ACM FunctionName removed. Macro and references removed

Author: mohsanjaffery

.gitignore

@@ -9,6 +9,10 @@
 **/out-tsc
 **/settings.js
 **/packaged.template
+macro.zip
+packaged.template
+packaged.zip
+s-headers.zip
 
 # dependencies
 **/node_modules

templates/acm-certificate.yaml

@@ -7,7 +7,7 @@ Parameters:
   Region:
     Type: String
     Default: 'us-east-1'
-  CustomResourceStack:
+  CFNCustomProvider:
     Type: String
 
 Resources:
@@ -17,20 +17,20 @@ Resources:
       DomainName: !Sub '*.${DomainName}'
       Region: !Ref Region
       ValidationMethod: DNS
-      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-certificate-provider'
+      ServiceToken: !Ref 'CFNCustomProvider'
 
   IssuedCertificate:
     Type: Custom::IssuedCertificate
     Properties:
       CertificateArn: !Ref Certificate
-      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-certificate-provider'
+      ServiceToken: !Ref 'CFNCustomProvider'
 
   CertificateDNSRecord:
     Type: Custom::CertificateDNSRecord
     Properties:
       CertificateArn: !Ref Certificate
       DomainName: !Sub '*.${DomainName}'
-      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-certificate-provider'
+      ServiceToken: !Ref 'CFNCustomProvider'
 
   DomainValidationRecord:
     Type: AWS::Route53::RecordSetGroup
@@ -48,7 +48,5 @@ Resources:
 Outputs:
   DNSRecord:
     Value: !Sub '${CertificateDNSRecord.Name} ${CertificateDNSRecord.Type} ${CertificateDNSRecord.Value}'
-  CustomResourceStack:
-    Value: !Ref CustomResourceStack
   CertificateArn: 
     Value: !Ref Certificate

templates/cloudfront-site.yaml

@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Description: ACFS3 - CloudFront with Header Security and site content
-Transform: ['AWS::Serverless-2016-10-31', 'S3Objects']
+Transform: 'AWS::Serverless-2016-10-31'
 
 Parameters:
   CertificateArn:
@@ -17,7 +17,6 @@ Parameters:
     Type: String
 
 Resources:
-
   S3BucketLogs:
     Type: AWS::S3::Bucket
     DeletionPolicy: Retain
@@ -157,46 +156,6 @@ Resources:
           # The  following HosteZoneId is always used for alias records pointing to CF.
           HostedZoneId: 'Z2FDTNDATAQYW2'
 
-  CopiedIndex:
-    Type: AWS::S3::Object
-    Properties:
-      Source:
-        Bucket: !Sub 'solution-builders-${AWS::Region}'
-        Key: !Sub 'amazon-cloudfront-secure-static-site/${Release}/source/website/index.html'
-      Target:
-        Bucket: !Ref S3BucketRoot
-        Key: index.html
-
-  CopiedOther:
-    Type: AWS::S3::Object
-    Properties:
-      Source:
-        Bucket: !Sub 'solution-builders-${AWS::Region}'
-        Key: !Sub 'amazon-cloudfront-secure-static-site/${Release}/source/website/other.html'
-      Target:
-        Bucket: !Ref S3BucketRoot
-        Key: other.html
-
-  CopiedError:
-    Type: AWS::S3::Object
-    Properties:
-      Source:
-        Bucket: !Sub 'solution-builders-${AWS::Region}'
-        Key: !Sub 'amazon-cloudfront-secure-static-site/${Release}/source/website/404.html'
-      Target:
-        Bucket: !Ref S3BucketRoot
-        Key: 404.html
-
-  CopiedCssStyles:
-    Type: AWS::S3::Object
-    Properties:
-      Source:
-        Bucket: !Sub 'solution-builders-${AWS::Region}'
-        Key: !Sub 'amazon-cloudfront-secure-static-site/${Release}/source/website/css/style.css'
-      Target:
-        Bucket: !Ref S3BucketRoot
-        Key: css/style.css
-
 Outputs:
   LambdaEdgeFunctionVersion:
     Description: Lambda@Edge Function ARN with Version

templates/custom-resource.yaml

@@ -3,30 +3,12 @@ Description: ACFS3 - Cert Provider with DNS validation
 Transform: AWS::Serverless-2016-10-31
 
 Resources:
-  ResourceFunction:
-    Type: AWS::Serverless::Function
-    Properties:
-      Runtime: python2.7
-      CodeUri: ../macro.zip
-      Handler: resource.handler
-      Policies: AmazonS3FullAccess
-
-  MacroFunction:
-    Type: AWS::Serverless::Function
-    Properties:
-      Runtime: python3.6
-      CodeUri: ../macro.zip
-      Handler: macro.handler
-      Policies: AmazonS3FullAccess
-      Environment:
-        Variables:
-          LAMBDA_ARN: !GetAtt ResourceFunction.Arn
-
-  Macro:
-    Type: AWS::CloudFormation::Macro
+  LambdaPermission:
+    Type: AWS::Lambda::Permission
     Properties:
-      Name: S3Objects
-      FunctionName: !GetAtt MacroFunction.Arn
+      Action: lambda:InvokeFunction
+      FunctionName: !GetAtt CFNCustomProvider.Arn
+      Principal: !GetAtt LambdaRole.Arn
 
   LambdaPolicy:
     Type: AWS::IAM::Policy
@@ -45,17 +27,12 @@ Resources:
               - acm:DeleteCertificate
             Resource:
             - '*'
-          - Effect: Allow
-            Action:
-            - lambda:InvokeFunction
-            Resource:
-            - !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-certificate-provider'
           - Effect: Allow
             Action:
               - logs:*
             Resource: arn:aws:logs:*:*:*
       Roles:
-        - !Ref 'LambdaRole'
+        - !Ref LambdaRole
 
   LambdaRole:
     Type: AWS::IAM::Role
@@ -80,18 +57,15 @@ Resources:
 
   CFNCustomProvider:
     Type: AWS::Serverless::Function
-    DependsOn:
-      - LambdaRole
     Properties:
       CodeUri: s3://binxio-public-us-east-1/lambdas/cfn-certificate-provider-0.2.4.zip
       Description: CFN Certificate Domain Resource Record Provider
       MemorySize: 128
       Handler: provider.handler
-      Role: !GetAtt 'LambdaRole.Arn'
       Timeout: 300
+      Role: !GetAtt LambdaRole.Arn
       Runtime: python3.6
-      FunctionName: binxio-cfn-certificate-provider
 
 Outputs:
   CFNCustomProvider:
-    Value: !GetAtt 'CFNCustomProvider.Arn'
+    Value: !GetAtt CFNCustomProvider.Arn

templates/main.yaml

@@ -37,7 +37,7 @@ Resources:
       TemplateURL: ./acm-certificate.yaml
       Parameters:
         DomainName: !Ref DomainName
-        CustomResourceStack: !GetAtt CustomResourceStack.Outputs.CFNCustomProvider
+        CFNCustomProvider: !GetAtt CustomResourceStack.Outputs.CFNCustomProvider
 
   CloudFrontStack:
     Type: AWS::CloudFormation::Stack