131 lines
3.7 KiB
YAML
131 lines
3.7 KiB
YAML
AWSTemplateFormatVersion: 2010-09-09
|
|
Transform: AWS::Serverless-2016-10-31
|
|
|
|
Parameters:
|
|
BucketName:
|
|
Type: String
|
|
Default: saladeaula.digital
|
|
UserTable:
|
|
Type: String
|
|
Default: betaeducacao-prod-users_d2o3r5gmm4it7j
|
|
OrderTable:
|
|
Type: String
|
|
Default: betaeducacao-prod-orders
|
|
EnrollmentTable:
|
|
Type: String
|
|
Default: betaeducacao-prod-enrollments
|
|
CourseTable:
|
|
Type: String
|
|
Default: saladeaula_courses
|
|
|
|
Globals:
|
|
Function:
|
|
CodeUri: app/
|
|
Runtime: python3.13
|
|
Tracing: Active
|
|
Architectures:
|
|
- x86_64
|
|
Layers:
|
|
- !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:106
|
|
Environment:
|
|
Variables:
|
|
TZ: America/Sao_Paulo
|
|
LOG_LEVEL: DEBUG
|
|
POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1
|
|
POWERTOOLS_LOGGER_LOG_EVENT: true
|
|
DYNAMODB_PARTITION_KEY: id
|
|
USER_TABLE: !Ref UserTable
|
|
ORDER_TABLE: !Ref OrderTable
|
|
ENROLLMENT_TABLE: !Ref EnrollmentTable
|
|
COURSE_TABLE: !Ref CourseTable
|
|
BUCKET_NAME: !Ref BucketName
|
|
KONVIVA_API_URL: https://lms.saladeaula.digital
|
|
KONVIVA_SECRET_KEY: '{{resolve:ssm:/betaeducacao/konviva/secret_key/str}}'
|
|
MEILISEARCH_HOST: https://meili.saladeaula.digital
|
|
MEILISEARCH_API_KEY: '{{resolve:ssm:/saladeaula/meili_api_key}}'
|
|
|
|
Resources:
|
|
HttpLog:
|
|
Type: AWS::Logs::LogGroup
|
|
Properties:
|
|
RetentionInDays: 90
|
|
|
|
HttpApi:
|
|
Type: AWS::Serverless::HttpApi
|
|
Properties:
|
|
CorsConfiguration:
|
|
AllowOrigins: ['*']
|
|
AllowMethods: [GET, POST, PUT, DELETE, PATCH, OPTIONS]
|
|
AllowHeaders: [Content-Type, X-Requested-With, Authorization, X-Tenant]
|
|
AllowCredentials: false
|
|
MaxAge: 600
|
|
Auth:
|
|
DefaultAuthorizer: LambdaRequestAuthorizer
|
|
Authorizers:
|
|
LambdaRequestAuthorizer:
|
|
FunctionArn: !GetAtt AuthFunction.Arn
|
|
AuthorizerPayloadFormatVersion: '2.0'
|
|
EnableFunctionDefaultPermissions: true
|
|
EnableSimpleResponses: true
|
|
Identity:
|
|
Headers: [Authorization]
|
|
ReauthorizeEvery: 300
|
|
|
|
HttpApiFunction:
|
|
Type: AWS::Serverless::Function
|
|
Properties:
|
|
Handler: app.lambda_handler
|
|
LoggingConfig:
|
|
LogGroup: !Ref HttpLog
|
|
Policies:
|
|
- DynamoDBCrudPolicy:
|
|
TableName: !Ref UserTable
|
|
- DynamoDBCrudPolicy:
|
|
TableName: !Ref CourseTable
|
|
- DynamoDBCrudPolicy:
|
|
TableName: !Ref OrderTable
|
|
- DynamoDBCrudPolicy:
|
|
TableName: !Ref EnrollmentTable
|
|
- S3ReadPolicy:
|
|
BucketName: !Ref BucketName
|
|
- Version: 2012-10-17
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
- cognito-idp:AdminGetUser
|
|
- cognito-idp:AdminSetUserPassword
|
|
Resource: !Sub arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/*
|
|
Events:
|
|
Preflight:
|
|
Type: HttpApi
|
|
Properties:
|
|
Path: /{proxy+}
|
|
Method: OPTIONS
|
|
ApiId: !Ref HttpApi
|
|
Auth:
|
|
Authorizer: NONE
|
|
AnyRequest:
|
|
Type: HttpApi
|
|
Properties:
|
|
Path: /{proxy+}
|
|
Method: ANY
|
|
ApiId: !Ref HttpApi
|
|
Lookup:
|
|
Type: HttpApi
|
|
Properties:
|
|
Path: /lookup/{username}
|
|
Method: GET
|
|
ApiId: !Ref HttpApi
|
|
Auth:
|
|
Authorizer: NONE
|
|
|
|
AuthFunction:
|
|
Type: AWS::Serverless::Function
|
|
Properties:
|
|
Handler: auth.lambda_handler
|
|
LoggingConfig:
|
|
LogGroup: !Ref HttpLog
|
|
Policies:
|
|
- DynamoDBCrudPolicy:
|
|
TableName: !Ref UserTable
|