template.yml

AWSTemplateFormatVersion: 2010-09-09
Description: >-
  My Secret Backend Stack

Transform:
- AWS::Serverless-2016-10-31

Globals:
  Function:
    Timeout: 100
    Runtime: nodejs14.x
    MemorySize: 128
    Environment:
      Variables:
        SECRET_TABLE: !Ref SecretTable

Resources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Cors:
        AllowMethods: "'*'"
        AllowHeaders: "'*'"
        AllowOrigin: "'*'"
      GatewayResponses:
        UNAUTHORIZED:
          StatusCode: 401
          ResponseParameters:
            Headers:
              Access-Control-Allow-Origin: "'*'"
              Access-Control-Allow-Headers: "'*'"
              Access-Control-Allow-Methods: "'*'"
        DEFAULT_4XX:
          ResponseParameters:
            Headers:
              Access-Control-Allow-Origin: "'*'"
              Access-Control-Allow-Headers: "'*'"
              Access-Control-Allow-Methods: "'*'"
        DEFAULT_5XX:
          ResponseParameters:
            Headers:
              Access-Control-Allow-Origin: "'*'"
              Access-Control-Allow-Headers: "'*'"
              Access-Control-Allow-Methods: "'*'"

  viewSecret:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/handlers/secrets/
      Handler: view.handler
      AutoPublishAlias: live
      Description: To view the secret
      Policies:
        - DynamoDBReadPolicy:
            TableName: !Ref SecretTable
      Layers:
        - !Ref UtilsLayer
        - !Ref ExceptionsLayer
      Events:
        ApiEvent:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /secret/{secret}
            Method: GET

  createSecret:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/handlers/secrets/
      Handler: create.handler
      AutoPublishAlias: live
      Description: To create a secret for a user
      Policies:
        - DynamoDBWritePolicy:
            TableName: !Ref SecretTable
      Layers:
        - !Ref UtilsLayer
        - !Ref ExceptionsLayer
        - !Ref NodePackages
      Events:
        ApiEvent:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /secret
            Method: POST

  checkSecret:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/handlers/secrets/
      Handler: check.handler
      AutoPublishAlias: live
      Description: To check if the secret is exist and not opened
      Policies:
        - DynamoDBReadPolicy:
            TableName: !Ref SecretTable
      Layers:
        - !Ref UtilsLayer
        - !Ref ExceptionsLayer
      Events:
        ApiEvent:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /secret/{secret}/check
            Method: GET

  deleteSecret:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/handlers/secrets/
      Handler: delete.handler
      AutoPublishAlias: live
      Description: To delete the secret from database
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref SecretTable
      Layers:
        - !Ref UtilsLayer
        - !Ref ExceptionsLayer
      Events:
        ApiEvent:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /secret/{secret}
            Method: DELETE

  NodePackages:
    Type: AWS::Serverless::LayerVersion
    Properties:
      LayerName: my-secret-app-dependencies
      Description: All shared node packages cross lambdas
      ContentUri: src/layers/dependencies/
      RetentionPolicy: Retain

  UtilsLayer:
    Type: AWS::Serverless::LayerVersion
    Properties:
      LayerName: my-secret-utils
      Description: Get the shared utils for cross lambdas
      ContentUri: src/layers/functions/
      RetentionPolicy: Retain

  ExceptionsLayer:
    Type: AWS::Serverless::LayerVersion
    Properties:
      LayerName: my-secret-exception-classes
      Description: The exceptions thats exist in secret app
      ContentUri: src/layers/exceptions/
      RetentionPolicy: Retain

  SecretTable:
    Type: AWS::Serverless::SimpleTable
    Properties:
      PrimaryKey:
        Name: uri
        Type: String
      ProvisionedThroughput:
        ReadCapacityUnits: 2
        WriteCapacityUnits: 2

Outputs:
  WebEndpoint:
    Description: "API Gateway endpoint URL for Prod stage"
    Value: !Sub 'https://${ApiGateway}.execute-api.${AWS::Region}.amazonaws.com/${ApiGateway.Stage}/'