-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpokerdot.template.yaml
306 lines (279 loc) · 9.08 KB
/
pokerdot.template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Pokerdot API and infrastructure
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Application config
Parameters:
- DomainName
- Stage
- WebrootTLSCert
- ApiTLSCert
- Label:
default: API
Parameters:
- DistBucket
- GamesTableName
- PlayersTableName
- Label:
default: Static site
Parameters:
- WebrootBucket
- WebrootAccessIdentityID
Parameters:
DomainName:
Type: String
Description: Domain for the application (hosted zone must exist and be registered)
Stage:
Type: String
Description: Environment name
Default: prod
WebrootTLSCert:
Type: String
Description: ARN of TLS certificate **in US-EAST-1** (must work for `pokerdot.${DomainName}`)
ApiTLSCert:
Type: String
Description: ARN of TLS certificate in the deployment region (must work for `pokerdot-api.${DomainName}`)
DistBucket:
Type: String
Description: S3 Bucket that will contain the backend artifacts
GamesTableName:
Type: String
Description: Games DynamoDB table name (check output of storage stack)
MinLength: 3
MaxLength: 255
AllowedPattern: ^[A-Za-z_-]+$
ConstraintDescription: Can be characters and underscore/hyphen only. No numbers or special characters allowed.
PlayersTableName:
Type: String
Description: Players DynamoDB table name (check output of storage stack)
MinLength: 3
MaxLength: 255
AllowedPattern: ^[A-Za-z_-]+$
ConstraintDescription: Can be characters and underscore/hyphen only. No numbers or special characters allowed.
WebrootBucket:
Type: String
Description: Name of the S3 bucket that stores application static assets (check output of storage stack)
WebrootAccessIdentityID:
Type: String
Description: ID of CloudFront origin access identity for webroot bucket access (check output of storage stack)
Resources:
WebSocketApi:
Type: AWS::ApiGatewayV2::Api
Properties:
Name: Pokerdot backend api
ProtocolType: WEBSOCKET
RouteSelectionExpression: "\\$default"
Tags:
app: pokerdot
stage: !Ref Stage
ApiGatewayStage:
Type: AWS::ApiGatewayV2::Stage
Properties:
StageName: "$default"
Description: !Sub "${Stage} stage"
ApiId: !Ref WebSocketApi
AutoDeploy: true
ConnectRoute:
Type: AWS::ApiGatewayV2::Route
Properties:
ApiId: !Ref WebSocketApi
RouteKey: $connect
AuthorizationType: NONE
OperationName: connect
Target: !Join
- '/'
- - 'integrations'
- !Ref ConnectInteg
ConnectInteg:
Type: AWS::ApiGatewayV2::Integration
Properties:
ApiId: !Ref WebSocketApi
Description: Connect Integration
IntegrationType: AWS_PROXY
IntegrationUri:
!Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${PokerdotApiBackend.Arn}/invocations"
DisconnectRoute:
Type: AWS::ApiGatewayV2::Route
Properties:
ApiId: !Ref WebSocketApi
RouteKey: $disconnect
AuthorizationType: NONE
OperationName: disconnect
Target: !Join
- '/'
- - 'integrations'
- !Ref DisconnectInteg
DisconnectInteg:
Type: AWS::ApiGatewayV2::Integration
Properties:
ApiId: !Ref WebSocketApi
Description: Disconnect Integration
IntegrationType: AWS_PROXY
IntegrationUri:
!Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${PokerdotApiBackend.Arn}/invocations"
DefaultRoute:
Type: AWS::ApiGatewayV2::Route
Properties:
ApiId: !Ref WebSocketApi
RouteKey: $default
AuthorizationType: NONE
OperationName: default
Target: !Join
- '/'
- - 'integrations'
- !Ref DefaultInteg
DefaultInteg:
Type: AWS::ApiGatewayV2::Integration
Properties:
ApiId: !Ref WebSocketApi
Description: Send Integration
IntegrationType: AWS_PROXY
IntegrationUri:
!Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${PokerdotApiBackend.Arn}/invocations"
PokerdotApiBackend:
Type: AWS::Serverless::Function
Properties:
CodeUri:
Bucket: !Ref DistBucket
Key: !Sub "pokerdot/${Stage}/pokerdot-lambda.zip"
Handler: "io.adamnfish.pokerdot.Lambda::handleRequest"
Timeout: 20
MemorySize: 1024
Runtime: java17
Tracing: Active
Environment:
Variables:
GAMES_TABLE: !Ref GamesTableName
PLAYERS_TABLE: !Ref PlayersTableName
ORIGIN_LOCATION: !Sub "pokerdot.${DomainName}"
API_ORIGIN_LOCATION: !Sub "${WebSocketApi}.execute-api.${AWS::Region}.amazonaws.com/$default"
REGION: !Ref AWS::Region
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref GamesTableName
- DynamoDBCrudPolicy:
TableName: !Ref PlayersTableName
- Statement:
- Effect: Allow
Action:
- "execute-api:ManageConnections"
Resource:
- !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${WebSocketApi}/*"
Tags:
app: pokerdot
stage: !Ref Stage
BackendInvocationPermission:
Type: AWS::Lambda::Permission
DependsOn:
- WebSocketApi
- PokerdotApiBackend
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref PokerdotApiBackend
Principal: apigateway.amazonaws.com
BackendDomainName:
Type: AWS::ApiGatewayV2::DomainName
Properties:
DomainName: !Sub "pokerdot-api.${DomainName}"
DomainNameConfigurations:
- CertificateArn: !Ref ApiTLSCert
CertificateName: !Sub "pokerdot-api.${DomainName}"
# EndpointType: REGIONAL
BackendApiMapping:
Type: AWS::ApiGatewayV2::ApiMapping
Properties:
# DomainName: !Sub "pokerdot-api.${DomainName}"
DomainName: !Ref BackendDomainName
ApiId: !Ref WebSocketApi
Stage: !Ref ApiGatewayStage
CDN:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- !Sub pokerdot.${DomainName}
Origins:
- Id: pokerdot-static
DomainName: !Sub ${WebrootBucket}.s3.amazonaws.com
S3OriginConfig:
OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${WebrootAccessIdentityID}
DefaultCacheBehavior:
AllowedMethods: [HEAD, GET]
CachedMethods: [HEAD, GET]
MinTTL: 3600
Compress: true
ForwardedValues:
QueryString: false
TargetOriginId: pokerdot-static
ViewerProtocolPolicy: redirect-to-https
DefaultRootObject: index.html
CustomErrorResponses:
- ErrorCachingMinTTL: 5
ErrorCode: 404
ResponsePagePath: /404.html
ResponseCode: 404
- ErrorCachingMinTTL: 5
ErrorCode: 403 # S3 not found returns a 403
ResponsePagePath: /404.html
ResponseCode: 404
PriceClass: PriceClass_100
Enabled: true
ViewerCertificate:
AcmCertificateArn: !Ref WebrootTLSCert
MinimumProtocolVersion: TLSv1
SslSupportMethod: sni-only
HttpVersion: http2
Tags:
- Key: app
Value: pokerdot
- Key: stage
Value: !Ref Stage
DNS:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: !Sub ${DomainName}.
RecordSets:
- Name: !Sub pokerdot.${DomainName}.
Type: A
AliasTarget:
# This zone ID is a magic global string for CloudFront
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CDN.DomainName
- Name: !Sub pokerdot-api.${DomainName}.
Type: A
AliasTarget:
HostedZoneId: !GetAtt BackendDomainName.RegionalHostedZoneId
DNSName: !GetAtt BackendDomainName.RegionalDomainName
Outputs:
GamesTable:
Description: "Games table name"
Value: !Ref GamesTableName
PlayersTable:
Description: "Players table name"
Value: !Ref PlayersTableName
BackendLambdaArn:
Description: "backend lambda ARN"
Value: !GetAtt PokerdotApiBackend.Arn
WebSocketURI:
Description: "The URI for connecting to the API directly"
Value: !Sub "wss://${WebSocketApi}.execute-api.${AWS::Region}.amazonaws.com/${Stage}"
# Deployment parameters
# These can be looked up by the CI deploy script
BackendLambdaName:
Description: "Backend Lambda fn's name"
Value: !Ref PokerdotApiBackend
DistributionId:
Description: "Distribution ID for the static www CloudFront Distribution"
Value: !Ref CDN
WebrootBucketName:
Description: "Name of the S3 bucket that holds the static site assets"
Value: !Ref WebrootBucket
DistBucketName:
Description: "Name of the S3 bucket that holds API artifacts"
Value: !Ref DistBucket
StageName:
Description: "Stage of this deployment"
Value: !Ref Stage