service: watchdog-proxy plugins: - serverless-s3-remover - serverless-apigw-binary custom: localConfig: ${file(serverless.local.yml)} region: ${self:provider.region} stage: ${self:provider.stage} prefix: ${self:service}-${self:custom.stage} process: ${self:custom.prefix}-processQueueItem config: ${self:custom.prefix}-config credentials: ${self:custom.prefix}-credentials sqs: ${self:custom.prefix}-messages contentBucket: ${self:custom.prefix}-content remover: buckets: - ${self:custom.contentBucket} apigwBinary: types: - 'multipart/form-data' fnEnv: NODE_ENV: ${env:NODE_ENV,"production"} DISABLE_AUTH_CACHE: ${env:DISABLE_AUTH_CACHE, "0"} ENABLE_DEV_AUTH: ${env:ENABLE_DEV_AUTH,"0"} UPSTREAM_SERVICE_URL: ${env:UPSTREAM_SERVICE_URL, self:custom.localConfig.upstreamService.url} UPSTREAM_SERVICE_KEY: ${env:UPSTREAM_SERVICE_KEY, self:custom.localConfig.upstreamService.key} SERVICE_STAGE: ${self:custom.stage} SERVICE_PREFIX: ${self:custom.prefix} CONFIG_TABLE: ${self:custom.config} CREDENTIALS_TABLE: ${self:custom.credentials} QUEUE_NAME: ${self:custom.sqs} CONTENT_BUCKET: ${self:custom.contentBucket} PROCESS_QUEUE_FUNCTION: ${self:custom.process} provider: name: aws runtime: nodejs8.10 stage: ${self:custom.localConfig.stage, opt:stage, 'dev'} region: us-east-1 memorySize: 128 iamRoleStatements: - Effect: Allow Action: - dynamodb:GetItem - dynamodb:PutItem - dynamodb:DeleteItem - dynamodb:UpdateItem - dynamodb:Query - dynamodb:Scan Resource: - arn:aws:dynamodb:*:*:table/${self:custom.config} - arn:aws:dynamodb:*:*:table/${self:custom.credentials} - Effect: Allow Action: - lambda:InvokeFunction Resource: arn:aws:lambda:*:*:function:${self:custom.process} - Effect: Allow Action: - sqs:ChangeMessageVisibility - sqs:ChangeMessageVisibilityBatch - sqs:DeleteMessage - sqs:DeleteMessageBatch - sqs:GetQueueAttributes - sqs:GetQueueUrl - sqs:ReceiveMessage - sqs:SendMessage - sqs:SendMessageBatch Resource: arn:aws:sqs:*:*:${self:custom.sqs} - Effect: Allow Action: - s3:GetObject - s3:PutObject - s3:PutObjectAcl - s3:DeleteObject - s3:ListBucket Resource: - arn:aws:s3:::${self:custom.contentBucket} - arn:aws:s3:::${self:custom.contentBucket}/* resources: Resources: S3BucketContent: Type: AWS::S3::Bucket Properties: BucketName: ${self:custom.contentBucket} LifecycleConfiguration: Rules: - Id: DailyCleanup Status: Enabled ExpirationInDays: 30 Messages: Type: AWS::SQS::Queue Properties: QueueName: ${self:custom.sqs} MessageRetentionPeriod: 1209600 VisibilityTimeout: 60 RedrivePolicy: deadLetterTargetArn: Fn::GetAtt: - MessagesDeadLetterQueue - Arn maxReceiveCount: 10 MessagesDeadLetterQueue: Type: AWS::SQS::Queue Properties: QueueName: ${self:custom.sqs}-dead-letter-queue MessageRetentionPeriod: 1209600 Credentials: Type: AWS::DynamoDB::Table Properties: TableName: ${self:custom.credentials} AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - AttributeName: id KeyType: HASH ProvisionedThroughput: ReadCapacityUnits: 5 WriteCapacityUnits: 5 Config: Type: AWS::DynamoDB::Table Properties: TableName: ${self:custom.config} AttributeDefinitions: - AttributeName: key AttributeType: S KeySchema: - AttributeName: key KeyType: HASH ProvisionedThroughput: ReadCapacityUnits: 5 WriteCapacityUnits: 5 package: exclude: - docs/** - helpers/** - test/** - functions/**/*-test.js functions: accept: handler: functions/accept.post name: ${self:custom.prefix}-accept environment: ${self:custom.fnEnv} events: - http: path: accept method: post pollQueue: timeout: 60 handler: functions/pollQueue.handler name: ${self:custom.prefix}-pollQueue environment: ${self:custom.fnEnv} events: - schedule: rate(1 minute) processQueueItem: timeout: 60 handler: functions/processQueueItem.handler name: ${self:custom.process} environment: ${self:custom.fnEnv}