-
Notifications
You must be signed in to change notification settings - Fork 19
/
serverless.yml
150 lines (141 loc) · 4.79 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
service: "${self:custom.appname}-badges"
frameworkVersion: ">=1.1.0 <2.0.0"
# This is super important since we're packing this with Webpack and not with `serverless package`
package:
individually: true
# Copy serverless.vars.yml to .serverless.vars.yml
custom: ${file(.serverless.vars.yml):vars}
provider:
name: aws
runtime: nodejs10.x
stage: "${opt:stage}"
region: "${self:custom.region.${self:provider.stage}}"
environment:
BUCKET_BADGES: ${self:custom.bucket_badges.${self:provider.stage}, "${self:service}-images-${self:provider.stage}"}
deploymentBucket:
name: ${self:custom.deployment_bucket.${self:provider.stage}, "${self:service}-deployment-${self:provider.stage}"}
iamRoleStatements:
- Effect: Allow
Action:
- s3:PutObject
- s3:PutObjectAcl
Resource: "arn:aws:s3:::${self:provider.environment.BUCKET_BADGES}/*"
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: "arn:aws:logs:*:*:*"
functions:
statusBadge:
memorySize: 192
handler: index.handler
package:
artifact: ./services/status-badges/dist/dist_status_badges.zip
events:
- cloudwatchEvent:
name: "${self:service}-status-build-event-${opt:stage}"
description: "Triggered upon status change of CodeBuild project"
event:
source:
- "aws.codebuild"
detail-type:
- "CodeBuild Build State Change"
detail:
project-name: ${self:custom.codebuild_projects.${opt:stage}}
- cloudwatchEvent:
name: "${self:service}-status-pipeline-event-${opt:stage}"
description: "Triggered upon status change of CodePipeline"
event:
source:
- "aws.codepipeline"
detail-type:
- "CodePipeline Pipeline Execution State Change"
detail:
pipeline: ${self:custom.codepipeline_names.${opt:stage}}
commitIdBadge:
role: CommitIdFunctionRole
memorySize: 192
handler: index.handler
package:
artifact: ./services/commit-badges/dist/dist_commit_badges.zip
events:
- cloudwatchEvent:
name: "${self:service}-commitid-pipeline-event-${opt:stage}"
description: "Triggered upon status change of CodePipeline"
event:
source:
- "aws.codepipeline"
detail-type:
- "CodePipeline Pipeline Execution State Change"
detail:
pipeline: ${self:custom.codepipeline_names.${opt:stage}}
resources:
Resources:
BuildBadgesImagesBucket:
Type: "AWS::S3::Bucket"
DeletionPolicy: Retain
Properties:
BucketName: !Sub "${self:provider.environment.BUCKET_BADGES}"
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
CorsConfiguration:
CorsRules:
- AllowedHeaders:
- "*"
AllowedMethods:
- "GET"
- "HEAD"
AllowedOrigins:
- "https://github.com"
- "https://www.github.com"
MaxAge: 90
BuildBadgesImagesBucketPolicy:
DependsOn: BuildBadgesImagesBucket
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
Id: "BuildBadgesImagesBucketPolicy-${opt:stage}"
Version: "2012-10-17"
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal: "*"
Action: s3:GetObject
Resource: "arn:aws:s3:::${self:provider.environment.BUCKET_BADGES}/*"
Bucket:
Ref: BuildBadgesImagesBucket
CommitIdFunctionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: CommitIdFunctionRolePolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- "arn:aws:logs:*:*:*"
- Effect: Allow
Action:
- codepipeline:GetPipelineExecution
Resource:
- "*"
- Effect: Allow
Action:
- s3:PutObject
- s3:PutObjectAcl
Resource: "arn:aws:s3:::${self:provider.environment.BUCKET_BADGES}/*"