CloudFormation, Terraform, Pulumi, SST.dev, CDK templates

[JonnyBurger]

I got a very handy CloudFormation template, need to add it to the docs as well

[JonnyBurger]

AWSTemplateFormatVersion: 2010-09-09
Resources:
  RemotionLambdaUser:
    Type: 'AWS::IAM::User'
    Properties:
      UserName: remotion-user
      Policies:
        - PolicyName: remotion-user-policy
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Sid: HandleQuotas
                Effect: Allow
                Action:
                  - 'servicequotas:GetServiceQuota'
                  - 'servicequotas:GetAWSDefaultServiceQuota'
                  - 'servicequotas:RequestServiceQuotaIncrease'
                  - 'servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota'
                Resource:
                  - '*'
              - Sid: Identity
                Effect: Allow
                Action:
                  - 'iam:GetUser'
                Resource:
                  - 'arn:aws:iam::*:user/${aws:username}'
              - Sid: PermissionValidation
                Effect: Allow
                Action:
                  - 'iam:SimulatePrincipalPolicy'
                Resource:
                  - '*'
              - Sid: LambdaInvokation
                Effect: Allow
                Action:
                  - 'iam:PassRole'
                Resource:
                  - 'arn:aws:iam::*:role/remotion-lambda-role'
              - Sid: Storage
                Effect: Allow
                Action:
                  - 's3:GetObject'
                  - 's3:DeleteObject'
                  - 's3:PutObjectAcl'
                  - 's3:PutObject'
                  - 's3:CreateBucket'
                  - 's3:ListBucket'
                  - 's3:GetBucketLocation'
                  - 's3:PutBucketAcl'
                  - 's3:DeleteBucket'
                  - 's3:PutBucketWebsite'
                  - 's3:DeleteBucketWebsite'
                Resource:
                  - 'arn:aws:s3:::remotionlambda-*'
              - Sid: BucketListing
                Effect: Allow
                Action:
                  - 's3:ListAllMyBuckets'
                Resource:
                  - '*'
              - Sid: FunctionListing
                Effect: Allow
                Action:
                  - 'lambda:ListFunctions'
                  - 'lambda:GetFunction'
                Resource:
                  - '*'
              - Sid: FunctionManagement
                Effect: Allow
                Action:
                  - 'lambda:InvokeAsync'
                  - 'lambda:InvokeFunction'
                  - 'lambda:CreateFunction'
                  - 'lambda:DeleteFunction'
                  - 'lambda:PutFunctionEventInvokeConfig'
                  - 'lambda:PutRuntimeManagementConfig'
                Resource:
                  - 'arn:aws:lambda:*:*:function:remotion-render-*'
              - Sid: LogsRetention
                Effect: Allow
                Action:
                  - 'logs:CreateLogGroup'
                  - 'logs:PutRetentionPolicy'
                Resource:
                  - 'arn:aws:logs:*:*:log-group:/aws/lambda/remotion-render-*'
              - Sid: FetchBinaries
                Effect: Allow
                Action:
                  - 'lambda:GetLayerVersion'
                Resource:
                  - 'arn:aws:lambda:*:678892195805:layer:remotion-binaries-*'
  RemotionLambdaRole:
    Type: 'AWS::IAM::Role'
    Properties:
      RoleName: remotion-lambda-role
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - 'sts:AssumeRole'
            Principal:
              Service:
                - lambda.amazonaws.com
      Description: Remotion Lambda Role
      Policies:
        - PolicyName: remotion-lambda-policy
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Sid: '0'
                Effect: Allow
                Action:
                  - 's3:ListAllMyBuckets'
                Resource:
                  - '*'
              - Sid: '1'
                Effect: Allow
                Action:
                  - 's3:CreateBucket'
                  - 's3:ListBucket'
                  - 's3:PutBucketAcl'
                  - 's3:GetObject'
                  - 's3:DeleteObject'
                  - 's3:PutObjectAcl'
                  - 's3:PutObject'
                  - 's3:GetBucketLocation'
                Resource:
                  - 'arn:aws:s3:::remotionlambda-*'
              - Sid: '2'
                Effect: Allow
                Action:
                  - 'lambda:InvokeFunction'
                Resource:
                  - 'arn:aws:lambda:*:*:function:remotion-render-*'
              - Sid: '3'
                Effect: Allow
                Action:
                  - 'logs:CreateLogStream'
                  - 'logs:PutLogEvents'
                Resource:
                  - 'arn:aws:logs:*:*:log-group:/aws/lambda/remotion-render-*'

[JonnyBurger]

There is a new way of defining CloudFormation templates using AWS CDK. Here is a way of defining the the Lambda infrastructure using it:

https://bndkt.com/blog/2023/deploying-remotion-using-the-aws-cdk

Let's try to roll both into our own documentation!

[shellscape]

@JonnyBurger would like to see y'all give this some priority. bndkt's CDK example is the only functional one out there. the example from the docs is incomplete and broken.

[JonnyBurger]

@shellscape We don't have any CloudFormation example in the docs as far as I can tell, mind pointing to it?

[shellscape]

@JonnyBurger https://www.remotion.dev/docs/lambda/without-iam/example

[JonnyBurger]

This is indeed not a CloudFormation stack for setting up Lambda, only a sample application that uses https://www.remotion.dev/docs/lambda/without-iam.

We don't have any CloudFormation example Lambda yet, keeping this issue open.