-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
193 lines (182 loc) · 6.32 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
service: CodeRecipeSample-CryptoExchange
provider:
name: aws
runtime: python2.7
region: us-east-1
stage: ${opt:stage}
dbUser: ${opt:dbUser}
ROPSTEN_INFURA_KEY: ${opt:ROPSTEN_INFURA_KEY}
ETH_PRIV_KEY: ${opt:ETH_PRIV_KEY}
ETH_FROM_ADDRESS: ${opt:ETH_FROM_ADDRESS}
apiKeys:
- ${opt:stage}-scalableCryptoExchange
usagePlan:
quota:
limit: 5000
offset: 0
period: DAY
throttle:
burstLimit: 1
rateLimit: 1
functions:
QueueHandler:
handler: src/handler.handle_queue
name: ${self:provider.stage}-QueueHandler
environment:
Stage: ${self:provider.stage}
QueueUrl: "#{OrderQueue}"
events:
- http:
path: place-order
method: POST
cors: true
integration: lambda
private: true
iamRoleStatementsName: ${self:provider.stage}-QueueHandler-role
iamRoleStatements:
- Effect: "Allow"
Action:
- sqs:*
Resource: "#{OrderQueue.Arn}"
OrderHandler:
handler: src/handler.handle_order
name: ${self:provider.stage}-OrderHandler
environment:
Stage: ${self:provider.stage}
events:
- sqs:
arn: "#{OrderQueue.Arn}"
batchSize: 1
iamRoleStatementsName: ${self:provider.stage}-OrderHandler-role
iamRoleStatements:
- Effect: "Allow"
Action:
- lambda:InvokeFunction
Resource: "arn:aws:lambda:${self:provider.region}:#{AWS::AccountId}:function:${self:provider.stage}-UpdateSellerBankAccount"
- Effect: "Allow"
Action:
- lambda:InvokeFunction
Resource: "arn:aws:lambda:${self:provider.region}:#{AWS::AccountId}:function:${self:provider.stage}-UpdateBuyerWallet"
- Effect: "Allow"
Action:
- lambda:InvokeFunction
Resource: "arn:aws:lambda:${self:provider.region}:#{AWS::AccountId}:function:${self:provider.stage}-TransactionRecorder"
- Effect: "Allow"
Action:
- sqs:*
Resource: "#{OrderQueue.Arn}"
UpdateSellerBankAccount:
handler: src/handler.handle_fiat_transaction
name: ${self:provider.stage}-UpdateSellerBankAccount
environment:
Stage: ${self:provider.stage}
iamRoleStatementsName: ${self:provider.stage}-UpdateSellerBankAccount-role
iamRoleStatements:
- Effect: "Allow"
Action:
- lambda:InvokeFunction
Resource: "arn:aws:lambda:${self:provider.region}:#{AWS::AccountId}:function:${self:provider.stage}-OrderHandler"
UpdateBuyerWallet:
handler: src/handler.handler
runtime: nodejs8.10
name: ${self:provider.stage}-UpdateBuyerWallet
environment:
Stage: ${self:provider.stage}
ROPSTEN_INFURA_KEY: ${self:provider.ROPSTEN_INFURA_KEY}
ETH_PRIV_KEY: ${self:provider.ETH_PRIV_KEY}
ETH_FROM_ADDRESS: ${self:provider.ETH_FROM_ADDRESS}
iamRoleStatementsName: ${self:provider.stage}-UpdateBuyerWallet-role
iamRoleStatements:
- Effect: "Allow"
Action:
- lambda:InvokeFunction
Resource: "arn:aws:lambda:${self:provider.region}:#{AWS::AccountId}:function:${self:provider.stage}-OrderHandler"
SellerDashboard:
handler: src/handler.handle_seller_dashboard
name: ${self:provider.stage}-SellerDashboard
timeout: 10
environment:
Stage: ${self:provider.stage}
events:
- http:
path: get-orders
method: POST
cors: true
integration: lambda
private: true
iamRoleStatementsName: ${self:provider.stage}-SellerDashboard-role
iamRoleStatements:
- Effect: "Allow"
Action:
- lambda:InvokeFunction
Resource: "arn:aws:lambda:${self:provider.region}:#{AWS::AccountId}:function:${self:provider.stage}-TransactionRecorder"
TransactionRecorder:
handler: src/handler.handle_transaction_recorder
name: ${self:provider.stage}-TransactionRecorder
timeout: 10
environment:
Stage: ${self:provider.stage}
AwsSecretStoreArn: "#{RDSSecret}"
DatabaseName: "exchangeDb"
DbClusterArn: "arn:aws:rds:${self:provider.region}:#{AWS::AccountId}:cluster:#{ExchangeDbCluster}"
iamRoleStatementsName: ${self:provider.stage}-TransactionRecorder-role
iamRoleStatements:
- Effect: "Allow"
Action:
- lambda:InvokeFunction
Resource: "arn:aws:lambda:${self:provider.region}:#{AWS::AccountId}:function:${self:provider.stage}-OrderHandler"
- Effect: "Allow"
Action:
- "rds-data:ExecuteSql"
Resource: "arn:aws:rds:${self:provider.region}:#{AWS::AccountId}:cluster:#{ExchangeDbCluster}"
- Effect: "Allow"
Action:
- "secretsmanager:GetSecretValue"
Resource: "#{RDSSecret}"
resources:
Resources:
OrderQueue:
Type: "AWS::SQS::Queue"
Properties:
QueueName: "${self:provider.stage}-OrderQueue"
RDSSecret:
Type: AWS::SecretsManager::Secret
Properties:
Description: 'Secret for Orders RDS'
GenerateSecretString:
SecretStringTemplate: '{"username": "${self:provider.dbUser}"}'
GenerateStringKey: 'password'
PasswordLength: 16
ExcludeCharacters: '"@/\'
ExchangeDbCluster:
Type: AWS::RDS::DBCluster
Properties:
DBClusterIdentifier: ${self:provider.stage}-exchangedbcluster
MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref RDSSecret, ':SecretString:username}}' ]]
MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref RDSSecret, ':SecretString:password}}' ]]
DatabaseName: exchangeDb
Engine: aurora
EngineMode: serverless
ScalingConfiguration:
AutoPause: true
MaxCapacity: 8
MinCapacity: 2
SecondsUntilAutoPause: 300
SecretRDSInstanceAttachment:
Type: AWS::SecretsManager::SecretTargetAttachment
Properties:
SecretId: !Ref RDSSecret
TargetId: !Ref ExchangeDbCluster
TargetType: AWS::RDS::DBCluster
plugins:
- serverless-python-requirements
- serverless-pseudo-parameters
- serverless-iam-roles-per-function
- serverless-plugin-scripts
custom:
scripts:
hooks:
'deploy:finalize': 'aws rds modify-db-cluster --db-cluster-identifier ${self:provider.stage}-exchangedbcluster --enable-http-endpoint'
pythonRequirements:
noDeploy: []
dockerizePip: false