-
Notifications
You must be signed in to change notification settings - Fork 11
/
dovetail-cdn-usage.yml
136 lines (129 loc) · 5.56 KB
/
dovetail-cdn-usage.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# stacks/apps/dovetail-cdn-usage.yml
# 400A
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >-
Creates a lambda function to run (at least) once a day, pulling CDN usage
data from the Dovetail CDN S3 logs (via Athena) and loading into BigQuery.
Parameters:
NestedChangeSetScrubbingResourcesState: { Type: String }
EnvironmentType: { Type: String }
EnvironmentTypeAbbreviation: { Type: String }
RootStackName: { Type: String }
RootStackId: { Type: String }
CodeS3Bucket: { Type: String }
CodeS3ObjectKey: { Type: AWS::SSM::Parameter::Value<String> }
AthenaDb: { Type: String }
AthenaTable: { Type: String }
BigQueryClientConfig: { Type: AWS::SSM::Parameter::Value<String> }
BigQueryDataset: { Type: String }
DovetailCdnLogBucket: { Type: AWS::SSM::Parameter::Value<String> }
DovetailCdnLogPrefix: { Type: AWS::SSM::Parameter::Value<String> }
Conditions:
EnableNestedChangeSetScrubbingResources: !Equals [!Ref NestedChangeSetScrubbingResourcesState, Enabled]
Resources:
NestedChangeSetScrubber: { Type: AWS::SNS::Topic, Condition: EnableNestedChangeSetScrubbingResources }
DovetailCdnUsageFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri:
Bucket: !Ref CodeS3Bucket
Key: !Ref CodeS3ObjectKey
Description: !Sub >-
${EnvironmentType} Dovetail CDN Usage
Environment:
Variables:
ATHENA_DB: !Ref AthenaDb
ATHENA_TABLE: !Ref AthenaTable
BQ_CLIENT_CONFIG: !Ref BigQueryClientConfig
BQ_DATASET: !Ref BigQueryDataset
Handler: index.handler
MemorySize: 512
Runtime: nodejs20.x
Policies:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- Statement:
- Action:
- athena:StartQueryExecution
- athena:GetQueryExecution
- athena:GetQueryResults
Effect: Allow
Resource: !Sub arn:aws:athena:*:${AWS::AccountId}:workgroup/primary
- Action:
- glue:GetDatabase
- glue:GetTable
Effect: Allow
Resource:
- !Sub arn:aws:glue:${AWS::Region}:${AWS::AccountId}:catalog
- !Sub arn:aws:glue:${AWS::Region}:${AWS::AccountId}:database/${AthenaDb}
- !Sub arn:aws:glue:${AWS::Region}:${AWS::AccountId}:table/${AthenaDb}/${AthenaTable}
- Action:
- s3:GetObject
Effect: Allow
Resource: !Sub arn:aws:s3:::${DovetailCdnLogBucket}/${DovetailCdnLogPrefix}/*
- Action:
- s3:GetBucketLocation
- s3:GetObject
- s3:ListBucket
- s3:ListBucketMultipartUploads
- s3:ListMultipartUploadParts
- s3:AbortMultipartUpload
- s3:CreateBucket
- s3:PutObject
Effect: Allow
Resource: !Sub aws-athena-query-results-${AWS::Region}-${AWS::AccountId}
Version: "2012-10-17"
Tags:
prx:meta:tagging-version: "2021-04-07"
prx:cloudformation:stack-name: !Ref AWS::StackName
prx:cloudformation:stack-id: !Ref AWS::StackId
prx:cloudformation:root-stack-name: !Ref RootStackName
prx:cloudformation:root-stack-id: !Ref RootStackId
prx:ops:environment: !Ref EnvironmentType
prx:dev:family: Dovetail
prx:dev:application: CDN Usage
Timeout: 30
DovetailCdnUsageFunctionLogGroup:
Type: AWS::Logs::LogGroup
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
LogGroupName: !Sub /aws/lambda/${DovetailCdnUsageFunction}
RetentionInDays: 14
Tags:
- { Key: prx:meta:tagging-version, Value: "2021-04-07" }
- { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
- { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
- { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
- { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
- { Key: prx:ops:environment, Value: !Ref EnvironmentType }
- { Key: prx:dev:family, Value: Dovetail }
- { Key: prx:dev:application, Value: CDN Usage }
DovetailCdnUsageFunctionElevatedErrorAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ERROR [Dovetail-CDN] Usage Lambda function <${EnvironmentTypeAbbreviation}> INVOCATIONS ERRORS (${RootStackName})
AlarmDescription: !Sub >-
${EnvironmentType} Dovetail CDN Usage function is failing. Executions
of this lambda are idempotent so this is generally not a problem. But
we could potentially lose data if we fail for 14+ days.
ComparisonOperator: GreaterThanThreshold
Dimensions:
- Name: FunctionName
Value: !Ref DovetailCdnUsageFunction
EvaluationPeriods: 1
MetricName: Errors
Namespace: AWS/Lambda
Period: 60
Statistic: Sum
Tags:
- { Key: prx:meta:tagging-version, Value: "2021-04-07" }
- { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
- { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
- { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
- { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
- { Key: prx:ops:environment, Value: !Ref EnvironmentType }
- { Key: prx:dev:family, Value: Dovetail }
- { Key: prx:dev:application, Value: CDN Usage }
Threshold: 0
TreatMissingData: notBreaching