2
0
mirror of https://github.com/offen/website.git synced 2024-11-23 01:20:29 +01:00
website/accounts/serverless.yml

107 lines
3.4 KiB
YAML

service:
name: accounts
awsKmsKeyArn: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/all/kmsArn~true}
provider:
name: aws
endpointType: regional
runtime: python3.6
stage: alpha
region: eu-central-1
apiName: offen-${self:provider.stage}
logs:
restApi: true
package:
individually: true
plugins:
- serverless-domain-manager
- serverless-python-requirements
- serverless-wsgi
custom:
stage: ${opt:stage, self:provider.stage}
origin:
production: vault.offen.dev
staging: vault-staging.offen.dev
alpha: vault-alpha.offen.dev
serverHost:
production: server.offen.dev
staging: server-staging.offen.dev
alpha: server-alpha.offen.dev
domain:
production: accounts.offen.dev
staging: accounts-staging.offen.dev
alpha: accounts-alpha.offen.dev
cookieDomain:
production: .offen.dev
staging: .offen.dev
alpha: .offen.dev
customDomain:
basePath: ''
certificateName: '*.offen.dev'
domainName: ${self:custom.domain.${self:custom.stage}}
stage: ${self:custom.stage}
endpointType: regional
createRoute53Record: false
wsgi:
app: accounts.app
packRequirements: false
pythonRequirements:
slim: true
dockerizePip: non-linux
fileName: requirements.txt
functions:
authorizer:
handler: authorizer.handler
environment:
BASIC_AUTH_USER: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/basicAuthUser~true}
HASHED_BASIC_AUTH_PASSWORD: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/hashedBasicAuthPassword~true}
app:
handler: wsgi_handler.handler
events:
- http:
path: /admin/
method: any
authorizer:
name: authorizer
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
- http:
path: /admin/{proxy+}
method: any
authorizer:
name: authorizer
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
- http:
path: '/'
method: any
- http:
path: '/{proxy+}'
method: any
environment:
CORS_ORIGIN: https://${self:custom.origin.${self:custom.stage}}
COOKIE_DOMAIN: ${self:custom.cookieDomain.${self:custom.stage}}
JWT_PRIVATE_KEY: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/jwtPrivateKey~true}'
JWT_PUBLIC_KEY: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/jwtPublicKey~true}'
HASHED_BASIC_AUTH_PASSWORD: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/hashedBasicAuthPassword~true}
BASIC_AUTH_USER: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/basicAuthUser~true}
SESSION_SECRET: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/sessionSecret~true}'
SERVER_URL: ${self:custom.serverHost.${self:custom.stage}}
POSTGRES_CONNECTION_STRING: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/postgresConnectionString~true}'
resources:
Resources:
GatewayResponse:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.WWW-Authenticate: "'Basic'"
ResponseType: UNAUTHORIZED
RestApiId:
Ref: 'ApiGatewayRestApi'
StatusCode: '401'