AWS Lambda function using CUCloud.plugins.gitHubHookSns to maintain "Amazon SNS" service hook on all repositories for a GitHub organization.
Features
- Rotates AWS keys on your hook when your configured access key changes.
Required
- oAuth Token - valid oAuth Token on GitHub org, requires scopes: repo, admin:repo_hook
- SNS topic ARN - format compatible with https://developer.github.com/v3/repos/hooks/#create-a-hook
- IAM user access and secret key
-
Follow the standard installation steps defined in README.md.
-
Create your config
config-sns-hook.ymland update the values as appropriate:plugin.sns-hook: gitHubOrgName: OrgName oAuthToken: token snsHook: events: - push name: amazonsns config: sns_topic: 'arn' aws_secret: 'secret' aws_key: 'key' active: true
-
Import your configuration values to a profile of your choice:
cucloud-js-schema import config-sns-hook.yml [--profile <profile-name>]
-
IAM: Create the lambda-sns-hook policy. Be sure to note the policy ARN created. You will use it later
aws iam create-policy --policy-name lambda-sns-hook-policy --policy-document file://<LOCAL PATH>/lambda-sns-hook-policy.json
-
IAM: Create the lambda-sns-hook role with the appropriate trust policy
aws iam create-role --role-name lambda-sns-hook-role --assume-role-policy-document file://<LOCAL PATH>/lambda-cucloud-trust.json
-
IAM: Attach the policy to the role
aws iam attach-role-policy --role-name lambda-sns-hook-role --policy-arn <enter policy arn here>
-
Prepare your Lambda Deployment directory:
mkdir lambda-snshook
cd lambda-snshook
npm install <REPLACE-WITH-PATH-TO-YOUR-CUCLOUD-CLONE>
# ex. npm install ~/Desktop/cucloud-js
cp node_modules/cucloud/examples/lambda-snshook.js index.js- Manually set the profile name in your lambda function If/when AWS Lambda supports environmental variables, this step will be unnecessary.
# update your index.js
nano index.js- Create the ZIP and create your lambda function, specifying the IAM Role:
lambda-sns-hook-rolezip -r ../lambda-snshook.zip . *