template.yaml

# https://github.com/awslabs/serverless-application-model/blob/develop/versions/2016-10-31.md
# Indentation needs to be set with spaces, because YAML...
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Sync some data with third parties

Globals:
    Function:
        Environment:
            Variables:
                ARCHETYPE_ASSIGNED_TOPIC: !Ref ArchetypeAssignedSnsTopic
                REVIEW_REPUBLISHED_TOPIC: !Ref ReviewRepublishedSnsTopic
                ARCHETYPE_ASSIGNED_QUEUE: arn:aws:sqs:us-west-2:478062583808:assign-archetype-queue

Resources:
    ArchetypeAssignedSnsTopic:
        Type: AWS::SNS::Topic
        Properties:
            TopicName: 'archetype-assigned'
            DisplayName: 'archetype-assigned'
    ReviewRepublishedSnsTopic:
        Type: AWS::SNS::Topic
        Properties:
            TopicName: 'review-republished'
            DisplayName: 'review-republished'
    SyncStatsStatsQueue:
        Type: AWS::SQS::Queue
        Properties:
            QueueName: sync-stats-queue
            VisibilityTimeout: 601
            Tags:
                - Key: queue-name
                  Value: sync-stats-queue

    SyncStatsSqsQueuePolicy:
        Type: AWS::SQS::QueuePolicy
        Properties:
            PolicyDocument:
                Version: '2012-10-17'
                Id: SyncStatsStatsQueuePolicy
                Statement:
                    - Sid: Allow-SNS-SendMessage
                      Effect: Allow
                      Principal:
                          AWS: '*'
                      Action:
                          - sqs:SendMessage
                      Resource: !GetAtt SyncStatsStatsQueue.Arn
                      Condition:
                          ArnEquals:
                              aws:SourceArn: arn:aws:sns:us-west-2:478062583808:review-published
            Queues:
                - !Ref SyncStatsStatsQueue
    SyncStatsSnsSubscription:
        Type: AWS::SNS::Subscription
        Properties:
            Protocol: SQS
            Endpoint: !GetAtt SyncStatsStatsQueue.Arn
            TopicArn: arn:aws:sns:us-west-2:478062583808:review-published
            
    SyncStatsReprocessQueue:
        Type: AWS::SQS::Queue
        Properties:
            QueueName: review-reprocess
            VisibilityTimeout: 601
    SyncStatsSqsReprocessQueuePolicy:
        Type: AWS::SQS::QueuePolicy
        Properties:
            PolicyDocument:
                Version: '2012-10-17'
                Id: SyncStatsReprocessQueuePolicy
                Statement:
                    - Sid: Allow-SNS-SendMessage-SyncStatsReprocessQueue
                      Effect: Allow
                      Principal:
                          AWS: '*'
                      Action:
                          - sqs:SendMessage
                      Resource: !GetAtt SyncStatsReprocessQueue.Arn
                      Condition:
                          ArnEquals:
                              aws:SourceArn: arn:aws:sns:us-west-2:478062583808:review-republished
            Queues:
                - !Ref SyncStatsReprocessQueue
    SyncStatsReprocessSnsSubscription:
        Type: AWS::SNS::Subscription
        Properties:
            Protocol: SQS
            Endpoint: !GetAtt SyncStatsReprocessQueue.Arn
            TopicArn: arn:aws:sns:us-west-2:478062583808:review-republished

    ProcessSyncStatsFunction:
        Type: AWS::Serverless::Function
        Properties:
            Handler: process-sync-stats.default
            Runtime: nodejs18.x
            CodeUri: ./dist/process-sync-stats
            Timeout: 120
            MemorySize: 500 
            ReservedConcurrentExecutions: 7
            VpcConfig:
                SecurityGroupIds:
                    - sg-eccd2691
                SubnetIds:
                    - subnet-894624ec # Only the private subnet
            # Layers:
            #     - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:14"
            Policies:
                - AWSLambdaVPCAccessExecutionRole
                - SecretsManagerReadWrite
                - AmazonSESFullAccess
                - AmazonSQSFullAccess
                - AmazonSNSFullAccess
                - AmazonS3FullAccess
                - arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy
                # For VPC
                - AWSLambdaENIManagementAccess
                # - arn:aws:iam::478062583808:policy/CloudWatchPolicyForLambda # See https://stackoverflow.com/questions/51166504/disable-cloudwatch-to-monitor-logs-for-lambda-function
            Tags:
                LambdaName: process-sync-stats
            Events:
                SQSEvent:
                    Type: SQS
                    Properties:
                        Queue: !GetAtt SyncStatsStatsQueue.Arn
                        BatchSize: 100
                        MaximumBatchingWindowInSeconds: 10
    TriggerReprocessStatsFunction:
        Type: AWS::Serverless::Function
        Properties:
            Handler: trigger-sync-reprocess.default
            Runtime: nodejs18.x
            Timeout: 900
            CodeUri: ./dist/trigger-sync-reprocess
            MemorySize: 2048
            ReservedConcurrentExecutions: 5
            # Layers:
            #     - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:14"
            Policies:
                - AWSLambdaVPCAccessExecutionRole
                - AmazonSESFullAccess
                - AmazonSNSFullAccess
                - SecretsManagerReadWrite
                - AmazonSNSReadOnlyAccess
                - arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy
                # - arn:aws:iam::478062583808:policy/CloudWatchPolicyForLambda # See https://stackoverflow.com/questions/51166504/disable-cloudwatch-to-monitor-logs-for-lambda-function
            Tags:
                LambdaName: trigger-sync-reprocess
    ReprocessStatsFunction:
        Type: AWS::Serverless::Function
        Properties:
            Handler: sync-data-reprocess.default
            Runtime: nodejs18.x
            Timeout: 60
            CodeUri: ./dist/sync-data-reprocess
            MemorySize: 384 # Increase memory to be able to handle big games like BGS
            ReservedConcurrentExecutions: 100
            # Layers:
            #     - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:14"
            Policies:
                - AWSLambdaVPCAccessExecutionRole
                - SecretsManagerReadWrite
                - AmazonSESFullAccess
                - AmazonSQSFullAccess
                - AmazonSNSFullAccess
                - AmazonS3FullAccess
                - arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy
                # - arn:aws:iam::478062583808:policy/CloudWatchPolicyForLambda # See https://stackoverflow.com/questions/51166504/disable-cloudwatch-to-monitor-logs-for-lambda-function
            Tags:
                LambdaName: sync-data-reprocess
            Events:
                SQSEvent:
                    Type: SQS
                    Properties:
                        Queue: !GetAtt SyncStatsReprocessQueue.Arn
                        BatchSize: 1