template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  todo-app
  - Serverless Functions for GET/PUT/POST/DELETE
  - UI Leptos WASM in an S3 bucket

Globals:
  Function:
    MemorySize: 128
    Architectures: ["arm64"]
    Handler: bootstrap
    Runtime: provided.al2
    Timeout: 5
    Tracing: Active
    LoggingConfig:
      LogFormat: JSON
      ApplicationLogLevel: INFO
      LogGroup: TodoLogGroup
      SystemLogLevel: INFO

  HttpApi:
    CorsConfiguration:
      AllowOrigins:
        - "*"
      AllowMethods:
        - "PUT, GET, HEAD, POST, DELETE, OPTIONS"
      AllowHeaders:
        - "access-control-allow-headers, access-control-allow-methods, access-control-allow-origin, access-control-allow-credentials, content-type"
      MaxAge: 600

  Api:
    Cors:
      AllowOrigin: "'*'"
      AllowHeaders: "'access-control-allow-headers, access-control-allow-methods, access-control-allow-origin, access-control-allow-credentials, content-type'"
      AllowMethods: "'PUT, GET, HEAD, POST, DELETE, OPTIONS'"
      AllowCredentials: "'true'"
      MaxAge: "'600'"

    GatewayResponses:
      DEFAULT_4xx:
        ResponseParameters:
          Headers:
            Access-Control-Expose-Headers: "'WWW-Authenticate'"
            Access-Control-Allow-Origin: "'*'"
      DEFAULT_5xx:
        ResponseParameters:
          Headers:
            Access-Control-Expose-Headers: "'WWW-Authenticate'"
            Access-Control-Allow-Origin: "'*'"

Resources:
  TodoGetListFunction:
    Type: AWS::Serverless::Function
    Properties:
      Role: !GetAtt TodoExecutionRole.Arn
      CodeUri: target/lambda/get-todos
      Events:
        CatchAll:
          Type: Api
          Properties:
            Path: /
            Method: get

  TodoGetItemFunction:
    Type: AWS::Serverless::Function
    Properties:
      Role: !GetAtt TodoExecutionRole.Arn
      CodeUri: target/lambda/get-todo
      Events:
        CatchAll:
          Type: Api
          Properties:
            Path: /{id}
            Method: get

  TodoAddItemFunction:
    Type: AWS::Serverless::Function
    Properties:
      Role: !GetAtt TodoExecutionRole.Arn
      CodeUri: target/lambda/add-todo
      Events:
        CatchAll:
          Type: Api
          Properties:
            Path: /
            Method: post

  TodoEditItemFunction:
    Type: AWS::Serverless::Function
    Properties:
      Role: !GetAtt TodoExecutionRole.Arn
      CodeUri: target/lambda/edit-todo
      Events:
        CatchAll:
          Type: Api
          Properties:
            Path: /
            Method: put

  TodoDeleteItemFunction:
    Type: AWS::Serverless::Function
    Properties:
      Role: !GetAtt TodoExecutionRole.Arn
      CodeUri: target/lambda/delete-todo
      Events:
        CatchAll:
          Type: Api
          Properties:
            Path: /{id}
            Method: delete

  TodoDB:
    Type: AWS::Serverless::SimpleTable
    Properties:
      PrimaryKey:
        Name: id
        Type: String
      ProvisionedThroughput:
        ReadCapacityUnits: 2
        WriteCapacityUnits: 2
      TableName: TodoTable

  TodoExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: TodoAccessPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action: [
                "dynamodb:DescribeTable",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:GetItem",
                "dynamodb:DeleteItem",
                "dynamodb:UpdateItem",
                "dynamodb:PutItem"
                ]
                Resource: "arn:aws:dynamodb:*:*:table/TodoTable"
              - Effect: Allow
                Action: [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
                ]
                Resource: "*"

  TodoUsagePlan:
    Type: AWS::ApiGateway::UsagePlan
    Properties:
      ApiStages:
        - ApiId: !Ref ServerlessRestApi
          Stage: !Ref ServerlessRestApiProdStage
      Description: Todo usage plan
      Quota:
        Limit: 1000
        Period: MONTH
      Throttle:
        BurstLimit: 10
        RateLimit: 10
      UsagePlanName: TodoUsagePlan

  TodoLogGroup:
    Type: 'AWS::Logs::LogGroup'
    Properties:
      LogGroupName: TodoLogGroup
      RetentionInDays: 7

  S3Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Delete
    Properties:
      # REPLACE THIS NAME BY YOUR OWN BUCKET NAME !!!
      # APPLY ALSO THE NAME IN THE [MakeFile]:
      #   BUCKET_NAME := todo-app-xxx
      BucketName: todo-app-xxx
      PublicAccessBlockConfiguration:
        BlockPublicAcls: false
      OwnershipControls:
        Rules:
          - ObjectOwnership: ObjectWriter
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: error.html

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref S3Bucket
      PolicyDocument:
        Id: TodoS3Policy
        Version: 2012-10-17
        Statement:
          - Sid: PublicReadForGetBucketObjects
            Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Join
              - ''
              - - 'arn:aws:s3:::'
                - !Ref S3Bucket
                - /*

Outputs:
  TodoGetListFunctionAPI:
    Description: "API [get-todos] URL:"
    Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/get-todos"
  TodoBucketUrl:
    Description: "S3 Website Bucket URL:"
    Value: !Sub "https://${S3Bucket}.s3-website-${AWS::Region}.amazonaws.com"