-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathserverless.yaml
More file actions
97 lines (88 loc) · 2.78 KB
/
serverless.yaml
File metadata and controls
97 lines (88 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Consolidated doc https://www.serverless.com/framework/docs/providers/aws/guide/serverless.yml/
service: rclone-lambda
frameworkVersion: "3"
configValidationMode: error
useDotenv: true
provider:
name: aws
runtime: python3.11
architecture: arm64
stage: ${opt:stage, "default"}
region: ${opt:region, "eu-west-3"}
deploymentBucket: ${env:DEPLOYMENT_BUCKET}
logRetentionInDays: 30
tracing:
lambda: true
plugins:
- serverless-python-requirements
custom:
pythonRequirements:
dockerizePip: non-linux
package:
patterns:
- "!./**"
- lambda_function.py
- lambda_types.py
- README.md
functions:
sync:
handler: datadog_lambda.handler.handler
layers:
- !Sub arn:aws:lambda:${AWS::Region}:464622532012:layer:Datadog-Python311-ARM:78
- !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:rclone-arm64:5
timeout: 300
memorySize: 512
reservedConcurrency: 1
role: ServerlessRcloneLambdaExecutionRole
events: ${file(${env:EVENTS_FILE})}
environment:
DD_FLUSH_TO_LOG: true
DD_LAMBDA_HANDLER: lambda_function.lambda_handler
DD_LOGS_INJECTION: true
DD_MERGE_XRAY_TRACES: true
DD_TRACE_ENABLED: true
RCLONE_CONFIG_SSM_NAME: rclone-config
RCLONE_SYNC_CONTENT_DESTINATION: "destination:/"
RCLONE_SYNC_CONTENT_SOURCE: "source:/"
RCLONE_SYNC_DRY_RUN: false
RCLONE_SYNC_EXTRA_FLAGS: --exclude /Downloads/** --exclude /External/**
tags:
env: ${self:provider.stage}
service: ${self:service}
version: ${file(package.json):version}
dependsOn:
- ServerlessRcloneLambdaExecutionRole
resources:
Resources:
ServerlessRcloneLambdaPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Path: /
ManagedPolicyName: ServerlessRcloneLambdaPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- ssm:GetParameter
Resource:
- !Sub arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/rclone-config*
# https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
ServerlessRcloneLambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
Path: /
RoleName: ServerlessRcloneLambdaExecutionRole
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
- !Sub arn:aws:iam::${AWS::AccountId}:policy/ServerlessRcloneLambdaPolicy
DependsOn: ServerlessRcloneLambdaPolicy