Merge pull request #2 from aws-samples/no-macro

mohsanjaffery · web-flow · commit 00dc865db61e · 2020-05-14T23:57:48.000+01:00
No macro
diff --git a/.gitignore b/.gitignore
@@ -9,6 +9,10 @@
 **/out-tsc
 **/settings.js
 **/packaged.template
+macro.zip
+packaged.template
+packaged.zip
+s-headers.zip
 
 # dependencies
 **/node_modules
diff --git a/templates/acm-certificate.yaml b/templates/acm-certificate.yaml
@@ -7,7 +7,7 @@ Parameters:
   Region:
     Type: String
     Default: 'us-east-1'
-  CustomResourceStack:
+  CFNCustomProvider:
     Type: String
 
 Resources:
@@ -17,20 +17,20 @@ Resources:
       DomainName: !Sub '*.${DomainName}'
       Region: !Ref Region
       ValidationMethod: DNS
-      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-certificate-provider'
+      ServiceToken: !Ref 'CFNCustomProvider'
 
   IssuedCertificate:
     Type: Custom::IssuedCertificate
     Properties:
       CertificateArn: !Ref Certificate
-      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-certificate-provider'
+      ServiceToken: !Ref 'CFNCustomProvider'
 
   CertificateDNSRecord:
     Type: Custom::CertificateDNSRecord
     Properties:
       CertificateArn: !Ref Certificate
       DomainName: !Sub '*.${DomainName}'
-      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-certificate-provider'
+      ServiceToken: !Ref 'CFNCustomProvider'
 
   DomainValidationRecord:
     Type: AWS::Route53::RecordSetGroup
@@ -48,7 +48,5 @@ Resources:
 Outputs:
   DNSRecord:
     Value: !Sub '${CertificateDNSRecord.Name} ${CertificateDNSRecord.Type} ${CertificateDNSRecord.Value}'
-  CustomResourceStack:
-    Value: !Ref CustomResourceStack
   CertificateArn: 
     Value: !Ref Certificate
diff --git a/templates/cloudfront-site.yaml b/templates/cloudfront-site.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Description: ACFS3 - CloudFront with Header Security and site content
-Transform: ['AWS::Serverless-2016-10-31', 'S3Objects']
+Transform: 'AWS::Serverless-2016-10-31'
 
 Parameters:
   CertificateArn:
@@ -17,7 +17,6 @@ Parameters:
     Type: String
 
 Resources:
-
   S3BucketLogs:
     Type: AWS::S3::Bucket
     DeletionPolicy: Retain
@@ -27,6 +26,9 @@ Resources:
         ServerSideEncryptionConfiguration:
           - ServerSideEncryptionByDefault:
               SSEAlgorithm: AES256
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
   S3BucketRoot:
     Type: AWS::S3::Bucket
@@ -69,6 +71,9 @@ Resources:
       CodeUri: ../s-headers.zip
       Runtime: 'nodejs12.x'
       Timeout: 25
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
   Lambdaversion:
     Type: AWS::Lambda::Version
@@ -79,21 +84,24 @@ Resources:
   LambdaEdgeFunctionRole:
     Type: AWS::IAM::Role
     Properties:
-        Path: '/'
-        ManagedPolicyArns:
-            - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
-        AssumeRolePolicyDocument:
-          Version: '2012-10-17'
-          Statement:
-            -
-              Sid: 'AllowLambdaServiceToAssumeRole'
-              Effect: 'Allow'
-              Action:
-                - 'sts:AssumeRole'
-              Principal:
-                Service:
-                - 'lambda.amazonaws.com'
-                - 'edgelambda.amazonaws.com'
+      Path: '/'
+      ManagedPolicyArns:
+          - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          -
+            Sid: 'AllowLambdaServiceToAssumeRole'
+            Effect: 'Allow'
+            Action:
+              - 'sts:AssumeRole'
+            Principal:
+              Service:
+              - 'lambda.amazonaws.com'
+              - 'edgelambda.amazonaws.com'
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
   CloudFrontDistribution:
     Type: AWS::CloudFront::Distribution
@@ -137,6 +145,9 @@ Resources:
           AcmCertificateArn: !Ref 'CertificateArn'
           MinimumProtocolVersion: 'TLSv1.1_2016'
           SslSupportMethod: 'sni-only'
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
   CloudFrontOriginAccessIdentity:
     Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
@@ -157,46 +168,6 @@ Resources:
           # The  following HosteZoneId is always used for alias records pointing to CF.
           HostedZoneId: 'Z2FDTNDATAQYW2'
 
-  CopiedIndex:
-    Type: AWS::S3::Object
-    Properties:
-      Source:
-        Bucket: !Sub 'solution-builders-${AWS::Region}'
-        Key: !Sub 'amazon-cloudfront-secure-static-site/${Release}/source/website/index.html'
-      Target:
-        Bucket: !Ref S3BucketRoot
-        Key: index.html
-
-  CopiedOther:
-    Type: AWS::S3::Object
-    Properties:
-      Source:
-        Bucket: !Sub 'solution-builders-${AWS::Region}'
-        Key: !Sub 'amazon-cloudfront-secure-static-site/${Release}/source/website/other.html'
-      Target:
-        Bucket: !Ref S3BucketRoot
-        Key: other.html
-
-  CopiedError:
-    Type: AWS::S3::Object
-    Properties:
-      Source:
-        Bucket: !Sub 'solution-builders-${AWS::Region}'
-        Key: !Sub 'amazon-cloudfront-secure-static-site/${Release}/source/website/404.html'
-      Target:
-        Bucket: !Ref S3BucketRoot
-        Key: 404.html
-
-  CopiedCssStyles:
-    Type: AWS::S3::Object
-    Properties:
-      Source:
-        Bucket: !Sub 'solution-builders-${AWS::Region}'
-        Key: !Sub 'amazon-cloudfront-secure-static-site/${Release}/source/website/css/style.css'
-      Target:
-        Bucket: !Ref S3BucketRoot
-        Key: css/style.css
-
 Outputs:
   LambdaEdgeFunctionVersion:
     Description: Lambda@Edge Function ARN with Version
diff --git a/templates/custom-resource.yaml b/templates/custom-resource.yaml
@@ -3,30 +3,12 @@ Description: ACFS3 - Cert Provider with DNS validation
 Transform: AWS::Serverless-2016-10-31
 
 Resources:
-  ResourceFunction:
-    Type: AWS::Serverless::Function
-    Properties:
-      Runtime: python2.7
-      CodeUri: ../macro.zip
-      Handler: resource.handler
-      Policies: AmazonS3FullAccess
-
-  MacroFunction:
-    Type: AWS::Serverless::Function
-    Properties:
-      Runtime: python3.6
-      CodeUri: ../macro.zip
-      Handler: macro.handler
-      Policies: AmazonS3FullAccess
-      Environment:
-        Variables:
-          LAMBDA_ARN: !GetAtt ResourceFunction.Arn
-
-  Macro:
-    Type: AWS::CloudFormation::Macro
+  LambdaPermission:
+    Type: AWS::Lambda::Permission
     Properties:
-      Name: S3Objects
-      FunctionName: !GetAtt MacroFunction.Arn
+      Action: lambda:InvokeFunction
+      FunctionName: !GetAtt CFNCustomProvider.Arn
+      Principal: !GetAtt LambdaRole.Arn
 
   LambdaPolicy:
     Type: AWS::IAM::Policy
@@ -45,17 +27,12 @@ Resources:
               - acm:DeleteCertificate
             Resource:
             - '*'
-          - Effect: Allow
-            Action:
-            - lambda:InvokeFunction
-            Resource:
-            - !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-certificate-provider'
           - Effect: Allow
             Action:
               - logs:*
             Resource: arn:aws:logs:*:*:*
       Roles:
-        - !Ref 'LambdaRole'
+        - !Ref LambdaRole
 
   LambdaRole:
     Type: AWS::IAM::Role
@@ -69,6 +46,9 @@ Resources:
             Principal:
               Service:
                 - lambda.amazonaws.com
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
   CFNCustomProviderLogGroup:
     Type: AWS::Logs::LogGroup
@@ -80,18 +60,18 @@ Resources:
 
   CFNCustomProvider:
     Type: AWS::Serverless::Function
-    DependsOn:
-      - LambdaRole
     Properties:
       CodeUri: s3://binxio-public-us-east-1/lambdas/cfn-certificate-provider-0.2.4.zip
       Description: CFN Certificate Domain Resource Record Provider
       MemorySize: 128
       Handler: provider.handler
-      Role: !GetAtt 'LambdaRole.Arn'
       Timeout: 300
+      Role: !GetAtt LambdaRole.Arn
       Runtime: python3.6
-      FunctionName: binxio-cfn-certificate-provider
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
 Outputs:
   CFNCustomProvider:
-    Value: !GetAtt 'CFNCustomProvider.Arn'
+    Value: !GetAtt CFNCustomProvider.Arn
diff --git a/templates/main.yaml b/templates/main.yaml
@@ -30,14 +30,20 @@ Resources:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: ./custom-resource.yaml
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
   AcmCertificateStack:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: ./acm-certificate.yaml
       Parameters:
         DomainName: !Ref DomainName
-        CustomResourceStack: !GetAtt CustomResourceStack.Outputs.CFNCustomProvider
+        CFNCustomProvider: !GetAtt CustomResourceStack.Outputs.CFNCustomProvider
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
   CloudFrontStack:
     Type: AWS::CloudFormation::Stack
@@ -48,6 +54,9 @@ Resources:
         DomainName: !Ref DomainName
         SubDomain: !Ref SubDomain
         Release: !FindInMap [Solution, Constants, Version]
+      Tags:
+        - Key: Solution
+          Value: ACFS3
 
 Outputs:
   CFNCustomProvider:
