This repository has been archived by the owner on Jul 30, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
141 lines (128 loc) · 3.52 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
service: stranded-app
provider:
name: aws
runtime: provided.al2
architecture: arm64
region: us-east-2
stage: ${opt:stage, 'dev'}
httpApi:
cors: true
# Lambda layers are not supported for functions created with container images
ecr:
scanOnPush: true
images:
appImage:
path: ./
file: Dockerfile.s3Handler
buildArgs:
EXEC_NAME: ${opt:stage}
environment:
IMAGES_S3_BUCKET: stranded-api-s3-images-${opt:stage}
SIGNED_URL_EXPIRATION: 300
iam:
role:
statements:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
Resource: arn:aws:s3:::${self:provider.environment.IMAGES_S3_BUCKET}/*
custom:
topicName: SNSTopicImages
package:
individually: true
# Lambda layers are not supported for functions created with container images
# layers:
# resources:
# path: .private
functions:
S3Handler:
environment:
STAGE: ${self:provider.stage}
image:
name: 'appImage'
events:
- sns:
arn: !Ref 'SNSTopicImages'
topicName: ${self:custom.topicName}
displayName: ${self:custom.topicName}
resources:
Outputs:
SNSTopicImagesArn:
Description: The ARN for the images topic
Value: !Ref SNSTopicImages
SNSTopicPolicyArn:
Description: The ARN for the images topic
Value: !Ref SNSTopicPolicy
Parameters:
paramBucketName:
Type: String
Description: Bucket Name
Default: ${self:provider.environment.IMAGES_S3_BUCKET}
Resources:
SNSTopicImages: # step 1
Type: AWS::SNS::Topic
LambdaInvokePermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref S3HandlerLambdaFunction
Principal: '*'
SNSTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Id: MyTopicPolicy
Version: '2012-10-17'
Statement:
- Sid: Statement-id
Effect: Allow
Principal:
Service: s3.amazonaws.com
Action: sns:Publish
Resource: !Ref 'SNSTopicImages'
Condition:
ArnLike:
aws:SourceArn: !Join
- ''
- - 'arn:aws:s3:::'
- !Ref 'paramBucketName'
Topics:
- !Ref 'SNSTopicImages'
AttachmentBucket:
Type: AWS::S3::Bucket
DependsOn:
- SNSTopicPolicy
Properties:
AccessControl: BucketOwnerFullControl
BucketName: !Ref 'paramBucketName'
NotificationConfiguration:
TopicConfigurations:
- Topic: !Ref 'SNSTopicImages'
Event: s3:ObjectCreated:*
CorsConfiguration:
CorsRules:
- AllowedOrigins:
- '*'
AllowedHeaders:
- '*'
AllowedMethods:
- GET
- PUT
- POST
- DELETE
- HEAD
MaxAge: 3000
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref AttachmentBucket
PolicyDocument:
Id: "MyPolicy"
Version: "2012-10-17"
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal: '*'
Action: 's3:GetObject'
Resource: 'arn:aws:s3:::${self:provider.environment.IMAGES_S3_BUCKET}/*'