This repository has been archived by the owner on Jan 28, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
68 lines (62 loc) · 1.94 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
service: helper-lambdas
frameworkVersion: ">=2.0.0 <3.0.0"
plugins:
- serverless-pseudo-parameters
- serverless-prune-plugin
provider:
name: aws
runtime: nodejs12.x
stage: ${opt:stage, 'dev'}
region: us-east-1
custom:
prune:
automatic: true
number: 2
functions:
addSecurityHeaders:
handler: addSecurityHeaders.handler
role: edgeRole
resources:
Resources:
edgeRole:
Type: AWS::IAM::Role
Properties:
Path: /
RoleName: EdgeRole # required if you want to use 'serverless deploy --function' later on
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
- edgelambda.amazonaws.com
Action: sts:AssumeRole
# note that these rights are needed if you want your function to be able to communicate with resources within your vpc
#ManagedPolicyArns:
#- arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
Policies:
- PolicyName: edgePolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- "Fn::Join":
- ":"
- - "arn:aws:logs"
- Ref: "AWS::Region"
- Ref: "AWS::AccountId"
- "log-group:/aws/lambda/*:*:*"
- Effect: "Allow"
Action:
- "s3:PutObject"
Resource:
Fn::Join:
- ""
- - "arn:aws:s3:::"
- "Ref": "ServerlessDeploymentBucket"