-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yml
235 lines (217 loc) · 6.4 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
AWSTemplateFormatVersion: '2010-09-09'
Description: 'SaaS API: game'
Parameters:
AppName:
Type: String
Default: 'game'
EnvKey:
Type: String
AllowedValues:
- 'prd'
- 'stg'
- 'dev'
Default: 'dev'
LambdaCodeBucket:
Type: String
Description: The S3 bucket where the Lambda code is stored
Default: my-lambda-code-bucket
LambdaCodeS3Key:
Type: String
Description: The S3 key for the Lambda code
Default: game-api-lambda-code.zip
Resources:
UserCategoriesTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: !Sub ${AppName}-${EnvKey}-UserCategories
AttributeDefinitions:
- AttributeName: userId
AttributeType: S
KeySchema:
- AttributeName: userId
KeyType: HASH
BillingMode: PAY_PER_REQUEST
UserItemsTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: !Sub ${AppName}-${EnvKey}-UserItems
AttributeDefinitions:
- AttributeName: userId
AttributeType: S
- AttributeName: itemKey
AttributeType: S
KeySchema:
- AttributeName: userId
KeyType: HASH
- AttributeName: itemKey
KeyType: RANGE
BillingMode: PAY_PER_REQUEST
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: !Sub ${AppName}-${EnvKey}-UserPool
AutoVerifiedAttributes:
- email
Schema:
- Name: email
Required: true
Mutable: false
UsernameAttributes:
- email
EmailVerificationMessage: 'Your verification code is {####}.'
EmailVerificationSubject: 'Your verification code'
GetCategoriesFunction:
Type: AWS::Lambda::Function
Properties:
FunctionName: !Sub ${AppName}-${EnvKey}-GetCategoriesFunction
Runtime: nodejs14.x
Handler: getCategories.handler
Code:
S3Bucket: !Ref LambdaCodeBucket
S3Key: !Ref LambdaCodeS3Key
Environment:
Variables:
USER_CATEGORIES_TABLE: !Ref UserCategoriesTable
Role: !GetAtt LambdaExecutionRole.Arn
Timeout: 10
GetItemsFunction:
Type: AWS::Lambda::Function
Properties:
FunctionName: !Sub ${AppName}-${EnvKey}-GetItemsFunction
Runtime: nodejs14.x
Handler: getItems.handler
Code:
S3Bucket: !Ref LambdaCodeBucket
S3Key: !Ref LambdaCodeS3Key
Environment:
Variables:
USER_ITEMS_TABLE: !Ref UserItemsTable
Role: !GetAtt LambdaExecutionRole.Arn
Timeout: 10
LambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${AppName}-${EnvKey}-LambdaExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: !Sub ${AppName}-${EnvKey}-LambdaPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: '*'
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:Query
Resource:
- !GetAtt UserCategoriesTable.Arn
- !GetAtt UserItemsTable.Arn
GameApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Sub ${AppName}-${EnvKey}-Api
UsersResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !GetAtt GameApi.RootResourceId
PathPart: '{userId}'
RestApiId: !Ref GameApi
CategoriesResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !Ref UsersResource
PathPart: categories
RestApiId: !Ref GameApi
ItemsResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !Ref UsersResource
PathPart: items
RestApiId: !Ref GameApi
GetCategoriesMethod:
Type: AWS::ApiGateway::Method
Properties:
HttpMethod: GET
AuthorizationType: NONE
ApiKeyRequired: true
RestApiId: !Ref GameApi
ResourceId: !Ref CategoriesResource
Integration:
Type: AWS_PROXY
IntegrationHttpMethod: POST
Uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetCategoriesFunction.Arn}/invocations
GetItemsMethod:
Type: AWS::ApiGateway::Method
Properties:
HttpMethod: GET
AuthorizationType: NONE
ApiKeyRequired: true
RestApiId: !Ref GameApi
ResourceId: !Ref ItemsResource
Integration:
Type: AWS_PROXY
IntegrationHttpMethod: POST
Uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetItemsFunction.Arn}/invocations
ApiGatewayLambdaCategoriesInvoke:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref GetCategoriesFunction
Action: lambda:InvokeFunction
Principal: apigateway.amazonaws.com
SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${GameApi}/*/GET/{userId}/categories
ApiGatewayLambdaItemsInvoke:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref GetItemsFunction
Action: lambda:InvokeFunction
Principal: apigateway.amazonaws.com
SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${GameApi}/*/GET/{userId}/items
GameApiDeployment:
Type: AWS::ApiGateway::Deployment
DependsOn:
- GetCategoriesMethod
- GetItemsMethod
Properties:
RestApiId: !Ref GameApi
StageName: !Ref EnvKey
GameApiKey:
Type: AWS::ApiGateway::ApiKey
Properties:
Name: !Sub ${AppName}-${EnvKey}-ApiKey
Enabled: true
GenerateDistinctId: true
GameUsagePlan:
Type: AWS::ApiGateway::UsagePlan
DependsOn: GameApiDeployment
Properties:
ApiStages:
- ApiId: !Ref GameApi
Stage: !Ref EnvKey
Quota:
Limit: 5000
Period: MONTH
Throttle:
BurstLimit: 200
RateLimit: 100
GameUsagePlanKey:
Type: AWS::ApiGateway::UsagePlanKey
DependsOn: GameUsagePlan
Properties:
KeyId: !Ref GameApiKey
KeyType: API_KEY
UsagePlanId: !Ref GameUsagePlan