-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
186 lines (174 loc) · 5.46 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
SAM Template for serverless image uploading and download.
Parameters:
ImageApiName:
Type: String
Default: image-api
SSMParamRootPath:
Type: String
Default: /applications/ServerlessDemo
Globals:
Function:
MemorySize: 512
Runtime: go1.x
Timeout: 10
Tracing: Active
Resources:
ImageApi:
Type: AWS::Serverless::Api
Properties:
Name: !Ref ImageApiName
StageName: Prod
TracingEnabled: true
MethodSettings:
- ResourcePath: '/*'
HttpMethod: '*'
LoggingLevel: INFO
MetricsEnabled: true
ThrottlingRateLimit: 5
ThrottlingBurstLimit: 10
Cors:
AllowOrigin: "'*'"
AllowMethods: "'GET,POST,PUT,DELETE,OPTIONS'"
AllowHeaders: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key'"
GatewayResponses:
DEFAULT_4xx:
ResponseParameters:
Headers:
Access-Control-Allow-Origin: "'*'"
Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS'"
Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key'"
DEFAULT_5xx:
ResponseParameters:
Headers:
Access-Control-Allow-Origin: "'*'"
Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS'"
Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key'"
GetUploadUrlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: fn/get-upload-url/
Handler: get-upload-url
Policies:
- S3WritePolicy:
BucketName: !Ref ImageBucket
Environment:
Variables:
S3_BUCKET: !Ref ImageBucket
Events:
GetUploadUrl:
Type: Api
Properties:
RestApiId: !Ref ImageApi
Path: /get-upload-url
Method: POST
GetDownloadUrlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: fn/get-download-url/
Handler: get-download-url
Policies:
- SSMParameterReadPolicy:
ParameterName: 'applications/ServerlessDemo/*'
Environment:
Variables:
CF_DOMAIN_NAME: !GetAtt CloudfrontDistribution.DomainName
Events:
GetDownloadUrl:
Type: Api
Properties:
RestApiId: !Ref ImageApi
Path: /get-download-url
Method: POST
ResizeImageFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: fn/resize-image/
Handler: resize-image
# cannot specify ImageBucket because of circular dependency
Policies: AmazonS3FullAccess
Events:
OnObjectCreated:
Type: S3
Properties:
Bucket: !Ref ImageBucket
Events:
- s3:ObjectCreated:*
Filter:
S3Key:
Rules:
- Name: prefix
Value: 'resize/'
# To display S3 trigger on Lambda console only
# LambdaInvokePermission:
# Type: 'AWS::Lambda::Permission'
# Properties:
# FunctionName: !GetAtt ResizeImageFunction.Arn
# Action: 'lambda:InvokeFunction'
# Principal: 's3.amazonaws.com'
# SourceAccount: !Sub ${AWS::AccountId}
# SourceArn: !GetAtt ImageBucket.Arn
ImageBucket:
Type: AWS::S3::Bucket
ImageBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ImageBucket
PolicyDocument:
Statement:
- Effect: Allow
Action: s3:GetObject
Resource:
- !Sub 'arn:aws:s3:::${ImageBucket}/*'
Principal:
CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
CloudFrontOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: "Serverless image download"
CloudfrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Comment: "Cloudfront distribution for serverless-demo image download"
Enabled: true
HttpVersion: http2
Origins:
- Id: imageBucketOrigin
DomainName: !GetAtt ImageBucket.DomainName
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}'
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
- OPTIONS
Compress: true
ForwardedValues:
QueryString: true
TargetOriginId: imageBucketOrigin
TrustedSigners:
- self
ViewerProtocolPolicy: redirect-to-https
Outputs:
ImageApi:
Description: "API Gateway endpoint URL for Prod environment"
Value: !Sub "https://${ImageApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/"
GetUploadUrlFunction:
Description: "Get Upload URL Function ARN"
Value: !GetAtt GetUploadUrlFunction.Arn
GetDownloadUrlFunction:
Description: "Get Download URL Function ARN"
Value: !GetAtt GetDownloadUrlFunction.Arn
ResizeImageFunction:
Description: "Resize Image Function ARN"
Value: !GetAtt ResizeImageFunction.Arn
ImageBucket:
Description: "Image S3 bucket"
Value: !Ref ImageBucket
ImageDomain:
Description: 'Image Cloudfront domain name'
Value: !GetAtt CloudfrontDistribution.DomainName