-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path#serverless.yml#
157 lines (134 loc) · 4.01 KB
/
#serverless.yml#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
service: workshop-${self:custom.name}
custom:
name: 'alexs'
email: '[email protected]'
provider:
name: aws
runtime: nodejs12.x
iamRoleStatements:
- Effect: Allow
Action: dynamodb:scan
Resource: !GetAtt RestaurantsTable.Arn
- Effect: Allow
Action: execute-api:Invoke
Resource: arn:aws:execute-api:#{AWS::Region}:#{AWS::AccountId}:#{ApiGatewayRestApi}/${self:provider.stage}/GET/restaurants
functions:
get-index:
handler: functions/get-index.handler
events:
- http:
path: /
method: get
environment:
restaurants_api: https://#{ApiGatewayRestApi}.execute-api.#{AWS::Region}.amazonaws.com/${self:provider.stage}/restaurants
cognito_user_pool_id: !Ref CognitoUserPool
cognito_client_id: !Ref WebCognitoUserPoolClient
get-restaurants:
handler: functions/get-restaurants.handler
events:
- http:
path: /restaurants
method: get
authorizer: aws_iam
environment:
restaurants_table: !Ref RestaurantsTable
search-restaurants:
handler: functions/search-restaurants.handler
events:
- http:
path: /restaurants/search
method: post
authorizer:
type: COGNITO_USER_POOLS
authorizerId: !Ref CognitoAuthorizer
environment:
restaurants_table: !Ref RestaurantsTable
resources:
Resources:
RestaurantsTable:
Type: AWS::DynamoDB::Table
Properties:
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: name
AttributeType: S
KeySchema:
- AttributeName: name
KeyType: HASH
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
AliasAttributes:
- email
UsernameConfiguration:
CaseSensitive: false
AutoVerifiedAttributes:
- email
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
RequireUppercase: true
RequireSymbols: true
Schema:
- AttributeDataType: String
Mutable: true
Name: given_name
Required: true
StringAttributeConstraints:
MinLength: "1"
- AttributeDataType: String
Mutable: true
Name: family_name
Required: true
StringAttributeConstraints:
MinLength: "1"
- AttributeDataType: String
Mutable: true
Name: email
Required: true
StringAttributeConstraints:
MinLength: "1"
WebCognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: web
UserPoolId: !Ref CognitoUserPool
ExplicitAuthFlows:
- ALLOW_USER_SRP_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
PreventUserExistenceErrors: ENABLED
ServerCognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: server
UserPoolId: !Ref CognitoUserPool
ExplicitAuthFlows:
- ALLOW_ADMIN_USER_PASSWORD_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
PreventUserExistenceErrors: ENABLED
CognitoAuthorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
AuthorizerResultTtlInSeconds: 300
IdentitySource: method.request.header.Authorization
Name: Cognito
RestApiId: !Ref ApiGatewayRestApi
Type: COGNITO_USER_POOLS
ProviderARNs:
- !GetAtt CognitoUserPool.Arn
Outputs:
RestaurantsTableName:
Value: !Ref RestaurantsTable
CognitoUserPoolId:
Value: !Ref CognitoUserPool
CognitoUserPoolArn:
Value: !GetAtt CognitoUserPool.Arn
CognitoUserPoolWebClientId:
Value: !Ref WebCognitoUserPoolClient
CognitoUserPoolServerClientId:
Value: !Ref ServerCognitoUserPoolClient
plugins:
- serverless-export-env
- serverless-pseudo-parameters