-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
240 lines (233 loc) · 6.19 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
org: ipianetti
app: aws-node-serverless
service: aws-node-serverless
frameworkVersion: '3'
provider:
name: aws
runtime: nodejs18.x
region: sa-east-1 #São Paulo
environment:
DYNAMODB_CUSTOMER_TABLE: ${self:service}-customerTable-${sls:stage}
USER_POOL_ID: { Ref: UserPool }
CLIENT_ID: { Ref: UserClient }
iam:
role:
statements:
- Effect: "Allow"
Action:
- "dynamodb:PutItem"
- "dynamodb:Get*"
- "dynamodb:Query"
- "dynamodb:Scan*"
- "dynamodb:UpdateItem"
- "dynamodb:DeleteItem"
Resource:
- arn:aws:dynamodb:${aws:region}:${aws:accountId}:table/${self:provider.environment.DYNAMODB_CUSTOMER_TABLE}
- arn:aws:dynamodb:${aws:region}:${aws:accountId}:table/${self:provider.environment.DYNAMODB_CUSTOMER_TABLE}/index/*
- Effect: "Allow"
Action:
- "cognito-idp:AdminInitiateAuth"
- "cognito-idp:AdminCreateUser"
- "cognito-idp:AdminSetUserPassword"
Resource: !GetAtt UserPool.Arn
functions:
api:
handler: src/index.handler
reservedConcurrency: 1
events:
- http:
path: /
method: get
cors: true
loginUser:
handler: src/handler.login
description: Login User
reservedConcurrency: 3
events:
- http:
path: /user/login
method: post
cors: true
signupUser:
handler: src/handler.signup
description: Signup User
reservedConcurrency: 3
events:
- http:
path: /user/signup
method: post
cors: true
createCustomer:
handler: src/handler.createCustomer
description: Creates a new customer
reservedConcurrency: 3
events:
- http:
path: /api/v1/customers
method: post
cors: true
authorizer:
name: PrivateAuthorizer
type: COGNITO_USER_POOLS
arn: !GetAtt UserPool.Arn
claims:
- email
alarms:
- FunctionErrors
deploymentSettings:
type: Canary10Percent5Minutes
alias: Live
alarms:
- CreateCustomerFunctionErrorsAlarm
getCustomer:
handler: src/handler.getCustomer
description: Gets a customer by uuid
reservedConcurrency: 3
events:
- http:
path: /api/v1/customers/{uuid}
method: get
cors: true
authorizer:
name: PrivateAuthorizer
type: COGNITO_USER_POOLS
arn: !GetAtt UserPool.Arn
claims:
- email
alarms:
- FunctionErrors
deploymentSettings:
type: Canary10Percent5Minutes
alias: Live
alarms:
- GetCustomerFunctionErrorsAlarm
getCustomers:
handler: src/handler.getAllCustomers
description: Gets all customers
reservedConcurrency: 3
events:
- http:
path: /api/v1/customers
method: get
cors: true
authorizer:
name: PrivateAuthorizer
type: COGNITO_USER_POOLS
arn: !GetAtt UserPool.Arn
claims:
- email
alarms:
- FunctionErrors
deploymentSettings:
type: Canary10Percent5Minutes
alias: Live
alarms:
- GetCustomersFunctionErrorsAlarm
deleteCustomer:
handler: src/handler.deleteCustomer
description: Disables a customer by uuid
reservedConcurrency: 3
events:
- http:
path: /api/v1/customers/{uuid}
method: delete
cors: true
authorizer:
name: PrivateAuthorizer
type: COGNITO_USER_POOLS
arn: !GetAtt UserPool.Arn
claims:
- email
alarms:
- FunctionErrors
deploymentSettings:
type: Canary10Percent5Minutes
alias: Live
alarms:
- DeleteCustomerFunctionErrorsAlarm
resources:
Resources:
CustomerTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: ${self:provider.environment.DYNAMODB_CUSTOMER_TABLE}
AttributeDefinitions:
- AttributeName: uuid
AttributeType: S
- AttributeName: username
AttributeType: S
- AttributeName: email
AttributeType: S
KeySchema:
- AttributeName: uuid
KeyType: HASH # partition key
GlobalSecondaryIndexes:
- IndexName: usernameIndex
KeySchema:
- AttributeName: username
KeyType: HASH
Projection:
ProjectionType: ALL
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
- IndexName: emailIndex
KeySchema:
- AttributeName: email
KeyType: HASH
Projection:
ProjectionType: ALL
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
ProvisionedThroughput:
ReadCapacityUnits: 2
WriteCapacityUnits: 2
UserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: serverless-auth-pool
Schema:
- Name: email
Required: true
Mutable: true
Policies:
PasswordPolicy:
MinimumLength: 6
AutoVerifiedAttributes: [ "email" ]
UserClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: user-pool-ui
GenerateSecret: false
UserPoolId: { Ref: UserPool }
AccessTokenValidity: 5
IdTokenValidity: 5
ExplicitAuthFlows:
- "ADMIN_NO_SRP_AUTH"
plugins:
- serverless-plugin-typescript
- serverless-offline
- serverless-dynamodb
- serverless-plugin-canary-deployments
- serverless-plugin-aws-alerts
custom:
alerts:
dashboards: true
definitions:
FunctionErrors:
namespace: 'AWS/Lambda'
metric: Errors
threshold: 1
statistic: Minimum
period: 60
evaluationPeriods: 1
comparisonOperator: GreaterThanOrEqualToThreshold
dynamodb:
stages:
- dev
start:
port: 8000
inMemory: true
migrate: true
noStart: true