forked from mlevit/aws-auto-cleanup
-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
129 lines (126 loc) · 3.55 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
service: auto-cleanup
provider:
name: aws
runtime: python3.7
stage: production
region: ap-southeast-2
profile: saml
environment:
PYTHONPATH: "/var/task/auto-cleanup:/var/runtime" # fixes issue of importing Python files from within a directory
iamRoleStatements:
- Effect: "Allow"
Action:
- "dynamodb:BatchWriteItem"
- "dynamodb:DeleteTable"
- "dynamodb:DescribeTable"
- "dynamodb:GetItem"
- "dynamodb:ListTables"
- "dynamodb:PutItem"
- "dynamodb:Scan"
Resource: "*"
- Effect: "Allow"
Action:
- "cloudformation:DeleteStack"
- "cloudformation:DescribeStacks"
Resource: "*"
- Effect: "Allow"
Action:
- "ec2:DeleteSnapshot"
- "ec2:DeleteVolume"
- "ec2:DescribeAddresses"
- "ec2:DescribeImages"
- "ec2:DescribeInstanceAttribute"
- "ec2:DescribeInstances"
- "ec2:DescribeSnapshots"
- "ec2:DescribeVolumes"
- "ec2:DescribeVolumes"
- "ec2:ModifyInstanceAttribute"
- "ec2:ReleaseAddress"
- "ec2:StopInstances"
- "ec2:TerminateInstances"
Resource: "*"
- Effect: "Allow"
Action:
- "lambda:DeleteFunction"
- "lambda:ListFunctions"
Resource: "*"
- Effect: "Allow"
Action:
- "rds:DeleteDBInstance"
- "rds:DeleteDBSnapshot"
- "rds:DescribeDBInstances"
- "rds:DescribeDBSnapshots"
- "rds:ModifyDBInstance"
Resource: "*"
- Effect: "Allow"
Action:
- "redshift:DeleteCluster"
- "redshift:DeleteClusterSnapshot"
- "redshift:DescribeClusterSnapshots"
- "redshift:DescribeClusters"
Resource: "*"
- Effect: "Allow"
Action:
- "s3:DeleteBucket"
- "s3:DeleteObject"
- "s3:DeleteObjectVersion"
- "s3:List*"
Resource: "*"
functions:
AutoCleanup:
handler: auto-cleanup.handler.handler
name: auto-cleanup-${self:provider.stage}
description: Auto Cleanup removes unused AWS resources
memorySize: 128
timeout: 300
package:
include:
- auto-cleanup/**
- data/**
environment:
SETTINGSTABLE: auto-cleanup-settings-${self:provider.stage}
WHITELISTTABLE: auto-cleanup-whitelist-${self:provider.stage}
LOGLEVEL: INFO
events:
- schedule:
rate: rate(3 days)
enabled: true
resources:
Resources:
SettingsTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: auto-cleanup-settings-${self:provider.stage}
AttributeDefinitions:
- AttributeName: key
AttributeType: S
- AttributeName: category
AttributeType: S
KeySchema:
- AttributeName: key
KeyType: HASH
- AttributeName: category
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
WhitelistTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: auto-cleanup-whitelist-${self:provider.stage}
AttributeDefinitions:
- AttributeName: resource_id
AttributeType: S
- AttributeName: expire_at
AttributeType: N
KeySchema:
- AttributeName: resource_id
KeyType: HASH
- AttributeName: expire_at
KeyType: RANGE
TimeToLiveSpecification:
AttributeName: expire_at
Enabled: true
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1