-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yml
158 lines (149 loc) · 4.61 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
AWS SAM Template for creating the API resources (API Gateway & Lambda Functions)
for the Password Caddy Api
Parameters:
ENV:
Type: String
Default: dev
AllowedValues:
- dev
- prod
Description: Environment of the Stack. Either dev or prod
ACCOUNTID:
Type: String
Default: ""
Description: AWS Account ID
CERTIFICATEID:
Type: String
Default: ""
Description: ID of AWS ACM Certificate to use
DOMAINNAME:
Type: String
Default: api.dev.password-caddy.com
Description: The domain name to attach to the API
DYNAMOTABLE:
Type: AWS::SSM::Parameter::Value<String>
Default: /password-caddy-api/{API_ENV}/v1/DYNAMO_TABLE
Description: The name of the DynamoDB Table
Globals:
Function:
Timeout: 30
Environment:
Variables:
DYNAMO_TABLE: !Ref DYNAMOTABLE
Resources:
# API
PasswordCaddyApi:
Type: AWS::Serverless::HttpApi
Properties:
Description: "HTTP API for Password Caddy Applications"
Domain:
DomainName: !Ref DOMAINNAME
CertificateArn: !Sub "arn:aws:acm:us-east-2:${ACCOUNTID}:certificate/${CERTIFICATEID}"
EndpointConfiguration: REGIONAL
Route53:
HostedZoneId: Z03630512ITQ7YCU2BAK5 # password-caddy.com
EvaluateTargetHealth: true
CorsConfiguration:
AllowOrigins:
- "*"
AllowMethods:
- GET
- POST
- OPTIONS
AllowHeaders:
- "*"
StageName: !Ref ENV
# Lambdas
# Health
HealthCheckFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: HealthCheck
Role: !Sub "arn:aws:iam::${ACCOUNTID}:role/password-caddy/lambda/${ENV}/ses-dynamo"
CodeUri: controllers/health_check/
Handler: main
Runtime: go1.x
Architectures:
- x86_64
Tracing: Active
Events:
HttpApiEvent:
Type: HttpApi
Properties:
Path: /api/v1/health
Method: GET
ApiId: !Ref PasswordCaddyApi
# User Endpoints
CreateUserFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub "password-caddy-api-${ENV}-v1-CreateUser"
Role: !Sub "arn:aws:iam::${ACCOUNTID}:role/password-caddy/lambda/${ENV}/ses-dynamo"
CodeUri: controllers/auth/create-user/
Handler: main
Runtime: go1.x
Architectures:
- x86_64
Tracing: Active
Events:
HttpApiEvent:
Type: HttpApi
Properties:
Path: /api/v1/user
Method: POST
ApiId: !Ref PasswordCaddyApi
# Login Endpoints
LoginChallengeFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub "password-caddy-api-${ENV}-v1-LoginChallenge"
Role: !Sub "arn:aws:iam::${ACCOUNTID}:role/password-caddy/lambda/${ENV}/ses-dynamo"
CodeUri: controllers/auth/login-challenge/
Handler: main
Runtime: go1.x
Architectures:
- x86_64
Tracing: Active
Events:
HttpApiEvent:
Type: HttpApi
Properties:
Path: /api/v1/login/challenge/{email}
Method: GET
ApiId: !Ref PasswordCaddyApi
LoginVerificationFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub "password-caddy-api-${ENV}-v1-LoginVerification"
Role: !Sub "arn:aws:iam::${ACCOUNTID}:role/password-caddy/lambda/${ENV}/dynamodb"
CodeUri: controllers/auth/login-verification/
Handler: main
Runtime: go1.x
Architectures:
- x86_64
Tracing: Active
Events:
HttpApiEvent:
Type: HttpApi
Properties:
Path: /api/v1/login/verification/{email}
Method: POST
ApiId: !Ref PasswordCaddyApi
Outputs:
# Api
PasswordCaddyApi:
Description: "HTTP API Gateway URL for Password Caddy Api"
Value: !Sub "https://${PasswordCaddyApi}.execute-api.${AWS::Region}.amazonaws.com/"
# Endpoints
LoginChallengeEndpoint:
Description: "Endpoint for the Login Challenge Lambda"
Value: !Sub "https://${PasswordCaddyApi}.execute-api.${AWS::Region}.amazonaws.com/v1/login/challenge/{email}"
LoginVerificationEndpoint:
Description: "Endpoint for the Login Verification Lambda"
Value: !Sub "https://${PasswordCaddyApi}.execute-api.${AWS::Region}.amazonaws.com/v1/login/verification/{email}"
CreateUserEndpoint:
Description: "Endpoint for the Create User Lambda"
Value: !Sub "https://${PasswordCaddyApi}.execute-api.${AWS::Region}.amazonaws.com/v1/user"