AWSTemplateFormatVersion: 2010-09-09 Transform: AWS::Serverless-2016-10-31 Parameters: UserTable: Type: String Default: betaeducacao-prod-users_d2o3r5gmm4it7j Globals: Function: CodeUri: app/ Runtime: python3.13 Tracing: Active Architectures: - x86_64 Layers: - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:layercake:104 Environment: Variables: TZ: America/Sao_Paulo LOG_LEVEL: DEBUG POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1 POWERTOOLS_LOGGER_LOG_EVENT: true DYNAMODB_PARTITION_KEY: id DYNAMODB_SORT_KEY: sk USER_TABLE: !Ref UserTable ISSUER: https://id.saladeaula.digital Resources: HttpLog: Type: AWS::Logs::LogGroup Properties: RetentionInDays: 90 EventLog: Type: AWS::Logs::LogGroup Properties: RetentionInDays: 90 HttpApi: Type: AWS::Serverless::HttpApi Properties: CorsConfiguration: AllowOrigins: ['*'] AllowMethods: [GET, POST, OPTIONS] AllowHeaders: [Content-Type, X-Requested-With, Authorization] HttpApiFunction: Type: AWS::Serverless::Function Properties: Handler: app.lambda_handler LoggingConfig: LogGroup: !Ref HttpLog Policies: - DynamoDBCrudPolicy: TableName: !Ref UserTable - Version: 2012-10-17 Statement: - Effect: Allow Action: - cognito-idp:InitiateAuth Resource: !Sub arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/* Events: Authentication: Type: HttpApi Properties: Path: /authentication Method: POST ApiId: !Ref HttpApi Register: Type: HttpApi Properties: Path: /register Method: POST ApiId: !Ref HttpApi Forgot: Type: HttpApi Properties: Path: /forgot Method: POST ApiId: !Ref HttpApi Reset: Type: HttpApi Properties: Path: /reset/{token} Method: POST ApiId: !Ref HttpApi Lookup: Type: HttpApi Properties: Path: /lookup Method: GET ApiId: !Ref HttpApi Authorize: Type: HttpApi Properties: Path: /authorize Method: GET ApiId: !Ref HttpApi OpenIDConfiguration: Type: HttpApi Properties: Path: /.well-known/openid-configuration Method: GET ApiId: !Ref HttpApi JWKS: Type: HttpApi Properties: Path: /.well-known/jwks.json Method: GET ApiId: !Ref HttpApi Token: Type: HttpApi Properties: Path: /token Method: POST ApiId: !Ref HttpApi Revoke: Type: HttpApi Properties: Path: /revoke Method: POST ApiId: !Ref HttpApi UserInfo: Type: HttpApi Properties: Path: /userinfo Method: GET ApiId: !Ref HttpApi Health: Type: HttpApi Properties: Path: /health Method: GET ApiId: !Ref HttpApi EventSendForgotEmailFunction: Type: AWS::Serverless::Function Properties: Handler: events.send_forgot_email.lambda_handler LoggingConfig: LogGroup: !Ref EventLog Policies: - Version: 2012-10-17 Statement: - Effect: Allow Action: - ses:SendRawEmail Resource: - !Sub arn:aws:ses:${AWS::Region}:${AWS::AccountId}:identity/eduseg.com.br - !Sub arn:aws:ses:${AWS::Region}:${AWS::AccountId}:configuration-set/tracking Events: DynamoDBEvent: Type: EventBridgeRule Properties: Pattern: resources: [!Ref UserTable] detail-type: [INSERT] detail: new_image: id: [PASSWORD_RESET] sk: - prefix: CODE# Outputs: HttpApiUrl: Description: URL of your API endpoint Value: Fn::Sub: 'https://${HttpApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}' HttpApiId: Description: Api ID of HttpApi Value: Ref: HttpApi