265 строки
7.6 KiB
YAML
265 строки
7.6 KiB
YAML
service: watchdog-proxy
|
|
|
|
plugins:
|
|
- serverless-s3-remover
|
|
- serverless-apigw-binary
|
|
- serverless-domain-manager
|
|
|
|
custom:
|
|
localConfig: ${file(serverless.local.yml)}
|
|
dynamicConfig: ${file(serverless.dynamicConfig.js)}
|
|
region: ${self:provider.region}
|
|
stage: ${self:provider.stage}
|
|
prefix: ${self:service}-${self:custom.stage}
|
|
process: ${self:custom.prefix}-processQueueItem
|
|
config: ${self:custom.prefix}-config
|
|
credentials: ${self:custom.prefix}-credentials
|
|
sqs: ${self:custom.prefix}-messages
|
|
contentBucket: ${self:custom.prefix}-content
|
|
|
|
# This customDomain stuff is a little complicated to allow switching between
|
|
# deployment stages / modes
|
|
customDomain: ${self:custom.customDomainVariants.${env:DOMAIN, "local"}}
|
|
customDomainDisabled:
|
|
enabled: false
|
|
customDomainVariants:
|
|
local: ${file(serverless.local.yml):customDomain, self:custom.customDomainDisabled}
|
|
disabled:
|
|
enabled: false
|
|
dev:
|
|
domainName: ${self:service}.dev.mozaws.net
|
|
certificateArn: 'arn:aws:acm:us-east-1:927034868273:certificate/61e462bd-410e-48b6-95da-fa5501430d1d'
|
|
basePath: ''
|
|
stage: ${self:provider.stage}
|
|
createRoute53Record: true
|
|
enabled: true
|
|
stage:
|
|
# TODO: Tweak this so it has the right properties for staging, even if all pulled from env
|
|
domainName: ${self:service}-stage.dev.mozaws.net
|
|
certificateArn: 'arn:aws:acm:us-east-1:927034868273:certificate/61e462bd-410e-48b6-95da-fa5501430d1d'
|
|
basePath: ''
|
|
stage: ${self:provider.stage}
|
|
createRoute53Record: true
|
|
enabled: true
|
|
production:
|
|
# TODO: Tweak this so it has the right properties for production, even if all pulled from env
|
|
domainName: ${self:service}-prod.dev.mozaws.net
|
|
certificateArn: 'arn:aws:acm:us-east-1:927034868273:certificate/61e462bd-410e-48b6-95da-fa5501430d1d'
|
|
basePath: ''
|
|
stage: ${self:provider.stage}
|
|
createRoute53Record: true
|
|
enabled: true
|
|
|
|
remover:
|
|
buckets:
|
|
- ${self:custom.contentBucket}
|
|
apigwBinary:
|
|
types:
|
|
- 'multipart/form-data'
|
|
fnEnv:
|
|
NODE_ENV: ${env:NODE_ENV,"production"}
|
|
GIT_COMMIT: ${self:custom.dynamicConfig.GIT_COMMIT}
|
|
DISABLE_AUTH_CACHE: ${env:DISABLE_AUTH_CACHE, "0"}
|
|
ENABLE_DEV_AUTH: ${env:ENABLE_DEV_AUTH,"0"}
|
|
UPSTREAM_SERVICE_URL: ${env:UPSTREAM_SERVICE_URL, self:custom.localConfig.upstreamService.url}
|
|
UPSTREAM_SERVICE_KEY: ${env:UPSTREAM_SERVICE_KEY, self:custom.localConfig.upstreamService.key}
|
|
SERVICE_STAGE: ${self:custom.stage}
|
|
SERVICE_PREFIX: ${self:custom.prefix}
|
|
CONFIG_TABLE: ${self:custom.config}
|
|
CREDENTIALS_TABLE: ${self:custom.credentials}
|
|
QUEUE_NAME: ${self:custom.sqs}
|
|
CONTENT_BUCKET: ${self:custom.contentBucket}
|
|
PROCESS_QUEUE_FUNCTION: ${self:custom.process}
|
|
|
|
provider:
|
|
name: aws
|
|
runtime: nodejs8.10
|
|
stage: ${env:STAGE, self:custom.localConfig.stage, opt:stage, 'dev'}
|
|
region: us-east-1
|
|
memorySize: 128
|
|
iamRoleStatements:
|
|
- Effect: Allow
|
|
Action:
|
|
- dynamodb:GetItem
|
|
- dynamodb:PutItem
|
|
- dynamodb:DeleteItem
|
|
- dynamodb:UpdateItem
|
|
- dynamodb:Query
|
|
- dynamodb:Scan
|
|
Resource:
|
|
- arn:aws:dynamodb:*:*:table/${self:custom.config}
|
|
- arn:aws:dynamodb:*:*:table/${self:custom.credentials}
|
|
- Effect: Allow
|
|
Action:
|
|
- lambda:InvokeFunction
|
|
Resource: arn:aws:lambda:*:*:function:${self:custom.process}
|
|
- Effect: Allow
|
|
Action:
|
|
- sqs:ChangeMessageVisibility
|
|
- sqs:ChangeMessageVisibilityBatch
|
|
- sqs:DeleteMessage
|
|
- sqs:DeleteMessageBatch
|
|
- sqs:GetQueueAttributes
|
|
- sqs:GetQueueUrl
|
|
- sqs:ReceiveMessage
|
|
- sqs:SendMessage
|
|
- sqs:SendMessageBatch
|
|
Resource: arn:aws:sqs:*:*:${self:custom.sqs}
|
|
- Effect: Allow
|
|
Action:
|
|
- s3:GetObject
|
|
- s3:PutObject
|
|
- s3:PutObjectAcl
|
|
- s3:DeleteObject
|
|
- s3:ListBucket
|
|
Resource:
|
|
- arn:aws:s3:::${self:custom.contentBucket}
|
|
- arn:aws:s3:::${self:custom.contentBucket}/*
|
|
|
|
resources:
|
|
Resources:
|
|
|
|
S3BucketContent:
|
|
Type: AWS::S3::Bucket
|
|
Properties:
|
|
BucketName: ${self:custom.contentBucket}
|
|
LifecycleConfiguration:
|
|
Rules:
|
|
- Id: DailyCleanup
|
|
Status: Enabled
|
|
ExpirationInDays: 30
|
|
|
|
Messages:
|
|
Type: AWS::SQS::Queue
|
|
Properties:
|
|
QueueName: ${self:custom.sqs}
|
|
MessageRetentionPeriod: 1209600
|
|
VisibilityTimeout: 60
|
|
RedrivePolicy:
|
|
deadLetterTargetArn:
|
|
Fn::GetAtt:
|
|
- MessagesDeadLetterQueue
|
|
- Arn
|
|
maxReceiveCount: 10
|
|
|
|
MessagesDeadLetterQueue:
|
|
Type: AWS::SQS::Queue
|
|
Properties:
|
|
QueueName: ${self:custom.sqs}-dead-letter-queue
|
|
MessageRetentionPeriod: 1209600
|
|
|
|
Credentials:
|
|
Type: AWS::DynamoDB::Table
|
|
Properties:
|
|
TableName: ${self:custom.credentials}
|
|
AttributeDefinitions:
|
|
- AttributeName: id
|
|
AttributeType: S
|
|
KeySchema:
|
|
- AttributeName: id
|
|
KeyType: HASH
|
|
ProvisionedThroughput:
|
|
ReadCapacityUnits: 5
|
|
WriteCapacityUnits: 5
|
|
|
|
Config:
|
|
Type: AWS::DynamoDB::Table
|
|
Properties:
|
|
TableName: ${self:custom.config}
|
|
AttributeDefinitions:
|
|
- AttributeName: key
|
|
AttributeType: S
|
|
KeySchema:
|
|
- AttributeName: key
|
|
KeyType: HASH
|
|
ProvisionedThroughput:
|
|
ReadCapacityUnits: 5
|
|
WriteCapacityUnits: 5
|
|
|
|
package:
|
|
exclude:
|
|
- docs/**
|
|
- helpers/**
|
|
- test/**
|
|
- functions/**/*-test.js
|
|
|
|
functions:
|
|
|
|
version:
|
|
handler: functions/version.handler
|
|
name: ${self:custom.prefix}-version
|
|
environment: ${self:custom.fnEnv}
|
|
events:
|
|
- http:
|
|
path: __version__
|
|
method: get
|
|
|
|
heartbeat:
|
|
handler: functions/heartbeat.handler
|
|
name: ${self:custom.prefix}-heartbeat
|
|
environment: ${self:custom.fnEnv}
|
|
events:
|
|
- http:
|
|
path: __heartbeat__
|
|
method: get
|
|
|
|
accept:
|
|
handler: functions/accept.post
|
|
name: ${self:custom.prefix}-accept
|
|
environment: ${self:custom.fnEnv}
|
|
events:
|
|
- http:
|
|
path: accept
|
|
method: post
|
|
|
|
pollQueue:
|
|
timeout: 60
|
|
handler: functions/pollQueue.handler
|
|
name: ${self:custom.prefix}-pollQueue
|
|
environment: ${self:custom.fnEnv}
|
|
events:
|
|
- schedule: rate(1 minute)
|
|
|
|
processQueueItem:
|
|
timeout: 60
|
|
handler: functions/processQueueItem.handler
|
|
name: ${self:custom.process}
|
|
environment: ${self:custom.fnEnv}
|
|
|
|
# TODO: Find a way to exclude these functions from prod deployments
|
|
# See https://stackoverflow.com/questions/47718004/exclude-lambda-function-from-deploy-to-a-particular-stage
|
|
mockUpstream:
|
|
handler: functions/mockEndpoints.upstreamPost
|
|
name: ${self:custom.prefix}-mockUpstream
|
|
environment: ${self:custom.fnEnv}
|
|
events:
|
|
- http:
|
|
path: mock/upstream
|
|
method: post
|
|
|
|
mockClientNegative:
|
|
handler: functions/mockEndpoints.clientNegativePost
|
|
name: ${self:custom.prefix}-mockClientNegative
|
|
environment: ${self:custom.fnEnv}
|
|
events:
|
|
- http:
|
|
path: mock/client/negative
|
|
method: post
|
|
|
|
mockClientPositive:
|
|
handler: functions/mockEndpoints.clientPositivePost
|
|
name: ${self:custom.prefix}-mockClientPositive
|
|
environment: ${self:custom.fnEnv}
|
|
events:
|
|
- http:
|
|
path: mock/client/positive
|
|
method: post
|
|
|
|
mockLogPost:
|
|
handler: functions/mockEndpoints.logPost
|
|
name: ${self:custom.prefix}-mockLogPost
|
|
events:
|
|
- http:
|
|
path: mock/log
|
|
method: post
|