Merge pull request #7 from leonardzou/master

add SNS invoke Lambda permission
theonestack · Apr 22, 2021 · 83eeca7 · 83eeca7
2 parents 88c7023 + d1bbcb0
commit 83eeca7
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/lambdas/cleanup_dynamic_sftp_users/index.py b/lambdas/cleanup_dynamic_sftp_users/index.py
@@ -56,7 +56,6 @@ def handler(event, context):
           secretsmanager.delete_secret(
             SecretId = sftp_user,
             RecoveryWindowInDays = 7
-            # or should I do ForceDeleteWithoutRecovery instead?
           )
         except ClientError as error:
           print(f'Failed to delete secret \'{sftp_user}\', error: {error.response["Error"]["Code"]}, continuing onto next sftp_user')
diff --git a/sftp.cfndsl.rb b/sftp.cfndsl.rb
@@ -221,13 +221,27 @@
         Export FnSub("${EnvironmentName}-#{external_parameters[:component_name]}-user-created-topic")
       }
 
+      Lambda_Permission(:CreateDynamicSftpUserLambdaPermission) {
+        FunctionName FnGetAtt(:CreateDynamicSftpUser, :Arn)
+        Action 'lambda:InvokeFunction'
+        Principal 'sns.amazonaws.com'
+        SourceArn Ref(:CreateDynamicSftpUserTopic)
+      }
+
       Events_Rule(:CleanupUsersDailySchedule) {
         ScheduleExpression 'rate(1 day)'
         Targets([{
           Arn: FnGetAtt(:CleanupDynamicSftpUsers, :Arn),
           Id: 'cleanup-dyanmic-sftp-users-lambda'
         }])
       }
+
+      Lambda_Permission(:CleanupDynamicSftpUsersLambdaPermission) {
+        FunctionName FnGetAtt(:CleanupDynamicSftpUsers, :Arn)
+        Action 'lambda:InvokeFunction'
+        Principal 'events.amazonaws.com'
+        SourceArn FnGetAtt(:CleanupUsersDailySchedule, :Arn)
+      }
     end
 
   end