-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
158 lines (152 loc) · 6.65 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
service: wilsonsheldon
custom:
domain: 'wilsonsheldon.name'
apigwBinary:
types: #list of mime-types
- 'multipart/form-data'
provider:
name: aws
region: us-east-1
runtime: provided
environment:
AWS_BUCKET_NAME: ${self:custom.domain}
AWS_REGION_HOLDER: ${self:provider.region}
SS_ENVIRONMENT_TYPE: live
SS_BASE_URL: https://${self:custom.domain}
SS_FLUSH_ON_DEPLOY: true
SS_IGNORE_DOT_ENV: true
SS_SESSION_KEY: ${ssm:/wilsonsheldon/ss_session_key}
SS_DATABASE_NAME: ${ssm:/wilsonsheldon/ss_database_name}
SS_DATABASE_PASSWORD: ${ssm:/wilsonsheldon/ss_database_password}
SS_DATABASE_SERVER: ${ssm:/wilsonsheldon/ss_database_server}
SS_DATABASE_USERNAME: ${ssm:/wilsonsheldon/ss_database_username}
APP_SMTP_SERVER: ${ssm:/wilsonsheldon/app_smtp_server}
APP_SMTP_USERNAME: ${ssm:/wilsonsheldon/app_smtp_username}
APP_SMTP_PASSWORD: ${ssm:/wilsonsheldon/app_smtp_password}
plugins:
- ./vendor/bref/bref
- serverless-pseudo-parameters
- serverless-apigw-binary
functions:
api:
handler: public/index.php
description: ''
timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
layers:
- ${bref:layer.php-73-fpm}
events:
- http: 'ANY /'
- http: 'ANY /{proxy+}'
package:
exclude:
- public/assets/**
- public/_resources/**
- .git/**
- node_modules/**
resources:
Resources:
# The S3 bucket that stores the assets
Assets:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.domain}
# The policy that makes the bucket publicly readable
AssetsBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref Assets # References the bucket we defined above
PolicyDocument:
Statement:
- Effect: Allow
Principal: '*' # everyone
Action: 's3:GetObject' # to read
Resource: arn:aws:s3:::${self:custom.domain}/* # things in the bucket
WebsiteCDN:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: true
# Cheapest option by default (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_DistributionConfig.html)
PriceClass: PriceClass_100
# Enable http2 transfer for better performances
HttpVersion: http2
# Origins are where CloudFront fetches content
Aliases:
- ${self:custom.domain} # e.g. example.com
ViewerCertificate:
# ARN of the certificate created in ACM
AcmCertificateArn: 'arn:aws:acm:us-east-1:494519901673:certificate/652f8785-f33b-46ba-9525-5f1e152f9a35'
# See https://docs.aws.amazon.com/fr_fr/cloudfront/latest/APIReference/API_ViewerCertificate.html
SslSupportMethod: 'sni-only'
MinimumProtocolVersion: TLSv1.1_2016
Origins:
# The website (AWS Lambda)
- Id: Website
DomainName: '#{ApiGatewayRestApi}.execute-api.#{AWS::Region}.amazonaws.com'
OriginPath: '/dev'
CustomOriginConfig:
OriginProtocolPolicy: 'https-only' # API Gateway only supports HTTPS
# The assets (S3)
- Id: Assets
# Use s3-website URLs instead if you host a static website (https://stackoverflow.com/questions/15309113/amazon-cloudfront-doesnt-respect-my-s3-website-buckets-index-html-rules#15528757)
DomainName: '#{Assets}.s3.amazonaws.com'
CustomOriginConfig:
OriginProtocolPolicy: 'http-only' # S3 websites only support HTTP
# The default behavior is to send everything to AWS Lambda
DefaultCacheBehavior:
AllowedMethods: [GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE]
TargetOriginId: Website # the PHP application
# Disable caching for the PHP application https://aws.amazon.com/premiumsupport/knowledge-center/prevent-cloudfront-from-caching-files/
DefaultTTL: 0
MinTTL: 0
MaxTTL: 0
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-forwardedvalues.html
ForwardedValues:
QueryString: true
Cookies:
Forward: all # Forward cookies to use them in PHP
# We must *not* forward the `Host` header else it messes up API Gateway
Headers:
- 'Accept'
- 'Accept-Language'
- 'Origin'
- 'Referer'
ViewerProtocolPolicy: redirect-to-https
CacheBehaviors:
# Assets will be served under the `/assets/` prefix
- PathPattern: '_resources/*'
TargetOriginId: Assets # the static files on S3
AllowedMethods: [GET, HEAD]
ForwardedValues:
# No need for all that with assets
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
Compress: true # Serve files with gzip for browsers that support it (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html)
- PathPattern: 'assets/*'
TargetOriginId: Assets # the static files on S3
AllowedMethods: [GET, HEAD]
ForwardedValues:
# No need for all that with assets
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
Compress: true # Serve files with gzip for browsers that support it (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html)
- PathPattern: 'themes/*'
TargetOriginId: Assets # the static files on S3
AllowedMethods: [GET, HEAD]
ForwardedValues:
# No need for all that with assets
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
Compress: true # Serve files with gzip for browsers that support it (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html)
CustomErrorResponses:
# Do not cache HTTP errors
- ErrorCode: 500
ErrorCachingMinTTL: 0
- ErrorCode: 504
ErrorCachingMinTTL: 0