-
Notifications
You must be signed in to change notification settings - Fork 31
/
serverless.yml
136 lines (133 loc) · 3.97 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
service: wild-rides-serverless-demo # NOTE: update this with your service name
provider:
name: aws
runtime: nodejs8.10
stage: ${opt:stage, 'dev'}
functions:
RequestUnicorn:
handler: handler.handler
role: WildRydesLambdaRole
events:
- http:
path: ride
method: post
cors: true
authorizer:
type: COGNITO_USER_POOLS
authorizerId:
Ref: WildRydesApiGatewayAuthorizer
# you can add CloudFormation resource templates here
resources:
Resources:
WildRydesBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: wildrydes-andrei-maksimov
WebsiteConfiguration:
IndexDocument: index.html
WildRydesBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: "WildRydesBucket"
PolicyDocument:
Statement:
-
Effect: "Allow"
Principal: "*"
Action:
- "s3:GetObject"
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
-
Ref: "WildRydesBucket"
- "/*"
WildRydesCognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: WildRydes
WildRydesCognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: WildRydesWebApp
GenerateSecret: false
UserPoolId:
Ref: "WildRydesCognitoUserPool"
WildRydesDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: Rides
AttributeDefinitions:
- AttributeName: RideId
AttributeType: S
KeySchema:
- AttributeName: RideId
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
WildRydesLambdaRole:
Type: AWS::IAM::Role
Properties:
RoleName: WildRydesLambda
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: DynamoDBWriteAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- 'Fn::Join':
- ':'
-
- 'arn:aws:logs'
- Ref: 'AWS::Region'
- Ref: 'AWS::AccountId'
- 'log-group:/aws/lambda/*:*:*'
- Effect: Allow
Action:
- dynamodb:PutItem
Resource:
'Fn::GetAtt': [ WildRydesDynamoDBTable, Arn ]
WildRydesApiGatewayAuthorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
Name: WildRydes
RestApiId:
Ref: ApiGatewayRestApi
Type: COGNITO_USER_POOLS
ProviderARNs:
- Fn::GetAtt: [ WildRydesCognitoUserPool, Arn ]
IdentitySource: method.request.header.Authorization
Outputs:
WildRydesBucketURL:
Description: "Wild Rydes Bucket Website URL"
Value:
"Fn::GetAtt": [ WildRydesBucket, WebsiteURL ]
WildRydesCognitoUserPoolId:
Description: "Wild Rydes Cognito User Pool ID"
Value:
Ref: "WildRydesCognitoUserPool"
WildRydesCognitoUserPoolClientId:
Description: "Wild Rydes Cognito User Pool Client ID"
Value:
Ref: "WildRydesCognitoUserPoolClient"
WildRydesDynamoDbARN:
Description: "Wild Rydes DynamoDB ARN"
Value:
"Fn::GetAtt": [ WildRydesDynamoDBTable, Arn ]