add user-management

2025-05-29 13:28:54 -03:00
parent 797a325cb0
commit 590cf10777
35 changed files with 5275 additions and 223 deletions
--- a/user-management/template.yaml
+++ b/user-management/template.yaml
@@ -0,0 +1,110 @@
+AWSTemplateFormatVersion: 2010-09-09
+Transform: AWS::Serverless-2016-10-31
+
+Parameters:
+  BucketName:
+    Type: String
+    Default: saladeaula.digital
+  UserTable:
+    Type: String
+    Default: betaeducacao-prod-users_d2o3r5gmm4it7j
+
+Globals:
+  Function:
+    CodeUri: app/
+    Runtime: python3.13
+    Tracing: Active
+    Architectures:
+      - x86_64
+    Layers:
+      - !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:72
+    Environment:
+      Variables:
+        TZ: America/Sao_Paulo
+        LOG_LEVEL: DEBUG
+        POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1
+        POWERTOOLS_LOGGER_LOG_EVENT: true
+        USER_TABLE: !Ref UserTable
+
+Resources:
+  EventLog:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      RetentionInDays: 90
+
+  EventCsvChunksFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: events.batch.csv_chunks.lambda_handler
+      LoggingConfig:
+        LogGroup: !Ref EventLog
+      Policies:
+        - S3CrudPolicy:
+            BucketName: !Ref BucketName
+      Events:
+        DynamoDBEvent:
+          Type: EventBridgeRule
+          Properties:
+            Pattern:
+              resources: [betaeducacao-prod-users_d2o3r5gmm4it7j]
+              detail:
+                new_image:
+                  sk:
+                    - prefix: batch_jobs#
+
+  EventEmailReceivingFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: events.email_receiving.lambda_handler
+      LoggingConfig:
+        LogGroup: !Ref EventLog
+
+  LambdaInvokePermission:
+    Type: AWS::Lambda::Permission
+    Properties:
+      FunctionName: !GetAtt EventEmailReceivingFunction.Arn
+      Action: lambda:InvokeFunction
+      Principal: ses.amazonaws.com
+      SourceArn: !Sub arn:aws:ses:${AWS::Region}:${AWS::AccountId}:receipt-rule-set/*
+
+  BucketPolicy:
+    Type: AWS::S3::BucketPolicy
+    Properties:
+      Bucket: !Ref BucketName
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: ses.amazonaws.com
+            Action: s3:PutObject
+            Resource: !Sub arn:aws:s3:::${BucketName}/*
+            Condition:
+              StringEquals:
+                aws:SourceAccount: !Ref AWS::AccountId
+              StringLike:
+                aws:SourceArn: !Sub arn:aws:ses:${AWS::Region}:${AWS::AccountId}:receipt-rule-set/*
+
+  EmailReceiptRuleSet:
+    Type: AWS::SES::ReceiptRuleSet
+    Properties:
+      RuleSetName: users.noreply.saladeaula.digital
+
+  EmailReceiptRule:
+    Type: AWS::SES::ReceiptRule
+    DependsOn:
+      - LambdaInvokePermission
+      - BucketPolicy
+    Properties:
+      RuleSetName: !Ref EmailReceiptRuleSet
+      Rule:
+        Name: lambda
+        Enabled: true
+        Actions:
+          - LambdaAction:
+              FunctionArn: !GetAtt EventEmailReceivingFunction.Arn
+              InvocationType: RequestResponse
+          - S3Action:
+              BucketName: !Ref BucketName
+              ObjectKeyPrefix: "mailbox"
+        ScanEnabled: true