-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
198 lines (183 loc) · 5.34 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
service: nzshm22-toshi-api
plugins:
- serverless-python-requirements
- serverless-wsgi
- serverless-s3-local
- serverless-dynamodb-local
- serverless-plugin-warmup
package:
individually: false
exclude:
- .git/**
- .pytest_cache/**
- .tox/**
- bin/**
- demo/**
- lib/**
- node_modules/**
- prof/**
- package.json
- package-log.json
- node_modules/**
custom:
#serverless-wsgi settings
wsgi:
app: graphql_api.api.app
packRequirements: false
pythonBin: python3
#serverless-python-requirements settings
pythonRequirements:
dockerizePip: non-linux
slim: true
slimPatterns:
- '**/*.egg-info*'
noDeploy:
- boto3
- botocore
#serverless-s3-local settings
s3:
host: localhost
directory: /tmp
#dynamodb-local settings
dynamodb:
# If you only want to use DynamoDB Local in some stages, declare them here
stages:
- local
start:
port: 8000
inMemory: true
heapInitial: 200m
heapMax: 1g
sharedDb: true
#Lambda warmer see https://www.serverless.com/plugins/serverless-plugin-warmup
warmup:
lowConcurrencyWarmer:
enabled: true
events:
- schedule: rate(5 minutes)
concurrency: 1
# DRY constants: define all compound/generated names in one place
# Override args are: .. defaults:
# --app_acroym signed-uploader
# --s3_bucket self:custom.app_acronym
# --s3_key_base self:custom.stage
# --region us-east-1
# --stage test
# --deletion_policy delete
app_acronym: ${opt:acronym, self:service}
default_stage: local
stage: ${opt:stage, self:custom.default_stage}
stack_name: ${self:custom.app_acronym}-${self:custom.stage}
region: ${opt:region, self:provider.region}
deletion_policy: Delete
# Default to using app_acronym as bucket name
s3_bucket: ${opt:s3_bucket, self:custom.app_acronym}-${self:custom.stage}
# default to using ${stage} as key base path, keeps stages from namespace collisions
s3_bucket_arn: arn:aws:s3:::${self:custom.s3_bucket}
s3_role_resource: ${self:custom.s3_bucket_arn}
# presigned URL TTL
url_default_ttl: 60
#elastic search
esDomainName: ${self:custom.app_acronym}-es-${self:custom.stage}
esIndex: toshi_index_mapped
first_dynamo_id: ${env:FIRST_DYNAMO_ID, 100000}
provider:
name: aws
runtime: python3.10
stage: ${opt:stage, 'dev'}
region: ap-southeast-2
environment:
REGION: ${self:custom.region}
S3_BUCKET_NAME: ${self:custom.s3_bucket}
URL_DEFAULT_TTL: ${self:custom.url_default_ttl}
DEPLOYMENT_STAGE: ${self:custom.stage}
iamRoleStatements:
# S3 access policy
- Effect: Allow
Action:
- s3:*
Resource:
- ${self:custom.s3_role_resource}
- ${self:custom.s3_role_resource}/*
# ES access policy
# modelled on https://github.com/serverless/examples/blob/master/aws-golang-dynamo-stream-to-elasticsearch/serverless.yml
- Effect: Allow
Action:
- es:ESHttpPost
- es:ESHttpPut
- es:ESHttpHead
- es:ESHttpGet
Resource:
- { "Fn::GetAtt": ["ElasticSearchInstance", "DomainArn"] }
- { "Fn::Join": ["", ["Fn::GetAtt": ["ElasticSearchInstance", "DomainArn"], "/*"]] }
- Effect: Allow
Action:
- "cloudwatch:PutMetricData"
Resource: "*"
- Effect: Allow
Action:
- "dynamodb:Scan"
- "dynamodb:Query"
- "dynamodb:DescribeTable"
- "dynamodb:CreateTable"
- "dynamodb:GetItem"
- "dynamodb:PutItem"
- "dynamodb:ConditionCheckItem"
- "dynamodb:UpdateItem"
Resource: '*'
apiGateway:
apiKeys:
- name: TempApiKey-${self:custom.stage}
description: Api key until we have an auth function # Optional
functions:
app:
description: The graphql API of ${self:service}
handler: wsgi_handler.handler
memorySize: 8192 # optional, in MB, default is 1024
timeout: 30 # optional, in seconds, default is 6
events:
- http:
path: graphql
method: OPTIONS
- http:
path: graphql
method: POST
private: true
- http:
path: graphql
method: GET
private: true
environment:
ES_ENDPOINT: {"Fn::Join": ["", ["https://", "Fn::GetAtt": ["ElasticSearchInstance", "DomainEndpoint"]]]}
ES_INDEX: ${self:custom.esIndex}
ES_REGION: ${self:custom.region}
ES_DOMAIN_NAME: ${self:custom.esDomainName}
STACK_NAME: ${self:custom.stack_name}
FIRST_DYNAMO_ID: ${self:custom.first_dynamo_id}
warmup:
lowConcurrencyWarmer:
enabled:
- test
- prod
resources:
Resources:
ToshiBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.s3_bucket}
# following on from
# https://www.serverless.com/blog/build-geosearch-graphql-api-aws-appsync-elasticsearch
ElasticSearchInstance:
Type: AWS::Elasticsearch::Domain
Properties:
ElasticsearchVersion: 6.2
DomainName: "${self:custom.esDomainName}"
EBSOptions:
EBSEnabled: true
VolumeType: gp2
VolumeSize: 10
ElasticsearchClusterConfig:
InstanceType: t2.small.elasticsearch
InstanceCount: 1
DedicatedMasterEnabled: false
ZoneAwarenessEnabled: false