2
0
mirror of https://github.com/offen/website.git synced 2024-11-25 18:20:28 +01:00
website/accounts/serverless.yml

115 lines
3.0 KiB
YAML
Raw Normal View History

2019-07-05 19:54:54 +02:00
service:
name: accounts
awsKmsKeyArn: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/all/kmsArn~true}
provider:
name: aws
endpointType: regional
runtime: python3.6
stage: alpha
region: eu-central-1
apiName: offen-${self:provider.stage}
logs:
restApi: true
iamRoleStatements:
- Effect: 'Allow'
Action:
- secretsmanager:GetSecretValue
2019-07-19 22:00:55 +02:00
Resource: arn:aws:secretsmanager:eu-central-1:#{AWS::AccountId}:secret:${self:custom.stage}/*
2019-07-05 19:54:54 +02:00
package:
individually: true
exclude:
- tests
2019-07-05 19:54:54 +02:00
plugins:
- serverless-domain-manager
- serverless-python-requirements
- serverless-wsgi
2019-07-19 22:00:55 +02:00
- serverless-pseudo-parameters
2019-07-05 19:54:54 +02:00
custom:
stage: ${opt:stage, self:provider.stage}
origin:
production: https://vault.offen.dev
staging: https://vault-staging.offen.dev
alpha: https://vault-alpha.offen.dev
serverHost:
2019-07-17 21:20:21 +02:00
production: https://server.offen.dev
staging: https://server-staging.offen.dev
alpha: https://server-alpha.offen.dev
2019-07-05 19:54:54 +02:00
domain:
production: accounts.offen.dev
staging: accounts-staging.offen.dev
alpha: accounts-alpha.offen.dev
cookieDomain:
production: .offen.dev
staging: .offen.dev
alpha: .offen.dev
2019-07-05 19:54:54 +02:00
customDomain:
basePath: ''
certificateName: '*.offen.dev'
domainName: ${self:custom.domain.${self:custom.stage}}
stage: ${self:custom.stage}
endpointType: regional
createRoute53Record: false
wsgi:
app: accounts.app
2019-07-05 19:54:54 +02:00
packRequirements: false
pythonRequirements:
slim: true
dockerizePip: non-linux
fileName: requirements.txt
2019-07-05 19:54:54 +02:00
functions:
2019-07-14 11:50:13 +02:00
authorizer:
handler: lambdas.authorizer.handler
2019-07-14 11:50:13 +02:00
environment:
STAGE: ${self:custom.stage}
rotateKeys:
handler: lambdas.rotate_keys.handler
environment:
STAGE: ${self:custom.stage}
2019-07-05 19:54:54 +02:00
app:
handler: wsgi_handler.handler
timeout: 30
2019-07-05 19:54:54 +02:00
events:
2019-07-14 11:50:13 +02:00
- http:
path: /admin/
method: any
authorizer:
name: authorizer
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
- http:
path: /admin/{proxy+}
method: any
authorizer:
name: authorizer
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
2019-07-05 19:54:54 +02:00
- http:
path: '/'
method: any
- http:
2019-07-14 11:50:13 +02:00
path: '/{proxy+}'
2019-07-05 19:54:54 +02:00
method: any
environment:
CONFIG_CLASS: accounts.config.SecretsManagerConfig
STAGE: ${self:custom.stage}
CORS_ORIGIN: ${self:custom.origin.${self:custom.stage}}
2019-07-09 19:25:58 +02:00
COOKIE_DOMAIN: ${self:custom.cookieDomain.${self:custom.stage}}
2019-07-17 21:11:22 +02:00
SERVER_HOST: ${self:custom.serverHost.${self:custom.stage}}
2019-07-14 11:50:13 +02:00
resources:
Resources:
GatewayResponse:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.WWW-Authenticate: "'Basic'"
ResponseType: UNAUTHORIZED
RestApiId:
Ref: 'ApiGatewayRestApi'
StatusCode: '401'