-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yml
175 lines (172 loc) · 4.95 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
Blog & Project User Post Lambdas
Resources:
authAPI:
Type: AWS::Serverless::Api
Properties:
Description: "Auth Routes for Blog"
Auth:
AddDefaultAuthorizerToCorsPreflight: true
Authorizers:
BlogCognitoAuthorizer:
UserPoolArn: !GetAtt MyCognitoUserPool.Arn
DefaultAuthorizer: BlogCognitoAuthorizer
StageName: prod
Cors:
AllowMethods: "'*'"
AllowHeaders: "'*'"
AllowOrigin: "'*'"
authAPI:
blogAPI:
Type: AWS::Serverless::Api
Properties:
Description: "Non-Auth Routes for Blog"
StageName: prod
Cors:
AllowMethods: "'*'"
AllowHeaders: "'*'"
AllowOrigin: "'*'"
# authAPIAuthorizer:
# Type: AWS::ApiGateway::Authorizer
# Properties:
# AuthorizerResultTtlInSeconds: 0
# IdentitySource: "method.request.header.Authorization"
# Name: "BlogCognitoAuthorizer"
# ProviderARNs:
# - !Sub arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${MyCognitoUserPool}
# RestApiId: !Ref authAPI
# Type: COGNITO_USER_POOLS
BlogLambdaGetPosts:
Type: AWS::Serverless::Function
Properties:
Environment:
Variables:
dbname: !Ref blogpostdynamoDB
CodeUri: lambda/getPosts/
Handler: getPosts.handler
Runtime: nodejs18.x
Events:
blogposts:
Type: Api
Properties:
Path: /api/getposts
Method: post
RestApiId: !Ref blogAPI
Policies:
- AWSLambdaBasicExecutionRole
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "dynamodb:PartiQLSelect"
- "dynamodb:PartiQLUpdate"
- "dynamodb:PartiQLInsert"
Resource: !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${blogpostdynamoDB}'
BlogLambdaMakePosts:
Type: AWS::Serverless::Function
Properties:
Environment:
Variables:
dbname: !Ref blogpostdynamoDB
CodeUri: lambda/makePosts/
Handler: makePosts.handler
Runtime: nodejs18.x
Events:
blogposts:
Type: Api
Properties:
Path: /auth/makepost
Method: post
RestApiId: !Ref authAPI
Policies:
- AWSLambdaBasicExecutionRole
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "dynamodb:PartiQLSelect"
- "dynamodb:PartiQLUpdate"
- "dynamodb:PartiQLInsert"
Resource: !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${blogpostdynamoDB}'
blogpostdynamoDB:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: postid
AttributeType: S
- AttributeName: postdate
AttributeType: S
KeySchema:
- AttributeName: postid
KeyType: HASH
- AttributeName: postdate
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
StreamSpecification:
StreamViewType: NEW_IMAGE
MyCognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: blogpool
UsernameAttributes: email
AutoVerifiedAttributes:
- email
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
AdminCreateUserConfig:
AllowAdminCreateUserOnly: false
UsernameAttributes:
- email
Schema:
- AttributeDataType: String
Name: email
Required: false
MyCognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
AllowedOAuthFlowsUserPoolClient: true
UserPoolId: !Ref MyCognitoUserPool
ClientName: gstreet
GenerateSecret: true
SupportedIdentityProviders:
- COGNITO
DefaultRedirectURI: https://serverless.gstreet.dev
CallbackURLs:
- https://serverless.gstreet.dev
- http://localhost:3000
- http://localhost:3001
AllowedOAuthScopes:
- email
- phone
- openid
AllowedOAuthFlows:
- code
- implicit
BlogDomain:
Type: AWS::Cognito::UserPoolDomain
Properties:
Domain: gstreetlogin
UserPoolId: !Ref MyCognitoUserPool
Outputs:
# consumed by CloudFront Distribution file: CloudFront.yaml
authUrl:
Value: !Sub "${authAPI}.execute-api.${AWS::Region}.amazonaws.com"
Description: Invoke URL for api gateway auth
Export:
Name: apiAuthUrl
blogUrl:
Value: !Sub "${blogAPI}.execute-api.${AWS::Region}.amazonaws.com"
Description: Invoke URL for api gateway blog
Export:
Name: apiBlogUrl
blogStage:
Value: !Sub /prod
Description: Default Stage Name
Export:
Name: blogStage