# =================================================================
#
# Authors: David Bitner <bitner@dbspatial.com>>
#
# Copyright (c) 2019 David Bitner
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without
# restriction, including without limitation the rights to use,
# copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following
# conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
# =================================================================

service: pygeoapi

provider:
  name: aws
  region: us-west-2 
  # rolePermissionsBoundary: < perm boundary arn here >
  # deploymentBucket: < deployment bucket name here >
  # role: < lambda execution role here > 
  timeout: 30

  ecr:
    images:
      pygeo-lambda-container:
        uri: < url to container image in ECR > 

functions:
  app:
    role:
      Fn::GetAtt:
        - pygeoapiIamRole
        - Arn
    image:
      name: pygeo-lambda-container
    events:
      - http: ANY /
      - http: 'ANY {proxy+}'
    entrypoint:
      - '/entry.sh'

resources:
  Resources:
    pygeoapiIamRole:
      Type: AWS::IAM::Role
      Properties:
        AssumeRolePolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - states.amazonaws.com
                  - events.amazonaws.com
                  - lambda.amazonaws.com
                  - ec2.amazonaws.com
              Action: sts:AssumeRole
        Policies:
          - PolicyName: pygeo-role
            PolicyDocument:
              Version: "2012-10-17"
              Statement:
                - Effect: Allow
                  Action: 
                    - "ec2:DescribeNetworkInterfaces"
                    - "ec2:CreateNetworkInterface"
                    - "ecr:GetDownloadUrlForLayer"
                    - "ecr:PutImage"
                    - "ecr:InitiateLayerUpload"
                    - "ecr:UploadLayerPart"
                    - "ecr:CompleteLayerUpload"
                    - "ecr:DescribeRepositories"
                    - "ecr:GetRepositoryPolicy"
                    - "ecr:ListImages"
                    - "ecr:GetAuthorizationToken"
                    - "ecr:BatchCheckLayerAvailability"
                    - "ecr:BatchGetImage"
                  Resource: "*"
        RoleName: ${self:service}-${self:provider.stage}-role
        ManagedPolicyArns:
          - arn:aws:iam::aws:policy/service-role/AWSLambdaRole
          - arn:aws:iam::aws:policy/CloudWatchFullAccess
        PermissionsBoundary:
          Fn::Sub:
            - "< perm boundary arn >"
            - accountId:
               Ref: "AWS::AccountId"

plugins:
  - serverless-wsgi