-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathserverless.yml
139 lines (132 loc) · 4.22 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# See here for reference: https://serverless.com/framework/docs/providers/aws/guide/serverless.yml/
service: ${self:custom.name}
plugins:
- serverless-webpack
- serverless-plugin-tracing
- serverless-pseudo-parameters
provider:
name: aws
runtime: nodejs12.x
stage: ${self:custom.stage}
region: ${self:custom.region}
profile: ${self:custom.profile}
timeout: 30
memorySize: 256
apiKeys:
- ${self:custom.stagedName}-key
iamRoleStatements:
- Effect: Allow
Action:
- ssm:GetParameter
Resource:
- Fn::Sub: 'arn:aws:ssm:#{AWS::Region}:#{AWS::AccountId}:parameter#{ApiKey}'
- Fn::Sub: 'arn:aws:ssm:#{AWS::Region}:#{AWS::AccountId}:parameter#{ApiUrl}'
- Effect: 'Allow' # xray permissions (required)
Action:
- 'xray:PutTraceSegments'
- 'xray:PutTelemetryRecords'
Resource:
- '*'
# Add additional permissions for all lambdas here
environment:
SERVICE_HOST: ${self:custom.domain}
SERVICE_NAME: ${self:custom.name}
# Add additional env variable for all lambdas here
package:
individually: true
functions: ${self:custom.functions.${self:custom.stage}}
custom:
# Change the name to match your service name
name: ${opt:service-name, env:SERVICE_NAME, 'micro-lambda'}
# Change the domain to match your domain
domain: ${opt:service-host, env:SERVICE_HOST, 'api.your-domain.com}
stage: ${opt:stage, env:STAGE, 'dev'}
stagedName: ${self:custom.name}-${self:custom.stage}
region: ${opt:region, env:AWS_REGION, 'ap-southeast-2'}
profile: ${opt:profile, env:AWS_PROFILE, self:custom.stage}
tracing: false # AWS X-Ray disabled by default
webpack:
includeModules:
forceExclude: [aws-sdk]
webpackConfig: ${self:custom.webpack.webpackConfigMap.${self:custom.stage}}
webpackConfigMap:
dev: ./internals/webpack/webpack.dev.config.js
stg: ./internals/webpack/webpack.dev.config.js
prd: ./internals/webpack/webpack.prod.config.js
functions:
# API lambda function
api: &api
handler: src/api-lambda.handler
tracing: true
events:
# Add additional API endpoints here
- http:
method: GET
path: /{id}
private: true
request:
parameters:
path:
id: true
querystrings:
message: false
environment:
# Set the parameter store values
SSM_API_URL: { Ref: ApiUrl }
SSM_API_KEY: { Ref: ApiKey }
# API docs lamda function
api-docs: &api-docs
handler: src/api-docs-lambda.handler
role: ApiDocsExecutionRole
events:
- http: GET /docs
- http: GET /docs/{proxy+}
dev:
api: *api
api-docs: *api-docs
stg:
api: *api
api-docs: *api-docs
prd:
api: *api
# We don't need to deploy docs to production
resources:
Parameters:
ApiKey:
Type: AWS::SSM::Parameter::Name
Default: /${self:custom.stage}/api/api_key
ApiUrl:
Type: AWS::SSM::Parameter::Name
Default: /${self:custom.stage}/api/api_url
# Remove the paremters above and add your parameter store values here
Resources:
ApiGatewayRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: ${self:custom.stagedName}
# Uncomment the next resource for custom-domain mapping in API Gateway
ApiGatewayMapping:
Type: AWS::ApiGateway::BasePathMapping
DependsOn: ApiGatewayApiKey1
Properties:
BasePath: ${self:custom.name}
DomainName: ${self:custom.domain}
RestApiId:
Ref: ApiGatewayRestApi
Stage: ${self:custom.stage}
# IAM execution role isolation for API docs lambda
ApiDocsExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stagedName}-api-docs-${self:custom.region}-lambdaRole
AssumeRolePolicyDocument:
Version: '2008-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
# Add additional AWS resources here