E M P L AT E 1 { 2 "Resources": { 3 "MindtouchDsproductionEventsArchiveS3LambdaInvokePermission": { 4 "Properties": { 5 "Action": "lambda:InvokeFunction", 6 "FunctionName": { 7 "Ref": "s32SQS" 8 }, 9 "Principal": "s3.amazonaws.com", 10 "SourceArn": { 11 "Fn::Join": [ 12 ":", 13 [ 14 "arn:aws:s3", 15 ":", 16 "mindtouch-dsproduction-events-archive" 17 ] 18 ] 19 } 20 }, 21 "Type": "AWS::Lambda::Permission" 22 }, 23 "s32SQS": { 24 "Properties": { 25 "Code": { 26 "S3Bucket": "mindtouch-lambda-ops-cfn-template-devstack", 27 "S3Key": "dsproduction/s32SQS-1463074195.zip" 28 }, 29 "Handler": "s32SQS.lambda_handler", 30 "Role": { 31 "Fn::GetAtt": [ 32 "s32SQSExecutionRole", 33 "Arn" 34 ] 35 }, 36 "Runtime": "python2.7" 37 }, 38 "Type": "AWS::Lambda::Function" 39 }, 40 "s32SQSExecutionRole": { 41 "Properties": { 42 "AssumeRolePolicyDocument": { 43 "Statement": [ 44 { 45 "Action": [ 46 "sts:AssumeRole" 47 ], 48 "Effect": "Allow", 49 "Principal": { 50 "Service": [ 51 "lambda.amazonaws.com" 52 ] 53 } 54 } 55 ] 56 }, 57 "Policies": [ 58 { 59 "PolicyDocument": { 60 "Statement": [ 61 { 62 "Action": [ 63 "s3:ListBucket" 64 ], 65 "Effect": "Allow", 66 "Resource": { 67 "Fn::Join": [ 68 ":", 69 [ 70 "arn:aws:s3", 71 ":", 72 "mindtouch-dsproduction-events-archive/*" 73 ] 74 ] 75 } 76 } 77 ] 78 }, 79 "PolicyName": "MindtouchdsproductioneventsarchiveS3AccessPolicy" 80 }, 81 { 82 "PolicyDocument": { 83 "Statement": [ 84 { 85 "Action": [ 86 "sqs:GetQueueUrl", 87 "sqs:SendMessage", 88 "sqs:SendMessageBatch" 89 ], 90 "Effect": "Allow", 91 "Resource": [ 92 { 93 "Fn::Join": [ 94 ":", 95 [ 96 "arn:aws", 97 "sqs", 98 { 99 "Ref": "AWS::Region" 100 }, 101 { 102 "Ref": "AWS::AccountId" 103 }, 104 "dsproduction-nexus-events2csv" 105 ] 106 ] 107 } 108 ] 109 } 110 ] 111 }, 112 "PolicyName": "DsproductionNexusEvents2CsvSqsAccessPolicy" 113 }, 114 { 115 "PolicyDocument": { 116 "Statement": [ 117 { 118 "Action": [ 119 "logs:CreateLogGroup", 120 "logs:CreateLogStream", 121 "logs:PutLogEvents" 122 ], 123 "Effect": "Allow", 124 "Resource": [ 125 "arn:aws:logs:*:*:*" 126 ] 127 } 128 ] 129 }, 130 "PolicyName": "Logs" 131 } 132 ] 133 }, 134 "Type": "AWS::IAM::Role" 135 } 136 } 137 }