-
Notifications
You must be signed in to change notification settings - Fork 15
/
serverless.yml
184 lines (178 loc) · 6.53 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
service: aws-secure-websockets
plugins:
- serverless-dynamodb-local
- serverless-offline
frameworkVersion: ">=1.38.0 <2.0.0"
custom:
# This can be changed to the desired origin
# When using lambda proxy integration, you have to manually add the CORS headers to responses...
# https://github.com/serverless/serverless/issues/4681
corsOrigin: '*'
user: damoresa
dynamodb:
start:
port: 8700
inMemory: true
migrate: true
migration:
dir: offline/migrations
serverless-offline:
port: 3700
# This article helped me find out how Serverless handles Cloud Formation naming
# https://github.com/serverless/serverless/blob/master/docs/providers/aws/guide/resources.md
provider:
name: aws
memorySize: 256
runtime: nodejs8.10
region: eu-central-1
# API GW Websocket specific configuration
websocketsApiName: ${self:service}-apigw-websocket-${opt:stage, self:provider.stage}
# Custom routes are selected by the value of the action property in the body
websocketsApiRouteSelectionExpression: $request.body.action
# DynamoDB table name, as composed with parameters from this definition file
environment:
ENVIRONMENT: ${opt:stage, self:provider.stage}
COGNITO_USER_POOL:
Ref: CognitoUserPool
COGNITO_USER_POOL_CLIENT:
Ref: CognitoUserPoolClient
CORS_ORIGIN: ${self:custom.corsOrigin}
DYNAMODB_SOCKETS_TYPE_GSI: ${self:service}-sockets-type-gsi-${opt:stage, self:provider.stage}
DYNAMODB_SOCKETS_TABLE: ${self:service}-sockets-${opt:stage, self:provider.stage}
KEYS_URL: !Join ['', ['https://cognito-idp.', '${opt:region, self:provider.region}', '.amazonaws.com/', !Ref CognitoUserPool, '/.well-known/jwks.json']]
WEBSOCKET_API_ENDPOINT: !Join ['', ['https://', !Ref WebsocketsApi, '.execute-api.', '${opt:region, self:provider.region}', '.amazonaws.com/', '${opt:stage, self:provider.stage}/']]
# Define the service IAM permissions
iamRoleStatements:
# Websocket permissions
- Effect: Allow
Action:
- "execute-api:ManageConnections"
Resource:
- "arn:aws:execute-api:${opt:region, self:provider.region}:*:**/@connections/*"
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource:
- "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_SOCKETS_TABLE}"
- "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_SOCKETS_TABLE}/index/${self:provider.environment.DYNAMODB_SOCKETS_TYPE_GSI}"
functions:
authUser:
name: LAMBDA_${self:custom.user}_${self:service}_auth_${opt:stage, self:provider.stage}
handler: handler.authUser
events:
- http:
path: auth
method: post
cors:
origin: ${self:custom.corsOrigin}
authWebsocket:
name: LAMBDA_${self:custom.user}_${self:service}_auth_websocket_${opt:stage, self:provider.stage}
handler: handler.authWebsocket
cors:
origin: ${self:custom.corsOrigin}
defaultSocketHandler:
name: LAMBDA_${self:custom.user}_${self:service}_socket_default_${opt:stage, self:provider.stage}
handler: handler.defaultSocketHandler
events:
- websocket:
route: $default
greeting:
name: LAMBDA_${self:custom.user}_${self:service}_socket_greeting_${opt:stage, self:provider.stage}
handler: handler.greeting
events:
- websocket:
route: GREETING
handleSocketConnect:
name: LAMBDA_${self:custom.user}_${self:service}_socket_connect_${opt:stage, self:provider.stage}
handler: handler.handleSocketConnect
events:
- websocket:
route: $connect
# references the authWebsocket function below, serverless doesn't provide any other
# way to perform this as of 01/07/2019
authorizer:
name: authWebsocket
identitySource:
- 'route.request.querystring.Authorizer'
handleSocketDisconnect:
name: LAMBDA_${self:custom.user}_${self:service}_socket_disconnect_${opt:stage, self:provider.stage}
handler: handler.handleSocketDisconnect
events:
- websocket:
route: $disconnect
refreshToken:
name: LAMBDA_${self:custom.user}_${self:service}_auth_refresh_${opt:stage, self:provider.stage}
handler: handler.refreshToken
events:
- http:
path: auth/refresh
method: post
cors:
origin: ${self:custom.corsOrigin}
resources:
Resources:
CognitoUserPool:
Type: "AWS::Cognito::UserPool"
Properties:
AliasAttributes:
- preferred_username
MfaConfiguration: OFF
UserPoolName: ${self:service}-cognito-${opt:stage, self:provider.stage}
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: False
RequireNumbers: True
RequireSymbols: False
RequireUppercase: True
CognitoUserPoolClient:
Type: "AWS::Cognito::UserPoolClient"
Properties:
ClientName: ${self:service}-cognito-client-${opt:stage, self:provider.stage}
GenerateSecret: False
UserPoolId:
Ref: CognitoUserPool
SocketsDynamoDbTable:
Type: 'AWS::DynamoDB::Table'
# For a production deployment, you'd want to retain your DB
# in case of re-deployment or stack removal to avoid data loss.
# DeletionPolicy: Retain
Properties:
AttributeDefinitions:
- AttributeName: connectionId
AttributeType: S
- AttributeName: type
AttributeType: S
KeySchema:
- AttributeName: connectionId
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
TableName: ${self:provider.environment.DYNAMODB_SOCKETS_TABLE}
GlobalSecondaryIndexes:
- IndexName: ${self:provider.environment.DYNAMODB_SOCKETS_TYPE_GSI}
KeySchema:
- AttributeName: type
KeyType: HASH
Projection:
ProjectionType: ALL
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
Outputs:
CognitoUserPoolId:
Value:
Ref: CognitoUserPool
Export:
Name: ASW-CognitoUserPoolId-${self:provider.stage}
CognitoUserPoolClientId:
Value:
Ref: CognitoUserPoolClient
Export:
Name: ASW-CognitoUserPoolClientId-${self:provider.stage}