-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
132 lines (118 loc) · 4.48 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
simple schedule serverless application setup
Globals:
Api:
MinimumCompressionSize: 0
TracingEnabled: true
Function:
Tracing: Active
Timeout: 3
Runtime: nodejs14.x
Environment:
Variables:
ENV: Production
PGDBCLUSTERARN: !ImportValue "default-db-cluster-arn"
PGUSER: !ImportValue "default-db-admin-username"
PGHOST: !ImportValue "default-db-cluster-endpoint"
PGPASSWORD: !ImportValue "default-db-password"
PGDATABASE: !ImportValue "default-db-name"
PGPORT: 5432
SECRET_ARN: !ImportValue "default-db-secret"
AWS_NODEJS_CONNECTION_REUSE_ENABLED: '1'
JWT_SECRET: "somesecretpossiblyssl"
JWT_EXPIRES_IN: "30d"
Conditions:
isSamLocal: !Equals [!Ref "AWS::StackName", ""]
isMaster: !Equals [!Ref "AWS::StackName", "auth-service"]
Resources:
AuthServiceApiGateway:
Type: AWS::Serverless::Api
Properties:
Name: auth-service-api
StageName: prod
DefinitionBody:
Fn::Transform:
Name: AWS::Include
Parameters:
Location: ./docs/api.yaml
AuthorizerFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: dist/
Handler: authorizer-function.lambdaHandler
Policies:
- AWSSecretsManagerGetSecretValuePolicy:
SecretArn: !ImportValue "default-db-secret"
- Statement:
- Effect: Allow
Action: 'rds-data:ExecuteStatement'
Resource: !ImportValue "default-db-cluster-arn"
LoginFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: dist/
Handler: login-function.lambdaHandler
Policies:
- AWSSecretsManagerGetSecretValuePolicy:
SecretArn: !ImportValue "default-db-secret"
- Statement:
- Effect: Allow
Action: 'rds-data:ExecuteStatement'
Resource: !ImportValue "default-db-cluster-arn"
RegisterFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: dist/
Handler: register-function.lambdaHandler
Policies:
- AWSSecretsManagerGetSecretValuePolicy:
SecretArn: !ImportValue "default-db-secret"
- Statement:
- Effect: Allow
Action: 'rds-data:ExecuteStatement'
Resource: !ImportValue "default-db-cluster-arn"
# ##########################################################################################################
# # Function permissions grant an AWS service or another account permission to use a function #
# #########################################################################################################
LoginFunctionResourcePermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
Principal: apigateway.amazonaws.com
FunctionName: !Ref LoginFunction
SourceArn: !Sub 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AuthServiceApiGateway}/*'
RegisterFunctionResourcePermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
Principal: apigateway.amazonaws.com
FunctionName: !Ref RegisterFunction
SourceArn: !Sub 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AuthServiceApiGateway}/*'
AuthorizerFunctionResourcePermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
Principal: apigateway.amazonaws.com
FunctionName: !Ref AuthorizerFunction
SourceArn: !Sub 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AuthServiceApiGateway}/*'
Outputs:
AuthorizerArn:
Description: authorizer ARN
Value: !GetAtt AuthorizerFunction.Arn
Export:
Name: !Sub "authorizer-function-arn"
AuthorizerUri:
Description: authorizer Uri
Value: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AuthorizerFunction.Arn}/invocations"
Export:
Name: "authorizerUri"
AuthorizerFunctionName:
Description: authorizer Function Name
Value: !Ref AuthorizerFunction
Export:
Name: "authorizer-function-name"
# API:
# Description: auth-server-api
# Value: !Sub "https://${AuthServiceApiGateway}.execute-api.${AWS::Region}.amazonaws.com/"