pull_custom_repo_trigger.yaml
---

Pull Custom Repository Trigger Template

This CloudFormation template will a set of resources which will allow an HTTP request to trigger shell commands on a deployer host, which will facilitate a code refresh on application hosts. Bitbucket will be the initial source for the webhook.

AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: "Peoplesoft: Pull Custom Repository"

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters:

The S3 bucket name where the Lambda functions live. This is used to create an IAM access policy to permit the application EC2 instances access to the S3 bucket.

FunctionS3Bucket: Description: S3 Bucket containing the Lambda functions. Just the bucket name, not a full arn. Default: edu-arizona-ps-nonprod-eas Type: String

S3 path to the zip file containing the code.

FunctionS3FilePath: Description: Key for the Lambda Function, ie 'lambda/function.zip' Default: shared/pull_custom_repo_trigger.zip Type: String

Tags

The following tags are applied to all resources created by this template.

ServiceTag: Type: String Description: Exact name of the Service as defined in the service catalog. EnvironmentTag: Type: String Description: Used to distinguish between development, test, production,etc. environment types. AllowedValues: [dev, tst, prd, trn, stg, cfg, sup, rpt] Default: dev ContactNetidTag: Type: String Description: Used to identify the netid of the person most familiar with the usage of the resource. AccountNumberTag: Type: String Description: Identifies the financial system account number. SubAccountTag: Type: String Description: Identifies the financial system account number. TicketNumberTag: Type: String Description: Used to identify the Jira, Cherwell, or other ticketing system ticket number to link to more information about the need for the resource. Resources:

Lambda API Fuction

Create a Lambda and API hook to handle a POST event. This is triggered from Bitbucket.org when a repository is updated

LambdaFunction: Type: AWS::Serverless::Function Properties: Description: Pull Custom Repository Trigger Handler: pull_custom_repo_trigger.lambda_handler Runtime: python3.6 CodeUri: Bucket: !Ref FunctionS3Bucket Key: !Ref FunctionS3FilePath

Version: abcd

Events: PostEvent: Type: Api Properties: Path: /refresh Method: post Environment: Variables: TagName: resourcefunction TagValue: deployer Policies: - AWSLambdaExecute # Managed Policy - Version: '2012-10-17' # Policy Document Statement: - Sid: ssmCommands Effect: Allow Action: - ssm:DescribeDocument - ssm:ListDocuments - ssm:SendCommand Resource: - "*" Tags: service: !Ref ServiceTag environment: !Ref EnvironmentTag contactnetid: !Ref ContactNetidTag accountnumber: !Ref AccountNumberTag subaccount: !Ref SubAccountTag ticketnumber: !Ref TicketNumberTag

CloudWatch Logs Group

Create a CloudWatch Log Group for this Lambda function to log to. This allows us to set the retention timeframe.

AddLogGroup: Type: "AWS::Logs::LogGroup" DependsOn: - LambdaFunction Properties: LogGroupName: !Sub "/aws/lambda/${LambdaFunction}" RetentionInDays: 7