-
Notifications
You must be signed in to change notification settings - Fork 21
/
serverless.yml
231 lines (206 loc) · 6.53 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
service: swaggerui
plugins:
- serverless-cloudformation-sub-variables
- serverless-s3-deploy
- serverless-s3-remover
- serverless-scriptable-plugin
custom:
# change the project and/or service name to have unique baseName, that is used as a Cognito auth domain
project: betterdev
baseName: ${self:custom.project}-${self:provider.stage}-${self:service}
scriptHooks:
# build Swagger UI site
# this is done after the CF stack is being updated but before the S3 Deploy plugin triggers
after:aws:deploy:deploy:updateStack:
- generateConfigFile.js
- webpack --mode production --progress
assets:
auto: true
targets:
# copy Swagger UI website to S3 bucket on service deployment
- bucket: !Ref SwaggerBucket
files:
- source: dist
empty: true
globs: '**/*'
remover:
buckets:
# empty the Swagger UI S3 bucket content when removing the service so the bucket can be removed
- ${cf:${self:custom.baseName}.SwaggerBucketName, ''}
provider:
name: aws
stage: ${opt:stage, 'dev'}
stackName: ${self:custom.baseName}
functions:
hello:
handler: handler.hello
events:
- http:
path: hello
cors: true
method: GET
integration: mock
request:
template:
application/json: '{"statusCode": 200}'
response:
template: '{"greeting": "Hello Swagger!"}'
statusCodes:
200:
pattern: ''
- http:
path: hello
cors: true
method: POST
integration: mock
request:
template:
application/json: '{"statusCode": 200}'
response:
statusCodes:
201:
pattern: ''
# the "hello" function has only mock API events and no actual code, minimize the size of the Lambda deployment package
package:
exclude:
- ./**
include:
- README.md
resources:
Conditions:
StageIsDev: !Equals [ '${self:provider.stage}', 'dev' ]
Resources:
# COGNITO
UserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: ${self:custom.baseName}-swaggerui
Schema:
- Name: email
Required: true
Mutable: true
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
UserPoolDomain:
Type: AWS::Cognito::UserPoolDomain
Properties:
UserPoolId: !Ref UserPool
Domain: ${self:custom.baseName}
SwaggerUIAppClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: SwaggerUI
UserPoolId: !Ref UserPool
GenerateSecret: false
SupportedIdentityProviders:
- COGNITO
AllowedOAuthFlowsUserPoolClient: true
AllowedOAuthFlows:
- code
AllowedOAuthScopes:
- email
- openid
CallbackURLs:
- !If
- StageIsDev
- http://localhost:8080
- !Ref AWS::NoValue
- https://#{SwaggerDistribution.DomainName}
LogoutURLs:
- !If
- StageIsDev
- http://localhost:8080
- !Ref AWS::NoValue
- https://#{SwaggerDistribution.DomainName}
SwaggerUIIdentityProvider:
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: ${self:custom.baseName}-swaggerui
CognitoIdentityProviders:
- ProviderName: cognito-idp.#{AWS::Region}.amazonaws.com/#{UserPool}
ClientId: !Ref SwaggerUIAppClient
AllowUnauthenticatedIdentities: false
SwaggerUIIdentityProviderRoles:
Type: AWS::Cognito::IdentityPoolRoleAttachment
Properties:
IdentityPoolId: !Ref SwaggerUIIdentityProvider
Roles:
authenticated: !GetAtt SwaggerUIAuthRole.Arn
# S3
SwaggerBucket:
Type: AWS::S3::Bucket
SwaggerBucketCloudFrontAccessPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref SwaggerBucket
PolicyDocument:
Statement:
- Action: s3:GetObject
Effect: Allow
Resource: 'arn:aws:s3:::#{SwaggerBucket}/*'
Principal:
CanonicalUser: !GetAtt SwaggerDistributionOAI.S3CanonicalUserId
# CLOUDFRONT
SwaggerDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: true
Comment: ${self:custom.baseName}-swaggerui
HttpVersion: http2
Origins:
- Id: swaggerS3
DomainName: '#{SwaggerBucket.RegionalDomainName}'
S3OriginConfig:
OriginAccessIdentity: 'origin-access-identity/cloudfront/#{SwaggerDistributionOAI}'
DefaultRootObject: index.html
DefaultCacheBehavior:
TargetOriginId: swaggerS3
AllowedMethods:
- GET
- HEAD
CachedMethods:
- GET
- HEAD
Compress: true
ViewerProtocolPolicy: redirect-to-https
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
PriceClass: PriceClass_100
ViewerCertificate:
CloudFrontDefaultCertificate: 'true'
SwaggerDistributionOAI:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: 'Access #{SwaggerBucket} bucket'
# IAM
SwaggerUIAuthRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Federated: cognito-identity.amazonaws.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud: !Ref SwaggerUIIdentityProvider
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: authenticated
Policies:
- PolicyName: api-gateway
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: apigateway:GET
Resource: "arn:aws:apigateway:#{AWS::Region}::/restapis/#{ApiGatewayRestApi}/stages/${self:provider.stage}/exports/*"
# save bucket name in outputs so it can be found when removing the service
Outputs:
SwaggerBucketName:
Value: !Ref SwaggerBucket