sergio/saladeaula.digital
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
saladeaula.digital/id.saladeaula.digital/template.yaml
Sérgio Rafael Siqueira 37a9b20188 WIP
2026-01-21 21:31:32 -03:00

174 lines
4.4 KiB
YAML
Raw Permalink Blame History

AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Parameters:
UserTable:
Type: String
Default: betaeducacao-prod-users_d2o3r5gmm4it7j
Globals:
Function:
CodeUri: app/
Runtime: python3.13
Tracing: Active
Architectures:
- x86_64
Layers:
- !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:layercake:106
Environment:
Variables:
TZ: America/Sao_Paulo
LOG_LEVEL: DEBUG
POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1
POWERTOOLS_LOGGER_LOG_EVENT: true
DYNAMODB_PARTITION_KEY: id
DYNAMODB_SORT_KEY: sk
USER_TABLE: !Ref UserTable
ISSUER: https://id.saladeaula.digital
Resources:
HttpLog:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 90
EventLog:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 90
HttpApi:
Type: AWS::Serverless::HttpApi
Properties:
CorsConfiguration:
AllowOrigins: ['*']
AllowMethods: [GET, POST, OPTIONS]
AllowHeaders: [Content-Type, X-Requested-With, Authorization]
HttpApiFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.lambda_handler
LoggingConfig:
LogGroup: !Ref HttpLog
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref UserTable
- Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- cognito-idp:InitiateAuth
Resource: !Sub arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/*
Events:
Authentication:
Type: HttpApi
Properties:
Path: /authentication
Method: POST
ApiId: !Ref HttpApi
Register:
Type: HttpApi
Properties:
Path: /register
Method: POST
ApiId: !Ref HttpApi
Forgot:
Type: HttpApi
Properties:
Path: /forgot
Method: POST
ApiId: !Ref HttpApi
Reset:
Type: HttpApi
Properties:
Path: /reset/{token}
Method: POST
ApiId: !Ref HttpApi
Lookup:
Type: HttpApi
Properties:
Path: /lookup
Method: GET
ApiId: !Ref HttpApi
Authorize:
Type: HttpApi
Properties:
Path: /authorize
Method: GET
ApiId: !Ref HttpApi
OpenIDConfiguration:
Type: HttpApi
Properties:
Path: /.well-known/openid-configuration
Method: GET
ApiId: !Ref HttpApi
JWKS:
Type: HttpApi
Properties:
Path: /.well-known/jwks.json
Method: GET
ApiId: !Ref HttpApi
Token:
Type: HttpApi
Properties:
Path: /token
Method: POST
ApiId: !Ref HttpApi
Revoke:
Type: HttpApi
Properties:
Path: /revoke
Method: POST
ApiId: !Ref HttpApi
UserInfo:
Type: HttpApi
Properties:
Path: /userinfo
Method: GET
ApiId: !Ref HttpApi
Health:
Type: HttpApi
Properties:
Path: /health
Method: GET
ApiId: !Ref HttpApi
EventSendForgotEmailFunction:
Type: AWS::Serverless::Function
Properties:
Handler: events.send_forgot_email.lambda_handler
LoggingConfig:
LogGroup: !Ref EventLog
Policies:
- Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ses:SendRawEmail
Resource:
- !Sub arn:aws:ses:${AWS::Region}:${AWS::AccountId}:identity/eduseg.com.br
- !Sub arn:aws:ses:${AWS::Region}:${AWS::AccountId}:configuration-set/tracking
Events:
DynamoDBEvent:
Type: EventBridgeRule
Properties:
Pattern:
resources: [!Ref UserTable]
detail-type: [INSERT]
detail:
new_image:
id: [PASSWORD_RESET]
sk:
- prefix: CODE#
Outputs:
HttpApiUrl:
Description: URL of your API endpoint
Value:
Fn::Sub: 'https://${HttpApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}'
HttpApiId:
Description: Api ID of HttpApi
Value:
Ref: HttpApi
Reference in New Issue View Git Blame Copy Permalink