-
Notifications
You must be signed in to change notification settings - Fork 4
/
template.yaml
188 lines (185 loc) · 6.29 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
aws-glue-job-tracker
SAM Template for aws-glue-job-tracker
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 3
Parameters:
GlueJobWorkerThreshold:
Type: Number
Default: 10
Description: Enter the maximum amount of workers allowed for an AWS Glue Job configuration before needing to be alerted.
GlueJobDurationThreshold:
Type: Number
Default: 480
Description: Enter the maximum amount of time a Glue job should run before alerting. Default is 8 hours or 480 minutes.
GlueJobNotifications:
Type: String
Default: '[email protected]'
AllowedPattern: '[^@]+@[^@]+\.[^@]+'
Description: Email address or distribution list to receive notifications.
Resources:
GlueJobTrackerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- glue.amazonaws.com
- lambda.amazonaws.com
- events.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
GlueJobTrackerMonitorPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: GlueJobTrackerMonitorPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- glue:GetJobRun
- glue:GetTags
- dynamodb:PutItem
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- sns:Publish
Resource: '*'
Roles:
- !Ref GlueJobTrackerRole
GlueJobTrackerReportPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: GlueJobTrackerReportPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- dynamodb:PartiQLSelect
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- ses:SendEmail
Resource: '*'
Roles:
- !Ref GlueJobTrackerRole
GlueJobTrackerEventBridgePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: GlueJobTrackerEventBridgePolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- lambda:InvokeFunction
Resource: !GetAtt GlueJobLambdaFunction.Arn
Roles:
- !Ref GlueJobTrackerRole
GlueJobTrackerTopic:
Type: AWS::SNS::Topic
GlueJobTrackerSubscription:
Type: AWS::SNS::Subscription
Properties:
Endpoint: !Ref GlueJobNotifications
Protocol: email
TopicArn: !Ref GlueJobTrackerTopic
GlueJobTrackerEmailIdentity:
Type: AWS::SES::EmailIdentity
Properties:
EmailIdentity: !Ref GlueJobNotifications
GlueDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
-
AttributeName: 'glue_id'
AttributeType: 'S'
BillingMode: PAY_PER_REQUEST
KeySchema:
-
AttributeName: 'glue_id'
KeyType: 'HASH'
TimeToLiveSpecification: {'AttributeName': 'ttl', 'Enabled': 'true'}
GlueJobLambdaFunction:
Type: AWS::Serverless::Function
Properties:
Description: Processes events passed from EventBridge.
Handler: glue_event.lambda_handler
Architectures:
- "x86_64"
CodeUri: glue_function/
Environment:
Variables:
REGION: !Sub '${AWS::Region}'
ACCOUNT: !Sub '${AWS::AccountId}'
WORKER_THRESHOLD: !Ref GlueJobWorkerThreshold
DURATION_THRESHOLD: !Ref GlueJobDurationThreshold
DDB_TABLE: !Ref 'GlueDynamoDBTable'
SNS_TOPIC: !Ref GlueJobTrackerTopic
MemorySize: 128
Role: !GetAtt GlueJobTrackerRole.Arn
Runtime: python3.9
Timeout: 60
Tracing: PassThrough
EphemeralStorage:
Size: 512
Events:
GlueEventRule:
Type: EventBridgeRule
Properties:
Pattern:
detail-type:
- Glue Job State Change
source:
- aws.glue
detail:
state:
- SUCCEEDED
- FAILED
- TIMEOUT
- STOPPED
State: ENABLED
Target: !GetAtt GlueJobLambdaFunction.Arn
GlueJobReportFunction:
Type: AWS::Serverless::Function
Properties:
Description: Queries DynamoDB, aggregates data and sends report through SES.
Handler: glue_report.lambda_handler
Architectures:
- 'x86_64'
CodeUri: glue_function/
Environment:
Variables:
REGION: !Sub '${AWS::Region}'
ACCOUNT: !Sub '${AWS::AccountId}'
DDB_TABLE: !Ref 'GlueDynamoDBTable'
SES_EMAIL: !Ref 'GlueJobTrackerEmailIdentity'
MemorySize: 128
Role: !GetAtt GlueJobTrackerRole.Arn
Runtime: python3.9
Timeout: 600
Layers:
- 'arn:aws:lambda:us-east-1:336392948345:layer:AWSSDKPandas-Python39:5'
Tracing: PassThrough
EphemeralStorage:
Size: 512
Events:
GlueScheduleRule:
Type: Schedule
Properties:
Description: 'Starts Lambda reporting function every 7 days'
Schedule: 'rate(7 days)'
Enabled: true