-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
60 lines (54 loc) · 1.76 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
org: animl
app: animl
service: animl-ingest-api
provider:
name: aws
stage: ${opt:stage, 'dev'}
region: us-west-2
profile: animl
ecr:
images:
ingest-api:
path: ./api/
iam:
role:
managedPolicies:
- 'arn:aws:iam::aws:policy/AWSLambdaExecute'
statements:
- Effect: 'Allow'
Action:
- 's3:PutObject'
- 's3:HeadObject'
Resource:
- arn:aws:s3:::animl-images-ingestion-${opt:stage, self:provider.stage, 'dev'}
- arn:aws:s3:::animl-images-ingestion-${opt:stage, self:provider.stage, 'dev'}/*
- Effect: Allow
Action:
- ssm:GetParameter
- ssm:GetParameters
Resource:
- !Sub arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/*
environment:
STAGE: ${opt:stage, self:provider.stage, 'dev'}
BUCKET: animl-images-ingestion-${opt:stage, self:provider.stage, 'dev'}
SECRET: ${ssm:/images/ingestion-api-${self:provider.stage}}
LOGIN_ID: "{{resolve:secretsmanager:ingest-api-key-${opt:stage, self:provider.stage, 'dev'}:SecretString:id:AWSCURRENT}}"
LOGIN_TOKEN: "{{resolve:secretsmanager:ingest-api-key-${opt:stage, self:provider.stage, 'dev'}:SecretString:token:AWSCURRENT}}"
functions:
IngestAPI:
image:
name: ingest-api
name: IngestAPI-${opt:stage, self:provider.stage, 'dev'}
timeout: 15
events:
- httpApi: '*'
resources:
Resources:
apiKey:
Type: AWS::SecretsManager::Secret
Properties:
Description: API Key that will allow access for the APIs
GenerateSecretString:
GenerateStringKey: token
SecretStringTemplate: '{"id": "animl"}'
Name: ingest-api-key-${opt:stage, self:provider.stage, 'dev'}