Untitled
unknown
yaml
a year ago
9.0 kB
17
Indexable
service: bus-service
frameworkVersion: "4"
provider:
name: aws
runtime: nodejs20.x
stage: ${opt:stage, 'dev'}
region: ${opt:region, 'ap-south-1'}
iam:
role:
statements:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
Resource: !Sub ${PrivateS3Bucket.Arn}/*
resources:
Resources:
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: ${self:service}-user-pool-${sls:stage}
AutoVerifiedAttributes:
- email
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
RequireSymbols: true
RequireUppercase: true
Schema:
- Name: email
AttributeDataType: String
Mutable: true
Required: true
- Name: name
AttributeDataType: String
Mutable: true
Required: true
EmailVerificationMessage: "Please verify your email by entering this code: {####}"
EmailVerificationSubject: "Verify your email for our app"
CognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: ${self:service}-user-pool-client-${sls:stage}
UserPoolId: !Ref CognitoUserPool
ExplicitAuthFlows:
- ALLOW_USER_SRP_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
- ALLOW_USER_PASSWORD_AUTH
GenerateSecret: false
CognitoIdentityPool:
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: ${self:service}-identity-pool-${sls:stage}
AllowUnauthenticatedIdentities: false
CognitoIdentityProviders:
- ClientId: !Ref CognitoUserPoolClient
ProviderName: !GetAtt CognitoUserPool.ProviderName
CognitoIdentityPoolRoles:
Type: AWS::Cognito::IdentityPoolRoleAttachment
Properties:
IdentityPoolId: !Ref CognitoIdentityPool
Roles:
authenticated: !GetAtt CognitoAuthRole.Arn
CognitoAuthRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Federated: cognito-identity.amazonaws.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
'cognito-identity.amazonaws.com:aud': !Ref CognitoIdentityPool
'ForAnyValue:StringLike':
'cognito-identity.amazonaws.com:amr': authenticated
Policies:
- PolicyName: CognitoAuth
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: 'cognito-identity:*'
Resource: '*'
ApiGatewayAuthorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
Name: cognito-authorizer
Type: COGNITO_USER_POOLS
IdentitySource: method.request.header.Authorization
RestApiId: !Ref ApiGatewayRestApi
ProviderARNs:
- !GetAtt CognitoUserPool.Arn
PrivateS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:service}-${sls:stage}-private-bucket
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
PrivateS3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref PrivateS3Bucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
AWS: !Sub arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${CloudFrontOAI}
Action: s3:GetObject
Resource: !Sub ${PrivateS3Bucket.Arn}/*
CloudFrontOAI:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: OAI for ${self:service}
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: true
DefaultRootObject: index.html
Origins:
- Id: S3Origin
DomainName: !GetAtt PrivateS3Bucket.RegionalDomainName
S3OriginConfig:
OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudFrontOAI}
DefaultCacheBehavior:
TargetOriginId: S3Origin
ViewerProtocolPolicy: redirect-to-https
AllowedMethods:
- GET
- HEAD
- OPTIONS
CachedMethods:
- GET
- HEAD
- OPTIONS
ForwardedValues:
QueryString: false
Cookies:
Forward: none
CleanUpOldObjectsLambdaRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${sls:stage}-cleanup-role
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Policies:
- PolicyName: S3BucketAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetObject
- s3:DeleteObject
Resource:
- !GetAtt PrivateS3Bucket.Arn
- !Sub ${PrivateS3Bucket.Arn}/*
outputs:
UserPoolId:
Value: !Ref CognitoUserPool
UserPoolClientId:
Value: !Ref CognitoUserPoolClient
IdentityPoolId:
Value: !Ref CognitoIdentityPool
plugins:
- serverless-dotenv-plugin
functions:
hello:
handler: src/services/hello.handler
description: health check handler
events:
- http:
path: hello
method: get
cors: true
register:
handler: src/services/register.handler
events:
- http:
path: register
method: post
cors: true
verifyOtp:
handler: src/services/verifyOtp.handler
events:
- http:
path: verify-otp
method: post
cors: true
getUser:
handler: src/services/user.handler
events:
- http:
path: /user
method: get
cors: true
authorizer:
type: COGNITO_USER_POOLS
authorizerId: !Ref ApiGatewayAuthorizer
scopes: []
signIn:
handler: src/services/signIn.handler
events:
- http:
path: sign-in
method: post
cors: true
getSignedUrl:
handler: src/services/getSignedUrl.handler
events:
- http:
path: get-signed-url
method: post
cors: true
getAllBusRoutes:
handler: src/services/getAllBusRoutes.handler
events:
- http:
path: bus-routes
method: get
cors: true
createBusRoute:
handler: src/services/createBusRoute.handler
events:
- http:
path: bus-routes
method: post
cors: true
searchBusRoute:
handler: src/services/searchBusRoute.handler
events:
- http:
path: bus-routes/search
method: post
cors: true
autoCompletePlaces:
handler: src/services/autoCompletePlaces.handler
events:
- http:
path: bus-routes/autocomplete
method: get
cors: true
getBusRouteById:
handler: src/services/getBusRouteById.handler
events:
- http:
path: bus-routes/{routeId}
method: get
cors: true
getBusRouteByServiceId:
handler: src/services/getBusByServiceId.handler
events:
- http:
path: bus-routes/service/{serviceId}
method: get
cors: true
# cleanUpOldObjects:
# handler: src/services/cleanUpOldObjects.handler
# role: CleanUpOldObjectsLambdaRole
# events:
# - schedule: rate(1 minute)
fileUpload:
handler: src/services/uploadFile.handler
events:
- http:
path: file-upload
method: post
cors: true
package:
individually: true
patterns:
- "!**/*"
- ".dist/**"
custom:
cors:
origins:
- '*' # Replace with your specific domains in production
headers:
- Content-Type
- Authorization
- X-Amz-Date
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
Editor is loading...
Leave a Comment