-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
177 lines (163 loc) · 5.73 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# This is the SAM template that represents the architecture of your serverless application
# https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-template-basics.html
# The AWSTemplateFormatVersion identifies the capabilities of the template
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/format-version-structure.html
AWSTemplateFormatVersion: 2010-09-09
Description: >-
lambda-ppot
# Transform section specifies one or more macros that AWS CloudFormation uses to process your template
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html
Transform:
- AWS::Serverless-2016-10-31
Globals:
Function:
Runtime: nodejs18.x
MemorySize: 256
Timeout: 100
VpcConfig:
SecurityGroupIds:
- sg-06981620dc30c36d1
- sg-012960140b3022393
SubnetIds:
- subnet-0b6f3967bc7afb848
Environment:
Variables:
# Make table name accessible as environment variable from function code during execution
REGION: eu-central-1
EMAILS_TABLE: perpetual-powers-of-tau
EMAIL_FROM: contact@perpetualpowersoftau.com
EMAIL_RETURN: nico@inno-maps.com
TOKEN_WEB_PAGE: http://localhost:5173/?token=
JWT_PRIVATE_KEY: super-secret-sha256-hex-string
JWT_EXPIRATION_TIME: 300000
TRIES_LIMIT: 1
TIME_TO_EXPIRE_SPAM: 10
TIME_TO_EXPIRE_CONFIRMED_EMAIL: 20
S3_BUCKET_NAME: perpetual-powers-of-tau
S3_PREFIX: challenges
RETRIEVAL_TYPE: Bulk
DAYS_TO_RESTORE: 1
ACCESS_CONTROL_ALLOW_ORIGIN: '*'
ACCESS_CONTROL_ALLOW_METHODS: 'GET, POST, OPTIONS'
# Resources declares the AWS resources that you want to include in the stack
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html
Resources:
# Each Lambda function is defined by properties:
# https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
requestRetrievalFunction:
Type: AWS::Serverless::Function
Properties:
Handler: request-retrieval.requestRetrievalHandler
Role: arn:aws:iam::490752553772:role/perpertual-powers-of-tau-lambda
Description: Get request to retrieve images from S3 Glacier Archive.
Policies:
# Give Create/Read/Update/Delete Permissions to the EmailsTable
- DynamoDBCrudPolicy:
TableName: !Ref EmailsTable
Events:
Api:
Type: Api
Properties:
Path: /request-retrieval
Method: ANY
Metadata:
BuildMethod: esbuild
BuildProperties:
Minify: true
Target: "es2020"
Sourcemap: true
EntryPoints:
- src/handlers/request-retrieval.ts
confirmEmailFunction:
Type: AWS::Serverless::Function
Properties:
Handler: confirm-email.confirmEmailHandler
Role: arn:aws:iam::490752553772:role/perpertual-powers-of-tau-lambda
Description: Confirm email ownership to retrieve images from S3 Glacier Archive.
Policies:
# Give Create/Read/Update/Delete Permissions to the EmailsTable
- DynamoDBWritePolicy:
TableName: !Ref EmailsTable
Events:
Api:
Type: Api
Properties:
Path: /confirm-email
Method: ANY
RequestParameters:
- method.request.querystring.token:
Required: true
Metadata:
BuildMethod: esbuild
BuildProperties:
Minify: true
Target: "es2020"
Sourcemap: true
EntryPoints:
- src/handlers/confirm-email.ts
getPresignedUrlFunction:
Type: AWS::Serverless::Function
Properties:
Handler: get-presigned-url.getPresignedUrlHandler
Role: arn:aws:iam::490752553772:role/perpertual-powers-of-tau-lambda
Description: Generate a presigned URL for a file download from AWS S3
Events:
Api:
Type: Api
Properties:
Path: /get-presigned-url
Method: ANY
RequestParameters:
- method.request.querystring.file:
Required: true
Metadata:
BuildMethod: esbuild
BuildProperties:
Minify: true
Target: "es2020"
Sourcemap: true
EntryPoints:
- src/handlers/get-presigned-url.ts
# Simple syntax to create a DynamoDB table with a single attribute primary key, more in
# https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlesssimpletable
# DynamoDB table to store item: {id: <ID>, name: <NAME>}
EmailsTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: perpetual-powers-of-tau
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
-
AttributeName: "email"
AttributeType: "S"
KeySchema:
-
AttributeName: "email"
KeyType: "HASH"
TimeToLiveSpecification:
AttributeName: "expiration"
Enabled: true
ApplicationResourceGroup:
Type: AWS::ResourceGroups::Group
Properties:
Name:
Fn::Join:
- ''
- - ApplicationInsights-SAM-
- Ref: AWS::StackName
ResourceQuery:
Type: CLOUDFORMATION_STACK_1_0
ApplicationInsightsMonitoring:
Type: AWS::ApplicationInsights::Application
Properties:
ResourceGroupName:
Fn::Join:
- ''
- - ApplicationInsights-SAM-
- Ref: AWS::StackName
AutoConfigurationEnabled: 'true'
DependsOn: ApplicationResourceGroup
Outputs:
WebEndpoint:
Description: API Gateway endpoint URL for Prod stage
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/"