-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
157 lines (141 loc) · 4.02 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
service: workshop-${self:custom.name}
frameworkVersion: '3'
custom:
name: cmcgavin
export-env:
overwrite: true
provider:
name: aws
runtime: nodejs14.x
iam:
role:
statements:
- Effect: Allow
Action: dynamodb:scan
Resource: !GetAtt RestaurantsTable.Arn
- Effect: Allow
Action: execute-api:Invoke
Resource: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayRestApi}/${sls:stage}/GET/restaurants
environment:
rest_api_url:
Fn::Join:
- ""
- - https://
- !Ref ApiGatewayRestApi
- .execute-api.${aws:region}.amazonaws.com/${sls:stage}
functions:
get-index:
handler: functions/get-index.handler
events:
- http:
path: /
method: get
environment:
restaurants_api:
Fn::Join:
- ""
- - https://
- !Ref ApiGatewayRestApi
- .execute-api.${aws:region}.amazonaws.com/${sls:stage}/restaurants
cognito_user_pool_id: !Ref CognitoUserPool
cognito_client_id: !Ref WebCognitoUserPoolClient
cognito_server_client_id: !Ref ServerCognitoUserPoolClient
get-restaurants:
handler: functions/get-restaurants.handler
events:
- http:
path: /restaurants
method: get
authorizer: aws_iam
environment:
restaurants_table: !Ref RestaurantsTable
search-restaurants:
handler: functions/search-restaurants.handler
events:
- http:
path: /restaurants/search
method: post
authorizer:
name: CognitoAuthorizer
type: COGNITO_USER_POOLS
arn: !GetAtt CognitoUserPool.Arn
environment:
restaurants_table: !Ref RestaurantsTable
resources:
Resources:
RestaurantsTable:
Type: AWS::DynamoDB::Table
Properties:
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: name
AttributeType: S
KeySchema:
- AttributeName: name
KeyType: HASH
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
AliasAttributes:
- email
UsernameConfiguration:
CaseSensitive: false
AutoVerifiedAttributes:
- email
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
RequireUppercase: true
RequireSymbols: true
Schema:
- AttributeDataType: String
Mutable: true
Name: given_name
Required: true
StringAttributeConstraints:
MinLength: "1"
- AttributeDataType: String
Mutable: true
Name: family_name
Required: true
StringAttributeConstraints:
MinLength: "1"
- AttributeDataType: String
Mutable: true
Name: email
Required: true
StringAttributeConstraints:
MinLength: "1"
WebCognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: web
UserPoolId: !Ref CognitoUserPool
ExplicitAuthFlows:
- ALLOW_USER_SRP_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
PreventUserExistenceErrors: ENABLED
ServerCognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: server
UserPoolId: !Ref CognitoUserPool
ExplicitAuthFlows:
- ALLOW_ADMIN_USER_PASSWORD_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
PreventUserExistenceErrors: ENABLED
Outputs:
RestaurantsTableName:
Value: !Ref RestaurantsTable
CognitoUserPoolId:
Value: !Ref CognitoUserPool
CognitoUserPoolArn:
Value: !GetAtt CognitoUserPool.Arn
CognitoUserPoolWebClientId:
Value: !Ref WebCognitoUserPoolClient
CognitoUserPoolServerClientId:
Value: !Ref ServerCognitoUserPoolClient
plugins:
- serverless-export-env