mirror of
https://github.com/offen/website.git
synced 2024-10-18 20:20:24 +02:00
107 lines
3.4 KiB
YAML
107 lines
3.4 KiB
YAML
service:
|
|
name: accounts
|
|
awsKmsKeyArn: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/all/kmsArn~true}
|
|
|
|
provider:
|
|
name: aws
|
|
endpointType: regional
|
|
runtime: python3.6
|
|
stage: alpha
|
|
region: eu-central-1
|
|
apiName: offen-${self:provider.stage}
|
|
logs:
|
|
restApi: true
|
|
|
|
package:
|
|
individually: true
|
|
|
|
plugins:
|
|
- serverless-domain-manager
|
|
- serverless-python-requirements
|
|
- serverless-wsgi
|
|
|
|
custom:
|
|
stage: ${opt:stage, self:provider.stage}
|
|
origin:
|
|
production: vault.offen.dev
|
|
staging: vault-staging.offen.dev
|
|
alpha: vault-alpha.offen.dev
|
|
serverHost:
|
|
production: server.offen.dev
|
|
staging: server-staging.offen.dev
|
|
alpha: server-alpha.offen.dev
|
|
domain:
|
|
production: accounts.offen.dev
|
|
staging: accounts-staging.offen.dev
|
|
alpha: accounts-alpha.offen.dev
|
|
cookieDomain:
|
|
production: .offen.dev
|
|
staging: .offen.dev
|
|
alpha: .offen.dev
|
|
customDomain:
|
|
basePath: ''
|
|
certificateName: '*.offen.dev'
|
|
domainName: ${self:custom.domain.${self:custom.stage}}
|
|
stage: ${self:custom.stage}
|
|
endpointType: regional
|
|
createRoute53Record: false
|
|
wsgi:
|
|
app: accounts.app
|
|
packRequirements: false
|
|
pythonRequirements:
|
|
slim: true
|
|
dockerizePip: non-linux
|
|
fileName: requirements.txt
|
|
|
|
functions:
|
|
authorizer:
|
|
handler: authorizer.handler
|
|
environment:
|
|
BASIC_AUTH_USER: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/basicAuthUser~true}
|
|
HASHED_BASIC_AUTH_PASSWORD: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/hashedBasicAuthPassword~true}
|
|
app:
|
|
handler: wsgi_handler.handler
|
|
events:
|
|
- http:
|
|
path: /admin/
|
|
method: any
|
|
authorizer:
|
|
name: authorizer
|
|
resultTtlInSeconds: 0
|
|
identitySource: method.request.header.Authorization
|
|
- http:
|
|
path: /admin/{proxy+}
|
|
method: any
|
|
authorizer:
|
|
name: authorizer
|
|
resultTtlInSeconds: 0
|
|
identitySource: method.request.header.Authorization
|
|
- http:
|
|
path: '/'
|
|
method: any
|
|
- http:
|
|
path: '/{proxy+}'
|
|
method: any
|
|
environment:
|
|
CORS_ORIGIN: https://${self:custom.origin.${self:custom.stage}}
|
|
COOKIE_DOMAIN: ${self:custom.cookieDomain.${self:custom.stage}}
|
|
JWT_PRIVATE_KEY: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/jwtPrivateKey~true}'
|
|
JWT_PUBLIC_KEY: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/jwtPublicKey~true}'
|
|
HASHED_BASIC_AUTH_PASSWORD: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/hashedBasicAuthPassword~true}
|
|
BASIC_AUTH_USER: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/basicAuthUser~true}
|
|
SESSION_SECRET: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/sessionSecret~true}'
|
|
SERVER_URL: ${self:custom.serverHost.${self:custom.stage}}
|
|
POSTGRES_CONNECTION_STRING: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/postgresConnectionString~true}'
|
|
|
|
resources:
|
|
Resources:
|
|
GatewayResponse:
|
|
Type: 'AWS::ApiGateway::GatewayResponse'
|
|
Properties:
|
|
ResponseParameters:
|
|
gatewayresponse.header.WWW-Authenticate: "'Basic'"
|
|
ResponseType: UNAUTHORIZED
|
|
RestApiId:
|
|
Ref: 'ApiGatewayRestApi'
|
|
StatusCode: '401'
|