Skip to content

Instantly share code, notes, and snippets.

@metaskills

metaskills/full.yml

Created March 2, 2023 01:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save metaskills/eb173fa3a34b890fd7a9e985fd5f9ecb to your computer and use it in GitHub Desktop.
Save metaskills/eb173fa3a34b890fd7a9e985fd5f9ecb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
full.yml
---
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Exported by architect/package@8.4.1 on 2023-03-02T00:58:20.484Z
Resources:
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ArcGlobalPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogStreams
Resource: arn:aws:logs:*:*:*
- PolicyName: ArcStaticBucketPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:PutObjectAcl
- s3:DeleteObject
- s3:ListBucket
Resource:
- Fn::Sub:
- arn:aws:s3:::${bukkit}
- bukkit:
Ref: StaticBucket
- Fn::Sub:
- arn:aws:s3:::${bukkit}/*
- bukkit:
Ref: StaticBucket
- PolicyName: ArcDynamoPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action: dynamodb:*
Resource:
- Fn::Sub:
- arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tablename}
- tablename:
Ref: DataTable
- Fn::Sub:
- arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tablename}/*
- tablename:
Ref: DataTable
- Effect: Deny
Action: dynamodb:DeleteTable
Resource:
Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/*
DataParam:
Type: AWS::SSM::Parameter
Properties:
Type: String
Name:
Fn::Sub:
- "/${AWS::StackName}/tables/${tablename}"
- tablename: data
Value:
Ref: DataTable
StaticBucketParam:
Type: AWS::SSM::Parameter
Properties:
Type: String
Name:
Fn::Sub:
- "/${AWS::StackName}/static/${key}"
- key: bucket
Value:
Ref: StaticBucket
StaticFingerprintParam:
Type: AWS::SSM::Parameter
Properties:
Type: String
Name:
Fn::Sub:
- "/${AWS::StackName}/static/${key}"
- key: fingerprint
Value: 'false'
ParameterStorePolicy:
Type: AWS::IAM::Policy
DependsOn: Role
Properties:
PolicyName: ArcParameterStorePolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- ssm:GetParametersByPath
- ssm:GetParameter
Resource:
Fn::Sub:
- arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${AWS::StackName}
- {}
- Effect: Allow
Action:
- ssm:GetParametersByPath
- ssm:GetParameter
Resource:
Fn::Sub:
- arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${AWS::StackName}/*
- {}
- Effect: Allow
Action:
- ssm:GetParametersByPath
- ssm:GetParameter
Resource:
Fn::Sub:
- arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${AWS::StackName}/*/*
- {}
Roles:
- Ref: Role
HTTP:
Type: AWS::Serverless::HttpApi
Properties:
StageName: "$default"
DefinitionBody:
openapi: 3.0.1
info:
title:
Ref: AWS::StackName
paths:
"/":
get:
x-amazon-apigateway-integration:
payloadFormatVersion: '2.0'
type: aws_proxy
httpMethod: POST
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetIndexHTTPLambda.Arn}/invocations
connectionType: INTERNET
"/_static/{proxy+}":
get:
x-amazon-apigateway-integration:
payloadFormatVersion: '1.0'
type: http_proxy
httpMethod: GET
uri:
Fn::Sub:
- https://${bukkit}.s3.${AWS::Region}.amazonaws.com/{proxy}
- bukkit:
Ref: StaticBucket
connectionType: INTERNET
timeoutInMillis: 30000
GetIndexHTTPLambda:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
CodeUri: "/var/task/src/http/get-index"
Runtime: nodejs16.x
Architectures:
- x86_64
MemorySize: 1152
EphemeralStorage:
Size: 512
Timeout: 5
Environment:
Variables:
ARC_APP_NAME: myapp
ARC_ENV: staging
ARC_ROLE:
Ref: Role
ARC_SESSION_TABLE_NAME: jwe
ARC_STACK_NAME:
Ref: AWS::StackName
ARC_STATIC_BUCKET:
Ref: StaticBucket
ARC_WSS_URL:
Fn::Sub:
- wss://${WS}.execute-api.${AWS::Region}.amazonaws.com/staging
- {}
ARC_STATIC_SPA: false
Role:
Fn::Sub:
- arn:aws:iam::${AWS::AccountId}:role/${roleName}
- roleName:
Ref: Role
Events:
GetIndexHTTPEvent:
Type: HttpApi
Properties:
Path: "/"
Method: GET
ApiId:
Ref: HTTP
ArcMetadata:
pragma: http
name: get /
method: get
path: "/"
DataTable:
Type: AWS::DynamoDB::Table
Properties:
KeySchema:
- AttributeName: scopeID
KeyType: HASH
- AttributeName: dataID
KeyType: RANGE
AttributeDefinitions:
- AttributeName: scopeID
AttributeType: S
- AttributeName: dataID
AttributeType: S
BillingMode: PAY_PER_REQUEST
TimeToLiveSpecification:
AttributeName: ttl
Enabled: true
StaticBucket:
Type: AWS::S3::Bucket
Properties:
OwnershipControls:
Rules:
- ObjectOwnership: BucketOwnerEnforced
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: 404.html
StaticBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: StaticBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- s3:GetObject
Effect: Allow
Principal: "*"
Resource:
- Fn::Sub:
- arn:aws:s3:::${bukkit}/*
- bukkit:
Ref: StaticBucket
Sid: PublicReadGetObject
WS:
Type: AWS::ApiGatewayV2::Api
Properties:
Name: MyappWebsocketStaging
ProtocolType: WEBSOCKET
RouteSelectionExpression: "$request.body.message"
WebsocketDeployment:
Type: AWS::ApiGatewayV2::Deployment
DependsOn:
- ConnectWSRoute
- DefaultWSRoute
- DisconnectWSRoute
Properties:
ApiId:
Ref: WS
WebsocketStage:
Type: AWS::ApiGatewayV2::Stage
Properties:
StageName: staging
DeploymentId:
Ref: WebsocketDeployment
ApiId:
Ref: WS
WebSocketPolicy:
Type: AWS::IAM::Policy
DependsOn: Role
Properties:
PolicyName: ArcWebSocketPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- execute-api:Invoke
- execute-api:ManageConnections
Resource:
- Fn::Sub:
- arn:aws:execute-api:${AWS::Region}:*:${api}/*
- api:
Ref: WS
Roles:
- Ref: Role
ConnectWSLambda:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
CodeUri: "/var/task/src/ws/connect"
Runtime: nodejs16.x
Architectures:
- x86_64
MemorySize: 1152
EphemeralStorage:
Size: 512
Timeout: 5
Environment:
Variables:
ARC_APP_NAME: myapp
ARC_ENV: staging
ARC_ROLE:
Ref: Role
ARC_SESSION_TABLE_NAME: jwe
ARC_STACK_NAME:
Ref: AWS::StackName
ARC_STATIC_BUCKET:
Ref: StaticBucket
ARC_WSS_URL:
Fn::Sub:
- wss://${WS}.execute-api.${AWS::Region}.amazonaws.com/staging
- {}
Role:
Fn::Sub:
- arn:aws:iam::${AWS::AccountId}:role/${roleName}
- roleName:
Ref: Role
Events: {}
ArcMetadata:
pragma: ws
name: connect
ConnectWSRoute:
Type: AWS::ApiGatewayV2::Route
Properties:
ApiId:
Ref: WS
RouteKey: "$connect"
OperationName: ConnectWSRoute
Target:
Fn::Join:
- "/"
- - integrations
- Ref: ConnectWSIntegration
ConnectWSIntegration:
Type: AWS::ApiGatewayV2::Integration
Properties:
ApiId:
Ref: WS
IntegrationType: AWS_PROXY
IntegrationUri:
Fn::Sub:
- arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ConnectWSLambda.Arn}/invocations
- {}
ConnectWSPermission:
Type: AWS::Lambda::Permission
DependsOn:
- WS
- ConnectWSLambda
Properties:
Action: lambda:InvokeFunction
FunctionName:
Ref: ConnectWSLambda
Principal: apigateway.amazonaws.com
DefaultWSLambda:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
CodeUri: "/var/task/src/ws/default"
Runtime: nodejs16.x
Architectures:
- x86_64
MemorySize: 1152
EphemeralStorage:
Size: 512
Timeout: 5
Environment:
Variables:
ARC_APP_NAME: myapp
ARC_ENV: staging
ARC_ROLE:
Ref: Role
ARC_SESSION_TABLE_NAME: jwe
ARC_STACK_NAME:
Ref: AWS::StackName
ARC_STATIC_BUCKET:
Ref: StaticBucket
ARC_WSS_URL:
Fn::Sub:
- wss://${WS}.execute-api.${AWS::Region}.amazonaws.com/staging
- {}
Role:
Fn::Sub:
- arn:aws:iam::${AWS::AccountId}:role/${roleName}
- roleName:
Ref: Role
Events: {}
ArcMetadata:
pragma: ws
name: default
DefaultWSRoute:
Type: AWS::ApiGatewayV2::Route
Properties:
ApiId:
Ref: WS
RouteKey: "$default"
OperationName: DefaultWSRoute
Target:
Fn::Join:
- "/"
- - integrations
- Ref: DefaultWSIntegration
DefaultWSIntegration:
Type: AWS::ApiGatewayV2::Integration
Properties:
ApiId:
Ref: WS
IntegrationType: AWS_PROXY
IntegrationUri:
Fn::Sub:
- arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${DefaultWSLambda.Arn}/invocations
- {}
DefaultWSPermission:
Type: AWS::Lambda::Permission
DependsOn:
- WS
- DefaultWSLambda
Properties:
Action: lambda:InvokeFunction
FunctionName:
Ref: DefaultWSLambda
Principal: apigateway.amazonaws.com
DisconnectWSLambda:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
CodeUri: "/var/task/src/ws/disconnect"
Runtime: nodejs16.x
Architectures:
- x86_64
MemorySize: 1152
EphemeralStorage:
Size: 512
Timeout: 5
Environment:
Variables:
ARC_APP_NAME: myapp
ARC_ENV: staging
ARC_ROLE:
Ref: Role
ARC_SESSION_TABLE_NAME: jwe
ARC_STACK_NAME:
Ref: AWS::StackName
ARC_STATIC_BUCKET:
Ref: StaticBucket
ARC_WSS_URL:
Fn::Sub:
- wss://${WS}.execute-api.${AWS::Region}.amazonaws.com/staging
- {}
Role:
Fn::Sub:
- arn:aws:iam::${AWS::AccountId}:role/${roleName}
- roleName:
Ref: Role
Events: {}
ArcMetadata:
pragma: ws
name: disconnect
DisconnectWSRoute:
Type: AWS::ApiGatewayV2::Route
Properties:
ApiId:
Ref: WS
RouteKey: "$disconnect"
OperationName: DisconnectWSRoute
Target:
Fn::Join:
- "/"
- - integrations
- Ref: DisconnectWSIntegration
DisconnectWSIntegration:
Type: AWS::ApiGatewayV2::Integration
Properties:
ApiId:
Ref: WS
IntegrationType: AWS_PROXY
IntegrationUri:
Fn::Sub:
- arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${DisconnectWSLambda.Arn}/invocations
- {}
DisconnectWSPermission:
Type: AWS::Lambda::Permission
DependsOn:
- WS
- DisconnectWSLambda
Properties:
Action: lambda:InvokeFunction
FunctionName:
Ref: DisconnectWSLambda
Principal: apigateway.amazonaws.com
Outputs:
API:
Description: API Gateway (HTTP)
Value:
Fn::Sub:
- https://${ApiId}.execute-api.${AWS::Region}.amazonaws.com
- ApiId:
Ref: HTTP
ApiId:
Description: API ID (ApiId)
Value:
Ref: HTTP
BucketURL:
Description: Bucket URL
Value:
Fn::Sub:
- http://${bukkit}.s3-website-${AWS::Region}.amazonaws.com
- bukkit:
Ref: StaticBucket
WSS:
Description: WebSocket Endpoint
Value:
Fn::Sub:
- wss://${WS}.execute-api.${AWS::Region}.amazonaws.com/staging
- {}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment