-
Notifications
You must be signed in to change notification settings - Fork 0
/
CloudFormation.yaml
89 lines (83 loc) · 3.07 KB
/
CloudFormation.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Description: A randomizer slash command for Slack, with support for saving groups and more
Parameters:
SlackTokenSSMName:
Description: >-
Name of the Slack slash command verification token in the AWS SSM
Parameter Store, with no leading slash. May be encrypted with the
AWS-managed KMS key.
Type: String
SlackTokenSSMTTL:
Description: >-
TTL for caching the slash command verification token after successfully
retrieving it from SSM, as a Go duration.
Type: String
Default: 2m
XRayTracingEnabled:
Description: If 'true', turn on X-Ray tracing for all requests.
Type: String
Default: 'true'
AWSClientEmbeddedTLSRoots:
Description: >-
If 'true', use embedded TLS roots for connections to AWS services. This
removes about 500ms of cold start latency by limiting the set of root
certificates that must be parsed, but could break if AWS adopts new root
CAs that are unknown to the randomizer.
Type: String
Default: 'true'
CodeS3Bucket:
Description: The S3 bucket containing the Lambda deployment package.
Type: String
CodeS3Key:
Description: The S3 key of the Lambda deployment package.
Type: String
Conditions:
HasXRayTracingEnabled: !Equals [!Ref XRayTracingEnabled, 'true']
HasAWSClientEmbeddedTLSRoots: !Equals [!Ref AWSClientEmbeddedTLSRoots, 'true']
Resources:
GroupsTable:
Type: AWS::DynamoDB::Table
Properties:
KeySchema:
- AttributeName: Partition
KeyType: HASH
- AttributeName: Group
KeyType: RANGE
AttributeDefinitions:
- AttributeName: Partition
AttributeType: S
- AttributeName: Group
AttributeType: S
BillingMode: PAY_PER_REQUEST
HandlerFunction:
Type: AWS::Serverless::Function
Properties:
Description: A randomizer slash command for Slack, with support for saving groups and more
Runtime: provided.al2
Architectures: [arm64]
CodeUri:
Bucket: !Ref CodeS3Bucket
Key: !Ref CodeS3Key
Handler: bootstrap
Tracing: !If [HasXRayTracingEnabled, Active, PassThrough]
MemorySize: 128 # MiB (base-2) per Lambda quotas documentation
Environment:
Variables:
GOMEMLIMIT: 120MiB # TODO: Is there even a slight chance that GOGC tuning will be useful?
DYNAMODB_TABLE: !Ref GroupsTable
SLACK_TOKEN_SSM_NAME: !Sub '/${SlackTokenSSMName}'
SLACK_TOKEN_SSM_TTL: !Ref SlackTokenSSMTTL
AWS_CLIENT_XRAY_TRACING: !If [HasXRayTracingEnabled, '1', !Ref AWS::NoValue]
AWS_CLIENT_EMBEDDED_TLS_ROOTS: !If [HasAWSClientEmbeddedTLSRoots, '1', !Ref AWS::NoValue]
FunctionUrlConfig:
AuthType: NONE
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref GroupsTable
- SSMParameterReadPolicy:
ParameterName: !Ref SlackTokenSSMName
Outputs:
SlackUrl:
Description: The URL for the Slack webhook configuration
Value: !GetAtt HandlerFunctionUrl.FunctionUrl