-
Notifications
You must be signed in to change notification settings - Fork 7
/
sam-template.yml
155 lines (145 loc) · 5.07 KB
/
sam-template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Description: >
AWS Blueprint for SAM using NestJS and on-demand DynamoDB. Single lambda serves entire API via proxy+.
Supports CORS from ALL origins
Parameters:
StageName:
Type: String
Description: The stage name, also the lambda alias
Default: test
DDBTableName:
Type: String
Description: DDB_TABLENAME env var
Default: test-SingleTable
SomeSecretInSSM:
Type: "AWS::SSM::Parameter::Value<String>"
Description: The SSM parameter key for some secret value
Default: /stage/repo_name/branch/envs/SECRET_KEY
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Runtime: nodejs10.x
AutoPublishAlias: !Ref StageName
DeploymentPreference:
Type: AllAtOnce
Timeout: 30
MemorySize: 512
Api: # https://alexharv074.github.io/2019/03/31/introduction-to-sam-part-iii-adding-a-proxy-endpoint-and-cors-configuration.html#cors-configuration
Cors:
AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
AllowOrigin: "'*'"
MaxAge: "'600'"
# Logging, Metrics, Throttling, and all other Stage settings
MethodSettings: [{
"LoggingLevel": "INFO",
"MetricsEnabled": True,
"DataTraceEnabled": True,
# On all Paths & methods
"ResourcePath": "/*",
"HttpMethod": "*",
}]
Conditions:
NotStaging: !Not [!Equals [ !Ref StageName, staging ]]
IsLocal: !Equals [ !Ref StageName, local ]
#If resources are in a seperate file with naming convention [stage]--[repo]--[branch]--[eyecatcher]--r
#the following line would exist in said resources file
#NotStaging: !Not [!Equals [ !Select [ "0", !Split [ '--', !Ref 'AWS::StackName' ] ], staging ]]
Resources:
APIG:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref StageName
Variables:
Stage: !Ref StageName
#TODO: add Tags when supported https://github.com/awslabs/serverless-application-model/issues/384
DDBTable:
Type: AWS::DynamoDB::Table
# Staging uses prod table, so don't create if staging
Condition: NotStaging
Properties:
TableName: !Ref DDBTableName
Tags:
-
Key: Stage
Value: !Ref StageName
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
-
AttributeName: "PK"
AttributeType: "S"
-
AttributeName: "SK"
AttributeType: "S"
-
AttributeName: "GSI1PK"
AttributeType: "S"
-
AttributeName: "GSI1SK"
AttributeType: "S"
KeySchema:
-
AttributeName: "PK"
KeyType: "HASH"
-
AttributeName: "SK"
KeyType: "RANGE"
GlobalSecondaryIndexes:
-
IndexName: "GSI1"
KeySchema:
-
AttributeName: "GSI1PK"
KeyType: "HASH"
-
AttributeName: "GSI1SK"
KeyType: "RANGE"
Projection:
ProjectionType: "ALL"
MonolithicFunction:
# More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub "${AWS::StackName}--Monolithic"
Handler: dist/apig-lambda.handler
# CodeUri is replaced in buildspec.yml during codebuild, to limit zip size
CodeUri: ./
Description: !Sub "${StageName}: NestJS API"
Tags:
Stage: !Ref StageName
Environment:
Variables:
# Keep these in sync with dotenv.example
APP_STAGE: !Ref StageName
DDB_TABLENAME: !Ref DDBTableName
SECRET_KEY: !Ref SomeSecretInSSM
ENV_TEST: 'hardcoded in sam-template.yml'
Policies:
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "dynamodb:Batch*"
- "dynamodb:Describe*"
- "dynamodb:Get*"
- "dynamodb:Query"
- "dynamodb:Scan"
- "dynamodb:DeleteItem"
- "dynamodb:UpdateItem"
- "dynamodb:PutItem"
Resource: !Sub "arn:aws:dynamodb:*:*:table/${DDBTableName}"
Events:
ProxyApiGreedy:
Type: Api
Properties:
RestApiId: !Ref APIG
Path: /{proxy+}
Method: ANY
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
RestApi:
Description: "API Gateway endpoint URL for Prod stage"
Value: !Sub "https://${APIG}.execute-api.${AWS::Region}.amazonaws.com/${StageName}/"