-
-
Notifications
You must be signed in to change notification settings - Fork 26
/
cloudformation.yaml
141 lines (134 loc) · 3.8 KB
/
cloudformation.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Serverless Express Application/API powered by API Gateway and Lambda
Parameters:
S3BUCKET:
Type: "String"
Default: "YOUR_UNIQUE_BUCKET_NAME"
Resources:
ApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
DefinitionUri: ./simple-proxy-api.yaml
StageName: prod
Variables:
ServerlessExpressLambdaFunctionName: !Ref YOUR_SERVERLESS_EXPRESS_LAMBDA_FUNCTION_NAME
LambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Path: "/"
Policies:
- PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
LambdaExecutionRolePolicyAppend:
Type: "AWS::IAM::Policy"
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: "Allow"
Action:
- "s3:CreateBucket"
- "s3:ListBucket"
Resource: "arn:aws:s3:::YOUR_UNIQUE_BUCKET_NAME"
- Effect: "Allow"
Action:
- "s3:PutObject"
- "s3:GetObject"
Resource: !Join
- '/'
- - "arn:aws:s3:::YOUR_UNIQUE_BUCKET_NAME"
- !Ref YOUR_SERVERLESS_EXPRESS_LAMBDA_FUNCTION_NAME
- '*'
PolicyName: S3_access
Roles:
- !Ref LambdaExecutionRole
LambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt YOUR_SERVERLESS_EXPRESS_LAMBDA_FUNCTION_NAME.Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:aws:execute-api:'
- !Ref AWS::Region
- ":"
- !Ref AWS::AccountId
- ":"
- !Ref ApiGatewayApi
- "/*/*"
YOUR_SERVERLESS_EXPRESS_LAMBDA_FUNCTION_NAME:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./
FunctionName: YOUR_LAMBDA_FUNCTION_NAME
Handler: lambda.handler
MemorySize: 1024
Role: !GetAtt LambdaExecutionRole.Arn
Runtime: nodejs12.x
Timeout: 30
Environment:
Variables:
"S3_BUCKET": !Ref S3BUCKET
Events:
ProxyApiRoot:
Type: Api
Properties:
RestApiId: !Ref ApiGatewayApi
Path: /
Method: ANY
ProxyApiGreedy:
Type: Api
Properties:
RestApiId: !Ref ApiGatewayApi
Path: /{proxy+}
Method: ANY
Outputs:
LambdaFunctionConsoleUrl:
Description: Console URL for the Lambda Function.
Value: !Join
- ''
- - https://
- !Ref AWS::Region
- ".console.aws.amazon.com/lambda/home?region="
- !Ref AWS::Region
- "#/functions/"
- !Ref YOUR_SERVERLESS_EXPRESS_LAMBDA_FUNCTION_NAME
ApiGatewayApiConsoleUrl:
Description: Console URL for the API Gateway API's Stage.
Value: !Join
- ''
- - https://
- !Ref AWS::Region
- ".console.aws.amazon.com/apigateway/home?region="
- !Ref AWS::Region
- "#/apis/"
- !Ref ApiGatewayApi
- "/stages/prod"
ApiUrl:
Description: Invoke URL for your API. Clicking this link will perform a GET request
on the root resource of your API.
Value: !Join
- ''
- - https://
- !Ref ApiGatewayApi
- ".execute-api."
- !Ref AWS::Region
- ".amazonaws.com/prod/"