serverless.yml

org: photonadmin
app: photonranch

service: photonranch-logstream

plugins:
  - serverless-python-requirements
  - serverless-domain-manager

custom:
  # This is the 'variable' for the customDomain.basePath value, based on the stage.
  stage:
    prod: logs
    dev: dev

  pythonRequirements:
    dockerizePip: non-linux
    dockerFile: serverless-deploy-helpers/Dockerfile
    slim: true
    noDeploy:
      - pytest

  customDomain:
    domainName: 'logs.photonranch.org'
    basePath: ${self:custom.stage.${self:provider.stage}}
    stage: ${self:provider.stage}
    createRoute53Record: true      
    createRoute53IPv6Record: true
    autoDomain: true  # runs create_domain/delete_domain with sls deploy/remove automatically.

# Keeps the package size small
package:
  patterns:
    - '!node_modules/**'
    - '!venv/**'

provider:
  name: aws
  stage: ${opt:stage, "dev"}
  runtime: python3.8
  region: us-east-1
  environment:
    LOGS_TABLE: photonranch-observatory-logs-${self:provider.stage}

  iam:
    role:
      statements:
        - Effect: Allow 
          Action: 
            - dynamodb:PutItem
            - dynamodb:GetItem
            - dynamodb:UpdateItem
            - dynamodb:DeleteItem
            - dynamodb:BatchGetItem
            - dynamodb:BatchWriteItem
            - dynamodb:Scan
            - dynamodb:Query
            - dynamodb:DescribeStream
            - dynamodb:GetRecords
            - dynamodb:GetShardIterator
            - dynamodb:ListStreams
          Resource:
            - "arn:aws:dynamodb:us-east-1:*:*"
        - Effect: Allow
          Action:
            - sqs:SendMessage
            - sqs:GetQueueUrl
          Resource:
            - "arn:aws:sqs:${self:provider.region}:*:*"

functions:
  newLogHandler:
    handler: handler.new_log_stream_handler
    events:
      - stream: 
          type: dynamodb
          batchSize: 1
          arn:
            Fn::GetAtt:
              - logsTable
              - StreamArn
  getRecentLogs:
    handler: handler.get_recent_logs_handler
    events:
      - http:
          path: recent-logs
          method: get
          cors: true
  addLogEntry:
    handler: handler.add_log_entry_handler
    events:
      - http:
          path: newlog
          method: post
          cors: true

resources:
  Resources:
    logsTable: 
      Type: AWS::DynamoDB::Table
      Properties:
        TableName: ${self:provider.environment.LOGS_TABLE}
        AttributeDefinitions:
          - AttributeName: site
            AttributeType: S
          - AttributeName: timestamp
            AttributeType: N
        KeySchema:
          - AttributeName: site
            KeyType: HASH
          - AttributeName: timestamp
            KeyType: RANGE
        ProvisionedThroughput:
          ReadCapacityUnits: 1
          WriteCapacityUnits: 1
        TimeToLiveSpecification:
          AttributeName: TimeToLive
          Enabled: true
        StreamSpecification: 
          StreamViewType: NEW_IMAGE

    # Configure API gateway "Gateway Responses" to work with CORS restrictions
    GatewayResponseDefault4XX:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,Access-Control-Allow-Origin'"
          gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,OPTIONS'"
        ResponseType: DEFAULT_4XX
        RestApiId:
          Ref: 'ApiGatewayRestApi'
    GatewayResponseDefault5XX:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,OPTIONS'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,Access-Control-Allow-Origin'"
        ResponseType: DEFAULT_5XX
        RestApiId:
          Ref: 'ApiGatewayRestApi'
    GatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        ResponseType: EXPIRED_TOKEN
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '401'
    AuthFailureGatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        ResponseType: UNAUTHORIZED
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '401'