-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yaml
116 lines (103 loc) · 3.25 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
html-to-pdf-generator-puppeteer
SAM Template for html-to-pdf-generator-puppeteer
Globals:
Function:
Timeout: 15
Parameters:
CorsOriginDomain:
Type: String
Default: https://gsswain.com
Mode:
Type: String
Default: AWS
AllowedValues:
- AWS
- SAM_LOCAL
Resources:
PDFGeneratorFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: pdf-generator/
Handler: dist/app.handler
Runtime: nodejs14.x
MemorySize: 512
ReservedConcurrentExecutions: 1 # I don't really want to scale up
Layers:
- !Ref PuppeteerDependencyLayer
Environment:
Variables:
PDF_STORAGE_BUCKET_NAME: !Ref PDFStorageS3Bucket
ALLOWED_CORS_DOMAIN: !Ref CorsOriginDomain
MODE: !Ref Mode
Policies:
- Statement:
- Sid: S3PutObjectWithTagging
Effect: Allow
Action:
- "s3:PutObject*"
Resource: !Sub "arn:aws:s3:::${PDFStorageS3Bucket}/*"
Events:
GeneratePDF:
Type: Api
Properties:
Path: /generate-pdf
Method: post
RestApiId: !Ref PDFGeneratorApi
Auth:
ApiKeyRequired: true
PDFGeneratorApi:
Type: AWS::Serverless::Api
Properties:
Auth:
UsagePlan:
CreateUsagePlan: PER_API
Quota:
Limit: 500 # Yes, no more than 500 requests per month. I don't want to be going beyond the free tier for my Lambda invocations and S3 api calls.
Period: MONTH
Throttle:
BurstLimit: 2
RateLimit: 1
StageName: Prod
Cors:
AllowMethods: "'OPTIONS,POST'"
AllowHeaders: "'Content-Type, X-Api-Key'"
AllowOrigin: !Sub "'${CorsOriginDomain}'"
PuppeteerDependencyLayer:
Type: AWS::Serverless::LayerVersion
Properties:
LayerName: puppeteer-layer
Description: Dependencies for html-to-pdf-generator-puppeteer [puppeteer]
ContentUri: dependencies/
CompatibleRuntimes:
- nodejs14.x
LicenseInfo: 'Apache License 2.0'
RetentionPolicy: Retain
PDFStorageS3Bucket:
Type: AWS::S3::Bucket
S3BucketConditionalPublicReadAccessPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
Bucket: !Ref PDFStorageS3Bucket
PolicyDocument:
Statement:
- Action:
- "s3:GetObject"
Effect: Allow
Resource: !Sub "arn:aws:s3:::${PDFStorageS3Bucket}/*"
Principal: "*"
Condition:
StringEquals:
"s3:ExistingObjectTag/public": "yes" # Public access to only objects with public=yes tags
Outputs:
PDFGeneratorApi:
Description: "API Gateway endpoint URL for Prod stage for PDF Generator function"
Value: !Sub "https://${PDFGeneratorApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/generate-pdf/"
PDFGeneratorFunction:
Description: "PDF Generator Lambda Function ARN"
Value: !GetAtt PDFGeneratorFunction.Arn
PDFGeneratorFunctionIamRole:
Description: "Implicit IAM Role created for PDF Generator function"
Value: !GetAtt PDFGeneratorFunctionRole.Arn