AWSTemplateFormatVersion: 2010-09-09 Description: Cleans the database of outdated tokens regularly Parameters: Stack: Description: Stack name Type: String Default: mobile-notifications App: Description: Application name Type: String Stage: Description: Stage name Type: String AllowedValues: - CODE - PROD Default: CODE BuildId: Description: Tag to be used for the image URL, e.g. riff raff build id Type: String Default: dev DeployBucket: Description: Bucket where RiffRaff uploads artifacts on deploy Type: String VpcSubnets: Description: Subnets to use in the VPC Type: List<AWS::EC2::Subnet::Id> VPCSecurityGroup: Type: AWS::EC2::SecurityGroup::Id Description: The default security group of the VPC Resources: ExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: sts:AssumeRole Path: / Policies: - PolicyName: logs PolicyDocument: Statement: Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: arn:aws:logs:*:*:* - PolicyName: lambda PolicyDocument: Statement: Effect: Allow Action: - lambda:InvokeFunction Resource: "*" - PolicyName: Conf PolicyDocument: Statement: Action: - ssm:GetParametersByPath Effect: Allow Resource: !Sub arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/notifications/${Stage}/workers/cleaner - PolicyName: VPC PolicyDocument: Statement: Effect: Allow Action: - ec2:CreateNetworkInterface - ec2:DescribeNetworkInterfaces - ec2:DeleteNetworkInterface Resource: "*" - PolicyName: connectRdsProxy PolicyDocument: Statement: - Action: - rds-db:connect Effect: Allow Resource: Fn::ImportValue: !Sub RegistrationsDbProxyId-${Stage} Lambda: Type: AWS::Lambda::Function Properties: FunctionName: !Sub ${Stack}-${App}-ctr-${Stage} PackageType: Image Code: ImageUri: !Join [':', [!ImportValue NotificationLambdaRepositoryUri, !Ref BuildId]] Environment: Variables: Stage: !Ref Stage Stack: !Ref Stack App: !Ref App Description: Cleans the database of outdated tokens regularly ImageConfig: Command: [com.gu.notifications.worker.ExpiredRegistrationCleanerLambda::handleRequest] MemorySize: 1024 Role: !GetAtt ExecutionRole.Arn Timeout: 60 VpcConfig: SecurityGroupIds: - !Ref VPCSecurityGroup SubnetIds: !Ref VpcSubnets DailyEvent: Type: AWS::Events::Rule Properties: Description: Event sent to process the previous day of data ScheduleExpression: cron(4 23 * * ? *) Targets: - Id: Lambda Arn: !GetAtt Lambda.Arn DailyEventLambdaPermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: !GetAtt Lambda.Arn Principal: events.amazonaws.com SourceArn: !GetAtt DailyEvent.Arn