-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathserverless.yml
128 lines (122 loc) · 3.55 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
service: better-apis-demo
provider:
name: aws
runtime: nodejs20.x
stage: ${opt:stage, 'shared'}
region: eu-north-1
memorySize: 1024
timeout: 10
logRetentionInDays: 7
versionFunctions: true
deploymentBucket:
blockPublicAccess: true
maxPreviousDeploymentArtifacts: 5
serverSideEncryption: AES256
stackTags:
Usage: ${self:service}
tags:
Usage: ${self:service}
apiGateway:
minimumCompressionSize: 1024
tracing:
apiGateway: true
lambda: true
iam:
role:
statements:
- Effect: Allow
Action:
- xray:PutTelemetryRecords
- xray:PutTraceSegments
- codedeploy:*
Resource:
- "*"
environment:
TOGGLES_URL: "https://www.mockachino.com/650dde1b-d1b5-48/toggles" # TODO: EDIT THIS TO YOUR ENDPOINT
#LIBHONEY_DATASET: better-apis-workshop
#LIBHONEY_API_KEY: some-random-key-123
plugins:
- serverless-esbuild
- serverless-offline
- serverless-iam-roles-per-function
- serverless-plugin-aws-alerts
- serverless-plugin-canary-deployments
package:
individually: true
custom:
alerts:
dashboards: true
esbuild:
bundle: true
minify: true
functions:
Authorizer:
handler: src/FeatureToggles/controllers/AuthController.handler
description: ${self:service} authorizer
FakeUser:
handler: src/FakeUser/controllers/FakeUserController.handler
description: Fake user
events:
- http:
method: GET
path: /fakeUser
authorizer:
name: Authorizer
resultTtlInSeconds: 30 # See: https://forum.serverless.com/t/api-gateway-custom-authorizer-caching-problems/4695
identitySource: method.request.header.Authorization
type: request
alarms:
- name: CanaryCheck
namespace: 'AWS/Lambda'
metric: Errors
threshold: 3
statistic: Sum
period: 60
evaluationPeriods: 1
comparisonOperator: GreaterThanOrEqualToThreshold
deploymentSettings:
type: AllAtOnce #Canary10Percent5Minutes
alias: Live
alarms:
- FakeUserCanaryCheckAlarm
FeatureToggles:
handler: src/FeatureToggles/controllers/FeatureTogglesController.handler
description: Feature toggles
events:
- http:
method: POST
path: /featureToggles
request:
schemas:
application/json: ${file(api/FeatureToggles.validator.json)}
resources:
Resources:
GatewayResponseDefault4XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_4XX
RestApiId:
Ref: 'ApiGatewayRestApi'
AuthFailureExpiredGatewayResponse:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: EXPIRED_TOKEN
RestApiId:
Ref: 'ApiGatewayRestApi'
StatusCode: '401'
AuthFailureUnauthorizedGatewayResponse:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: UNAUTHORIZED
RestApiId:
Ref: 'ApiGatewayRestApi'
StatusCode: '401'