template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  Isma237-StopEC2Instances

  SAM Template to deploy a simple lambda function to stop ec2 instances by TAG

Parameters:
  SenderEmailAddress:
    Type: AWS::SSM::Parameter::Value<String>
    Description: Adresse email de l'emetteur
  ReceiverEmailAddress:
    Type: AWS::SSM::Parameter::Value<String>
    Description: Adresse email de la personne qui sera notifiée après le traitement
  SESIdentitySenderUser:
    Type: AWS::SSM::Parameter::Value<String>
    Description: SES Identity for Sender Email User

  TagKeysList:
    Type: String
    Description: Liste des clés des TAGS séparées par des virgules __ NB-- Le nombre doit êre identique à celui de la variable TagValuesList. Exemple key1,key2

  TagValuesList:
    Type: String
    Description: Liste des valeurs des TAGS séparées par des virgules __ NB -- Le nombre doit êre identique à celui de la variable TagKeysList Exemple tag1,tag2

  EventBridgeDescription:
    Type: String
    Description: La description que vous spécifiez pour la planification

  CronPlanification:
    Type: String
    Description: La fréquence d'exécution de lancement du programme

  S3BucketName:
    Type: String
    Description: Le nom du bucket dans lequel seront stockés les différents build
    #Default: Excemple at(2023-01-06T19:26:00) ou encore cron(30 19 * * *)

Globals:
  Function:
    Timeout: 3

Resources:
  EventCallFunction:
    Type: AWS::Scheduler::Schedule
    Properties:
      Description: !Ref EventBridgeDescription
      ScheduleExpression: !Ref CronPlanification
      FlexibleTimeWindow:
        Mode: FLEXIBLE
        MaximumWindowInMinutes: 15
      Target:
        Arn: !GetAtt StopEC2Instance.Arn
        RoleArn: !GetAtt CallStopEC2FunctionRole.Arn

  CallStopEC2FunctionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - scheduler.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Policies:
       - PolicyName: EventCallAWSLambdaFunction
         PolicyDocument:
           Version: 2012-10-17
           Statement:
             - Effect: Allow
               Action:
                - lambda:InvokeFunction
               Resource: !GetAtt StopEC2Instance.Arn

  StopEC2Instance:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: stop_ec2_instance/
      Handler: app.lambda_handler
      Runtime: python3.9
      Architectures:
        - x86_64
      Environment:
        Variables:
          senderEmail: !Ref SenderEmailAddress
          receiverEmail: !Ref ReceiverEmailAddress
          tagKeysList: !Ref TagKeysList
          tagValuesList: !Ref TagValuesList
      Layers:
        - !Ref PopulateLayers
      Policies:
        - AWSLambda_ReadOnlyAccess
        - Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - ec2:StopInstances
            - ec2:DescribeInstances
            Resource: '*'
        - Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
              - ses:sendEmail
            Resource: !Ref SESIdentitySenderUser

  PopulateLayers:
    Type: AWS::Lambda::LayerVersion
    Properties:
      Content:
        S3Bucket: !Ref S3BucketName
        S3Key: populate_layer.zip
      CompatibleRuntimes:
        - python3.9
Outputs:
  StopEC2InstanceFunction:
    Description: "ARN of StopEC2InstanceFunction"
    Value: !GetAtt StopEC2Instance.Arn
  StopEC2InstanceIamRole:
    Description: "Implicit IAM Role created for Hello World function"
    Value: !GetAtt StopEC2InstanceRole.Arn