feat: enhance Lambda function configuration and add outputs

- Add parameters for source bucket, repo URL, and branch
- Increase timeout to 300s and memory to 512MB
- Add ARM64 architecture support
- Add S3 GetObject and ListBucket permissions
- Use ImportValue for ECR repository ARN
- Add resource names for better identification
- Export API endpoint, Lambda ARN, and function name

infra/cfn/template-lambda-function.yaml

@@ -1,10 +1,26 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: AWS::Serverless-2016-10-31
+
 Parameters:
   StageName:
     Type: String
     Default: Prod
-    Description: Name of the API stage.
+    Description: Name of the API stage
+
+  SourceBucketName:
+    Type: String
+    Default: naputo-blog-source
+    Description: S3 bucket for blog source files
+
+  RepoURL:
+    Type: String
+    Default: "https://git.n-daisuke897.com/nakada0907/n-daisuke897-blog.git"
+    Description: Git repository URL
+
+  RepoBranch:
+    Type: String
+    Default: main
+    Description: Git repository branch
 
 Resources:
 
@@ -27,7 +43,11 @@ Resources:
               - Effect: Allow
                 Action:
                   - s3:PutObject
-                Resource: arn:aws:s3:::naputo-blog-source/*
+                  - s3:GetObject
+                  - s3:ListBucket
+                Resource:
+                  - !Sub "arn:aws:s3:::${SourceBucketName}"
+                  - !Sub "arn:aws:s3:::${SourceBucketName}/*"
         - PolicyName: LambdaEcrImagePullPolicy
           PolicyDocument:
             Version: '2012-10-17'
@@ -41,26 +61,30 @@ Resources:
                   - ecr:BatchGetImage
                   - ecr:BatchCheckLayerAvailability
                   - ecr:GetDownloadUrlForLayer
-                Resource: !Sub "arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/*"
+                Resource:
+                  Fn::ImportValue: BlogDeployment-RepositoryArn
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
 
   MyLambdaFunction:
     Type: AWS::Serverless::Function
     Properties:
+      FunctionName: blog-deployment-webhook-handler
       PackageType: Image
       ImageUri:
         !Join
           - ":"
           - - !ImportValue BlogDeployment-RepositoryUri
             - "latest"
-      Timeout: 30
+      Timeout: 300
-      MemorySize: 256
+      MemorySize: 512
+      Architectures:
+        - arm64
       Environment:
         Variables:
-          REPO_URL: "https://git.n-daisuke897.com/nakada0907/n-daisuke897-blog.git"
+          REPO_URL: !Ref RepoURL
-          REPO_BRANCH: "main"
+          REPO_BRANCH: !Ref RepoBranch
-          S3_BUCKET: "naputo-blog-source"
+          S3_BUCKET: !Ref SourceBucketName
           S3_KEY: "source.zip"
           WEBHOOK_SECRET:
             Fn::Sub:
@@ -79,6 +103,7 @@ Resources:
   MyApi:
     Type: AWS::Serverless::Api
     Properties:
+      Name: blog-deployment-webhook-api
       StageName: !Ref StageName
       EndpointConfiguration: REGIONAL
       DefinitionBody:
@@ -104,3 +129,22 @@ Resources:
                   description: "Unauthorized - Signature verification failed"
                 '500':
                   description: "Server error - Deployment process failed"
+
+Outputs:
+  ApiEndpoint:
+    Description: API Gateway endpoint URL for webhook
+    Value: !Sub "https://${MyApi}.execute-api.${AWS::Region}.amazonaws.com/${StageName}/forgejo-webhook"
+    Export:
+      Name: !Sub "${AWS::StackName}-ApiEndpoint"
+
+  LambdaFunctionArn:
+    Description: Lambda function ARN
+    Value: !GetAtt MyLambdaFunction.Arn
+    Export:
+      Name: !Sub "${AWS::StackName}-LambdaArn"
+
+  LambdaFunctionName:
+    Description: Lambda function name
+    Value: !Ref MyLambdaFunction
+    Export:
+      Name: !Sub "${AWS::StackName}-LambdaName"