modules.tf-lambda/serverless.yml at master · devopsutils/modules.tf-lambda · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
service: modules-tf

frameworkVersion: ">=1.65.0 <2.0.0"

provider:
  name: aws
  runtime: python3.7
  stage: dev
  region: eu-west-1
  tracing: true
  timeout: 30
#  profile: modules-deploy
  environment:
    S3_BUCKET: ${ssm:/modulestf/${self:custom.stage}/dl_bucket_id}
    S3_DIR: ${self:custom.stage}
    thundra_apiKey: ${ssm:/modulestf/${self:custom.stage}/thundra_api_key~true}
  alb:
    targetGroupPrefix: modulestf-
  iamRoleStatements:
    -  Effect: "Allow"
       Action:
         - "s3:*" # "s3:PutObject" plus something more plus stage name
       Resource:
         - "arn:aws:s3:::${self:provider.environment.S3_BUCKET}/${self:provider.environment.S3_DIR}/*"
         - "arn:aws:s3:::${self:provider.environment.S3_BUCKET}/${self:provider.environment.S3_DIR}/"
    - Effect: "Allow" # xray permissions (required)
      Action:
        - "xray:PutTraceSegments"
        - "xray:PutTelemetryRecords"
      Resource:
        - "*"

functions:
  generate-cloudcraft:
    name: ${self:service}-${self:custom.stage}-generate-cloudcraft
    handler: handler.handler
    description: Generate all from Cloudcraft URL (stage=${self:custom.stage})
    memorySize: 1536
    package: {}
    events:
      - alb:
          listenerArn: ${ssm:/modulestf/${self:custom.stage}/alb_listener_arn}
          priority: ${self:custom.alb_priority.${self:custom.stage}}
          cors: true
          conditions:
            host: ${self:custom.domains.${self:custom.stage}}
            path: "*"
            method:
              - GET
              - POST
              - OPTIONS

#  validate-cloudcraft:
#    name: ${self:service}-${self:custom.stage}-validate-cloudcraft
#    handler: handler.handler
#    description: Validate inputs from Cloudcraft (stage=${self:custom.stage})
#    memorySize: 1536
#    package: {}
#    events:
#      - alb:
#          # ${ssm:/modulestf/${self:custom.stage}/alb_listener_arn}
#          listenerArn: ${ssm:/modulestf/${self:custom.stage}/alb_listener_arn}
#          priority: 1
#          conditions:
#            path: /validate
#            method:
#              - GET
#              - POST
#              - OPTIONS

plugins:
  - serverless-python-requirements
  - serverless-plugin-tracing
  - serverless-plugin-thundra

custom:
  stage: ${opt:stage, self:provider.stage}

  thundra:
    apiKey: ${ssm:/modulestf/${self:custom.stage}/thundra_api_key~true}

  domains:
    prod: ${ssm:/modulestf/prod/prod_route53_record_fqdn} # lambda.modules.tf
    dev: ${ssm:/modulestf/dev/dev_route53_record_fqdn}    # dev-lambda.modules.tf

  alb_priority:
    prod: 20
    dev: 10

  pythonRequirements:
    fileName: requirements-lambda.txt # requirements-lambda.txt does not have heavy libraries like matplotlib, python-lambda-local which are required for debug locally
    dockerizePip: true
    useDownloadCache: true
    useStaticCache: true

package:
  exclude:
    - "input/**"
    - "output/**"
    - "test_fixtures/**"
    - "node_modules/**"
    - ".requirements-cache/**"