forked from zenobia-pay/core
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtemplate.yml
More file actions
188 lines (176 loc) · 8.07 KB
/
template.yml
File metadata and controls
188 lines (176 loc) · 8.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: ZenobiaPay Backend
Parameters:
Stage:
Type: String
Description: Stage this code is being deployed to (dev, beta, gamma, prod)
UniqueIdentifier:
Type: String
Default: ""
Description: Unique identifier to avoid resource naming conflicts. Should only be needed for dev sandbox accounts
PlaidSecretsArn:
Type: String
Description: Plaid secrets manager arn that stores client id and client secret
OrumSecretsArn:
Type: String
Description: Orum secrets manager arn that stores client id and client secret
Auth0SecretsArn:
Type: String
Description: Auth0 secrets manager arn that stores client id and client secret
Auth0Domain:
Type: String
Description: Auth0 domain used for authentication
OrumPublicCertificate:
Type: String
Description: Orum public certificate used for webhook signing
OrumIpAddresses:
Type: String
Description: Valid orum ip addresses to accept requests from. Comma separated.
OrumSlackWebhook:
Type: String
Description: Slack webhook for orum channel
PlaidIpAddresses:
Type: String
Description: Valid plaid ip addresses to accept requests from. Comma separated.
PlaidSlackWebhook:
Type: String
Description: Slack webhook for plaid channel
WebsocketServiceEndpoint:
Type: String
Description: Websocket endpoint to send transfer updates to.
ZenobiaApiEndpoint:
Type: String
Description: Endpoint to api service. In prod this should be https://api.zenobiapay.com/ needed for plaid webhooks
ResaleServiceEndpoint:
Type: String
Description: Endpoint to resale service that automates reselling.
SenderEmail:
Type: String
Description: Email address to use as the sender for notification emails
Default: "notifications@zenobiapay.com"
PagerDutyEndpoint:
Type: String
Description: PagerDuty HTTPS endpoint URL for SNS integration
NoEcho: true
Resources:
VpcStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: ./sam/vpc-stack.yml
TableStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: ./sam/storage-stack.yml
Parameters:
Stage: !Ref Stage
UniqueIdentifier: !Ref UniqueIdentifier
VpcId: !GetAtt VpcStack.Outputs.VpcId
PrivateSubnet1: !GetAtt VpcStack.Outputs.PrivateSubnetId1
PrivateSubnet2: !GetAtt VpcStack.Outputs.PrivateSubnetId2
SecurityGroupId: !GetAtt VpcStack.Outputs.SecurityGroupId
RdsSecurityGroupId: !GetAtt VpcStack.Outputs.RdsSecurityGroupId
AuthStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: ./sam/auth-stack.yml
LambdaStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: ./sam/lambda-stack.yml
Parameters:
Stage: !Ref Stage
SecurityGroupId: !GetAtt VpcStack.Outputs.SecurityGroupId
SubnetId1: !GetAtt VpcStack.Outputs.PrivateSubnetId1
SubnetId2: !GetAtt VpcStack.Outputs.PrivateSubnetId2
MetadataDBEndpoint: !GetAtt TableStack.Outputs.MetadataDBEndpoint
MetadataDBPort: !GetAtt TableStack.Outputs.MetadataDBPort
MetadataDBName: !GetAtt TableStack.Outputs.MetadataDBName
MetadataDBSecret: !GetAtt TableStack.Outputs.MetadataDBSecret
MetadataDBKmsKeyArn: !GetAtt TableStack.Outputs.MetadataDBKmsKeyArn
MetadataDBProxyEndpoint: !GetAtt TableStack.Outputs.MetadataDBProxyEndpoint
ItemMetadataQueueUrl: !GetAtt ItemMetadataStack.Outputs.ItemMetadataQueueUrl
CredentialsTableName: !GetAtt TableStack.Outputs.CredentialsTableName
BankTableName: !GetAtt TableStack.Outputs.BankTableName
UserTableName: !GetAtt TableStack.Outputs.UserTableName
TransferTableName: !GetAtt TableStack.Outputs.TransferTableName
CredentialsTableKeyId: !GetAtt TableStack.Outputs.CredentialsTableKeyId
BankKeyId: !GetAtt TableStack.Outputs.BankKeyId
TransferKeyId: !GetAtt TableStack.Outputs.TransferKeyId
UserKeyId: !GetAtt TableStack.Outputs.UserKeyId
TransferTableStreamArn: !GetAtt TableStack.Outputs.TransferTableStreamArn
PlaidSecretsArn: !Ref PlaidSecretsArn
OrumSecretsArn: !Ref OrumSecretsArn
Auth0SecretsArn: !Ref Auth0SecretsArn
Auth0Domain: !Ref Auth0Domain
OrumPublicCertificate: !Ref OrumPublicCertificate
OrumIpAddresses: !Ref OrumIpAddresses
ImageStorageBucketName: !GetAtt TableStack.Outputs.ImageStorageBucketName
ImageStorageBucketKmsKeyArn: !GetAtt TableStack.Outputs.ImageStorageBucketKmsKeyArn
OrumSlackWebhook: !Ref OrumSlackWebhook
PlaidIpAddresses: !Ref PlaidIpAddresses
PlaidSlackWebhook: !Ref PlaidSlackWebhook
CustomerJwtSigningSecret: !GetAtt AuthStack.Outputs.CustomerJwtSigningSecret
RefreshTokenHashingSecret: !GetAtt AuthStack.Outputs.RefreshTokenHashingSecret
BankAccountHashingSecret: !GetAtt AuthStack.Outputs.BankAccountHashingSecret
ZenobiaApiEndpoint: !Ref ZenobiaApiEndpoint
ResaleServiceEndpoint: !Ref ResaleServiceEndpoint
ResaleSigningSecret: !GetAtt AuthStack.Outputs.ResaleSigningSecret
PayoutStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: ./sam/payout-stack.yml
Parameters:
TransferTableName: !GetAtt TableStack.Outputs.TransferTableName
TransferTableStreamArn: !GetAtt TableStack.Outputs.TransferTableStreamArn
UserTableName: !GetAtt TableStack.Outputs.UserTableName
TransferKeyId: !GetAtt TableStack.Outputs.TransferKeyId
UserKeyId: !GetAtt TableStack.Outputs.UserKeyId
OrumSecretsArn: !Ref OrumSecretsArn
WebsocketServiceEndpoint: !Ref WebsocketServiceEndpoint
Stage: !Ref Stage
SenderEmail: !Ref SenderEmail
DashboardStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: ./sam/dashboard-stack.yml
Parameters:
TransferMetadataDeadLetterQueueName: !GetAtt ItemMetadataStack.Outputs.TransferMetadataDeadLetterQueueName
PayoutProcessorDLQName: !GetAtt PayoutStack.Outputs.PayoutProcessorDLQName
TransferTableNotificationsHandlerDLQName: !GetAtt PayoutStack.Outputs.TransferTableNotificationsHandlerDLQName
WebhookEventQueueDLQName: !GetAtt LambdaStack.Outputs.WebhookEventQueueDLQName
WebhookEventFunctionDLQName: !GetAtt LambdaStack.Outputs.WebhookEventFunctionDLQName
ItemMetadataQueueDLQName: !GetAtt ItemMetadataStack.Outputs.ItemMetadataQueueDLQName
ItemMetadataRecorderDLQName: !GetAtt ItemMetadataStack.Outputs.ItemMetadataRecorderDLQName
PagerDutyEndpoint: !Ref PagerDutyEndpoint
ItemMetadataStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: ./sam/item-metadata-stack.yml
Parameters:
Stage: !Ref Stage
SecurityGroupId: !GetAtt VpcStack.Outputs.SecurityGroupId
RdsSecurityGroupId: !GetAtt VpcStack.Outputs.RdsSecurityGroupId
SubnetId1: !GetAtt VpcStack.Outputs.PrivateSubnetId1
SubnetId2: !GetAtt VpcStack.Outputs.PrivateSubnetId2
MetadataDBProxyEndpoint: !GetAtt TableStack.Outputs.MetadataDBProxyEndpoint
MetadataDBName: !GetAtt TableStack.Outputs.MetadataDBName
MetadataDBSecret: !GetAtt TableStack.Outputs.MetadataDBSecret
MetadataDBKmsKeyArn: !GetAtt TableStack.Outputs.MetadataDBKmsKeyArn
TransferTableName: !GetAtt TableStack.Outputs.TransferTableName
ImageStorageBucketName: !GetAtt TableStack.Outputs.ImageStorageBucketName
ImageStorageBucketKmsKeyArn: !GetAtt TableStack.Outputs.ImageStorageBucketKmsKeyArn
Outputs:
WebEndpoint:
Description: "API Gateway endpoint URL"
Value: !GetAtt LambdaStack.Outputs.WebEndpoint
# Database outputs
MetadataDBEndpoint:
Description: "PostgreSQL RDS endpoint"
Value: !GetAtt TableStack.Outputs.MetadataDBEndpoint
MetadataDBPort:
Description: "PostgreSQL RDS port"
Value: !GetAtt TableStack.Outputs.MetadataDBPort
MetadataDBName:
Description: "PostgreSQL RDS database name"
Value: !GetAtt TableStack.Outputs.MetadataDBName