API/template.yaml at main · mirrulations/API · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
Transform: AWS::Serverless-2016-10-31 # Need for all SAM templates, Source: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-template-anatomy.html

Globals:
  Api:
    Cors:
      AllowOrigin: "'*'"
      AllowHeaders: "'*'"
      AllowMethods: "'*'"

Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      MethodSettings:
        - ResourcePath: /dummy
          HttpMethod: GET
          ThrottlingBurstLimit: 10
          ThrottlingRateLimit: 20
      Domain:
        DomainName: api.mirrulations.org
        CertificateArn: arn:aws:acm:us-east-1:936771282063:certificate/6136e1ea-86d9-49e4-a2f5-ef125433b674
        EndpointConfiguration: EDGE
        Route53:
          HostedZoneId: Z06776181JN8EMX6YTN2B

  ApiFunction: # Adds a GET method at the root resource via an Api event
    Type: AWS::Serverless::Function
    Properties:
      Events:
        TestGet: # This defines the url for this endpoint
          Type: Api
          Properties:
            Path: /dummy
            Method: get
            RestApiId:
              Ref: ApiGatewayApi
      CodeUri: endpoints/
      Handler: app.lambda_handler # this and the one above are a path to a handler
      Runtime: python3.13
      VpcConfig:
        SecurityGroupIds:
          - sg-03e2bf8d3930f3c42
        SubnetIds:
          - subnet-0548c79ad1faa1117
          - subnet-0e157bfea98242a74
          - subnet-049c40a73343487e5
          - subnet-06bae533696203b97
          - subnet-073247252e9c9fa78
          - subnet-0e157bfea98242a74
      Layers:
        - arn:aws:lambda:us-east-1:936771282063:layer:psycopg-import:1
        - arn:aws:lambda:us-east-1:936771282063:layer:aoss-imports:2
      Policies:
        - AWSLambdaBasicExecutionRole
        - Version: '2012-10-17'  # Add Secrets Manager permissions
          Statement:
            - Effect: Allow
              Action:
                - secretsmanager:GetSecretValue
              Resource: "arn:aws:secretsmanager:us-east-1:936771282063:secret:mirrulationsdb/postgres/master-uA4mKl"
        - Version: '2012-10-17'  # Add Secrets Manager permissions
          Statement:
            - Effect: Allow
              Action:
                - secretsmanager:GetSecretValue
              Resource: "arn:aws:secretsmanager:us-east-1:936771282063:secret:mirrulationsdb/opensearch/master-7xJt7C"
      Environment:
        Variables:
          DB_SECRET_NAME: "mirrulationsdb/postgres/master"
          OS_SECRET_NAME: "mirrulationsdb/opensearch/master"
          OPENSEARCH_INITIAL_ADMIN_PASSWORD: ""
          OPENSEARCH_HOST: ""
          OPENSEARCH_PORT: ""
          POSTGRES_PORT: ""
          POSTGRES_DB: ""
          POSTGRES_PASSWORD: ""
          POSTGRES_HOST: ""
          POSTGRES_USER: ""
      Timeout: 30
      Role: arn:aws:iam::936771282063:role/334s25_lambda_execution_opensearch