mirror of
https://github.com/offen/website.git
synced 2024-11-22 17:10:29 +01:00
115 lines
3.0 KiB
YAML
115 lines
3.0 KiB
YAML
service:
|
|
name: accounts
|
|
awsKmsKeyArn: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/all/kmsArn~true}
|
|
|
|
provider:
|
|
name: aws
|
|
endpointType: regional
|
|
runtime: python3.6
|
|
stage: alpha
|
|
region: eu-central-1
|
|
apiName: offen-${self:provider.stage}
|
|
logs:
|
|
restApi: true
|
|
iamRoleStatements:
|
|
- Effect: 'Allow'
|
|
Action:
|
|
- secretsmanager:GetSecretValue
|
|
Resource: arn:aws:secretsmanager:eu-central-1:#{AWS::AccountId}:secret:${self:custom.stage}/*
|
|
|
|
package:
|
|
individually: true
|
|
exclude:
|
|
- tests
|
|
|
|
plugins:
|
|
- serverless-domain-manager
|
|
- serverless-python-requirements
|
|
- serverless-wsgi
|
|
- serverless-pseudo-parameters
|
|
|
|
custom:
|
|
stage: ${opt:stage, self:provider.stage}
|
|
origin:
|
|
production: https://vault.offen.dev
|
|
staging: https://vault-staging.offen.dev
|
|
alpha: https://vault-alpha.offen.dev
|
|
serverHost:
|
|
production: https://server.offen.dev
|
|
staging: https://server-staging.offen.dev
|
|
alpha: https://server-alpha.offen.dev
|
|
domain:
|
|
production: accounts.offen.dev
|
|
staging: accounts-staging.offen.dev
|
|
alpha: accounts-alpha.offen.dev
|
|
cookieDomain:
|
|
production: .offen.dev
|
|
staging: .offen.dev
|
|
alpha: .offen.dev
|
|
customDomain:
|
|
basePath: ''
|
|
certificateName: '*.offen.dev'
|
|
domainName: ${self:custom.domain.${self:custom.stage}}
|
|
stage: ${self:custom.stage}
|
|
endpointType: regional
|
|
createRoute53Record: false
|
|
wsgi:
|
|
app: accounts.app
|
|
packRequirements: false
|
|
pythonRequirements:
|
|
slim: true
|
|
dockerizePip: non-linux
|
|
fileName: requirements.txt
|
|
|
|
functions:
|
|
authorizer:
|
|
handler: lambdas.authorizer.handler
|
|
environment:
|
|
STAGE: ${self:custom.stage}
|
|
rotateKeys:
|
|
handler: lambdas.rotate_keys.handler
|
|
environment:
|
|
STAGE: ${self:custom.stage}
|
|
app:
|
|
handler: wsgi_handler.handler
|
|
timeout: 30
|
|
events:
|
|
- http:
|
|
path: /admin/
|
|
method: any
|
|
authorizer:
|
|
name: authorizer
|
|
resultTtlInSeconds: 0
|
|
identitySource: method.request.header.Authorization
|
|
- http:
|
|
path: /admin/{proxy+}
|
|
method: any
|
|
authorizer:
|
|
name: authorizer
|
|
resultTtlInSeconds: 0
|
|
identitySource: method.request.header.Authorization
|
|
- http:
|
|
path: '/'
|
|
method: any
|
|
- http:
|
|
path: '/{proxy+}'
|
|
method: any
|
|
environment:
|
|
CONFIG_CLASS: accounts.config.SecretsManagerConfig
|
|
STAGE: ${self:custom.stage}
|
|
CORS_ORIGIN: ${self:custom.origin.${self:custom.stage}}
|
|
COOKIE_DOMAIN: ${self:custom.cookieDomain.${self:custom.stage}}
|
|
SERVER_HOST: ${self:custom.serverHost.${self:custom.stage}}
|
|
|
|
resources:
|
|
Resources:
|
|
GatewayResponse:
|
|
Type: 'AWS::ApiGateway::GatewayResponse'
|
|
Properties:
|
|
ResponseParameters:
|
|
gatewayresponse.header.WWW-Authenticate: "'Basic'"
|
|
ResponseType: UNAUTHORIZED
|
|
RestApiId:
|
|
Ref: 'ApiGatewayRestApi'
|
|
StatusCode: '401'
|