AWSTemplateFormatVersion: "2010-09-09" Description: Zuora to Datalake export https://github.com/guardian/support-service-lambdas/tree/main/handlers/zuora-datalake-export Parameters: Stage: Description: Stage name Type: String AllowedValues: - CODE - PROD Default: CODE Conditions: IsProd: !Equals [!Ref "Stage", "PROD"] Resources: ExportLambdaRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: / Policies: - PolicyName: LambdaPolicy PolicyDocument: Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents - lambda:InvokeFunction Resource: !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/zuora-datalake-export-${Stage}:log-stream:* - PolicyName: ReadPrivateCredentials PolicyDocument: Statement: - Effect: Allow Action: s3:GetObject Resource: !Sub arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/${Stage}/zuoraRest-${Stage}*.json - PolicyName: OphanTargetCsvBucket PolicyDocument: Statement: - Effect: Allow Action: - s3:PutObject - s3:PutObjectAcl Resource: - arn:aws:s3:::ophan-raw-zuora-increment-* ExportLambda: Type: AWS::Lambda::Function Properties: Description: Export Zuora to Datalake via AQuA Stateful API FunctionName: !Sub zuora-datalake-export-${Stage} Code: S3Bucket: support-service-lambdas-dist S3Key: !Sub membership/${Stage}/zuora-datalake-export/zuora-datalake-export.jar Handler: com.gu.zuora.datalake.export.ExportLambda::handle Environment: Variables: Stage: !Ref Stage Role: !GetAtt ExportLambdaRole.Arn MemorySize: 3008 Runtime: java21 Timeout: 900 Architectures: - arm64 DependsOn: - ExportLambdaRole ExportLambdaTriggerRule: Type: AWS::Events::Rule Condition: IsProd Properties: Description: Trigger Zuora-to-Datalake export every day at 00:30 AM UTC ScheduleExpression: cron(30 0 * * ? *) State: ENABLED Targets: - Arn: !Sub ${ExportLambda.Arn} Id: TriggerLambda Input: | {"exportFromDate": "afterLastIncrement"} TriggerStartExportJobPermission: Type: AWS::Lambda::Permission Condition: IsProd Properties: Action: lambda:InvokeFunction FunctionName: !Sub ${ExportLambda.Arn} Principal: events.amazonaws.com SourceArn: !Sub ${ExportLambdaTriggerRule.Arn} FailedExportAlarm: Type: AWS::CloudWatch::Alarm Condition: IsProd Properties: AlarmName: zuora-datalake-export AlarmDescription: Failed to export Zuora to Datalake. Corresponding Ophan clean tables, such as clean.zuora_account, will go out-of-date. Refer to https://github.com/guardian/support-service-lambdas/blob/main/handlers/sf-datalake-export/README.md on how to debug and retry. AlarmActions: - !Sub arn:aws:sns:${AWS::Region}:${AWS::AccountId}:alarms-handler-topic-${Stage} ComparisonOperator: GreaterThanOrEqualToThreshold Dimensions: - Name: FunctionName Value: !Ref ExportLambda EvaluationPeriods: 1 MetricName: Errors Namespace: AWS/Lambda Period: 300 Statistic: Sum Threshold: 1 TreatMissingData: notBreaching DisableAutomaticLambdaRetry: Type: AWS::Lambda::EventInvokeConfig Properties: FunctionName: !Sub zuora-datalake-export-${Stage} MaximumRetryAttempts: 0 Qualifier: '$LATEST' DependsOn: ExportLambda