-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathserverless.yml
130 lines (124 loc) · 3.54 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
service: MV-${env:REALM}-CloudFront-Bot
plugins:
- serverless-log-forwarding
- serverless-plugin-aws-alerts
provider:
name: aws
runtime: python3.6
stage: ${env:ENV}
memorySize: 128
versionFunctions: false
deploymentBucket:
name: amaysim-serverless-deployments-${env:AWS_ACCOUNT_ID}-${env:AWS_REGION}
timeout: 60
region: ${env:AWS_REGION}
variableSyntax: "\\${(?!AWS::)((?:self|env):[ :a-zA-Z0-9._,\\-\\/\\(\\)]+?)}"
iamRoleStatements:
- Effect: Allow
Action:
- lambda:InvokeFunction
- lambda:InvokeAsync
Resource:
Fn::Sub: "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${self:service}-${env:ENV}-invalidate"
stackTags:
FRAMEWORK: serverless
environment:
ENV: ${env:ENV}
LOGLEVEL: ${env:LOGLEVEL}
REALM: ${env:REALM}
BOT_AWS_ROLE: ${env:BOT_AWS_ROLE}
BOT_AWS_ACCOUNTS: ${env:BOT_AWS_ACCOUNTS}
INVALIDATE_HANDLER: ${self:service}-${env:ENV}-invalidate
package:
artifact: package/package.zip
custom:
logForwarding:
destinationARN: {"Fn::ImportValue": "${env:SUMOLOGIC_LAMBDA_ARN_EXPORT_NAME}"}
alerts:
dashboards: true
topics:
ok: ${env:OPS_GENIE_MAJOR_SNS_ARN}
alarm: ${env:OPS_GENIE_MAJOR_SNS_ARN}
insufficientData: ${env:OPS_GENIE_MAJOR_SNS_ARN}
definitions:
functionErrors:
threshold: 1
period: 900
functionDuration:
threshold: 60000
statistic: 'p95'
period: 900
alarms:
- functionErrors
- functionThrottles
- functionInvocations
- functionDuration
functions:
invalidate:
handler: slack_cloudfront_bot.invalidate
respond:
handler: slack_cloudfront_bot.respond
events:
- http: POST respond
resources:
Resources:
PolicySlackCloudFrontBot:
Type: AWS::IAM::Policy
Properties:
Roles:
- Ref: IamRoleLambdaExecution
PolicyName: AllowSwitchRoleToSlackCloudFrontBot
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: AllowSwitchRoleToSlackCloudFrontBot
Effect: Allow
Action:
- sts:AssumeRole
Resource:
- arn:aws:iam::*:role/SlackCloudFrontBot
DomainName:
Type: "AWS::ApiGateway::DomainName"
Properties:
CertificateArn: ${env:AWS_ACM_CERTIFICATE}
DomainName: ${env:DOMAIN_NAME}
BasePathMapping:
Type: "AWS::ApiGateway::BasePathMapping"
Properties:
BasePath: "cloudfront-bot"
DomainName:
Ref: DomainName
RestApiId: { "Ref": "ApiGatewayRestApi" }
Stage: ${env:ENV}
RecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: ${env:AWS_HOSTED_ZONE}.
Name: ${env:DOMAIN_NAME}
Type: A
AliasTarget:
HostedZoneId: "Z2FDTNDATAQYW2"
DNSName:
Fn::GetAtt: [ "DomainName", "DistributionDomainName" ]
RecordSetAAAA:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: ${env:AWS_HOSTED_ZONE}.
Name: ${env:DOMAIN_NAME}
Type: AAAA
AliasTarget:
HostedZoneId: "Z2FDTNDATAQYW2"
DNSName:
Fn::GetAtt: [ "DomainName", "DistributionDomainName" ]
Outputs:
LambdaUrl:
Value: "https://${env:DOMAIN_NAME}"
CloudFrontDomainName:
Value:
Fn::GetAtt: [ 'DomainName', 'DistributionDomainName' ]
LambdaRoleArn:
Value:
Fn::GetAtt: [ 'IamRoleLambdaExecution', 'Arn' ]
LambdaRole:
Value:
Ref: 'IamRoleLambdaExecution'