presignedurl_serverless.yml

service: presignedurl-serverless

custom:
  region: ${opt:region, 'us-west-2'}
  bucketName: presignedurl-test-#{AWS::AccountId}
  myDomain: 'localhost'
  path: s3upload

provider:
  region: ${self:custom.region}
  name: aws
  runtime: nodejs12.x
  iamRoleStatements:
    -  Effect: "Allow"
       Action:
         - "s3:PutObject"
       Resource:
         Fn::Join:
           - ""
           - - "arn:aws:s3:::"
             - Ref: UploadBucket

plugins:
  - serverless-pseudo-parameters

package:
  individually: true
  exclude:
    - ".serverless/**"
    - "*.*"

functions:
  PresignedUrlHandler:
    handler: presigned_url_generation.handler
    package:
      include:
        - presigned_url_generation.js
    events:
      - http:
          path: ${self:custom.path}
          method: get
          cors: true
    environment:
      S3_BUCKET_NAME: ${self:custom.bucketName}

resources:
  Resources:
    UploadBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.bucketName}
        AccessControl: Private
        PublicAccessBlockConfiguration:
          BlockPublicAcls: true
          BlockPublicPolicy: false
          IgnorePublicAcls: true
          RestrictPublicBuckets: true
        CorsConfiguration:
          CorsRules:
          - AllowedMethods:
            - GET
            - PUT
            - POST
            - HEAD
            AllowedOrigins:
            - "*"
            AllowedHeaders:
            - "*"
    UploadBucketPolicy:
      Type: 'AWS::S3::BucketPolicy'
      Properties:
        PolicyDocument:
          Statement:
            - Sid: PublicReadForGetBucketObjects
              Effect: Allow
              Principal: '*'
              Action:
                - 's3:GetObject'
                - 's3:PutObject'
              Resource: arn:aws:s3:::${self:custom.bucketName}/*
        Bucket:
          Ref: UploadBucket