": "AWS::URLSuffix", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": { - "App": { - "Default": "stripe-webhook-endpoints", - "Description": "Endpoints to handle stripe webhooks", - "Type": "String", - }, - "DeployBucket": { - "Default": "membership-dist", - "Description": "Bucket to copy files to", - "Type": "String", - }, - "DistributionBucketName": { - "Default": "/account/services/artifact.bucket", - "Description": "SSM parameter containing the S3 bucket name holding distribution artifacts", - "Type": "AWS::SSM::Parameter::Value", - }, - "Stack": { - "Default": "membership", - "Description": "Stack name", - "Type": "String", - }, - "Stage": { - "AllowedValues": [ - "CODE", - "PROD", - ], - "Description": "Set by RiffRaff on each deploy", - "Type": "String", - }, - }, - "Resources": { - "ApiGateway4XXAlarmCDKC83EACCA": { - "Properties": { - "ActionsEnabled": true, - "AlarmActions": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:sns:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":conversion-dev", - ], - ], - }, - ], - "AlarmDescription": "Impact - Stripe Webhook Endpoints received an invalid request. Follow the process in https://docs.google.com/document/d/1_3El3cly9d7u_jPgTcRjLxmdG2e919zCLvmcFCLOYAk/edit", - "AlarmName": "STRIPE-WEBHOOK-ENDPOINTS-CDK- PROD API gateway 4XX response", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": [ - { - "Name": "ApiName", - "Value": "stripe-webhook-endpoints-PROD", - }, - ], - "EvaluationPeriods": 1, - "MetricName": "4XXError", - "Namespace": "AWS/ApiGateway", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "ApiGateway5XXAlarmCDK11905206": { - "Properties": { - "ActionsEnabled": true, - "AlarmActions": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:sns:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":conversion-dev", - ], - ], - }, - ], - "AlarmDescription": "stripe-webhook-endpoints-PROD exceeded 1% 5XX error rate", - "AlarmName": "STRIPE-WEBHOOK-ENDPOINTS-CDK- PROD API gateway 5XX error", - "ComparisonOperator": "GreaterThanThreshold", - "Dimensions": [ - { - "Name": "ApiName", - "Value": "stripe-webhook-endpoints-PROD", - }, - ], - "EvaluationPeriods": 1, - "MetricName": "5XXError", - "Namespace": "AWS/ApiGateway", - "Period": 60, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "ApiGatewayHigh5xxPercentageAlarmStripewebhookendpointsD4B32CBF": { - "Properties": { - "ActionsEnabled": true, - "AlarmActions": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:sns:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":conversion-dev", - ], - ], - }, - ], - "AlarmDescription": "stripe-webhook-endpoints exceeded 1% error rate", - "AlarmName": "High 5XX error percentage from stripe-webhook-endpoints (ApiGateway) in PROD", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "Metrics": [ - { - "Expression": "100*m1/m2", - "Id": "expr_1", - "Label": "% of 5XX responses served for stripe-webhook-endpoints", - }, - { - "Id": "m1", - "MetricStat": { - "Metric": { - "Dimensions": [ - { - "Name": "ApiName", - "Value": "support-PROD-stripe-webhook-endpoints", - }, - ], - "MetricName": "5XXError", - "Namespace": "AWS/ApiGateway", - }, - "Period": 60, - "Stat": "Sum", - }, - "ReturnData": false, - }, - { - "Id": "m2", - "MetricStat": { - "Metric": { - "Dimensions": [ - { - "Name": "ApiName", - "Value": "support-PROD-stripe-webhook-endpoints", - }, - ], - "MetricName": "Count", - "Namespace": "AWS/ApiGateway", - }, - "Period": 60, - "Stat": "SampleCount", - }, - "ReturnData": false, - }, - ], - "Threshold": 1, - "TreatMissingData": "notBreaching", - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "BasePathMapping": { - "Properties": { - "DomainName": { - "Ref": "StripeWebhookEndpointsDomainName", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - "Stage": { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - }, - "Type": "AWS::ApiGateway::BasePathMapping", - }, - "CustomerUpdatedLambda": { - "Properties": { - "CodeUri": { - "Bucket": { - "Ref": "DeployBucket", - }, - "Key": { - "Fn::Sub": "\${Stack}/\${Stage}/\${App}/\${App}.jar", - }, - }, - "Description": "A lambda for handling customer updates", - "Environment": { - "Variables": { - "App": "stripe-customer-updated", - "Stack": { - "Ref": "Stack", - }, - "Stage": { - "Ref": "Stage", - }, - }, - }, - "Events": { - "AcquisitionEvent": { - "Properties": { - "Method": "post", - "Path": "/customer-updated", - "RequestParameters": [ - "method.request.querystring.apiToken", - ], - }, - "Type": "Api", - }, - }, - "FunctionName": { - "Fn::Sub": "stripe-customer-updated-\${Stage}", - }, - "Handler": "com.gu.stripeCardUpdated.Lambda::apply", - "MemorySize": 1536, - "Policies": [ - "AWSLambdaBasicExecutionRole", - { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/\${Stage}/membership/payment-intent-issues", - }, - ], - }, - }, - { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - { - "Fn::Sub": "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/\${Stage}/zuoraRest-\${Stage}.*.json", - }, - { - "Fn::Sub": "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/\${Stage}/trustedApi-\${Stage}.*.json", - }, - { - "Fn::Sub": "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/\${Stage}/stripe-\${Stage}.*.json", - }, - ], - }, - ], - }, - ], - "Runtime": "java21", - "Tags": { - "Stack": "support", - "Stage": "PROD", - "gu:cdk:version": "TEST", - "gu:repo": "guardian/support-service-lambdas", - }, - "Timeout": 900, - }, - "Type": "AWS::Serverless::Function", - }, - "DNSRecord": { - "Properties": { - "HostedZoneId": "Z3KO35ELNWZMSX", - "Name": "stripe-webhook-endpoints-prod.support.guardianapis.com", - "ResourceRecords": [ - { - "Fn::GetAtt": [ - "StripeWebhookEndpointsDomainName", - "RegionalDomainName", - ], - }, - ], - "TTL": "120", - "Type": "CNAME", - }, - "Type": "AWS::Route53::RecordSet", - }, - "PaymentIntentIssuesLambda": { - "Properties": { - "CodeUri": { - "Bucket": { - "Ref": "DeployBucket", - }, - "Key": { - "Fn::Sub": "\${Stack}/\${Stage}/\${App}/\${App}.jar", - }, - }, - "Description": "A lambda for handling payment intent issues (cancellation, failure, action required)", - "Environment": { - "Variables": { - "App": "payment-intent-issues", - "Stack": { - "Ref": "Stack", - }, - "Stage": { - "Ref": "Stage", - }, - }, - }, - "Events": { - "AcquisitionEvent": { - "Properties": { - "Method": "post", - "Path": "/payment-intent-issue", - }, - "Type": "Api", - }, - }, - "FunctionName": { - "Fn::Sub": "stripe-payment-intent-issues-\${Stage}", - }, - "Handler": "com.gu.paymentIntentIssues.Lambda::handler", - "MemorySize": 512, - "Policies": [ - "AWSLambdaBasicExecutionRole", - { - "Statement": { - "Action": [ - "ssm:GetParametersByPath", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:aws:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/\${Stage}/membership/payment-intent-issues", - }, - ], - }, - }, - { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - ], - }, - ], - }, - ], - "Runtime": "java21", - "Tags": { - "Stack": "support", - "Stage": "PROD", - "gu:cdk:version": "TEST", - "gu:repo": "guardian/support-service-lambdas", - }, - "Timeout": 300, - }, - "Type": "AWS::Serverless::Function", - }, - "RestApi0C43BF4B": { - "Properties": { - "Name": "support-PROD-stripe-webhook-endpoints", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiAccount7C83CF5A": { - "DeletionPolicy": "Retain", - "DependsOn": [ - "RestApi0C43BF4B", - ], - "Properties": { - "CloudWatchRoleArn": { - "Fn::GetAtt": [ - "RestApiCloudWatchRoleE3ED6605", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - "UpdateReplacePolicy": "Retain", - }, - "RestApiCloudWatchRoleE3ED6605": { - "DeletionPolicy": "Retain", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", - ], - ], - }, - ], - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::IAM::Role", - "UpdateReplacePolicy": "Retain", - }, - "RestApiDeployment180EC5031b07f13ff388aed95aed284067fde253": { - "DependsOn": [ - "RestApicustomerupdatedPOSTC990C432", - "RestApicustomerupdatedD991BA1D", - "RestApipaymentintentissuePOSTA78C3986", - "RestApipaymentintentissue6417F57B", - ], - "Properties": { - "Description": "Automatically created by the RestApi construct", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": { - "DependsOn": [ - "RestApiAccount7C83CF5A", - ], - "Properties": { - "DeploymentId": { - "Ref": "RestApiDeployment180EC5031b07f13ff388aed95aed284067fde253", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApicustomerupdatedD991BA1D": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "customer-updated", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApicustomerupdatedPOSTApiPermissionStripeWebhookEndpointsPRODRestApiEB155C28POSTcustomerupdated6604B1C1": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "customerupdatedcdklambda94E6ED36", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/customer-updated", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicustomerupdatedPOSTApiPermissionTestStripeWebhookEndpointsPRODRestApiEB155C28POSTcustomerupdatedFCA50AC3": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "customerupdatedcdklambda94E6ED36", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/customer-updated", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApicustomerupdatedPOSTC990C432": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "customerupdatedcdklambda94E6ED36", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApicustomerupdatedD991BA1D", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApipaymentintentissue6417F57B": { - "Properties": { - "ParentId": { - "Fn::GetAtt": [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "payment-intent-issue", - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApipaymentintentissuePOSTA78C3986": { - "Properties": { - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":apigateway:", - { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "paymentintentissuescdklambdaD549B87A", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": { - "Ref": "RestApipaymentintentissue6417F57B", - }, - "RestApiId": { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApipaymentintentissuePOSTApiPermissionStripeWebhookEndpointsPRODRestApiEB155C28POSTpaymentintentissueF8861084": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "paymentintentissuescdklambdaD549B87A", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/", - { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/POST/payment-intent-issue", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApipaymentintentissuePOSTApiPermissionTestStripeWebhookEndpointsPRODRestApiEB155C28POSTpaymentintentissueAB1C94B9": { - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "paymentintentissuescdklambdaD549B87A", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":execute-api:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":", - { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/POST/payment-intent-issue", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "S3inlinepolicy3B07399A": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": "arn:aws:s3::*:membership-dist/*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "S3inlinepolicy3B07399A", - "Roles": [ - { - "Ref": "paymentintentissuescdklambdaServiceRole5EF38E3E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "S3inlinepolicyForCustomerUpdatedlambdaD4D663D2": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:membership-dist/*", - "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/PROD/zuoraRest-PROD.*.json", - "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/PROD/trustedApi-PROD.*.json", - "arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/PROD/stripe-PROD.*.json", - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "S3inlinepolicyForCustomerUpdatedlambdaD4D663D2", - "Roles": [ - { - "Ref": "customerupdatedcdklambdaServiceRole70F25448", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "SSMinlinepolicyB56CB2A2": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/PROD/membership/payment-intent-issues/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SSMinlinepolicyB56CB2A2", - "Roles": [ - { - "Ref": "paymentintentissuescdklambdaServiceRole5EF38E3E", - }, - { - "Ref": "customerupdatedcdklambdaServiceRole70F25448", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "StripeWebhookEndpointsDomainName": { - "Properties": { - "DomainName": "stripe-webhook-endpoints-prod.support.guardianapis.com", - "EndpointConfiguration": { - "Types": [ - "REGIONAL", - ], - }, - "RegionalCertificateArn": { - "Fn::Join": [ - "", - [ - "arn:aws:acm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":certificate/b384a6a0-2f54-4874-b99b-96eeff96c009", - ], - ], - }, - "Tags": [ - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::ApiGateway::DomainName", - }, - "customerupdatedcdklambda94E6ED36": { - "DependsOn": [ - "customerupdatedcdklambdaServiceRoleDefaultPolicy50D952D7", - "customerupdatedcdklambdaServiceRole70F25448", - ], - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DistributionBucketName", - }, - "S3Key": "support/PROD/stripe-webhook-endpoints/stripe-webhook-endpoints.jar", - }, - "Description": "A lambda for handling customer updates", - "Environment": { - "Variables": { - "APP": "stripe-webhook-endpoints", - "App": "stripe-webhook-endpoints", - "STACK": "support", - "STAGE": "PROD", - "Stack": "support", - "Stage": "PROD", - }, - }, - "FunctionName": "stripe-customer-updated-cdk-PROD", - "Handler": "com.gu.stripeCardUpdated.Lambda::apply", - "MemorySize": 1536, - "Role": { - "Fn::GetAtt": [ - "customerupdatedcdklambdaServiceRole70F25448", - "Arn", - ], - }, - "Runtime": "java11", - "Tags": [ - { - "Key": "App", - "Value": "stripe-webhook-endpoints", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - "Timeout": 900, - }, - "Type": "AWS::Lambda::Function", - }, - "customerupdatedcdklambdaServiceRole70F25448": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - "Tags": [ - { - "Key": "App", - "Value": "stripe-webhook-endpoints", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "customerupdatedcdklambdaServiceRoleDefaultPolicy50D952D7": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - "/support/PROD/stripe-webhook-endpoints/stripe-webhook-endpoints.jar", - ], - ], - }, - ], - }, - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/PROD/support/stripe-webhook-endpoints", - ], - ], - }, - }, - { - "Action": [ - "ssm:GetParameters", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/PROD/support/stripe-webhook-endpoints/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "customerupdatedcdklambdaServiceRoleDefaultPolicy50D952D7", - "Roles": [ - { - "Ref": "customerupdatedcdklambdaServiceRole70F25448", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "paymentintentissuescdklambdaD549B87A": { - "DependsOn": [ - "paymentintentissuescdklambdaServiceRoleDefaultPolicyD200FB2D", - "paymentintentissuescdklambdaServiceRole5EF38E3E", - ], - "Properties": { - "Code": { - "S3Bucket": { - "Ref": "DistributionBucketName", - }, - "S3Key": "support/PROD/stripe-webhook-endpoints/stripe-webhook-endpoints.jar", - }, - "Description": "A lambda for handling payment intent issues (cancellation, failure, action required)", - "Environment": { - "Variables": { - "APP": "stripe-webhook-endpoints", - "App": "stripe-webhook-endpoints", - "STACK": "support", - "STAGE": "PROD", - "Stack": "support", - "Stage": "PROD", - }, - }, - "FunctionName": "stripe-payment-intent-issues-cdk-PROD", - "Handler": "com.gu.paymentIntentIssues.Lambda::handler", - "MemorySize": 512, - "Role": { - "Fn::GetAtt": [ - "paymentintentissuescdklambdaServiceRole5EF38E3E", - "Arn", - ], - }, - "Runtime": "java11", - "Tags": [ - { - "Key": "App", - "Value": "stripe-webhook-endpoints", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - "Timeout": 300, - }, - "Type": "AWS::Lambda::Function", - }, - "paymentintentissuescdklambdaServiceRole5EF38E3E": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - "Tags": [ - { - "Key": "App", - "Value": "stripe-webhook-endpoints", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/support-service-lambdas", - }, - { - "Key": "Stack", - "Value": "support", - }, - { - "Key": "Stage", - "Value": "PROD", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "paymentintentissuescdklambdaServiceRoleDefaultPolicyD200FB2D": { - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":s3:::", - { - "Ref": "DistributionBucketName", - }, - "/support/PROD/stripe-webhook-endpoints/stripe-webhook-endpoints.jar", - ], - ], - }, - ], - }, - { - "Action": "ssm:GetParametersByPath", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/PROD/support/stripe-webhook-endpoints", - ], - ], - }, - }, - { - "Action": [ - "ssm:GetParameters", - "ssm:GetParameter", - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:ssm:", - { - "Ref": "AWS::Region", - }, - ":", - { - "Ref": "AWS::AccountId", - }, - ":parameter/PROD/support/stripe-webhook-endpoints/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "paymentintentissuescdklambdaServiceRoleDefaultPolicyD200FB2D", - "Roles": [ - { - "Ref": "paymentintentissuescdklambdaServiceRole5EF38E3E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, }, "Transform": "AWS::Serverless-2016-10-31", } diff --git a/cdk/lib/stripe-webhook-endpoints.test.ts b/cdk/lib/stripe-webhook-endpoints.test.ts index f75434f989..932e2da0fc 100644 --- a/cdk/lib/stripe-webhook-endpoints.test.ts +++ b/cdk/lib/stripe-webhook-endpoints.test.ts @@ -1,21 +1,12 @@ import { App } from "aws-cdk-lib"; import { Template } from "aws-cdk-lib/assertions"; -import { stripeWebhookEndpointsCodeProps, stripeWebhookEndpointsProdProps } from "../bin/cdk"; import { StripeWebhookEndpoints } from "./stripe-webhook-endpoints"; describe("The StripeWebhookEndpoints stack", () => { it("matches the snapshot", () => { const app = new App(); - // const stack = new StripeWebhookEndpoints(app, "StripeWebhookEndpoints", { stack: "membership", stage: "TEST" }); - - const codeStack = new StripeWebhookEndpoints(app, "Stripe-Webhook-Endpoints-CODE",stripeWebhookEndpointsCodeProps); - const prodStack = new StripeWebhookEndpoints(app, "Stripe-Webhook-Endpoints-PROD", stripeWebhookEndpointsProdProps); - - // const template = Template.fromStack(stack); - // expect(template.toJSON()).toMatchSnapshot(); - - expect(Template.fromStack(codeStack).toJSON()).toMatchSnapshot(); - expect(Template.fromStack(prodStack).toJSON()).toMatchSnapshot(); - + const stack = new StripeWebhookEndpoints(app, "StripeWebhookEndpoints", { stack: "membership", stage: "TEST" }); + const template = Template.fromStack(stack); + expect(template.toJSON()).toMatchSnapshot(); }); -}); +}); \ No newline at end of file diff --git a/cdk/lib/stripe-webhook-endpoints.ts b/cdk/lib/stripe-webhook-endpoints.ts index a0c162b66b..9e8950a6ee 100644 --- a/cdk/lib/stripe-webhook-endpoints.ts +++ b/cdk/lib/stripe-webhook-endpoints.ts @@ -1,225 +1,15 @@ -import path from "path"; -import {GuApiGatewayWithLambdaByPath} from "@guardian/cdk"; -import {GuAlarm} from "@guardian/cdk/lib/constructs/cloudwatch"; -import type {GuStackProps} from "@guardian/cdk/lib/constructs/core"; -import {GuStack} from "@guardian/cdk/lib/constructs/core"; -import {GuLambdaFunction} from "@guardian/cdk/lib/constructs/lambda"; -import type {App} from "aws-cdk-lib"; -import {Duration} from "aws-cdk-lib"; -import {CfnBasePathMapping, CfnDomainName} from "aws-cdk-lib/aws-apigateway"; -import {ComparisonOperator, Metric} from "aws-cdk-lib/aws-cloudwatch"; -import {Effect, Policy, PolicyStatement} from "aws-cdk-lib/aws-iam"; -import {Runtime} from "aws-cdk-lib/aws-lambda"; -import {CfnRecordSet} from "aws-cdk-lib/aws-route53"; -import {CfnInclude} from "aws-cdk-lib/cloudformation-include"; - -export interface StripeWebhookEndpointsProps extends GuStackProps { - stack: string; - stage: string; - deployBucket: string; - certificateId: string; - domainName: string; - hostedZoneId: string; -} +import { join } from "path"; +import type { GuStackProps } from "@guardian/cdk/lib/constructs/core"; +import { GuStack } from "@guardian/cdk/lib/constructs/core"; +import type { App } from "aws-cdk-lib"; +import { CfnInclude } from "aws-cdk-lib/cloudformation-include"; export class StripeWebhookEndpoints extends GuStack { - constructor(scope: App, id: string, props: StripeWebhookEndpointsProps) { + constructor(scope: App, id: string, props: GuStackProps) { super(scope, id, props); - - const app = "stripe-webhook-endpoints"; - - // ---- Existing CFN template ---- // - const yamlTemplateFilePath = path.join(__dirname, "../..", "handlers/stripe-webhook-endpoints/cfn.yaml"); + const yamlTemplateFilePath = join(__dirname, "../..", "handlers/stripe-webhook-endpoints/cfn.yaml"); new CfnInclude(this, "YamlTemplate", { templateFile: yamlTemplateFilePath, }); - - // ---- API-triggered lambda functions ---- // - - //PaymentIntentIssuesLambda - const paymentIntentIssuesLambda = new GuLambdaFunction(this,"payment-intent-issues-cdk-lambda", { - app: app, - description: "A lambda for handling payment intent issues (cancellation, failure, action required)", - functionName: `stripe-payment-intent-issues-cdk-${this.stage}`, - fileName: `${app}.jar`, - handler: "com.gu.paymentIntentIssues.Lambda::handler", - runtime: Runtime.JAVA_11, - memorySize: 512, - timeout: Duration.seconds(300), - environment: { - App: app, - Stack: this.stack, - Stage: this.stage, - }, - } - ); - - //CustomerUpdatedLambda - const customerUpdatedLambda = new GuLambdaFunction(this, "customer-updated-cdk-lambda", { - app: app, - description: "A lambda for handling customer updates", - functionName: `stripe-customer-updated-cdk-${this.stage}`, - fileName: `${app}.jar`, - handler: "com.gu.stripeCardUpdated.Lambda::apply", - runtime: Runtime.JAVA_11, - memorySize: 1536, - timeout: Duration.seconds(900), - environment: { - App: app, - Stack: this.stack, - Stage: this.stage, - }, - } - ); - - // Wire up the API - // ---- API gateway ---- // - const stripeWebhookEndpointsApi = new GuApiGatewayWithLambdaByPath(this, { - app: "stripe-webhook-endpoints", - targets: [ - { - path: "/payment-intent-issue", - httpMethod: "POST", - lambda: paymentIntentIssuesLambda, - }, - { - path: "/customer-updated", - httpMethod: "POST", - lambda: customerUpdatedLambda, - }, - ], - // Create an alarm - monitoringConfiguration: { - snsTopicName: "conversion-dev", - http5xxAlarm: { - tolerated5xxPercentage: 1, - }, - }, - }); - - // ---- Alarms ---- // - const alarmName = (shortDescription: string) => - `STRIPE-WEBHOOK-ENDPOINTS-CDK- ${this.stage} ${shortDescription}`; - - const alarmDescription = (description: string) => - `Impact - ${description}. Follow the process in https://docs.google.com/document/d/1_3El3cly9d7u_jPgTcRjLxmdG2e919zCLvmcFCLOYAk/edit`; - - new GuAlarm(this, "ApiGateway4XXAlarmCDK", { - app, - alarmName: alarmName("API gateway 4XX response"), - alarmDescription: alarmDescription( - "Stripe Webhook Endpoints received an invalid request" - ), - evaluationPeriods: 1, - threshold: 1, - snsTopicName: "conversion-dev", - actionsEnabled: this.stage === "PROD", - comparisonOperator: ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD, - metric: new Metric({ - metricName: "4XXError", - namespace: "AWS/ApiGateway", - statistic: "Sum", - period: Duration.seconds(300), - dimensionsMap: { - ApiName: `${app}-${this.stage}`, - }, - }), - }); - - new GuAlarm(this, 'ApiGateway5XXAlarmCDK', { - app, - alarmName: alarmName("API gateway 5XX error"), - alarmDescription: `stripe-webhook-endpoints-${this.stage} exceeded 1% 5XX error rate`, - evaluationPeriods: 1, - threshold: 1, - actionsEnabled: this.stage === "PROD", - snsTopicName: "conversion-dev", - comparisonOperator: ComparisonOperator.GREATER_THAN_THRESHOLD, - metric: new Metric({ - metricName: "5XXError", - namespace: "AWS/ApiGateway", - statistic: "Sum", - period: Duration.seconds(60), - dimensionsMap: { - ApiName:`${app}-${this.stage}`, - } - }), - }); - - // ---- DNS ---- // - const certificateArn = `arn:aws:acm:${this.region}:${this.account}:certificate/${props.certificateId}`; - - const cfnDomainName = new CfnDomainName(this, "StripeWebhookEndpointsDomainName", { - domainName: props.domainName, - regionalCertificateArn: certificateArn, - endpointConfiguration: { - types: ["REGIONAL"] - } - }); - - new CfnBasePathMapping(this, "BasePathMapping", { - domainName: cfnDomainName.ref, - // Uncomment the lines below to reroute traffic to the new API Gateway instance - restApiId: stripeWebhookEndpointsApi.api.restApiId, - stage: stripeWebhookEndpointsApi.api.deploymentStage.stageName, - // Uncomment the lines below to reroute traffic to the old (existing) API Gateway instance - // restApiId: yamlDefinedResources.getResource("ServerlessRestApi").ref, - // stage: props.stage, - }); - - new CfnRecordSet(this, "DNSRecord", { - name: props.domainName, - type: "CNAME", - hostedZoneId: props.hostedZoneId, - ttl: "120", - resourceRecords: [cfnDomainName.attrRegionalDomainName], - }); - - - // ---- Apply policies ---- // - const ssmInlinePolicy: Policy = new Policy(this, "SSM inline policy", { - statements: [ - new PolicyStatement({ - effect: Effect.ALLOW, - actions: ["ssm:GetParametersByPath"], - resources: [ - `arn:aws:ssm:${this.region}:${this.account}:parameter/${props.stage}/membership/payment-intent-issues/*`, - ], - }), - ], - }); - - const s3InlinePolicy: Policy = new Policy(this, "S3 inline policy", { - statements: [ - new PolicyStatement({ - effect: Effect.ALLOW, - actions: ["s3:GetObject"], - resources: ["arn:aws:s3::*:membership-dist/*"], - }), - ], - }); - - const s3InlinePolicyForCustomerUpdated: Policy = new Policy(this, "S3 inline policy For Customer Updated lambda", { - statements: [ - new PolicyStatement({ - effect: Effect.ALLOW, - actions: ["s3:GetObject"], - resources: [ - `arn:aws:s3::*:membership-dist/*`, - `arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/${props.stage}/zuoraRest-${props.stage}.*.json`, - `arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/${props.stage}/trustedApi-${props.stage}.*.json`, - `arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/${props.stage}/stripe-${props.stage}.*.json`, - ], - }), - ], - }); - - paymentIntentIssuesLambda.role?.attachInlinePolicy(ssmInlinePolicy); - paymentIntentIssuesLambda.role?.attachInlinePolicy(s3InlinePolicy); - customerUpdatedLambda.role?.attachInlinePolicy(ssmInlinePolicy); - customerUpdatedLambda.role?.attachInlinePolicy(s3InlinePolicyForCustomerUpdated); } -} - - - +} \ No newline at end of file diff --git a/handlers/stripe-webhook-endpoints/riff-raff.yaml b/handlers/stripe-webhook-endpoints/riff-raff.yaml index cb9bdaa5df..13fc8daac1 100644 --- a/handlers/stripe-webhook-endpoints/riff-raff.yaml +++ b/handlers/stripe-webhook-endpoints/riff-raff.yaml @@ -23,7 +23,5 @@ deployments: functionNames: - stripe-payment-intent-issues- - stripe-customer-updated- - - stripe-payment-intent-issues-cdk- - - stripe-customer-updated-cdk- dependencies: [stripe-webhook-endpoints-cloudformation]