photon-keyserver/serverless.yml at master · photon-sdk/photon-keyserver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
service: photonsdk-keyserver
app: photonsdk
org: hasedev
frameworkVersion: '3'

plugins:
  - serverless-domain-manager
  - serverless-dynamodb-local
  - serverless-offline

provider:
  name: aws
  runtime: nodejs16.x
  stage: prod
  region: eu-central-1
  environment:
    TWILIO_ACCOUNT_SID: ${param:TWILIO_ACCOUNT_SID}
    TWILIO_AUTH_TOKEN: ${param:TWILIO_AUTH_TOKEN}
    TWILIO_FROM_NUMBER: ${param:TWILIO_FROM_NUMBER}
    SES_FROM_EMAIL: ${param:SES_FROM_EMAIL}
    SES_REGION: ${opt:region, self:provider.region}
    DYNAMODB_TABLE_KEY: ${self:service}-${opt:stage, self:provider.stage}-key
    DYNAMODB_TABLE_USER: ${self:service}-${opt:stage, self:provider.stage}-user
  iam:
    role:
      statements:
        - Effect: Allow
          Action:
            - dynamodb:Query
            - dynamodb:Scan
            - dynamodb:GetItem
            - dynamodb:PutItem
            - dynamodb:UpdateItem
            - dynamodb:DeleteItem
          Resource:
            - "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE_KEY}"
            - "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE_USER}"
        - Effect: Allow
          Action:
            - ses:SendEmail
            - ses:SendRawEmail
          Resource:
            - "*"

functions:
  createKey:
    handler: handler.createKey
    events:
     - http:
         path: /v2/key
         method: post
  getKey:
    handler: handler.getKey
    events:
     - http:
         path: /v2/key/{keyId}
         method: get
  changePin:
    handler: handler.changePin
    events:
     - http:
         path: /v2/key/{keyId}
         method: put
  createUser:
    handler: handler.createUser
    events:
     - http:
         path: /v2/key/{keyId}/user
         method: post
  verifyUser:
    handler: handler.verifyUser
    events:
     - http:
         path: /v2/key/{keyId}/user/{userId}
         method: put
  resetPin:
    handler: handler.resetPin
    events:
     - http:
         path: /v2/key/{keyId}/user/{userId}/reset
         method: get
  removeUser:
    handler: handler.removeUser
    events:
     - http:
         path: /v2/key/{keyId}/user/{userId}
         method: delete

resources:
  Resources:
    KeyDynamoDbTable:
      Type: 'AWS::DynamoDB::Table'
      DeletionPolicy: Retain
      Properties:
        AttributeDefinitions:
          -
            AttributeName: id
            AttributeType: S
        KeySchema:
          -
            AttributeName: id
            KeyType: HASH
        BillingMode: PAY_PER_REQUEST
        TableName: ${self:provider.environment.DYNAMODB_TABLE_KEY}
    UserDynamoDbTable:
      Type: 'AWS::DynamoDB::Table'
      DeletionPolicy: Retain
      Properties:
        AttributeDefinitions:
          -
            AttributeName: id
            AttributeType: S
        KeySchema:
          -
            AttributeName: id
            KeyType: HASH
        BillingMode: PAY_PER_REQUEST
        TableName: ${self:provider.environment.DYNAMODB_TABLE_USER}

custom:
  customDomain:
    domainName: keys.photonsdk.com
    certificateName: '*.photonsdk.com'
    basePath: ''
    stage: ${self:provider.stage}
    createRoute53Record: true
    endpointType: 'regional'
    securityPolicy: tls_1_2
    apiType: rest
    autoDomain: false
  dynamodb:
    stages:
      - prod
    start:
      port: 8000
      inMemory: true
      heapInitial: 200m
      heapMax: 1g
      migrate: true
      seed: true
      convertEmptyValues: true