Parameters: Stage: Type: String Description: Stage Conditions: IsProd: Fn::Equals: - Ref: Stage - PROD Resources: DigitalVoucherCancellationProcessorFnRole9BC677A8: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Version: "2012-10-17" Tags: - Key: App Value: digital-voucher-cancellation-processor - Key: Stage Value: Ref: Stage - Key: Stack Value: membership DigitalVoucherCancellationProcessorFnRoleDefaultPolicy0592FCB9: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: ssm:GetParametersByPath Effect: Allow Resource: - Fn::Join: - "" - - "arn:aws:ssm:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :parameter/ - Ref: Stage - /membership/support-service-lambdas-shared-salesforce - Fn::Join: - "" - - "arn:aws:ssm:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :parameter/ - Ref: Stage - /membership/support-service-lambdas-shared-imovo - Action: kms:Decrypt Effect: Allow Resource: Fn::Join: - "" - - "arn:aws:kms:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :alias/aws/ssm - Action: logs:CreateLogGroup Effect: Allow Resource: Fn::Join: - "" - - "arn:aws:logs:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :* - Action: - logs:CreateLogStream - logs:PutLogEvents Effect: Allow Resource: Fn::Join: - "" - - "arn:aws:logs:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :log-group:/aws/lambda/digital-voucher-cancellation-processor- - Ref: Stage - :* Version: "2012-10-17" PolicyName: DigitalVoucherCancellationProcessorFnRoleDefaultPolicy0592FCB9 Roles: - Ref: DigitalVoucherCancellationProcessorFnRole9BC677A8 DigitalVoucherCancellationProcessorLambdaCA1ECC62: Type: AWS::Lambda::Function Properties: Code: S3Bucket: support-service-lambdas-dist S3Key: Fn::Join: - "" - - membership/ - Ref: Stage - /digital-voucher-cancellation-processor/digital-voucher-cancellation-processor.jar Handler: com.gu.digital_voucher_cancellation_processor.Handler::handle Role: Fn::GetAtt: - DigitalVoucherCancellationProcessorFnRole9BC677A8 - Arn Runtime: java21 Environment: Variables: App: digital-voucher-cancellation-processor Stage: Ref: Stage Stack: membership FunctionName: Fn::Join: - "" - - digital-voucher-cancellation-processor- - Ref: Stage MemorySize: 1536 Tags: - Key: App Value: digital-voucher-cancellation-processor - Key: Stage Value: Ref: Stage - Key: Stack Value: membership Timeout: 300 Architectures: - arm64 DependsOn: - DigitalVoucherCancellationProcessorFnRoleDefaultPolicy0592FCB9 - DigitalVoucherCancellationProcessorFnRole9BC677A8 DigitalVoucherCancellationProcessorLambdaAllowEventRuledigitalvouchercancellationprocessorDigitalVoucherCancellationProcessorSchedule4B74A65D3684A4A6: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - DigitalVoucherCancellationProcessorLambdaCA1ECC62 - Arn Principal: events.amazonaws.com SourceArn: Fn::GetAtt: - DigitalVoucherCancellationProcessorSchedule5BB23F75 - Arn DigitalVoucherCancellationProcessorSchedule5BB23F75: Type: AWS::Events::Rule Properties: ScheduleExpression: cron(0 * * * ? *) State: ENABLED Targets: - Arn: Fn::GetAtt: - DigitalVoucherCancellationProcessorLambdaCA1ECC62 - Arn Id: Target0 ErrorAlarmC73DBEA2: Type: AWS::CloudWatch::Alarm Properties: ComparisonOperator: GreaterThanOrEqualToThreshold EvaluationPeriods: 1 AlarmActions: - !Sub arn:aws:sns:${AWS::Region}:${AWS::AccountId}:alarms-handler-topic-PROD AlarmDescription: "IMPACT: If this goes unaddressed at least one subscription that was supposed to be cancelled will be available for fulfilment. For troubleshooting, see https://github.com/guardian/support-service-lambdas/blob/main/handlers/digital-voucher-cancellation-processor/README.md." AlarmName: "URGENT 9-5 - PROD: Failed to cancel digital voucher subscriptions" Dimensions: - Name: FunctionName Value: Ref: DigitalVoucherCancellationProcessorLambdaCA1ECC62 MetricName: Errors Namespace: AWS/Lambda Period: 300 Statistic: Sum Threshold: 1 TreatMissingData: missing DependsOn: - DigitalVoucherCancellationProcessorLambdaAllowEventRuledigitalvouchercancellationprocessorDigitalVoucherCancellationProcessorSchedule4B74A65D3684A4A6 - DigitalVoucherCancellationProcessorLambdaCA1ECC62 Condition: IsProd