AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Resources: DeliveryStream: Type: AWS::KinesisFirehose::DeliveryStream DependsOn: - DeliveryPolicy Properties: DeliveryStreamName: OrdersDeliveryStream ExtendedS3DestinationConfiguration: BucketARN: !Sub "arn:aws:s3:::${S3Bucket}" BufferingHints: IntervalInSeconds: 60 SizeInMBs: 50 CompressionFormat: UNCOMPRESSED Prefix: firehose/ RoleARN: !GetAtt DeliveryRole.Arn S3Bucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub "orders-${AWS::Region}-${AWS::AccountId}" VersioningConfiguration: Status: Enabled DeliveryRole: Type: AWS::IAM::Role Properties: RoleName: OrdersDeliveryStreamRole AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: firehose.amazonaws.com Action: 'sts:AssumeRole' Condition: StringEquals: 'sts:ExternalId': !Ref AWS::AccountId DeliveryPolicy: Type: AWS::IAM::Policy Properties: PolicyName: firehose_delivery_policy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 's3:AbortMultipartUpload' - 's3:GetBucketLocation' - 's3:GetObject' - 's3:ListBucket' - 's3:ListBucketMultipartUploads' - 's3:PutObject' Resource: - !Sub "arn:aws:s3:::${S3Bucket}" - !Sub "arn:aws:s3:::${S3Bucket}/*" Roles: - !Ref DeliveryRole OrdersStateMachine: Type: "AWS::StepFunctions::StateMachine" Properties: StateMachineName: OrderProcessing RoleArn: !GetAtt StepFunctionsServiceRole.Arn DefinitionString: !Sub |- { "Comment": "Processes an Order received from the EventBridge Subscription", "StartAt": "ProcessOrder", "States": { "ProcessOrder": { "Type": "Pass", "Next": "PublishOrderProcessedEvent" }, "PublishOrderProcessedEvent": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "TopicArn": "${InventoryTopic}", "Message.$": "$.detail" }, "End": true } } } InventoryTopic: Type: AWS::SNS::Topic Properties: TopicName: Inventory OrdersQueue: Type: AWS::SQS::Queue Properties: QueueName: Orders OrdersTopic: Type: AWS::SNS::Topic Properties: TopicName: Orders Subscription: - Endpoint: !GetAtt OrdersQueue.Arn Protocol: sqs OrdersQueuePolicy: Type: AWS::SQS::QueuePolicy Properties: Queues: - !Ref OrdersQueue PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: "*" Action: - 'sqs:SendMessage' Resource: !GetAtt OrdersQueue.Arn Condition: ArnEquals: aws:SourceArn: !Ref OrdersTopic StepFunctionsServiceRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "sts:AssumeRole" Principal: Service: !Sub "states.${AWS::Region}.amazonaws.com" Policies: - PolicyName: "SnsServiceIntegration" PolicyDocument: Version: '2012-10-17' Statement: - Effect: "Allow" Action: - "sns:Publish" Resource: - !Ref InventoryTopic