-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.yml
166 lines (150 loc) · 4.98 KB
/
api.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
service: sls-multi-region-api
frameworkVersion: '3'
plugins:
- serverless-plugin-for-each
custom:
domainName: ${param:domainName}
subDomainName: ${param:subDomainName}
hostedZoneId: ${param:hostedZoneId}
Regions:
- eu-west-1
- eu-west-2
- us-east-1
- us-west-1
provider:
name: aws
runtime: nodejs18.x
deploymentBucket:
name: gitlab-codebucket
blockPublicAccess: true
resources:
Parameters:
domainName:
Type: String
Description: optional name of domain name to register to the api
Default: ${self:custom.domainName}
subDomainName:
Type: String
Description: optional sub domain name - leave empty to omit
Default: ${self:custom.subDomainName}
hostedZoneId:
Type: String
Description: Id of the doamin hosted zone. - leave blank to omit
Default: ${self:custom.hostedZoneId}
Conditions:
IsSubDomainConfigured: !Not [!Equals [!Ref subDomainName, '']]
Resources:
globalTable:
Type: AWS::DynamoDB::GlobalTable
Properties:
TableName: !Sub "${self:service}-globalTable"
AttributeDefinitions:
- AttributeName: 'id'
AttributeType: 'S'
KeySchema:
- AttributeName: 'id'
KeyType: 'HASH'
BillingMode: PAY_PER_REQUEST
#GlobalSecondaryIndexes:
# - GlobalSecondaryIndex
#LocalSecondaryIndexes:
# - LocalSecondaryIndex
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
Replicas:
- $forEach:
iterator: ${self:custom.Regions}
template:
- Region: $forEach.value
TableClass: STANDARD
ContributorInsightsSpecification:
Enabled: true
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: true
#GlobalSecondaryIndexes:
# - ReplicaGlobalSecondaryIndexSpecification
#ReadProvisionedThroughputSettings:
# ReadProvisionedThroughputSettings
#Replicas:
# - Region: us-east-1
# TableClass: STANDARD
# ContributorInsightsSpecification:
# Enabled: true
# PointInTimeRecoverySpecification:
# PointInTimeRecoveryEnabled: true
# #GlobalSecondaryIndexes:
# # - ReplicaGlobalSecondaryIndexSpecification
# #ReadProvisionedThroughputSettings:
# # ReadProvisionedThroughputSettings
TimeToLiveSpecification:
Enabled: true
AttributeName: ttl
KMSkey:
Type: AWS::KMS::Key
Properties:
BypassPolicyLockoutSafetyCheck: false
Enabled: true
EnableKeyRotation: false # Can only be true for SYMMETRIC_DEFAULT keys
KeyPolicy: # This default policy is auto generated if omitted
Version: '2012-10-17'
Id: key-default-1
Statement:
- Sid: Enable IAM User Permissions
Effect: Allow
Principal:
AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
Action: kms:*
Resource: '*'
# SYMMETRIC_DEFAULT - 256 bit symmetric key for encrytion and decryption
KeySpec: SYMMETRIC_DEFAULT # Can also be a HMAC, RSA or ECC key
KeyUsage: ENCRYPT_DECRYPT # Can be ENCRYPT_DECRYPT, SIGN_VERIFY or GENERATE_VERIFY_MAC
MultiRegion: true
Origin: AWS_KMS
PendingWindowInDays: 7 # waiting period before KMS deletes the key
KMSkeyAlias:
Type: AWS::KMS::Alias
Properties:
AliasName: !Sub "alias/${AWS::StackName}-key"
TargetKeyId: !Ref KMSkey
globalTableNameParameter:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "/${self:service}/globalTableName"
Tier: Standard
Type: String
Value: !Ref globalTable
globalTableArnParameter:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "/${self:service}/globalTableArn"
Tier: Standard
Type: String
Value: !GetAtt globalTable.Arn
hostedZoneIdParameter:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "/${self:service}/hostedZoneId"
Tier: Standard
Type: String
Value: !Ref hostedZoneId
domainNameParameter:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "/${self:service}/domainName"
Tier: Standard
Type: String
Value: !If [IsSubDomainConfigured, !Sub "${subDomainName}.${domainName}", !Ref domainName]
KMSkeyArnParameter:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "/${self:service}/KMSkeyArn"
Tier: Standard
Type: String
Value: !GetAtt KMSkey.Arn
KMSkeyAliasParameter:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "/${self:service}/KMSkeyAlias"
Tier: Standard
Type: String
Value: !Ref KMSkeyAlias