serverless-nodejs/serverless.yml at master · dhavall08/serverless-nodejs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# https://github.com/dhavall08

service: serverless
useDotenv: true # to support local env variables

# Packaging functions separately
package:
  individually: true
  patterns:
    - '!*/**'
    - '!prettier.config.js'
    # exclude above from bundle; instead, we could also add "include" for each function
    # - 'node_modules/dotenv/**' # to support local env variables in sequelize

# turn behavior on to expose errors; Deprecation code: NEW_VARIABLES_RESOLVER
variablesResolutionMode: 20210326

# You can pin your service to only deploy with a specific Serverless version
frameworkVersion: '2'

provider:
  name: aws
  runtime: nodejs12.x
  stage: ${opt:stage, 'dev'}
  region: ${env:AWS_REGION, 'us-east-1'}
  lambdaHashingVersion: 20201221
  environment:
    STAGE: ${opt:stage, 'dev'}
    JWT_SECRET: ${env:JWT_SECRET} // from gitlab variables
    # SOME_ENV: ${self:custom.ssm.SOME_ENV} // to get env from ssm
  iamRoleStatements: # provide permission for following actions
    - Effect: 'Allow'
      Action:
        - ses:SendEmail
        - ses:SendRawEmail
      Resource: '*'
    # for S3 services
    - Effect: Allow
      Action:
        - s3:PutObject
      Resource: { Fn::Join: ['', [{ Fn::GetAtt: [S3Bucket, Arn] }, '/*']] } # arn:aws:s3:::bucketName/*

functions:
  fun1:
    handler: functions/fun1/index.handler
    timeout: 20
    events:
      # more than one paths for single handler
      - http:
          path: /public/fun1-path1
          method: post
          cors: true
      - http:
          path: /public/fun1-path2/{id}
          method: get
          cors: true
          # request:
          # # Optional request parameter configuration
          #    parameters:
          #      paths:
          #        id: true # mark path parameter as required

  # authorizer function
  verify-token:
    handler: functions/auth-token.auth

  fun2:
    handler: functions/fun2/index.handler
    timeout: 20
    events:
      - http:
          path: /private/fun2
          method: any
          cors: true
          # uncomment below to access httponly cookies from client
          # cors:
          #   origin: ${self:provider.environment.FRONTEND_URL}
          #   allowCredentials: true
          authorizer:
            name: verify-token
            identitySource: method.request.header.Authorization # replace with your authorizer header
            # identitySource: method.request.header.cookie # if you want to use cookie

  # upload file to S3 using aws-sdk & test locally with serverless-s3-local
  get-signed-url:
    handler: functions/upload/signedUrl.handler
    events:
      - http:
          path: /private/get-signed-url
          method: post
          cors: true
          authorizer:
            name: verify-token
            identitySource: method.request.header.Authorization

plugins:
  - serverless-offline
  - serverless-plugin-common-excludes
  - serverless-plugin-include-dependencies
  - serverless-s3-local

resources:
  Resources:
    # This response is needed for custom authorizer failures cors support
    GatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: 'method.request.header.Origin'
          gatewayresponse.header.Access-Control-Allow-Credentials: "'true'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        ResponseType: EXPIRED_TOKEN
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '401'

    AuthFailureGatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: 'method.request.header.Origin'
          gatewayresponse.header.Access-Control-Allow-Credentials: "'true'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        ResponseType: UNAUTHORIZED
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '401'

    # This will create a bucket in S3, could throw error if it already exists
    S3Bucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${env:S3_BUCKET}
        CorsConfiguration:
          CorsRules:
            - AllowedHeaders: ['*']
              AllowedMethods: [GET, POST, PUT]
              AllowedOrigins: ['*']

    S3BucketPolicy: # Allow uploaded files to be public and downloadable
      Type: AWS::S3::BucketPolicy
      Properties:
        Bucket: { Ref: S3Bucket }
        PolicyDocument:
          Statement:
            - Action:
                - 's3:GetObject'
              Effect: 'Allow'
              Resource: { Fn::Join: ['', [{ Fn::GetAtt: [S3Bucket, Arn] }, '/*']] } # arn:aws:s3:::bucketName/*
              Principal: '*'

custom:
  s3: # for local development
    directory: /tmp # This is the directory where the files will be uploaded to S3 for local development
    cors: utils/s3-cors.xml
    allowMismatchedSignatures: true
# ssm: ${ssm:/aws/reference/secretsmanager/${opt:stage}/serverless/envs, 'default'}