-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
148 lines (134 loc) · 4.7 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
service: mp-watch
custom:
# SNS topic
DISPATCH_MP_SNS: "dispatchMp"
# Plugin Customizations
# skip replacing hardcoded regions. Data saved
pseudoParameters:
skipRegionReplace: true
provider:
name: aws
runtime: python3.6
region: us-east-1
stage: dev
# IAM profile
profile: serverless
# IAM roles
role: lambdaPermission
# Environment variables
environment:
# Personal AWS account
AWS_ACCOUNT: ${file(./aws.env.yml):creds.AWS_ACCOUNT}
# Function ARNs
GET_MP_ARN: "arn:aws:lambda:${self:provider.region}:${file(./aws.env.yml):creds.AWS_ACCOUNT}:function:${self:service}-${self:provider.stage}-get_mp"
PROCESS_TWEETS_ARN: "arn:aws:lambda:${self:provider.region}:${file(./aws.env.yml):creds.AWS_ACCOUNT}:function:${self:service}-${self:provider.stage}-process_tweets"
# SNS ARNs
DISPATCH_MP_SNS_ARN:
Fn::Join:
- ''
- - 'arn:aws:sns:'
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- ":"
- Fn::GetAtt:
- crawlMPTopic
- TopicName
# SECRETS
TWITTER_CONSUMER_KEY: ${file(./twitter.env.yml):twitter.TWITTER_CONSUMER_KEY}
TWITTER_CONSUMER_SECRET: ${file(./twitter.env.yml):twitter.TWITTER_CONSUMER_SECRET}
TWITTER_ACCESS_TOKEN_KEY: ${file(./twitter.env.yml):twitter.TWITTER_ACCESS_TOKEN_KEY}
TWITTER_ACCESS_TOKEN_SECRET: ${file(./twitter.env.yml):twitter.TWITTER_ACCESS_TOKEN_SECRET}
AWS_DB: ${file(./aws.env.yml):rds.AWS_DB}
AWS_DB_USER: ${file(./aws.env.yml):rds.AWS_DB_USER}
AWS_DB_PASSWORD: ${file(./aws.env.yml):rds.AWS_DB_PASSWORD}
AWS_DB_HOST: ${file(./aws.env.yml):rds.AWS_DB_HOST}
# you can add statements to the Lambda function's IAM Role here
# iamRoleStatements:
# - Effect: "Allow"
# Action:
# - "s3:ListBucket"
# Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ] }
# - Effect: "Allow"
# Action:
# - "s3:PutObject"
# Resource:
# Fn::Join:
# - ""
# - - "arn:aws:s3:::"
# - "Ref" : "ServerlessDeploymentBucket"
# - "/*"
# you can add packaging information here
#package:
# include:
# - include-me.py
# - include-me-dir/**
# exclude:
# - exclude-me.py
# - exclude-me-dir/**
functions:
# get_mp launches the process.
# It runs through all MPs and posts their twitter_handle to the SNS topic.
get_mp:
handler: get_mp.main
events:
# Runs every Friday at 11am.
- schedule: cron(0 11 ? * FRI *)
# Crawler uses the Twitter API and AWS Comprehend to classify tweets.
process_tweets:
handler: process_tweets.main
events:
- sns: arn:aws:sns:${self:provider.region}:#{AWS::AccountId}:${self:custom.DISPATCH_MP_SNS}
# CloudFormation Resource Templates
resources:
Resources:
# Implements queue with SNS topics
crawlMPTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName: "The message contains an MP's twitter handle."
TopicName: ${self:custom.DISPATCH_MP_SNS}
# IAM profile shared by all functions in this service
lambdaPermission:
Type: AWS::IAM::Role
Properties:
RoleName: lambdaPermission
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
Policies:
- PolicyName: LambdaFunctionInvocation
PolicyDocument:
Version: '2012-10-17'
Statement:
# Invoke functions in other functions
- Effect: 'Allow'
Action:
- "lambda:InvokeFunction"
# TODO: use variables? seems to be a Serverless issue
Resource: "arn:aws:lambda:us-east-1:677695147188:function:mp-watch-dev-process_tweets"
# Use AWS Comprehend
- Effect: 'Allow'
Action:
- "comprehend:DetectEntities"
Resource: "*"
# Write single item to DynamoDB
- Effect: 'Allow'
Action:
- "dynamodb:PutItem"
Resource: "arn:aws:dynamodb:eu-west-1:*:*"
# Publish to SNS
- Effect: 'Allow'
Action:
- "sns:Publish"
Resource: ${self:provider.environment.DISPATCH_MP_SNS_ARN}
plugins:
- serverless-python-requirements
- serverless-pseudo-parameters