-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yml
174 lines (165 loc) · 4.19 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
ParamProjectID:
Type: String
ParamProjectEnviron:
Type: String
ParamProjectOrgID:
Type: String
ParamProjectName:
Type: String
Globals:
Function:
Runtime: go1.x
Timeout: 120
Environment:
Variables:
PROJECT_ID: !Ref ParamProjectID
ENVIRON: !Ref ParamProjectEnviron
ORG_ID: !Ref ParamProjectOrgID
PROJECT_NAME: !Ref ParamProjectName
Api:
Cors:
AllowMethods: "'GET,POST,OPTIONS'"
AllowHeaders: "'content-type'"
AllowOrigin: "'*'"
AllowCredentials: "'*'"
Resources:
APIGateway1:
Type: AWS::Serverless::Api
Properties:
Name: !Sub '${ParamProjectID}'
StageName: !Ref ParamProjectEnviron
MethodSettings:
- LoggingLevel: INFO
ResourcePath: '/*'
HttpMethod: '*'
DataTraceEnabled: true
MetricsEnabled: true
Auth:
DefaultAuthorizer: BasicAuthorizer
Authorizers:
BasicAuthorizer:
FunctionArn: !GetAtt FuncAuth.Arn
Identity:
Header: Authorization
ValidationExpression: ^[Bb]eer [-0-9a-zA-z\.]*$
ReauthorizeEvery: 10
FuncAuth:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub '${ParamProjectID}-auth'
Role: !GetAtt Role1.Arn
Handler: src/rdst/bin/auth
Runtime: go1.x
Tracing: Active
Policies:
- Ref: ManagedPolicy1
Func1:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub '${ParamProjectID}-rdstl'
Role: !GetAtt Role1.Arn
Handler: src/rdst/bin/rdst
Runtime: go1.x
Tracing: Active
Events:
GetEvent:
Type: Api
Properties:
RestApiId: !Ref APIGateway1
Path: /rdst/{id}
Method: GET
Func2:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub '${ParamProjectID}-rdstw'
Role: !GetAtt Role1.Arn
Handler: src/rdst/bin/rdst
Runtime: go1.x
Tracing: Active
Events:
GetEvent:
Type: Api
Properties:
RestApiId: !Ref APIGateway1
Path: /rdst/action
Method: POST
ManagedPolicy1:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Sub '${ParamProjectID}-policy'
PolicyDocument:
Version: '2012-10-17'
Statement:
-
Sid: AllowCloudwatchAccess
Effect: Allow
Action:
- logs:*
Resource: "*"
-
Sid: AllowLambdaAccess
Effect: Allow
Action:
- lambda:*
Resource: "*"
-
Sid: AllowXrayAccess
Effect: Allow
Action:
- xray:*
Resource: "*"
-
Sid: RDSaccess
Effect: Allow
Action:
- rds:Start*
- rds:Stop*
- rds:Describe*
- rds:Get*
Resource: "*"
-
Sid: DynamoDBAccess
Effect: Allow
Action:
- dynamodb:*
Resource: "*"
-
Sid: SSMAccess
Effect: Allow
Action:
- ssm:*
Resource: "*"
Role1:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Sub '${ParamProjectID}-role'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
- lambda.amazonaws.com
- apigateway.amazonaws.com
- ssm.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
ManagedPolicyArns:
- !Ref ManagedPolicy1
Outputs:
URL:
Description: URL for HTTPS Endpoint
Value:
Fn::Join:
- ''
- - https://
- Ref: APIGateway1
- ".execute-api."
- Ref: AWS::Region
- ".amazonaws.com/"
- Ref: ParamProjectEnviron