template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  Cesium Terrain Server on AWS Lambda

Globals:
  Function:
    Timeout: 5

Parameters:
  BaseTerrainUrl:
    Type: String
    Default: /tilesets
    Description: Base URL prefix under which all tilesets are served

Resources:
  EfsLambdaVpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
  EfsLambdaSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "EFS + Lambda on SAM Security Group"
      VpcId: !Ref EfsLambdaVpc
      SecurityGroupEgress:
        - CidrIp: "0.0.0.0/0"
          FromPort: 0
          ToPort: 65535
          IpProtocol: tcp
      SecurityGroupIngress:
        - CidrIp: "0.0.0.0/0"
          FromPort: 0
          ToPort: 65535
          IpProtocol: tcp
  EfsLambdaSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref EfsLambdaVpc
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      MapPublicIpOnLaunch: false
      CidrBlock: "10.0.0.0/24"
  EfsFileSystem:
    Type: AWS::EFS::FileSystem
    Properties:
      FileSystemTags:
        - Key: Name
          Value: cesiumts-data
      Encrypted: true
  MountTarget:
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref EfsFileSystem
      SubnetId: !Ref EfsLambdaSubnet
      SecurityGroups:
        - !Ref EfsLambdaSecurityGroup
  AccessPoint:
    Type: AWS::EFS::AccessPoint
    Properties:
      FileSystemId: !Ref EfsFileSystem
      PosixUser:
        Gid: "1000"
        Uid: "1000"
      RootDirectory:
        Path: "/"
        CreationInfo:
          OwnerGid: "1000"
          OwnerUid: "1000"
          Permissions: "755"
  CesiumTerrainServer:
    Type: AWS::Serverless::Function
    DependsOn:
      - MountTarget
    Properties:
      PackageType: Image
      Architectures:
        - x86_64
      Policies:
        - EFSWriteAccessPolicy:
            FileSystem: !Ref EfsFileSystem
            AccessPoint: !Ref AccessPoint
      VpcConfig:
        SecurityGroupIds:
          - !Ref EfsLambdaSecurityGroup
        SubnetIds:
          - !Ref EfsLambdaSubnet
      FileSystemConfigs:
        - Arn: !GetAtt AccessPoint.Arn
          LocalMountPath: /mnt/lambda
      Environment:
        Variables:
          TILESET_ROOT: /mnt/lambda
          BASE_TERRAIN_URL: !Ref BaseTerrainUrl
      Events:
        GetResource:
          Type: Api
          Properties:
            Path: /{proxy+}
            Method: any
    Metadata:
      DockerTag: go1.x-v1
      DockerContext: ./cesiumts
      Dockerfile: Dockerfile

Outputs:
  CesiumTerrainServerApi:
    Description: URL for application
    Value: !Sub 'https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com'
    Export:
      Name: CesiumTerrainServerApi