-
Notifications
You must be signed in to change notification settings - Fork 49
/
Copy pathserverless.yml
131 lines (120 loc) · 3.12 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Welcome to Serverless!
service: photos
# You can pin your service to only deploy with a specific Serverless version
# Check out our docs for more details
# frameworkVersion: "=X.X.X"
provider:
name: aws
runtime: python3.7
profile: cr
region: us-west-2
stage: ${self:custom.currentStage}
logRetentionInDays: 5
timeout: 30
environment:
DYNAMODB_TABLE: ${self:custom.dynamo_table.${self:custom.currentStage}}
S3_PHOTO_BUCKET: ${self:custom.s3_bucket.${self:custom.currentStage}}
iamManagedPolicies:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
iamRoleStatements:
- Effect: Allow
Action:
- s3:ListBucket
- s3:PutObject
- s3:GetObject
- s3:DeleteObject
Resource:
- "arn:aws:s3:::crphotoapp/*"
- "arn:aws:s3:::crphotoapp-dev/*"
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: "*"
# have to allow dynamodb stuff.
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
Resource:
- arn:aws:dynamodb:us-west-2:188966951897:table/photoUsers
- arn:aws:dynamodb:us-west-2:188966951897:table/devPhotoUsers
- Effect: Allow
Action:
- cognito-idp:AdminListGroupsForUser
- cognito-idp:AdminCreateUser
- cognito-idp:AdminConfirmSignUp
- cognito-idp:AdminGetUser
Resource: ${self:custom.userPoolArn}
- Effect: Allow
Action:
- rekognition:DetectLabels
Resource: "*"
package:
include:
- lib.py
custom:
defaultStage: dev
currentStage: ${opt:stage, self:custom.defaultStage}
userPoolArn: "arn:aws:cognito-idp:us-west-2:188966951897:userpool/us-west-2_v8zZp3Jvv"
dynamo_table:
prod: "photoUsers"
dev: "devPhotoUsers"
s3_bucket:
prod: "crphotoapp"
dev: "crphotoapp-dev"
s3_keybase: "private/"
prune:
automatic: true
includeLayers: true
number: 2
functions:
list:
handler: photos.list
events:
- http:
path: /photos
method: get
cors: true
authorizer: aws_iam
delete:
handler: photos.delete
events:
- http:
path: /photos
method: delete
cors: true
authorizer: aws_iam
upload:
handler: photos.upload
events:
- http:
path: /photos
method: post
cors: true
authorizer: aws_iam
process:
handler: photos.process
events:
- s3:
bucket: ${self:custom.s3_bucket.${self:custom.currentStage}}
event: s3:ObjectCreated:*
rules:
- suffix: .jpg
existing: true
- s3:
bucket: ${self:custom.s3_bucket.${self:custom.currentStage}}
event: s3:ObjectCreated:*
rules:
- suffix: .png
existing: true
resources:
- ${file(resources/api-gateway-errors.yml)}
# prune files to not take so much space in S3
# allow multipart upload files
plugins:
- serverless-prune-plugin