-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
116 lines (107 loc) · 3.41 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
service: testGraphqlApi
provider:
name: aws
runtime: nodejs8.10
apiname: ${opt:apiname, 'testGraphqlApi-dev'}
plugins:
- serverless-appsync-plugin
# This is our Appsync infrastructure, consumed by the serverless-appsync-plugin:
custom:
accountId: { Ref: AWS::AccountId }
appSync:
name: ${self:provider.apiname}
region: ${self:provider.region}
authenticationType: AMAZON_COGNITO_USER_POOLS
userPoolConfig:
awsRegion: { Ref: AWS::Region }
defaultAction: ALLOW
userPoolId: { Ref: UserPool }
serviceRole: "AppSyncServiceRole"
dataSources:
- type: AMAZON_DYNAMODB
name: testGraphqlApiTableDS
config:
tableName: { Ref: testGraphqlApiTable }
serviceRoleArn: { Fn::GetAtt: [ DynamoDBRole, Arn ] }
mappingTemplates:
- dataSource: testGraphqlApiTableDS
type: Query
field: getUser
request: "getuser-request.vtl"
response: "common-response.vtl"
- dataSource: testGraphqlApiTableDS
type: Mutation
field: saveUser
request: "saveuser-request.vtl"
response: "common-response.vtl"
- dataSource: testGraphqlApiTableDS
type: Mutation
field: deleteUser
request: "deleteuser-request.vtl"
response: "common-response.vtl"
# These are our normal Serverless Framework IaC:
resources:
Resources:
# Amazon Cognito user pool
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: ${self:provider.apiname}-user-pool
# An app client for the Amazon Cognito user pool
UserPoolClient:
Type: "AWS::Cognito::UserPoolClient"
Properties:
ClientName: ${self:provider.apiname}-appsync-client
GenerateSecret: false
UserPoolId: { Ref: UserPool }
# DynamoDB Table
testGraphqlApiTable:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: ${self:provider.apiname}-kugelblitz-table
AttributeDefinitions:
- AttributeName: "UserId"
AttributeType: "S"
KeySchema:
- AttributeName: "UserId"
KeyType: "HASH"
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
# IAM Policy to access Dynamo by the service
AppSyncDynamoDBPolicy:
Type: "AWS::IAM::ManagedPolicy"
Properties:
Path: /appsync/
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
Resource:
- { Fn::Join: [ '', [ { Fn::GetAtt: [ testGraphqlApiTable, Arn ] }, '/*' ] ] }
- { Fn::GetAtt: [ testGraphqlApiTable, Arn ] }
# IAM Role for implementing the AppSync / DynamoDB policy
DynamoDBRole:
Type: "AWS::IAM::Role"
DependsOn:
- AppSyncDynamoDBPolicy
Properties:
RoleName: ${self:provider.apiname}-appsync-dynamodb-role
ManagedPolicyArns:
- Ref: AppSyncDynamoDBPolicy
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- appsync.amazonaws.com