AppleCollector/serverless.yml at main · SpaceInvaderTech/AppleCollector · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
service: apple-collector

provider:
  name: aws
  runtime: python3.12
  stage: ${opt:stage, 'prod'}
  region: eu-central-1
  layers:
    - Ref: PythonRequirementsLambdaLayer
  environment:
    STAGE: ${self:provider.stage}
    QUEUE_URL: !GetAtt LocationsQueue.QueueUrl
    API_KEY: ${ssm:/${self:provider.stage}/api-new/api-key}
    CREDENTIALS_API_KEY: ${ssm:/${self:provider.stage}/apple-collector/api-key}
    PASSWD: ''
    SENTRY_DSN: ${ssm:/${self:provider.stage}/apple-collector/sentry/dsn}
    SENTRY_ENV: ${self:provider.stage}
    MAX_RETRIES_ON_APPLE_AUTH_EXPIRED: 0
  iam:
    role:
      statements:
        - Effect: Allow
          Action:
            - dynamodb:PutItem
            - dynamodb:GetItem
            - dynamodb:Query
            - dynamodb:UpdateItem
            - dynamodb:DeleteItem
            - dynamodb:Scan
          Resource:
            - !GetAtt CredentialsTable.Arn
        - Effect: Allow
          Action:
            - sqs:SendMessage
            - sqs:ReceiveMessage
            - sqs:DeleteMessage
            - sqs:GetQueueAttributes
          Resource:
            - !GetAtt LocationsQueue.Arn

package:
  individually: false
  patterns:
    - '!node_modules/**'
    - '!.venv/**'
    - '!.git/**'
    - '!__pycache__/**'
    - '!*.env'
    - 'entrypoint.py'
    - 'app/**'

functions:
  put-credentials:
    handler: entrypoint.put_credentials
    events:
      - http:
          path: credentials/{client_id}
          method: put

  get-credentials:
    handler: entrypoint.get_credentials
    events:
      - http:
          path: credentials/{client_id}
          method: get

  fetch-locations-and-report:
    handler: entrypoint.fetch_locations_and_report
    timeout: 900  # 15 minutes in seconds
    memorySize: 2048
    reservedConcurrency: 1
    events:
      - sqs:
          arn: !GetAtt LocationsQueue.Arn
          batchSize: 1

resources:
  Resources:
    CredentialsTable:
      Type: AWS::DynamoDB::Table
      Properties:
        TableName: apple-collector-credentials-${self:provider.stage}
        BillingMode: PAY_PER_REQUEST
        AttributeDefinitions:
          - AttributeName: id
            AttributeType: S
        KeySchema:
          - AttributeName: id
            KeyType: HASH
        Tags:
          - Key: Service
            Value: apple-collector
          - Key: Environment
            Value: ${self:provider.stage}

    LocationsQueueDLQ:
      Type: AWS::SQS::Queue
      Properties:
        QueueName: locations-dlq.fifo
        FifoQueue: true
        ContentBasedDeduplication: true

    LocationsQueue:
      Type: AWS::SQS::Queue
      Properties:
        QueueName: locations-queue.fifo
        FifoQueue: true
        ContentBasedDeduplication: true
        VisibilityTimeout: 900  # 15 minutes in seconds
        RedrivePolicy:
          deadLetterTargetArn: !GetAtt LocationsQueueDLQ.Arn
          maxReceiveCount: 1

custom:
  pythonRequirements:
    usePoetry: true
    dockerizePip: true
    slim: true
    layer:
      name: ${self:provider.stage}-${self:service}-layer
      compatibleRuntimes:
        - python3.12
      compatibleArchitectures:
        - x86_64
      allowedAccounts:
        - '*'

plugins:
  - serverless-python-requirements
  - serverless-offline
  - serverless-cloudside-plugin