-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathtemplate.yaml
147 lines (135 loc) · 4.08 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
cloud-resume-challenge
Sample SAM Template for cloud-resume-challenge
Globals:
Function:
Timeout: 3
Resources:
MyWebsite:
Type: "AWS::S3::Bucket"
Properties:
AccessControl: Private
WebsiteConfiguration:
IndexDocument: index.html
BucketName: myprofile.cloudofthings.net
BucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
PolicyDocument:
Id: WebPolicy
Version: 2012-10-17
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal:
AWS: !Sub "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${CloudFrontOriginAccessIdentity}"
Action: "s3:GetObject"
Resource: !Join
- ""
- - "arn:aws:s3:::"
- !Ref MyWebsite
- /*
Bucket: !Ref MyWebsite
CloudFrontOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: "Serverless website in S3"
MyRoute53Record:
Type: "AWS::Route53::RecordSetGroup"
Properties:
HostedZoneId: Z0499974483KJGB603VQ
RecordSets:
- Name: myprofile.cloudofthings.link
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt MyDistribution.DomainName
MyDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
ViewerCertificate:
AcmCertificateArn: arn:aws:acm:us-east-1:<<ACCOUNT_NR>>:certificate/<<CERT_NR>>
SslSupportMethod: sni-only
Aliases:
- myprofile.cloudofthings.link
DefaultCacheBehavior:
Compress: 'true'
ViewerProtocolPolicy: redirect-to-https
TargetOriginId: s3-website
DefaultTTL: 30
MinTTL: 1
MaxTTL: 86400
ForwardedValues:
QueryString: false
PriceClass: PriceClass_100
Origins:
- DomainName: !GetAtt MyWebsite.DomainName
Id: s3-website
S3OriginConfig:
OriginAccessIdentity:
Fn::Sub: 'origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}'
Enabled: "true"
DefaultRootObject: index.html
HttpVersion: http2
GetCountFunction:
Type: AWS::Serverless::Function
Properties:
Policies:
- DynamoDBCrudPolicy:
TableName: cloud-resume-challenge
CodeUri: get-function/
Handler: app.lambda_handler
Runtime: python3.9
Architectures:
- x86_64
Events:
HelloWorld:
Type: Api
Properties:
Path: /get
Method: get
PutCountFunction:
Type: AWS::Serverless::Function
Properties:
Policies:
- DynamoDBCrudPolicy:
TableName: cloud-resume-challenge
CodeUri: put-function/
Handler: app.lambda_handler
Runtime: python3.9
Architectures:
- x86_64
Events:
HelloWorld:
Type: Api
Properties:
Path: /put
Method: get
DynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: cloud-resume-challenge
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: "ID"
AttributeType: "S"
KeySchema:
- AttributeName: "ID"
KeyType: "HASH"
Outputs:
HelloWorldApi:
Description: "API Gateway endpoint URL for Prod stage for GetCountFunction function"
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/hello/"
GetCountFunction:
Description: "GetCountFunction Lambda Function ARN"
Value: !GetAtt GetCountFunction.Arn
GetCountFunctionIamRole:
Description: "Implicit IAM Role created for GetCountFunction"
Value: !GetAtt GetCountFunctionRole.Arn
MyDistribution:
Description: "CloudFront distribution domain name"
Value: !GetAtt MyDistribution.DomainName