-
-
Notifications
You must be signed in to change notification settings - Fork 18
/
template.yaml
193 lines (167 loc) · 5.88 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
AWSTemplateFormatVersion: '2010-09-09'
Transform:
- AWS::LanguageExtensions
- AWS::Serverless-2016-10-31
Description: "EC API app: Lambda, API Gateway"
Globals:
Function:
Timeout: 80
Api:
BinaryMediaTypes:
- "*/*"
Parameters:
AppSecretKey:
Description: "The SECRET_KEY environment variable passed to the app."
Type: String
AppDCAPIToken:
Description: "The DC API Auth token"
Type: String
AppSentryDSN:
Description: "The SENTRY_DSN environment variable passed to the app."
Type: String
GitHash:
Description: "The Hash of the git commit that's deployed"
Type: String
AppDjangoSettingsModule:
# NB This parameter (and how it reaches the app, and how it's set in
# developer and CI-managed deployments) is used in
# `docs/new-development-deployment.md` as a reference to demonstrate how to
# communicate variables to the app. If you modify this parameter, or remove
# it, please update the document so developers aren't left without
# guidance!
Description: "The DJANGO_SETTINGS_MODULE environment variable passed to the app."
Type: String
Default: "electionleaflets.settings.base_lambda"
AppIsBehindCloudFront:
Description: "The APP_IS_BEHIND_CLOUDFRONT environment variable passed to the app, which modifies various path- and host-related settings."
Type: String
AllowedValues:
- "True"
- "False"
Default: "False"
AppLogRetentionDays:
Description: "The number of days that CloudWatch Logs will keep logs from the app."
Type: Number
Default: "60"
AllowedValues: [ 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653 ]
AppPostgresHost:
Description: "The Postgres database host for this deploy."
Type: String
AppPostgresDatabaseName:
Description: "The Postgres database name for this deploy."
Type: String
AppPostgresPassword:
Description: "The password for the postgres user"
Type: String
DCEnvironment:
Default: DC_ENVIRONMENT
Description: "The DC_ENVIRONMENT environment variable passed to the app."
Type: AWS::SSM::Parameter::Value<String>
AppDomain:
Description: "The domain the app is on."
Type: String
AppLeafletImagesBucketName:
Description: "The S3 bucket to store uploaded leaflets in."
Type: String
Conditions:
UseBasicAuth: !Or
- !Equals [ !Ref DCEnvironment, development ]
- !Equals [ !Ref DCEnvironment, staging ]
Resources:
DependenciesLayer:
Type: AWS::Serverless::LayerVersion
Properties:
ContentUri: ./lambda-layers/DependenciesLayer/
CompatibleRuntimes:
- python3.12
Metadata:
BuildMethod: makefile
ElectionLeafletsFunction:
Type: AWS::Serverless::Function
Properties:
Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/ElectionLeafletsLambdaExecutionRole"
CodeUri: .
Handler: electionleaflets.lambda_awsgi.handler
Layers:
- !Ref DependenciesLayer
Runtime: python3.12
MemorySize: 256
Environment:
Variables:
SECRET_KEY: !Ref AppSecretKey
SENTRY_DSN: !Ref AppSentryDSN
DEVS_DC_AUTH_TOKEN: !Ref AppDCAPIToken
GIT_HASH: !Ref GitHash
DJANGO_SETTINGS_MODULE: !Ref AppDjangoSettingsModule
APP_IS_BEHIND_CLOUDFRONT: !Ref AppIsBehindCloudFront
DATABASE_HOST: !Ref AppPostgresHost
POSTGRES_DATABASE_NAME: !Ref AppPostgresDatabaseName
DATABASE_PASS: !Ref AppPostgresPassword
DC_ENVIRONMENT: !Ref DCEnvironment
APP_DOMAIN: !Ref AppDomain
LEAFLET_IMAGES_BUCKET_NAME: !Ref AppLeafletImagesBucketName
Events:
HTTPRequests:
Type: Api
Properties:
RestApiId: !Ref ElectionLeafletsAPIGateway
Path: /{proxy+}
Method: ANY
HTTPRequestRoots:
Type: Api
Properties:
RestApiId: !Ref ElectionLeafletsAPIGateway
Path: /
Method: ANY
ElectionLeafletsAPIGateway:
Type: AWS::Serverless::Api
Properties:
AlwaysDeploy: True
StageName: Prod
Cors:
AllowMethods: "'GET'"
AllowOrigin: "'*'"
MaxAge: "'600'"
Auth:
DefaultAuthorizer: !If [ UseBasicAuth, "BasicAuthFunction", !Ref AWS::NoValue]
Authorizers:
BasicAuthFunction:
FunctionArn: !GetAtt BasicAuthFunction.Arn
FunctionPayloadType: REQUEST
Identity:
Headers:
- Authorization
ReauthorizeEvery: 3600
BasicAuthFunction:
Type: AWS::Serverless::Function
Properties:
Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/ElectionLeafletsLambdaExecutionRole"
CodeUri: ./electionleaflets/
Handler: lambda_basic_auth.lambda_handler
Runtime: python3.12
BasicAuthGatewayResponse:
Condition: UseBasicAuth
Type: AWS::ApiGateway::GatewayResponse
Properties:
ResponseParameters:
gatewayresponse.header.www-authenticate: "'Basic realm=\"Restricted\"'"
ResponseType: UNAUTHORIZED
RestApiId: !Ref ElectionLeafletsAPIGateway
StatusCode: '401'
ElectionLeafletsFunctionLogGroup:
Type: AWS::Logs::LogGroup
DependsOn: [ ElectionLeafletsFunction ]
Properties:
LogGroupName: !Sub /aws/lambda/${ElectionLeafletsFunction}
RetentionInDays: !Ref AppLogRetentionDays
Outputs:
ElectionLeafletsFqdn:
Description: "API Gateway endpoint FQDN for EC API function"
Value: !Sub "${ElectionLeafletsAPIGateway}.execute-api.${AWS::Region}.amazonaws.com"
Export:
Name: !Join [ ":", [ !Ref "AWS::StackName", "ElectionLeafletsFqdn" ] ]
ElectionLeafletsFqdnTempValue:
Description: "API Gateway endpoint FQDN for EC API function"
Value: !Sub "${ElectionLeafletsAPIGateway}.execute-api.${AWS::Region}.amazonaws.com"
Export:
Name: !Join [ ":", [ !Ref "AWS::StackName", "ElectionLeafletsFqdnTempValue" ] ]