lambda-sleep-delay.yaml
---

Sleep Delay Lambda Function CloudFormation Deployment

This CloudFormation template will deploy the SleepDelay Lambda function to an account.

Due to the 'eventually consistent' nature of AWS, there is a high probability that any IAM Role created in the same CloudFormation stack as the Lambda function which will be assigned to it will fail. The only way I've come up with so far to counter this is to deploy this "SleepDelay" function first. The function literally just sleeps for 10 seconds, then returns 'complete'. This function can now be referenced as a custom resource insie of CloudFormation templates, and use the "DependsOn" option for manually defining dependencies. Have the Custom Resource that calls this function DependsOn the Role resource, then have the Lambda function resource DependsOn the SleepDelay resouce.

Hackish, but works.

AWSTemplateFormatVersion: '2010-09-09' Description: 'UITS Account Foundation: Lambda Base Stack'

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters:

ARN of the Lambda CloudWatch Logging Role

SleepDelayRoleARN: Description: Full ARN of the 'log only' lambda role. Default: arn:aws:iam::998687558142:role/fischerm-fdn-lambda-iam-LambdaLogOnlyRole-1NOHFRFG8AAVF Type: String

The S3 bucket name where the Lambda functions live. This is used to create an IAM access policy to permit the application EC2 instances access to the S3 bucket.

FunctionS3Bucket: Description: S3 Bucket containing the Lambda functions. Just the bucket name, not a full arn. Default: ua-uits-ecs-public Type: String

S3 path to the zip file containing the code.

FunctionS3Path: Description: Bucket Key for the Lambda Function, ie 'lambda-base' Default: lambda Type: String ServiceTag: Type: String Description: Exact name of the Service as defined in the service catalog. EnvironmentTag: Type: String Description: Used to distinguish between development, test, production,etc. environment types. AllowedValues: [dev, tst, prd, trn, stg, cfg, sup, rpt] Default: dev ContactNetidTag: Type: String Description: Used to identify the netid of the person most familiar with the usage of the resource. AccountNumberTag: Type: String Description: Identifies the financial system account number. SubAccountTag: Type: String Description: Identifies the financial system's sub account, which contains a name that identifies a collection of services. TicketNumberTag: Type: String Description: Used to identify the Jira, Cherwell, or other ticketing system ticket number to link to more information about the need for the resource.

Resources

Resources:

Sleep Delay Lambda Function

Create a very basic Lambda function that just sleeps for 30 seconds and then returns SUCCESS.

LambdaFunction: Type: AWS::Lambda::Function Properties: Handler: index.handler Description: SleepDelay Function Role: !Ref SleepDelayRoleARN Runtime: python2.7 Timeout: '60' Code: ZipFile: !Sub | import time import cfnresponse def handler(event, context): time.sleep(30) responseData = {} responseData['Data'] = "Slept for 30 Seconds" cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, "arn:aws:uits.arizona.edu:fischerm:sleep") Tags: - Key: service Value: !Ref ServiceTag - Key: environment Value: !Ref EnvironmentTag - Key: contactnetid Value: !Ref ContactNetidTag - Key: accountnumber Value: !Ref AccountNumberTag - Key: subaccount Value: !Ref SubAccountTag - Key: ticketnumber Value: !Ref TicketNumberTag

CloudWatch Logs Group

Create a CloudWatch Log Group for this Lambda function to log to. This allows us to set the retention timeframe.

LambdaLogGroup: Type: "AWS::Logs::LogGroup" DependsOn: - LambdaFunction Properties: LogGroupName: !Sub "/aws/lambda/${LambdaFunction}" RetentionInDays: 7

Outputs

Outputs: FunctionName: Value: !Ref LambdaFunction Export: Name: "foundation-SleepDelayFunction-name" FunctionArn: Value: !GetAtt LambdaFunction.Arn Export: Name: "foundation-SleepDelayFunction-arn"