examples/powertools-examples-sqs/template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  sqs batch processing demo

Globals:
  Function:
    Timeout: 20
    Runtime: java11
    MemorySize: 512
    Tracing: Active
    Environment:
      Variables:
        # Powertools for AWS Lambda (Java) env vars: https://docs.powertools.aws.dev/lambda/java/#environment-variables
        POWERTOOLS_LOG_LEVEL: INFO
        POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1
        POWERTOOLS_LOGGER_LOG_EVENT: true

Resources:
  CustomerKey:
    Type: AWS::KMS::Key
    Properties:
      Description: KMS key for encrypted queues
      Enabled: true
      KeyPolicy:
        Version: '2012-10-17'
        Statement:
          - Sid: Enable IAM User Permissions
            Effect: Allow
            Principal:
              AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:root'
            Action: 'kms:*'
            Resource: '*'
          - Sid: Allow use of the key
            Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action:
              - kms:Decrypt
              - kms:GenerateDataKey
            Resource: '*'

  CustomerKeyAlias:
    Type: AWS::KMS::Alias
    Properties:
      AliasName: alias/sqs-key
      TargetKeyId: !Ref CustomerKey

  DemoDlqSqsQueue:
    Type: AWS::SQS::Queue
    Properties:
      KmsMasterKeyId: !Ref CustomerKey

  DemoSqsQueue:
    Type: AWS::SQS::Queue
    Properties:
      RedrivePolicy:
        deadLetterTargetArn:
          Fn::GetAtt:
            - "DemoDlqSqsQueue"
            - "Arn"
        maxReceiveCount: 2
      KmsMasterKeyId: !Ref CustomerKey

  DemoSQSSenderFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: org.demo.sqs.SqsMessageSender::handleRequest
      Environment:
        Variables:
          POWERTOOLS_SERVICE_NAME: sqs-demo
          QUEUE_URL: !Ref DemoSqsQueue
      Policies:
        - Statement:
          - Sid: SQSSendMessageBatch
            Effect: Allow
            Action:
              - sqs:SendMessageBatch
              - sqs:SendMessage
            Resource: !GetAtt DemoSqsQueue.Arn
          - Sid: SQSKMSKey
            Effect: Allow
            Action:
              - kms:GenerateDataKey
              - kms:Decrypt
            Resource: !GetAtt CustomerKey.Arn
      Events:
        CWSchedule:
          Type: Schedule
          Properties:
            Schedule: 'rate(5 minutes)'
            Name: !Join ["-", ["message-producer-schedule", !Select [0, !Split [-, !Select [2, !Split [/, !Ref AWS::StackId ]]]]]]
            Description: Produce message to SQS via a Lambda function
            Enabled: true

  DemoSQSConsumerFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: org.demo.sqs.SqsPoller::handleRequest
      Environment:
        Variables:
          POWERTOOLS_SERVICE_NAME: sqs-demo
      Policies:
        - Statement:
            - Sid: SQSDeleteGetAttribute
              Effect: Allow
              Action:
                - sqs:DeleteMessageBatch
                - sqs:GetQueueAttributes
              Resource: !GetAtt DemoSqsQueue.Arn
            - Sid: SQSSendMessageBatch
              Effect: Allow
              Action:
                - sqs:SendMessageBatch
                - sqs:SendMessage
              Resource: !GetAtt DemoDlqSqsQueue.Arn
            - Sid: SQSKMSKey
              Effect: Allow
              Action:
                - kms:GenerateDataKey
                - kms:Decrypt
              Resource: !GetAtt CustomerKey.Arn
      Events:
        MySQSEvent:
          Type: SQS
          Properties:
            Queue: !GetAtt DemoSqsQueue.Arn
            BatchSize: 2
            MaximumBatchingWindowInSeconds: 300

Outputs:
  DemoSqsQueue:
    Description: "ARN for main SQS queue"
    Value: !GetAtt DemoSqsQueue.Arn
  DemoDlqSqsQueue:
    Description: "ARN for DLQ"
    Value: !GetAtt DemoDlqSqsQueue.Arn
  DemoSQSSenderFunction:
    Description: "Sender SQS Lambda Function ARN"
    Value: !GetAtt DemoSQSSenderFunction.Arn
  DemoSQSConsumerFunction:
    Description: "Consumer SQS Lambda Function ARN"
    Value: !GetAtt DemoSQSConsumerFunction.Arn
  DemoSQSConsumerFunctionRole:
    Description: "Implicit IAM Role created for SQS Lambda Function ARN"
    Value: !GetAtt DemoSQSConsumerFunctionRole.Arn