aws_sam.yaml

# This AWS SAM template has been generated from your function's configuration. If
# your function has one or more triggers, note that the AWS resources associated
# with these triggers aren't fully specified in this template and include
# placeholder values. Open this template in AWS Application Composer or your
# favorite IDE and modify it to specify a serverless application with other AWS
# resources.
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Execute a complete migration from a MySQL database to an S3 bucket datalake
Resources:
  migrationLambda:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Description: ''
      MemorySize: 1024
      Timeout: 600
      Handler: index.handler
      Runtime: nodejs18.x
      Architectures:
        - x86_64
      EphemeralStorage:
        Size: 2048
      EventInvokeConfig:
        MaximumEventAgeInSeconds: 21600
        MaximumRetryAttempts: 2
      FunctionUrlConfig:
        AuthType: NONE
        InvokeMode: BUFFERED
        Cors:
          AllowOrigins:
            - '*'
          MaxAge: 0
      PackageType: Zip
      Policies:
        - Statement:
            - Sid: FullAccessOnSingleBucket
              Effect: Allow
              Action:
                - s3:*
                - s3-object-lambda:*
              Resource: arn:aws:s3:::BUCKET_NAME/*
            - Effect: Allow
              Action:
                - logs:CreateLogGroup
              Resource: arn:aws:logs:us-east-1:AWS_ACCOUNT_ID:*
            - Effect: Allow
              Action:
                - logs:CreateLogStream
                - logs:PutLogEvents
              Resource:
                - >-
                  arn:aws:logs:AWS_REGION:AWS_ACCOUNT_ID:log-group:/aws/lambda/LAMBDA_NAME:*
            - Sid: AWSLambdaVPCAccessExecutionPermissions
              Effect: Allow
              Action:
                - logs:CreateLogGroup
                - logs:CreateLogStream
                - logs:PutLogEvents
                - ec2:CreateNetworkInterface
                - ec2:DescribeNetworkInterfaces
                - ec2:DescribeSubnets
                - ec2:DeleteNetworkInterface
                - ec2:AssignPrivateIpAddresses
                - ec2:UnassignPrivateIpAddresses
              Resource: '*'
      SnapStart:
        ApplyOn: None
      VpcConfig:
        SecurityGroupIds:
          - SECURITY:GROUP
        SubnetIds:
          - SUBNET1
          - SUBNET2
        Ipv6AllowedForDualStack: false
      RuntimeManagementConfig: {}