-
Notifications
You must be signed in to change notification settings - Fork 1
/
serverless.yml
49 lines (44 loc) · 1.38 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
service: cloudflare-provisioner
frameworkVersion: '3'
plugins:
- serverless-python-requirements
provider:
name: aws
runtime: python3.8
region: eu-west-1
stage: prod
iam:
role:
name: cloudflare-provisioner-execution-role-${sls:stage}
environment:
CLOUDFLARE_API_TOKEN_SECRET_NAME: solutions/cloudflare/api-token-${sls:stage}
functions:
cloudflare-dns-record:
handler: cloudflare_provisioner.dns_record.handler
description: Manages Cloudflare DNS records
layers:
- arn:aws:lambda:eu-west-1:015030872274:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4
resources:
Resources:
CloudflareApiTokenSecret:
Type: AWS::SecretsManager::Secret
Properties:
Description: API Token used to provision Cloudflare resources
Name: solutions/cloudflare/api-token-${sls:stage}
Tags:
- Key: Project
Value: cloudflare-provisioner
CloudflareApiTokenSecretPolicy:
Type: AWS::SecretsManager::ResourcePolicy
Properties:
SecretId: !Ref CloudflareApiTokenSecret
ResourcePolicy:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- secretsmanager:GetSecretValue
- secretsmanager:DescribeSecret
Resource: '*'
Principal:
AWS: !GetAtt [ IamRoleLambdaExecution, Arn]