-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
632 lines (613 loc) · 20.2 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
SAM Template for Minecraft Environment Deployment
Parameters:
MinecraftDomain:
Type: String
Description: Public domain to connect to Minecraft server (ECS container task)
Default: 'null'
MinecraftSubDomain:
Type: String
Description: Public sub-domain to connect to Minecraft server (ECS container task)
Default: 'null'
MinecraftHostedZoneId:
Type: String
Description: Hosted zone ID for public domain to connect to Minecraft server
Default: 'null'
MinecraftServerImage:
Type: String
Description: Container image's $REPOSITORY_URL/$IMAGE:$TAG for Minecraft server
IsCreatedNLB:
Type: String
Description: |
Is created NLB or not.
If is not created (== 'true'), no running costs but no the Internet connection (i.e., no connection to the Minecraft server).
To use for switching on/off by Switcher Lambda Function.
Default: 'true'
DesiredECSTaskCount:
Type: Number
Description: |
Number of running ECS task on ECS server.
If is 0, no running costs but no running server (i.e., no connection to the Minecraft server).
To use for switching on/off by Switcher Lambda Function.
Default: 1
HostedZoneIdForS3:
Type: String
Description: |
Default parameter is from Asia Pacific (Tokyo) region (ap-northeast-1).
Details > https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints
Default: Z2M4EHUR26P7ZW
MinecraftWhiteListString:
Type: String
Description: |
Comma-separated user whitelist srting for Minecraft.
Required username and UUID from Minecraft.
E.g.) ${UUID_01}:${USERNAME_01},${UUID_02}:${USERNAME_02}
Default: ''
MinecraftContainerCpuSize:
Type: Number
Description: |
Minecraft container's CPU size.
Default: 1024
MinecraftContainerMemorySoftLimit:
Type: Number
Description: |
Minecraft container's memory soft-limit.
Default: 1024
MinecraftContainerMemoryHardLimit:
Type: Number
Description: |
Minecraft container's memory hard-limit.
This value should be twice soft-limit.
Default: 2048
ResourceTagKey:
Type: String
Description: Tag key to be associated with resources, almost identical to the key name auto-generated by SAM-CLI (difference is prefix `aws` to `minecraft`,) set AWS::StackName to value
Default: minecraft:cloudformation:stack-name
Conditions:
IsCreatedNLB: !Equals [ !Ref IsCreatedNLB, 'true' ]
IsSetCustomDomain: !Not [ !Equals [ !Ref MinecraftDomain, 'null' ] ]
IsSetCustomSubDomain: !Not [ !Equals [ !Ref MinecraftSubDomain, 'null' ] ]
IsReusedHostedZone: !Not [ !Equals [ !Ref MinecraftHostedZoneId, 'null' ] ]
Resources:
# VPC
MinecraftVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.10.0.0/24
EnableDnsHostnames: true
MinecraftVPCPublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MinecraftVPC
CidrBlock: 10.10.0.0/28
MapPublicIpOnLaunch: true
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
MinecraftVPCSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: For Minecraft server
VpcId: !Ref MinecraftVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 25565
ToPort: 25565
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 25565
ToPort: 25565
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
FromPort: -1
ToPort: -1
CidrIp: 0.0.0.0/0
# IGW
MinecraftVPCIGW:
Type: AWS::EC2::InternetGateway
MinecraftVPCIGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MinecraftVPCIGW
VpcId: !Ref MinecraftVPC
# RoutingTable
MinecraftVPCRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MinecraftVPC
MinecraftVPCRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MinecraftVPCRouteTable
SubnetId: !Ref MinecraftVPCPublicSubnet
MinecraftVPCRoute:
Type: AWS::EC2::Route
Properties:
GatewayId: !Ref MinecraftVPCIGW
RouteTableId: !Ref MinecraftVPCRouteTable
DestinationCidrBlock: 0.0.0.0/0
# NLB
MinecraftVPCPublicSubnetNLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Condition: IsCreatedNLB
Properties:
Type: network
Subnets:
- !Ref MinecraftVPCPublicSubnet
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
MinecraftVPCPublicSubnetNLBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Condition: IsCreatedNLB
Properties:
VpcId: !Ref MinecraftVPC
TargetType: ip
Protocol: TCP_UDP
Port: 25565
MinecraftVPCPublicSubnetNLBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Condition: IsCreatedNLB
Properties:
LoadBalancerArn: !Ref MinecraftVPCPublicSubnetNLB
Protocol: TCP_UDP
Port: 25565
DefaultActions:
- Type: forward
TargetGroupArn: !Ref MinecraftVPCPublicSubnetNLBTargetGroup
# Route53
MinecraftRoute53HostedZone:
Type: AWS::Route53::HostedZone
Condition: IsSetCustomDomain
Properties:
Name: !Ref MinecraftDomain
HostedZoneTags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
MinecraftRoute53RecordSetGroup:
Type: AWS::Route53::RecordSetGroup
Condition: IsSetCustomSubDomain
Properties:
HostedZoneId: !If
- IsReusedHostedZone
- !Ref MinecraftHostedZoneId
- !Ref MinecraftRoute53HostedZone
RecordSets:
- Type: A
Name: !Sub ${MinecraftSubDomain}.
AliasTarget: !If
- IsCreatedNLB
- HostedZoneId: !GetAtt MinecraftVPCPublicSubnetNLB.CanonicalHostedZoneID
DNSName: !GetAtt MinecraftVPCPublicSubnetNLB.DNSName
- HostedZoneId: !Ref HostedZoneIdForS3
DNSName: !Sub s3-website-${AWS::Region}.amazonaws.com
# ECS
MinecraftECSCluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Sub ${AWS::StackName}-minecraft
ClusterSettings:
- Name: containerInsights
Value: enabled
MinecraftECSTask:
Type: AWS::ECS::TaskDefinition
DependsOn:
- MinecraftBucket
- MinecraftBackupBucket
Properties:
Family: minecraft
Cpu: !Ref MinecraftContainerCpuSize
Memory: !Ref MinecraftContainerMemoryHardLimit
RuntimePlatform:
CpuArchitecture: ARM64
RequiresCompatibilities:
- FARGATE
NetworkMode: awsvpc
TaskRoleArn: !Ref MinecraftECSTaskRole
ExecutionRoleArn: !Ref MinecraftECSTaskExecRole
ContainerDefinitions:
- Name: minecraft-server
Image: !Ref MinecraftServerImage
MemoryReservation: !Ref MinecraftContainerMemorySoftLimit
PortMappings:
- ContainerPort: 25565
StopTimeout: 120
Essential: true
Environment:
- Name: BUCKET_NAME
Value: !Ref AWS::StackName
- Name: BACKUP_BUCKET_NAME
Value: !Sub backup.${AWS::StackName}
- Name: MINECRAFT_MEMORY
Value: !Ref MinecraftContainerMemorySoftLimit
- Name: MINECRAFT_WHITE_LIST
Value: !Ref MinecraftWhiteListString
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: !Ref AWS::Region
awslogs-group: !Ref MinecraftECSLogGroup
awslogs-stream-prefix: minecraft
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
MinecraftECSService:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref MinecraftECSCluster
ServiceName: minecraft
LaunchType: FARGATE
TaskDefinition: !Ref MinecraftECSTask
DesiredCount: !Ref DesiredECSTaskCount
DeploymentConfiguration:
MinimumHealthyPercent: 0
EnableExecuteCommand: true
LoadBalancers:
- !If
- IsCreatedNLB
- ContainerName: minecraft-server
ContainerPort: 25565
TargetGroupArn: !Ref MinecraftVPCPublicSubnetNLBTargetGroup
- !Ref AWS::NoValue
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
SecurityGroups:
- !Ref MinecraftVPCSG
Subnets:
- !Ref MinecraftVPCPublicSubnet
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
# ECS service depends on NLB Listener but DependsOn cannot use Fn::If
- !If
- IsCreatedNLB
- Key: NLBListener
Value: !Ref MinecraftVPCPublicSubnetNLBListener
- !Ref AWS::NoValue
MinecraftECSLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub /ecs/logs/${AWS::StackName}/minecraft-server
RetentionInDays: 14
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
# S3
MinecraftBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref AWS::StackName
MinecraftBackupBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub backup.${AWS::StackName}
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: VersioningSettingForLatestMinecraftServer
Status: Enabled
Prefix: minecraft-server/latest/
NoncurrentVersionTransitions:
- StorageClass: GLACIER
TransitionInDays: 7
NoncurrentVersionExpiration:
NoncurrentDays: 90
NewerNoncurrentVersions: 10
- Id: AbortIncompleteMultipartUploadForLatestMinecraftServer
Status: Enabled
Prefix: minecraft-server/latest/
AbortIncompleteMultipartUpload:
DaysAfterInitiation: 3
## NLBリソースを削除している際にもRoute53のHostedZoneでドメイン登録するために
## 用意しているダミーS3バケット
HoldedDomainSettingsBucket:
Type: AWS::S3::Bucket
Condition: IsSetCustomSubDomain
Properties:
BucketName: !Ref MinecraftSubDomain
# Lambda
MinecraftSwitcher:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-minecraft-switcher
CodeUri: src/switcher/
Handler: app.handler
Runtime: python3.9
Architectures:
- arm64
FunctionUrlConfig:
AuthType: NONE
Environment:
Variables:
STACK_NAME: !Ref AWS::StackName
SWITCHED_PARAMETER: 'IsCreatedNLB'
CHANGED_TASK_COUNT_PARAMETER: 'DesiredECSTaskCount'
TABLE_NAME: !Ref MinecraftConnectedCounterTable
Events:
SnsSwitchOffTopic:
Type: SNS
Properties:
Topic: !Ref MinecraftServerSwitchOffSNSTopic
Policies:
- ElasticLoadBalancingReadOnly
- AmazonRoute53ReadOnlyAccess
- CloudFormationDescribeStacksPolicy: !Ref AWS::NoValue
- Route53ChangeResourceRecordSetsPolicy:
HostedZoneId: '*'
- SNSCrudPolicy:
TopicName: '*'
- DynamoDBReadPolicy:
TableName: !Ref MinecraftConnectedCounterTable
- Statement:
- Sid: CloudFormationUpdateStack
Effect: Allow
Action:
- cloudformation:*
Resource:
- !Ref AWS::StackId
- Sid: ECSUpdateService
Effect: Allow
Action: '*'
Resource:
- !Ref MinecraftECSService
- Sid: IAMPassRole
Effect: Allow
Action:
- iam:GetRole
- iam:PassRole
Resource:
- !GetAtt MinecraftECSTaskExecRole.Arn
- !GetAtt MinecraftECSTaskRole.Arn
- !GetAtt CloudWatchLogsSubscriptionFilterRole.Arn
- Sid: NLBUpdate
Effect: Allow
Action:
- elasticloadbalancing:CreateLoadBalancer
- elasticloadbalancing:DeleteLoadBalancer
- elasticloadbalancing:CreateTargetGroup
- elasticloadbalancing:DeleteTargetGroup
- elasticloadbalancing:CreateListener
- elasticloadbalancing:DeleteListener
Resource:
- !Sub arn:aws:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:loadbalancer/net/*
- !Sub arn:aws:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:targetgroup/*
- !Sub arn:aws:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:listener/net/*
- Sid: Route53UpdateHostedZone
Effect: Allow
Action:
- route53:CreateHostedZone
- route53:DeleteHostedZone
Resource: '*'
- Sid: LambdaGetURLConfig
Effect: Allow
Action:
- lambda:GetFunctionUrlConfig
Resource:
- !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:*
- Sid: CloudWatchLogsDescribeLogGroups
Effect: Allow
Action:
- logs:DescribeLogGroups
- logs:DescribeSubscriptionFilters
Resource: '*'
- Sid: CloudWatchLogsCreateSubscriptionFilter
Effect: Allow
Action:
- logs:CreateSubscriptionFilter
- logs:DeleteSubscriptionFilter
- logs:PutSubscriptionFilter
Resource:
- !GetAtt MinecraftECSLogGroup.Arn
- Sid: KinesisCreateStream
Effect: Allow
Action:
- kinesis:DescribeStreamSummary
- kinesis:CreateStream
- kinesis:DeleteStream
- kinesis:AddTagsToStream
- kinesis:RemoveTagsFromStream
Resource:
- !Sub arn:aws:kinesis:${AWS::Region}:${AWS::AccountId}:stream/*
- Sid: LambdaCreateEvent
Effect: Allow
Action:
- lambda:GetEventSourceMapping
- lambda:CreateEventSourceMapping
- lambda:DeleteEventSourceMapping
# lambda:*EventSourceMappingアクションはリソースレベルのアクセス許可が未サポート
Resource: '*'
- Sid: LambdaAddPermission
Effect: Allow
Action:
- lambda:AddPermission
- lambda:RemovePermission
Resource:
- !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:*
MinecraftSwitcherLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub /aws/lambda/${MinecraftSwitcher}
RetentionInDays: 14
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
# CloudWatch Logs Subscription Filter to count the number of connected some clients
MinecraftECSConnectedCountSubscriptionFilter:
Type: AWS::Logs::SubscriptionFilter
Condition: IsCreatedNLB
Properties:
LogGroupName: !Ref MinecraftECSLogGroup
FilterPattern: ' the game'
DestinationArn: !GetAtt MinecraftECSLogKinesisDataStream.Arn
RoleArn: !GetAtt CloudWatchLogsSubscriptionFilterRole.Arn
MinecraftECSLogKinesisDataStream:
Type: AWS::Kinesis::Stream
Condition: IsCreatedNLB
Properties:
StreamModeDetails:
StreamMode: ON_DEMAND
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
MinecraftECSConnectedSomeClientsCounter:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-minecraft-ecs-connected-counter
CodeUri: src/clients_counter
Handler: app.handler
Runtime: python3.9
Architectures:
- arm64
Environment:
Variables:
TABLE_NAME: !Ref MinecraftConnectedCounterTable
Policies:
- KinesisStreamReadPolicy:
StreamName: '*'
- DynamoDBCrudPolicy:
TableName: !Ref MinecraftConnectedCounterTable
MinecraftECSConnectedSomeClientsCounterEventOfKinesisDataStream:
Type: AWS::Lambda::Permission
Condition: IsCreatedNLB
Properties:
FunctionName: !Ref MinecraftECSConnectedSomeClientsCounter
Action: lambda:InvokeFunction
Principal: kinesis.amazonaws.com
SourceArn: !GetAtt MinecraftECSLogKinesisDataStream.Arn
MinecraftECSConnectedSomeClientsCounterEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Condition: IsCreatedNLB
Properties:
Enabled: true
FunctionName: !Ref MinecraftECSConnectedSomeClientsCounter
EventSourceArn: !GetAtt MinecraftECSLogKinesisDataStream.Arn
StartingPosition: TRIM_HORIZON
MinecraftECSConnectedSomeClientsCounterLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub /aws/lambda/${MinecraftECSConnectedSomeClientsCounter}
RetentionInDays: 14
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
MinecraftConnectedCounterTable:
Type: AWS::Serverless::SimpleTable
Properties:
Tags:
# Key is not used Fn::Ref: ResourceTagKey
minecraft:cloudformation:stack-name: !Ref AWS::StackName
# CloudWatch Logs Metric Filter for alarm when the number of connected some clients reaches 0
MinecraftECSConnectedCountMetricFilter:
Type: AWS::Logs::MetricFilter
Properties:
FilterPattern: '{ $.connected_count = 0 }'
LogGroupName: !Ref MinecraftECSConnectedSomeClientsCounterLogGroup
MetricTransformations:
- MetricNamespace: MinecraftECSTask
MetricName: !Sub ${MinecraftECSConnectedSomeClientsCounterLogGroup}/minecraft-connected-count
MetricValue: 1
MinecraftECSConnectedAnyClientsAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ${AWS::StackName}-minecraft-ecs-connected-any-clients
ComparisonOperator: GreaterThanOrEqualToThreshold
Threshold: 1
DatapointsToAlarm: 1
EvaluationPeriods: 30
TreatMissingData: notBreaching
Metrics:
- Id: result
Label: minecraft_connected_count_repeared
Expression: FILL(m1, 0)
ReturnData: true
- Id: m1
Label: minecraft_connected_count
MetricStat:
Metric:
Namespace: MinecraftECSTask
MetricName: !Sub ${MinecraftECSConnectedSomeClientsCounterLogGroup}/minecraft-connected-count
Period: 60
Stat: Sum
ReturnData: false
OKActions:
- !Ref MinecraftServerSwitchOffSNSTopic
MinecraftServerSwitchOffSNSTopic:
Type: AWS::SNS::Topic
Properties:
Subscription:
- Protocol: lambda
Endpoint: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${AWS::StackName}-minecraft-switcher
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
# IAM
MinecraftECSTaskExecRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${AWS::StackName}-minecraft-server-task-exec-role
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
MinecraftECSTaskRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${AWS::StackName}-minecraft-server-task-role
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonS3FullAccess
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
CloudWatchLogsSubscriptionFilterRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- !Sub logs.${AWS::Region}.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: !Sub ${AWS::StackName}-PutRecordToKinesisDataStream
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- kinesis:PutRecord
Resource: '*'
Tags:
- Key: !Ref ResourceTagKey
Value: !Ref AWS::StackName
Outputs:
MinecraftSwitcherURL:
Description: MinecraftSwitcher Lambda function endpoint URL
Value: !GetAtt MinecraftSwitcherUrl.FunctionUrl