ServerLessTest/serverless.yml at main · tommydongaws/ServerLessTest · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
service: motorvate-services
provider:
  name: aws
  runtime: nodejs12.x
  region: ${opt:region, 'us-east-1'}
  stage: ${opt:stage, 'local'}
  versionFunctions: false
  iamRoleStatements:
    - Effect: Allow
      Action:
        - apiGateway:GET
      Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:*"

resources:
  Resources:
    CognitoUserPool:
      Type: AWS::Cognito::UserPool
      Properties:
        # Generate a name based on the stage
        UserPoolName: ${self:provider.stage}-user-pool
        MfaConfiguration: "OFF"
        # Set email as an alias
        UsernameAttributes:
          - email
        AutoVerifiedAttributes:
          - email

    CognitoUserPoolClient:
      Type: AWS::Cognito::UserPoolClient
      Properties:
        # Generate an app client name based on the stage
        ClientName: ${self:provider.stage}-user-pool-client
        UserPoolId:
          Ref: CognitoUserPool
        ExplicitAuthFlows:
          - ADMIN_NO_SRP_AUTH
        GenerateSecret: false

    CognitoIdentityPool:
      Type: "AWS::Cognito::IdentityPool"
      Properties:
        IdentityPoolName: ${self:provider.stage}-identity-pool
        AllowUnauthenticatedIdentities: true
        CognitoIdentityProviders:
          - ClientId: !Ref CognitoUserPoolClient
            ProviderName: !GetAtt CognitoUserPool.ProviderName

    ProxyApi:
      Type: AWS::ApiGateway::RestApi
      Properties:
        Name: api gateway proxy

    ApiGatewayAuthorizer:
      Type: AWS::ApiGateway::Authorizer
      Properties:
        Name: CognitoAuthorizer
        Type: COGNITO_USER_POOLS
        IdentitySource: method.request.header.Authorization
        RestApiId: { "Ref": "ProxyApi" }
        ProviderARNs:
          - Fn::GetAtt:
              - CognitoUserPool
              - Arn

    TokensTable:
      Type: AWS::DynamoDB::Table
      Properties:
        # Generate a name based on the stage
        TableName: tokens-${self:provider.stage}
        AttributeDefinitions:
          - AttributeName: key
            AttributeType: S
        KeySchema:
          - AttributeName: key
            KeyType: HASH
        StreamSpecification:
          StreamViewType: NEW_IMAGE
        TimeToLiveSpecification:
          AttributeName: timestamp
          Enabled: true
        # Set the capacity to auto-scale
        BillingMode: PAY_PER_REQUEST

  Outputs:
    UserPoolArn:
      Value:
        Fn::GetAtt: CognitoUserPool.Arn
      Export:
        Name: ExtCognitoUserPool-${self:provider.stage}

    UserPoolId:
      Value:
        Ref: CognitoUserPool
      Export:
        Name: ExtCognitoUserPoolId-${self:provider.stage}

    UserPoolClientId:
      Value:
        Ref: CognitoUserPoolClient
      Export:
        Name: ExtCognitoUserPoolClientId-${self:provider.stage}

    IdentityPoolId:
      Value:
        Ref: CognitoIdentityPool

    ApiGatewayAuthorizerId:
      Value:
        Ref: ApiGatewayAuthorizer
      Export:
        Name: ExtApiGatewayAuthorizer-${self:provider.stage}-${cf:a793.output123}

    TokenTableArn:
      Value:
        Fn::GetAtt: TokensTable.Arn
      Export:
        Name: ExttokensArn-${self:provider.stage}
    TokenTableStreamArn:
      Value:
        Fn::GetAtt: TokensTable.StreamArn
      Export:
        Name: ExttokensStreamArn-${self:provider.stage}
custom:
  prune:
    automatic: true
    number: 1