diff --git a/serverless.yml b/serverless.yml index 5c421452..50ce2bb5 100644 --- a/serverless.yml +++ b/serverless.yml @@ -61,40 +61,11 @@ functions: uri: ${env:ECR_URI}:${env:GITHUB_SHA} timeout: 900 memorySize: 2048 + role: EngineLambdaRole events: - sqs: arn: arn:aws:sqs:${self:provider.region}:${aws:accountId}:model-engine-queue batchSize: 1 - iamRoleStatements: - - Effect: Allow - Action: - - sqs:ReceiveMessage - - sqs:DeleteMessage - - sqs:GetQueueAttributes - Resource: - - Fn::GetAtt: [ EngineQueue, Arn ] - - Effect: Allow - Action: - - s3:* - Resource: - - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET} - - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}/* - - arn:aws:s3:::${env:PREDICTIONS_BUCKET} - - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/* - - arn:aws:s3:::${env:DATA_BUCKET} - - arn:aws:s3:::${env:DATA_BUCKET}/* - - arn:aws:s3:::${env:ENERGY_ASSESSMENTS_BUCKET} - - arn:aws:s3:::${env:ENERGY_ASSESSMENTS_BUCKET}/* - - arn:aws:s3:::${env:SAP_PREDICTIONS_BUCKET} - - arn:aws:s3:::${env:SAP_PREDICTIONS_BUCKET}/* - - arn:aws:s3:::${env:CARBON_PREDICTIONS_BUCKET} - - arn:aws:s3:::${env:CARBON_PREDICTIONS_BUCKET}/* - - arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET} - - arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET}/* - - arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET} - - arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET}/* - - arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET} - - arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET}/* resources: Resources: @@ -147,3 +118,58 @@ resources: - arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET}/* - arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET}/* - arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET}/* + + EngineLambdaRole: + Type: AWS::IAM::Role + Properties: + RoleName: retrofit-engine-lambda-role-${self:provider.region} + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Action: + - sts:AssumeRole + Policies: + - PolicyName: EngineLambdaPolicy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: arn:aws:logs:*:*:* + - Effect: Allow + Action: + - sqs:ReceiveMessage + - sqs:DeleteMessage + - sqs:GetQueueAttributes + Resource: + - Fn::GetAtt: [ EngineQueue, Arn ] + - Effect: Allow + Action: + - s3:GetObject + - s3:ListBucket + Resource: + - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET} + - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}/* + - arn:aws:s3:::${env:PREDICTIONS_BUCKET} + - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/* + - arn:aws:s3:::${env:DATA_BUCKET} + - arn:aws:s3:::${env:DATA_BUCKET}/* + - arn:aws:s3:::${env:ENERGY_ASSESSMENTS_BUCKET} + - arn:aws:s3:::${env:ENERGY_ASSESSMENTS_BUCKET}/* + - arn:aws:s3:::${env:SAP_PREDICTIONS_BUCKET} + - arn:aws:s3:::${env:SAP_PREDICTIONS_BUCKET}/* + - arn:aws:s3:::${env:CARBON_PREDICTIONS_BUCKET} + - arn:aws:s3:::${env:CARBON_PREDICTIONS_BUCKET}/* + - arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET} + - arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET}/* + - arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET} + - arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET}/* + - arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET} + - arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET}/*