-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathserverless.yml
More file actions
140 lines (135 loc) · 3.92 KB
/
serverless.yml
File metadata and controls
140 lines (135 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
service: voicecert
plugins:
- serverless-plugin-include-dependencies
provider:
name: aws
runtime: nodejs18.x
stage: ${opt:stage, 'prod'}
region: us-east-1
iam:
role:
statements:
- Effect: Allow
Action:
- ssm:GetParameter
Resource:
- arn:aws:ssm:${aws:region}:${aws:accountId}:parameter/voicecert/prod/firebase_service_account
- Effect: Allow
Action:
- ses:SendEmail
- ses:SendRawEmail
Resource: "*"
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:PutObjectAcl
Resource: "arn:aws:s3:::www.voicecert.com/*"
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:PutObjectAcl
Resource: "arn:aws:s3:::voicecert-mail-inbox/*"
- Effect: Allow
Action:
- s3:ListBucket
Resource: "arn:aws:s3:::www.voicecert.com"
apiGateway:
shouldStartNameWithService: true
apiKeys: [] # Disable API key requirement
minimumCompressionSize: 1024
binaryMediaTypes:
- '*/*'
package:
patterns:
# Exclude unnecessary directories and files first
- '!node_modules/**'
- '!**/*.md'
- '!**/*.txt'
- '!.git/**'
- '!.vscode/**'
- '!.idea/**'
- '!**/*.log'
- '!**/*.test.js'
- '!**/*.spec.js'
- '!scripts/**'
- '!bin/**'
- '!templates/**'
- '!mail-server/**'
- '!terraform/**'
- '!*.sh'
- '!*.json.example'
- '!example.*'
# Include only what Lambda needs
- 'api/**'
- 'src/**'
- 'lib/config.js'
- 'firebaseInit.js'
- 'package.json'
- 'package-lock.json'
individually: false
excludeDevDependencies: true
# The plugin will automatically include production dependencies from node_modules
functions:
api:
handler: api/api.handler
environment:
FIREBASE_CONFIG: ${ssm:/voicecert/prod/firebase_config}
events:
- http:
path: api/{proxy+} # Wildcard path that matches api/*
method: ANY # Allows all HTTP methods
cors:
origin: '*'
headers:
- Content-Type
- Authorization
- X-Requested-With
allowCredentials: false
private: false # Ensure endpoint is public
authorizer: null # Disable AWS authorizer
authentication: null # Disable AWS authentication
resources:
Resources:
LambdaPermissionSES:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt ApiLambdaFunction.Arn
Action: lambda:InvokeFunction
Principal: ses.amazonaws.com
SourceAccount: !Ref AWS::AccountId
SourceArn: "arn:aws:ses:us-east-1:218827615080:receipt-rule-set/forwardallemails:receipt-rule/voicecert-email-lambda"
S3DataEvents:
Type: AWS::CloudTrail::Trail
Properties:
IsLogging: true
S3BucketName: www.voicecert.com-logs
TrailName: voicecert-s3-trail
EnableLogFileValidation: true
IncludeGlobalServiceEvents: true
IsMultiRegionTrail: false
EventSelectors:
- DataResources:
- Type: AWS::S3::Object
Values:
- !Sub arn:aws:s3:::www.voicecert.com/
S3KeyPrefix: cloudtrail-logs
# S3 Bucket Policy for SES
VoiceCertMailInboxPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: voicecert-mail-inbox
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: AllowSESToWrite
Effect: Allow
Principal:
Service: ses.amazonaws.com
Action:
- s3:PutObject
Resource: !Sub arn:aws:s3:::voicecert-mail-inbox/*
Condition:
StringEquals:
aws:Referer: !Ref AWS::AccountId