-
Notifications
You must be signed in to change notification settings - Fork 2
/
template.yaml
55 lines (47 loc) · 1.66 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
DV360 API proxy
Parameters:
ApiCredentialsParameterName:
Type: String
Default: dv360proxy.credentials
Description:
Name of SSM parameter where Google Service Account credentials to DV360 API are stored.
See https://github.com/audienceproject/dv360proxy#configuration for details
ConfigParameterName:
Type: String
Default: dv360proxy.config
Description:
Name of SSM parameter where proxy configuration (allowed partners and advertisers) is stored.
See https://github.com/audienceproject/dv360proxy#configuration for details
CallerAccountId:
Type: Number
Description: AWS Account ID that can call DV360 proxy
Resources:
DV360ProxyFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: dv360proxy/
Handler: app.lambdaHandler
Runtime: nodejs16.x
Timeout: 300
Policies:
- SSMParameterReadPolicy:
ParameterName: !Ref ConfigParameterName
- SSMParameterReadPolicy:
ParameterName: !Ref ApiCredentialsParameterName
Environment:
Variables:
API_CREDENTIALS_PARAMETER_NAME: !Ref ApiCredentialsParameterName
CONFIG_PARAMETER_NAME: !Ref ConfigParameterName
DV360ProxyFunctionInvokePermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt DV360ProxyFunction.Arn
Principal: !Sub 'arn:aws:iam::${CallerAccountId}:root'
Outputs:
DV360ProxyFunction:
Description: "DV360 Proxy Lambda Function ARN"
Value: !GetAtt DV360ProxyFunction.Arn