serverless.yml

# Welcome to serverless. Read the docs
# https://serverless.com/framework/docs/

# Serverless.yml is the configuration the CLI
# uses to deploy your code to your provider of choice

# The `service` block is the name of the service
service: Office-Maker-Account

# The `provider` block defines where your service will be deployed
provider:
  name: aws
  runtime: nodejs6.10
  stage: ${opt:stage, 'dev'}
  region: ap-northeast-1
  memorySize: 128
  timeout: 15
  stackTags:
    Name: ${self:service}-${self:provider.stage}
  iamRoleStatements:
    - Effect: 'Allow'
      Action:
        - 'lambda:InvokeFunction'
      Resource:
      - Fn::Join:
        - ':'
        - - arn:aws:lambda
          - Ref: AWS::Region
          - Ref: AWS::AccountId
          - function:${self:service}-${opt:stage, self:provider.stage}-*
    - Effect: "Allow"
      Action:
        - "s3:PutObject"
        - "s3:PutBucketPolicy"
      Resource:
        - "arn:aws:s3:::office-maker-account-storage-${self:provider.stage}"

custom:
  external_file:
    environment: ${file(./config.yml)}
  storageBucketName: office-maker-account-storage-${self:provider.stage}
  remover:
    bucket:
      - ${self:custom.storageBucketName}

package:
  individually: true
  exclude:
    - ./**

# The `functions` block defines what code to deploy
functions:
  authorizer:
    handler: functions/authorizer/index.handler
    name: ${self:service}-${self:provider.stage}-authorizer
    package:
      include:
        - functions/authorizer/**
    environment:
      sourceIp: ${self:custom.external_file.environment.functions.sourceIp}

  postAuthentication:
    handler: functions/postAuthentication/index.handler
    name: ${self:service}-${self:provider.stage}-postAuthentication
    package:
      include:
        - ${self:custom.external_file.environment.privateKeyFile}
        - functions/postAuthentication/**
    environment:
      privatekey: ${self:custom.external_file.environment.privateKeyFile}
      ldapServer: ${self:custom.external_file.environment.functions.ldapServer}
      ldapPort: ${self:custom.external_file.environment.functions.ldapPort}
      dnsServer: ${self:custom.external_file.environment.functions.dnsServer}
      searchBase: ${self:custom.external_file.environment.functions.searchBase}
      searchFilter: ${self:custom.external_file.environment.functions.searchFilter}
      groupSearchBase: ${self:custom.external_file.environment.functions.groupSearchBase}
      groupSearchFilter: ${self:custom.external_file.environment.functions.groupSearchFilter}
      logLeve: ${self:custom.external_file.environment.functions.logLevel}
    # The `events` block defines how to trigger the handler.helloWorld code
    warmup: prod
    events:
      - http:
          path: authentication
          method: post
          integration: lambda-proxy
          cors:
            origin: '*'
            headers:
              - Content-Type
              - X-Amz-Date
              - Authorization
              - X-Api-Key
              - X-Amz-Security-Token
              - X-Amz-User-Agent
              - Pragma
              - Cache-Control
              - If-Modified-Since
            allowCredentials: true
          authorizer:
            name: authorizer
            type: Request
            resultTtlInSecounds: 0
            identitySource: context.identity.sourceIp
    vpc:
      securityGroupIds: ${self:custom.external_file.environment.provider.vpc.securityGroupIds}
      subnetIds: ${self:custom.external_file.environment.provider.vpc.subnetIds}

  batchCreateToken:
    handler: functions/batchCreateToken/index.handler
    name: ${self:service}-${self:provider.stage}-batchCreateToken
    package:
      include:
        - ${self:custom.external_file.environment.privateKeyFile}
        - functions/batchCreateToken/**
    environment:
      privatekey: ${self:custom.external_file.environment.privateKeyFile}
      storageBucketName: ${self:custom.storageBucketName}
      lambdaRole:
        Fn::GetAtt: [ IamRoleLambdaExecution, Arn ]
      arnWhichAllowedToAccessS3: ${self:custom.external_file.environment.arnWhichAllowedToAccessS3._${self:provider.stage}}

    events:
      - schedule:
          name: ${self:service}-${self:provider.stage}-batchCreateToken-schedule
          rate: cron(*/30 * ? * * *)
          enabled: true
          input:
            key: value


resources:
  Resources:
    ApiGatewayRestApi:
        Type: AWS::ApiGateway::RestApi
        Properties:
          Name: ${self:service}-${self:provider.stage}
    # S3
    StorageBucket:
      Type: "AWS::S3::Bucket"
      Properties:
        BucketName: ${self:custom.storageBucketName}
        CorsConfiguration:
          CorsRules:
          - AllowedHeaders: ['*']
            AllowedMethods: [GET]
            AllowedOrigins: ["*"]
            Id: ${self:service}-storage-cors
            MaxAge: '1'

plugins:
  - serverless-plugin-warmup
  - serverless-s3-remover