-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yaml
233 lines (221 loc) · 7.77 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 40
Api:
Cors: "'*'"
Description: >
traffic-guard-webcam-snaps-to-kvs is a lambda function that is accessible via ApiGateway. It receives a video
stream (jpg images), encodes them with MKV and sends to Kinesis Video Stream (KVS).
Parameters:
ApiGatewayRoleName:
Description: "Role assumed by ApiGateway to call serverless function."
Type: String
Default: "TrafficGuardApiGateway"
SnapsToKvsFunctionRoleName:
Description: "Role assumed by 'SnapshotToKvs' lambda function."
Type: String
Default: 'TrafficGuardSnapsToKvs'
Deployment:
Description: "Use different endpoints for different environments. Possible values: Prod | Stage"
Type: String
Default: 'Stage'
KVSStreamName:
Description: "Target Kinesis Video Stream name"
Type: String
Default: 'traffic-guard'
KVSRegion:
Description: "Region of target KVS"
Type: String
Default: 'eu-central-1'
videoWidth:
Description: "Resulting MKV video fragment width."
Type: Number
Default: 640
videoHeight:
Description: "Resulting MKV video fragment height."
Type: Number
Default: 480
Path2FFmpeg:
Description: "Static installation of FFmpeg."
Type: String
Default: "/opt/lib/ffmpeg"
CognitoUserPoolArn:
Description: "If value is set, authorizer will be created and gateway will check authorization for any API call."
Type: String
Default: ""
Conditions:
AuthorizationRequired2CallAPI: !Not
- !Equals
- !Ref CognitoUserPoolArn
- ""
Resources:
ApiGatewayAssumedRole:
Type: AWS::IAM::Role
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Description: >
This role is assumed by ApiGateway to call lambda function.
Properties:
RoleName: !Join ["-", [!Ref ApiGatewayRoleName, !Ref "AWS::Region"]]
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- apigateway.amazonaws.com
Action:
- sts:AssumeRole
Path: /
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaRole
- arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs
MaxSessionDuration: 3600
FunctionAssumedRole:
Type: AWS::IAM::Role
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Description: >
This role is assumed by lambda function.
Properties:
RoleName: !Join ["-", [!Ref SnapsToKvsFunctionRoleName, !Ref "AWS::Region"]]
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: /
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsFullAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
MaxSessionDuration: 3600
WebcamSnaps2KvsFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
Description: >
Lambda function receives a request containing a bunch of JPEG images, then it converts them into h264 frames
and sends to KVS.
Role: !GetAtt FunctionAssumedRole.Arn
CodeUri: ./WebcamSnaps2KvsFunction
Handler: den.tal.traffic.guard.WebcamStreamProcessor::handleRequest
Runtime: java11
MemorySize: 512
Tracing: Active
PackageType: Zip
Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object
Variables:
KVSStreamName: !Ref KVSStreamName
KVSRegion: !Ref KVSRegion
LD_LIBRARY_PATH: '/opt/lib'
videoWidth: !Ref videoWidth
videoHeight: !Ref videoHeight
Path2FFmpeg: !Ref Path2FFmpeg
Deployment: !Ref Deployment
Layers:
- !Ref StreamProducerNativeLibrary
StreamProducerNativeLibrary:
Type: AWS::Serverless::LayerVersion
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
RetentionPolicy: Delete
CompatibleRuntimes:
- java11
ContentUri: jni
WebcamSnaps2KvsApi:
Type: AWS::ApiGateway::RestApi
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
Description: "RESTful API via API Gateway"
DisableExecuteApiEndpoint: False
EndpointConfiguration:
Types:
- EDGE
Name: WebcamSnapshots2KvsApi
KinesisVideoStreamResource:
Type: AWS::ApiGateway::Resource
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
ParentId: !GetAtt WebcamSnaps2KvsApi.RootResourceId
PathPart: streams
RestApiId: !Ref WebcamSnaps2KvsApi
CognitoAuthorizer:
Type: AWS::ApiGateway::Authorizer
Condition: AuthorizationRequired2CallAPI
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
AuthorizerCredentials: !GetAtt
- ApiGatewayAssumedRole
- Arn
IdentitySource: method.request.header.Authorization
Name: 'WebcamSnapshots2KvsApiCognitoAuthorizer'
ProviderARNs:
- !Ref CognitoUserPoolArn
RestApiId: !Ref WebcamSnaps2KvsApi
Type: COGNITO_USER_POOLS
MethodPost:
Type: AWS::ApiGateway::Method
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
ApiKeyRequired: False
AuthorizationType:
Fn::If:
- AuthorizationRequired2CallAPI
- COGNITO_USER_POOLS
- NONE
AuthorizerId: !If [AuthorizationRequired2CallAPI, !Ref CognitoAuthorizer, !Ref "AWS::NoValue"]
HttpMethod: POST
Integration:
ConnectionType: INTERNET
Type: AWS_PROXY
Uri: !Sub
- arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations
- lambdaArn: !GetAtt WebcamSnaps2KvsFunction.Arn
Credentials: !GetAtt ApiGatewayAssumedRole.Arn
IntegrationHttpMethod: POST
IntegrationResponses:
- StatusCode: 200
MethodResponses:
- StatusCode: 200
RequestParameters:
method.request.path.kvsName: True
ResourceId: !Ref KinesisVideoStreamResource
RestApiId: !Ref WebcamSnaps2KvsApi
ApiGatewayDeployment:
Type: AWS::ApiGateway::Deployment
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
DependsOn:
- MethodPost
Properties:
RestApiId: !Ref WebcamSnaps2KvsApi
StageName: !Ref Deployment
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
WebcamSnaps2KvsFunction:
Description: "WebcamSnaps2Kvs Lambda Function ARN"
Value: !GetAtt WebcamSnaps2KvsFunction.Arn
ApiGatewayAssumedRole:
Description: "Role assumed by ApiGateway to call WebcamSnaps2Kvs lambda"
Value: !Ref ApiGatewayAssumedRole
FunctionAssumedRole:
Description: "Role assumed by lambda function to call KVS."
Value: !Ref FunctionAssumedRole
ProcessWebcamSnapshotsApi:
Description: "API Gateway endpoint URL for Prod stage for WebcamSnaps2Kvs function"
Value: !Sub "https://${WebcamSnaps2KvsApi}.execute-api.${AWS::Region}.amazonaws.com/${Deployment}/streams"