Support for building pygeoapi as a lambda container and deploying to AWS Lambda (#2) (#709)

aws-lambda/container/serverless.yml

@@ -0,0 +1,107 @@
+# =================================================================
+#
+# Authors: David Bitner <bitner@dbspatial.com>>
+#
+# Copyright (c) 2019 David Bitner
+#
+# Permission is hereby granted, free of charge, to any person
+# obtaining a copy of this software and associated documentation
+# files (the "Software"), to deal in the Software without
+# restriction, including without limitation the rights to use,
+# copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following
+# conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+# OTHER DEALINGS IN THE SOFTWARE.
+#
+# =================================================================
+
+service: pygeoapi
+
+provider:
+  name: aws
+  region: us-west-2 
+  # rolePermissionsBoundary: < perm boundary arn here >
+  # deploymentBucket: < deployment bucket name here >
+  # role: < lambda execution role here > 
+  timeout: 30
+
+  ecr:
+    images:
+      pygeo-lambda-container:
+        uri: < url to container image in ECR > 
+
+functions:
+  app:
+    role:
+      Fn::GetAtt:
+        - pygeoapiIamRole
+        - Arn
+    image:
+      name: pygeo-lambda-container
+    events:
+      - http: ANY /
+      - http: 'ANY {proxy+}'
+    entrypoint:
+      - '/entry.sh'
+
+resources:
+  Resources:
+    pygeoapiIamRole:
+      Type: AWS::IAM::Role
+      Properties:
+        AssumeRolePolicyDocument:
+          Version: "2012-10-17"
+          Statement:
+            - Effect: Allow
+              Principal:
+                Service:
+                  - states.amazonaws.com
+                  - events.amazonaws.com
+                  - lambda.amazonaws.com
+                  - ec2.amazonaws.com
+              Action: sts:AssumeRole
+        Policies:
+          - PolicyName: pygeo-role
+            PolicyDocument:
+              Version: "2012-10-17"
+              Statement:
+                - Effect: Allow
+                  Action: 
+                    - "ec2:DescribeNetworkInterfaces"
+                    - "ec2:CreateNetworkInterface"
+                    - "ecr:GetDownloadUrlForLayer"
+                    - "ecr:PutImage"
+                    - "ecr:InitiateLayerUpload"
+                    - "ecr:UploadLayerPart"
+                    - "ecr:CompleteLayerUpload"
+                    - "ecr:DescribeRepositories"
+                    - "ecr:GetRepositoryPolicy"
+                    - "ecr:ListImages"
+                    - "ecr:GetAuthorizationToken"
+                    - "ecr:BatchCheckLayerAvailability"
+                    - "ecr:BatchGetImage"
+                  Resource: "*"
+        RoleName: ${self:service}-${self:provider.stage}-role
+        ManagedPolicyArns:
+          - arn:aws:iam::aws:policy/service-role/AWSLambdaRole
+          - arn:aws:iam::aws:policy/CloudWatchFullAccess
+        PermissionsBoundary:
+          Fn::Sub:
+            - "< perm boundary arn >"
+            - accountId:
+               Ref: "AWS::AccountId"
+
+plugins:
+  - serverless-wsgi