generated from Open-Attestation/react-template
-
Notifications
You must be signed in to change notification settings - Fork 5
/
serverless.yml
116 lines (111 loc) · 4.27 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
service: ${self:custom.project}-verify-ui
useDotenv: true
provider:
deploymentBucket:
name: ${self:custom.infra.deploymentBucket}
stackName: ${self:custom.project}-${self:provider.stage}-verify-ui
apiName: ${self:provider.stackName}
environment:
NODE_ENV: "development"
DEBUG: "*,-follow-redirects"
AWS_LAMBDA_EXEC_WRAPPER: /opt/bootstrap
HOSTNAME: 0.0.0.0
PORT: 8000
STAGE: ${self:provider.stage}
name: aws
runtime: nodejs18.x
region: ap-southeast-1
deploymentMethod: direct
stage: ${opt:stage, "dev"}
memorySize: 256
timeout: 900
tracing:
lambda: true
apiGateway: true
logs:
restApi:
accessLogging: true
executionLogging: true
format: '{"id":"$context.requestId","extendedId":"$context.extendedRequestId","path":"$context.path","method":"$context.httpMethod","time":"$context.requestTime","source":"$context.identity.sourceIp","resourcePath":"$context.resourcePath","error":{"message":"$context.error.message","type":"$context.error.responseType","validation":"$context.error.validationErrorString"},"waf":{"response":"$context.wafResponseCode","error":"$context.waf.error","status":"$context.waf.status"},"response":{"latency":"$context.responseLatency","length":"$context.responseLength","status":"$context.status"},"apikey":"$context.identity.apiKeyId","xray":"$context.xrayTraceId"}'
level: INFO
# ALWAYS PUT TO FALSE, NEVER LOG RESPONSE DATA BECAUSE IT CAN BE SENSITIVE
fullExecutionData: false
roleManagedExternally: true
role: ${ssm:/${self:custom.project}/${self:provider.stage}/cloudwatch-log-role-arn}
apiGateway:
resourcePolicy:
- Effect: Allow
Principal: "*"
Action: execute-api:Invoke
Resource:
- execute-api:/*/*/*
metrics: true
shouldStartNameWithService: true
binaryMediaTypes:
- "*/*"
endpointType: ${ssm:/${self:custom.project}/${self:provider.stage}/api-gateway-endpoint-type, "REGIONAL"}
versionFunctions: false
package:
artifact: .next/standalone/artifact.zip
# Reference: https://github.com/awslabs/aws-lambda-web-adapter
functions:
nextApplication:
name: ${self:provider.stackName}-next
iamRoleStatementsName: "${self:provider.stackName}-next"
# Provisioned concurrency is the number of pre-initialized execution environments you want to allocate to your function, around USD40 each
provisionedConcurrency: ${ssm:/${self:custom.project}/${self:provider.stage}/lambda-concurrency}
layers:
- arn:aws:lambda:ap-southeast-1:753240598075:layer:LambdaAdapterLayerX86:18
handler: run.sh
events:
- http:
path: "{proxy+}"
method: any
- http:
path: ""
method: any
vpc:
securityGroupIds:
- ${self:custom.infra.securityGroupIds}
subnetIds:
Fn::Split:
- ","
- ${self:custom.infra.subnetIds}
custom:
project: ${env:PROJECT_NAME}
setCustomDomain:
"true":
- domainName: '${ssm:/${self:custom.project}/${self:provider.stage}/verify-api-domain-name, ""}'
basePath: ""
createRoute53Record: false,
endpointType: "${self:provider.endpointType}"
securityPolicy: "tls_1_2"
autoDomain: true
"false": []
customDomains: "${self:custom.setCustomDomain.${ssm:/${self:custom.project}/${self:provider.stage}/verify-auto-create-domain, 'true'}}"
infra:
deploymentBucket: "${ssm:/${self:custom.project}/${self:provider.stage}/deployment-bucket}"
securityGroupIds: "${ssm:/${self:custom.project}/${self:provider.stage}/security-group-ids}"
subnetIds: "${ssm:/${self:custom.project}/${self:provider.stage}/subnet-ids}"
associateWaf:
name: ${ssm:/${self:custom.project}/${self:provider.stage}/wafv2-name}
version: "V2"
resources:
Resources:
IamRoleLambdaExecution:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Condition:
ArnLike:
"aws:SourceArn": "arn:aws:lambda:${aws:region}:${aws:accountId}:*:*"
plugins:
- serverless-domain-manager
- serverless-associate-waf
- serverless-iamroles