-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
145 lines (135 loc) · 3.8 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
service: thumbbuster
custom:
transformBucketName: thumbbuster-${opt:stage, 'dev'}-transform-bucket
uploadBucketName: thumbbuster-${opt:stage, 'dev'}-upload-bucket
s3OriginId: transform-origin-${opt:stage, 'dev'}
provider:
name: aws
stage: ${opt:stage, 'dev'}
runtime: nodejs16.x
profile: serverless-admin
region: us-east-2
environment:
TRANSFORM_BUCKET: ${self:custom.transformBucketName}
iamRoleStatements:
- Effect: Allow
Action:
- s3:GetObject
Resource:
- "Fn::Join":
- ""
- - "arn:aws:s3:::"
- Ref: TBUploadBucket
- "*"
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
Resource:
- "Fn::Join":
- ""
- - "arn:aws:s3:::"
- Ref: TBTransformBucket
- "*"
functions:
uploadPostImage:
handler: handler.handlePostImage
events:
- s3:
bucket: ${self:custom.uploadBucketName}
event: s3:ObjectCreated:*
existing: true
rules:
- prefix: post-image/
uploadInlinePostImage:
handler: handler.handleInlinePostImage
events:
- s3:
bucket: ${self:custom.uploadBucketName}
event: s3:ObjectCreated:*
existing: true
rules:
- prefix: inline-post-image/
uploadAvatarImage:
handler: handler.handleAvatarImage
events:
- s3:
bucket: ${self:custom.uploadBucketName}
event: s3:ObjectCreated:*
existing: true
rules:
- prefix: avatar-image/
resources:
Resources:
TBUploadBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.uploadBucketName}
CorsConfiguration:
CorsRules:
- AllowedMethods:
- PUT
AllowedOrigins: ${file(./config/${opt:stage, 'dev'}.json):ALLOWED_ORIGINS}
AllowedHeaders:
- '*'
TBTransformBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.transformBucketName}
AccessControl: PublicRead
CorsConfiguration:
CorsRules:
- AllowedMethods:
- HEAD
AllowedOrigins:
- '*'
AllowedHeaders:
- '*'
TBTransformBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: TBTransformBucket
PolicyDocument:
Statement:
- Sid: PublicReadGetObject
Effect: Allow
Principal: "*"
Action:
- "s3:GetObject"
Resource: arn:aws:s3:::${self:custom.transformBucketName}/*
PublicDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: "true"
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
MinTTL: "0"
MaxTTL: "0"
DefaultTTL: "0"
TargetOriginId: ${self:custom.s3OriginId}
ForwardedValues:
QueryString: 'true'
Cookies:
Forward: all
ViewerProtocolPolicy: redirect-to-https
CacheBehaviors:
- AllowedMethods:
- GET
- HEAD
TargetOriginId: ${self:custom.s3OriginId}
ForwardedValues:
QueryString: "false"
ViewerProtocolPolicy: https-only
DefaultTTL: 86400
PathPattern: '*'
Origins:
- DomainName: ${self:custom.transformBucketName}.s3.${self:provider.region}.amazonaws.com
Id: ${self:custom.s3OriginId}
S3OriginConfig:
OriginAccessIdentity: ''
plugins:
- serverless-plugin-typescript