forked from aarongorka/serverless-slack-cloudfront-bot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
129 lines (123 loc) · 3.41 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
---
service: MV-${env:REALM}-CloudFront-Bot
plugins:
- serverless-plugin-aws-alerts
provider:
name: aws
runtime: python3.11
stage: ${env:ENV}
memorySize: 128
versionFunctions: false
deploymentBucket:
name: amaysim-serverless-deployments-${env:AWS_ACCOUNT_ID}-${env:AWS_REGION}
timeout: 60
region: ${env:AWS_REGION}
iamRoleStatements:
- Effect: Allow
Action:
- lambda:InvokeFunction
- lambda:InvokeAsync
Resource:
Fn::Sub: "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${self:service}-${env:ENV}-invalidate"
stackTags:
FRAMEWORK: serverless
exclude-api-from-header-check: "true"
environment:
ENV: ${env:ENV}
LOGLEVEL: ${env:LOGLEVEL}
REALM: ${env:REALM}
BOT_AWS_ROLE: ${env:BOT_AWS_ROLE}
BOT_AWS_ACCOUNTS: ${env:BOT_AWS_ACCOUNTS}
INVALIDATE_HANDLER: ${self:service}-${env:ENV}-invalidate
package:
artifact: package/package.zip
custom:
alerts:
dashboards: true
topics:
ok: ${env:OPS_GENIE_MAJOR_SNS_ARN}
alarm: ${env:OPS_GENIE_MAJOR_SNS_ARN}
insufficientData: ${env:OPS_GENIE_MAJOR_SNS_ARN}
definitions:
functionErrors:
threshold: 1
period: 900
functionDuration:
threshold: 60000
statistic: 'p95'
period: 900
alarms:
- functionErrors
- functionThrottles
- functionInvocations
- functionDuration
functions:
invalidate:
handler: slack_cloudfront_bot.invalidate
respond:
handler: slack_cloudfront_bot.respond
events:
- http: POST respond
resources:
Resources:
PolicySlackCloudFrontBot:
Type: AWS::IAM::Policy
Properties:
Roles:
- Ref: IamRoleLambdaExecution
PolicyName: AllowSwitchRoleToSlackCloudFrontBot
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: AllowSwitchRoleToSlackCloudFrontBot
Effect: Allow
Action:
- sts:AssumeRole
Resource:
- arn:aws:iam::*:role/SlackCloudFrontBot
DomainName:
Type: "AWS::ApiGateway::DomainName"
Properties:
CertificateArn: ${env:AWS_ACM_CERTIFICATE}
DomainName: ${env:DOMAIN_NAME}
SecurityPolicy: TLS_1_2
BasePathMapping:
Type: "AWS::ApiGateway::BasePathMapping"
Properties:
BasePath: "cloudfront-bot"
DomainName:
Ref: DomainName
RestApiId: { "Ref": "ApiGatewayRestApi" }
Stage: ${env:ENV}
RecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: ${env:AWS_HOSTED_ZONE}.
Name: ${env:DOMAIN_NAME}
Type: A
AliasTarget:
HostedZoneId: "Z2FDTNDATAQYW2"
DNSName:
Fn::GetAtt: [ "DomainName", "DistributionDomainName" ]
RecordSetAAAA:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: ${env:AWS_HOSTED_ZONE}.
Name: ${env:DOMAIN_NAME}
Type: AAAA
AliasTarget:
HostedZoneId: "Z2FDTNDATAQYW2"
DNSName:
Fn::GetAtt: [ "DomainName", "DistributionDomainName" ]
Outputs:
LambdaUrl:
Value: "https://${env:DOMAIN_NAME}"
CloudFrontDomainName:
Value:
Fn::GetAtt: [ 'DomainName', 'DistributionDomainName' ]
LambdaRoleArn:
Value:
Fn::GetAtt: [ 'IamRoleLambdaExecution', 'Arn' ]
LambdaRole:
Value:
Ref: 'IamRoleLambdaExecution'