AWSTemplateFormatVersion: 2010-09-09 Transform: AWS::Serverless-2016-10-31 Parameters: OAuth2Table: Type: String Default: betaeducacao-prod-users_d2o3r5gmm4it7j Globals: Function: CodeUri: app/ Runtime: python3.13 Tracing: Active Architectures: - x86_64 Layers: - !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:91 Environment: Variables: TZ: America/Sao_Paulo LOG_LEVEL: DEBUG POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1 POWERTOOLS_LOGGER_LOG_EVENT: true DYNAMODB_PARTITION_KEY: id DYNAMODB_SORT_KEY: sk OAUTH2_TABLE: !Ref OAuth2Table ISSUER: https://id.saladeaula.digital JWT_SECRET: 7DUTFB1iLeSpiXvmxbOZim1yPVmQbmBpAzgscob0RDzrL2wVwRi1ti2ZSry7jJAf Resources: HttpLog: Type: AWS::Logs::LogGroup Properties: RetentionInDays: 90 HttpApi: Type: AWS::Serverless::HttpApi Properties: CorsConfiguration: AllowOrigins: ["*"] AllowMethods: [GET, POST, OPTIONS] AllowHeaders: [Content-Type, X-Requested-With, Authorization] HttpApiFunction: Type: AWS::Serverless::Function Properties: Handler: app.lambda_handler LoggingConfig: LogGroup: !Ref HttpLog Policies: - DynamoDBCrudPolicy: TableName: !Ref OAuth2Table Events: Login: Type: HttpApi Properties: Path: /login Method: GET ApiId: !Ref HttpApi LoginPost: Type: HttpApi Properties: Path: /login Method: POST ApiId: !Ref HttpApi Authorize: Type: HttpApi Properties: Path: /authorize Method: GET ApiId: !Ref HttpApi OpenidConfiguration: Type: HttpApi Properties: Path: /.well-known/openid-configuration Method: GET ApiId: !Ref HttpApi Jwks: Type: HttpApi Properties: Path: /jwks.json Method: GET ApiId: !Ref HttpApi Token: Type: HttpApi Properties: Path: /token Method: GET ApiId: !Ref HttpApi UserInfo: Type: HttpApi Properties: Path: /userinfo Method: GET ApiId: !Ref HttpApi