Last active
January 8, 2023 15:34
-
-
Save egstar/5e015b8ba18fabc3fa136034a1f7c00f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO: Change the name of the org | |
| org: burham | |
| app: sls-todo-app | |
| service: sls-todo-app | |
| plugins: | |
| - serverless-webpack | |
| - serverless-iam-roles-per-function | |
| - serverless-plugin-tracing | |
| provider: | |
| name: aws | |
| runtime: nodejs12.x | |
| lambdaHashingVersion: '20201221' | |
| stage: ${opt:stage, 'dev'} | |
| region: ${opt:region, 'us-east-1'} | |
| apiGateway: | |
| shouldStartNameWithService: true | |
| tracing: | |
| lambda: true | |
| apiGateway: true | |
| # Use these variables in the functions and resouorces section below. For example, | |
| # ${self:provider.environment.ATTACHMENT_S3_BUCKET} | |
| environment: | |
| TODOS_TABLE: burham-todos-${self:provider.stage} | |
| TODOS_INDEX: TodosByUserIndex | |
| ATTACHMENT_S3_BUCKET: burham-${self:provider.stage} | |
| SIGNED_URL_EXPIRATION: 300 | |
| AUTH0_CERT: https://burham.us.auth0.com/.well-known/jwks.json | |
| logs: | |
| # Enable API Gateway logs | |
| restApi: true | |
| iam: | |
| role: | |
| statements: | |
| - Effect: Allow | |
| Action: | |
| - xray:PutTelemetryRecords | |
| - xray:PutTraceSegments | |
| Resource: "*" | |
| functions: | |
| Auth: | |
| handler: src/lambda/auth/auth0Authorizer.handler | |
| # TODO: Configure this function - | |
| # Provide iamRoleStatements property for performing Actions on DynamoDB | |
| GetTodos: | |
| handler: src/lambda/http/getTodos.handler | |
| events: | |
| - http: | |
| method: get | |
| path: todos | |
| cors: true | |
| authorizer: Auth | |
| iamRoleStatements: | |
| - Effect: Allow | |
| Action: | |
| - dynamodb:Query | |
| - dynamodb:Scan | |
| - dynamodb:GetItem | |
| Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE}/* | |
| - Effect: Allow | |
| Action: | |
| - xray:GetSamplingRules | |
| - xray:GetSamplingTargets | |
| - xray:GetSamplingStatisticSummaries | |
| - xray:BatchGetTraces | |
| - xray:GetServiceGraph | |
| - xray:GetTraceGraph | |
| - xray:GetTraceSummaries | |
| - xray:GetGroups | |
| - xray:GetGroup | |
| - xray:PutTraceSegments | |
| Resource: | |
| - '*' | |
| # TODO: Configure this function - | |
| # Provide iamRoleStatements property. Decide the Actions and AWS Resource. | |
| # To refer to an AWS resource defined in the "Resources" section, you can use "Resource: !GetAtt <resource-name>.Arn" | |
| # To validate incoming HTTP requests, we have provided the request schemas in function definition below. | |
| CreateTodo: | |
| handler: src/lambda/http/createTodo.handler | |
| events: | |
| - http: | |
| method: post | |
| path: todos | |
| cors: true | |
| authorizer: Auth | |
| request: | |
| schemas: | |
| application/json: ${file(models/create-todo-model.json)} | |
| iamRoleStatements: | |
| - Effect: Allow | |
| Action: | |
| - dynamodb:PutItem | |
| - dynamodb:GetItem | |
| - dynamodb:Query | |
| - dynamodb:Scan | |
| Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE} | |
| - Effect: Allow | |
| Action: | |
| - xray:GetSamplingRules | |
| - xray:GetSamplingTargets | |
| - xray:GetSamplingStatisticSummaries | |
| - xray:BatchGetTraces | |
| - xray:GetServiceGraph | |
| - xray:GetTraceGraph | |
| - xray:GetTraceSummaries | |
| - xray:GetGroups | |
| - xray:GetGroup | |
| - xray:PutTraceSegments | |
| Resource: | |
| - '*' | |
| # TODO: Configure this function | |
| # Provide property for setting up CORS, Authorizer, iamRoleStatements, and request schemas | |
| UpdateTodo: | |
| handler: src/lambda/http/updateTodo.handler | |
| events: | |
| - http: | |
| method: patch | |
| path: todos/{todoId} | |
| cors: true | |
| authorizer: Auth | |
| request: | |
| schemas: | |
| application/json: ${file(models/update-todo-model.json)} | |
| iamRoleStatements: | |
| - Effect: Allow | |
| Action: | |
| - dynamodb:UpdateItem | |
| - dynamodb:GetItem | |
| - dynamodb:Query | |
| Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE} | |
| - Effect: Allow | |
| Action: | |
| - xray:GetSamplingRules | |
| - xray:GetSamplingTargets | |
| - xray:GetSamplingStatisticSummaries | |
| - xray:BatchGetTraces | |
| - xray:GetServiceGraph | |
| - xray:GetTraceGraph | |
| - xray:GetTraceSummaries | |
| - xray:GetGroups | |
| - xray:GetGroup | |
| - xray:PutTraceSegments | |
| Resource: | |
| - '*' | |
| # TODO: Configure this function | |
| # Provide property for setting up CORS, Authorizer, iamRoleStatements | |
| DeleteTodo: | |
| handler: src/lambda/http/deleteTodo.handler | |
| events: | |
| - http: | |
| method: delete | |
| path: todos/{todoId} | |
| cors: true | |
| authorizer: Auth | |
| iamRoleStatements: | |
| - Effect: Allow | |
| Action: | |
| - dynamodb:DeleteItem | |
| - dynamodb:GetItem | |
| - dynamodb:Query | |
| Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE} | |
| - Effect: Allow | |
| Action: | |
| - xray:GetSamplingRules | |
| - xray:GetSamplingTargets | |
| - xray:GetSamplingStatisticSummaries | |
| - xray:BatchGetTraces | |
| - xray:GetServiceGraph | |
| - xray:GetTraceGraph | |
| - xray:GetTraceSummaries | |
| - xray:GetGroups | |
| - xray:GetGroup | |
| - xray:PutTraceSegments | |
| Resource: | |
| - '*' | |
| # TODO: Configure this function | |
| # Provide property for setting up CORS, Authorizer, iamRoleStatements | |
| GenerateUploadUrl: | |
| handler: src/lambda/http/generateUploadUrl.handler | |
| events: | |
| - http: | |
| method: post | |
| path: todos/{todoId}/attachment | |
| cors: true | |
| authorizer: Auth | |
| iamRoleStatements: | |
| - Effect: Allow | |
| Action: | |
| - dynamodb:GetItem | |
| - dynamodb:UpdateItem | |
| Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE} | |
| - Effect: Allow | |
| Action: | |
| - s3:PutObject | |
| - s3:GetObject | |
| Resource: arn:aws:s3:::${self:provider.environment.ATTACHMENT_S3_BUCKET}/* | |
| - Effect: Allow | |
| Action: | |
| - xray:GetSamplingRules | |
| - xray:GetSamplingTargets | |
| - xray:GetSamplingStatisticSummaries | |
| - xray:BatchGetTraces | |
| - xray:GetServiceGraph | |
| - xray:GetTraceGraph | |
| - xray:GetTraceSummaries | |
| - xray:GetGroups | |
| - xray:GetGroup | |
| - xray:PutTraceSegments | |
| Resource: | |
| - '*' | |
| resources: | |
| Resources: | |
| # Add necessary AWS resources. You will need at least the following AWS resources | |
| # TODO: Fill the properties | |
| # Feel free to change the names as you like. | |
| GatewayResponseDefault4XX: | |
| Type: AWS::ApiGateway::GatewayResponse | |
| Properties: | |
| ResponseParameters: | |
| gatewayresponse.header.Access-Control-Allow-Origin: "'*'" | |
| gatewayresponse.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" | |
| gatewayresponse.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'" | |
| ResponseType: DEFAULT_4XX | |
| RestApiId: | |
| Ref: ApiGatewayRestApi | |
| # TODO: Create a DynamoDB table with local secondary index and a composite key | |
| TodosTable: | |
| Type: AWS::DynamoDB::Table | |
| Properties: | |
| AttributeDefinitions: | |
| - AttributeName: todoId | |
| AttributeType: S | |
| - AttributeName: createdAt | |
| AttributeType: S | |
| - AttributeName: userId | |
| AttributeType: S | |
| KeySchema: | |
| - AttributeName: userId | |
| KeyType: HASH | |
| - AttributeName: todoId | |
| KeyType: RANGE | |
| BillingMode: PAY_PER_REQUEST | |
| TableName: ${self:provider.environment.TODOS_TABLE} | |
| LocalSecondaryIndexes: | |
| - IndexName: ${self:provider.environment.TODOS_INDEX} | |
| KeySchema: | |
| - AttributeName: userId | |
| KeyType: HASH | |
| - AttributeName: createdAt | |
| KeyType: RANGE | |
| Projection: | |
| ProjectionType: ALL | |
| # TODO: Complete the bucket properties below. | |
| # Do not forget to add the CorsConfiguration propoerty | |
| AttachmentsBucket: | |
| Type: AWS::S3::Bucket | |
| Properties: | |
| BucketName: ${self:provider.environment.ATTACHMENT_S3_BUCKET} | |
| CorsConfiguration: | |
| CorsRules: | |
| - AllowedOrigins: | |
| - '*' | |
| AllowedHeaders: | |
| - '*' | |
| AllowedMethods: | |
| - GET | |
| - PUT | |
| - POST | |
| - DELETE | |
| - HEAD | |
| MaxAge: 3000 | |
| # TODO: Complete the policy below and attach it to the bucket defined above | |
| # For cross referencing the name of the bucket, use "!Ref AttachmentsBucket" | |
| BucketPolicy: | |
| Type: AWS::S3::BucketPolicy | |
| Properties: | |
| PolicyDocument: | |
| Id: MyPolicy | |
| Version: "2012-10-17" | |
| Statement: | |
| - Sid: PublicReadForGetBucketObjects | |
| Effect: Allow | |
| Principal: '*' | |
| Action: 's3:GetObject' | |
| Resource: 'arn:aws:s3:::${self:provider.environment.ATTACHMENT_S3_BUCKET}/*' | |
| Bucket: !Ref AttachmentsBucket |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment