Chris Barrett
108 lines
3.5 KiB
YAML
108 lines
3.5 KiB
YAML
# =================================================================
|
|
#
|
|
# Authors: David Bitner <bitner@dbspatial.com>>
|
|
#
|
|
# Copyright (c) 2019 David Bitner
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person
|
|
# obtaining a copy of this software and associated documentation
|
|
# files (the "Software"), to deal in the Software without
|
|
# restriction, including without limitation the rights to use,
|
|
# copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
# copies of the Software, and to permit persons to whom the
|
|
# Software is furnished to do so, subject to the following
|
|
# conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be
|
|
# included in all copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
|
# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
|
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
|
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
|
# OTHER DEALINGS IN THE SOFTWARE.
|
|
#
|
|
# =================================================================
|
|
|
|
service: pygeoapi
|
|
|
|
provider:
|
|
name: aws
|
|
region: us-west-2
|
|
# rolePermissionsBoundary: < perm boundary arn here >
|
|
# deploymentBucket: < deployment bucket name here >
|
|
# role: < lambda execution role here >
|
|
timeout: 30
|
|
|
|
ecr:
|
|
images:
|
|
pygeo-lambda-container:
|
|
uri: < url to container image in ECR >
|
|
|
|
functions:
|
|
app:
|
|
role:
|
|
Fn::GetAtt:
|
|
- pygeoapiIamRole
|
|
- Arn
|
|
image:
|
|
name: pygeo-lambda-container
|
|
events:
|
|
- http: ANY /
|
|
- http: 'ANY {proxy+}'
|
|
entrypoint:
|
|
- '/entry.sh'
|
|
|
|
resources:
|
|
Resources:
|
|
pygeoapiIamRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Version: "2012-10-17"
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service:
|
|
- states.amazonaws.com
|
|
- events.amazonaws.com
|
|
- lambda.amazonaws.com
|
|
- ec2.amazonaws.com
|
|
Action: sts:AssumeRole
|
|
Policies:
|
|
- PolicyName: pygeo-role
|
|
PolicyDocument:
|
|
Version: "2012-10-17"
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
- "ec2:DescribeNetworkInterfaces"
|
|
- "ec2:CreateNetworkInterface"
|
|
- "ecr:GetDownloadUrlForLayer"
|
|
- "ecr:PutImage"
|
|
- "ecr:InitiateLayerUpload"
|
|
- "ecr:UploadLayerPart"
|
|
- "ecr:CompleteLayerUpload"
|
|
- "ecr:DescribeRepositories"
|
|
- "ecr:GetRepositoryPolicy"
|
|
- "ecr:ListImages"
|
|
- "ecr:GetAuthorizationToken"
|
|
- "ecr:BatchCheckLayerAvailability"
|
|
- "ecr:BatchGetImage"
|
|
Resource: "*"
|
|
RoleName: ${self:service}-${self:provider.stage}-role
|
|
ManagedPolicyArns:
|
|
- arn:aws:iam::aws:policy/service-role/AWSLambdaRole
|
|
- arn:aws:iam::aws:policy/CloudWatchFullAccess
|
|
PermissionsBoundary:
|
|
Fn::Sub:
|
|
- "< perm boundary arn >"
|
|
- accountId:
|
|
Ref: "AWS::AccountId"
|
|
|
|
plugins:
|
|
- serverless-wsgi
|