backend/serverless.yml

# Welcome to Serverless!
# This file is the main config file for the LISTINGS service.
# For full config options, check the docs:
#    docs.serverless.com

service: marketplace-listing
# app and org for use with dashboard.serverless.com
app: marketplace
org: kendyjm

# You can pin your service to only deploy with a specific Serverless version
# Check out our docs for more details
frameworkVersion: "2"

provider:
  name: aws
  runtime: nodejs12.x

  # you can overwrite defaults here
  stage: ${opt:stage, 'dev'}
  region: ${opt:region, 'eu-west-3'}

  # you can define service wide environment variables here
  environment:
    LISTINGS_TABLE: ${self:service}s-${self:provider.stage}
    LISTINGS_INDEX_UPDATED_AT: ${self:service}s-${self:provider.stage}-index-updatedat
    LISTINGS_IMAGES_BUCKET: ${self:service}s-${self:provider.stage}-images
    SIGNED_URL_EXPIRATION: "300"

  tracing: # Enable X-Ray Tracing
    lambda: true
    apiGateway: true

  logs:
    restApi: true # enable API Gateway logs

plugins:
  - serverless-webpack
  - serverless-iam-roles-per-function
  - serverless-aws-documentation
  - serverless-reqvalidator-plugin

package:
  individually: true

custom:
  documentation:
    api:
      info:
        version: v1.0.0
        title: Listing API for Marketplace Application
        description: Serverless application to setup a collaborative platform that essentially connects individuals wishing to sell or buy
    models:
      - name: CreateListingRequestSchema
        contentType: application/json
        schema: ${file(src/validation/CreateListingRequestSchema.json)}
      - name: UpdateListingRequestSchema
        contentType: application/json
        schema: ${file(src/validation/UpdateListingRequestSchema.json)}

# you can add packaging information here
#package:
#  include:
#    - include-me.js
#    - include-me-dir/**
#  exclude:
#    - exclude-me.js
#    - exclude-me-dir/**

functions:
  Auth: # An AWS API Gateway custom RS256 authorizer function
    handler: src/lambda/auth/auth0Authorizer.handler

  GetListingsFull:
    handler: src/lambda/http/getListingsFull.handler
    events:
      - http:
          method: get
          path: listings/all
          cors: true
          authorizer: Auth
          documentation:
            summary: "Get Listings"
            description: "Get all the listings"
            tags:
              - Listing
              - Get
    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:Scan
        Resource:
          - { "Fn::GetAtt": ["ListingTable", "Arn"] }
      - Effect: Allow
        Action:
          - xray:PutTraceSegments
        Resource:
          - "*"

  GetListings:
    handler: src/lambda/http/getListings.handler
    events:
      - http:
          method: get
          path: listings
          cors: true
          authorizer: Auth
          documentation:
            summary: "Get Listings of a User"
            description: "Get all the listings of the authorized user"
            tags:
              - Listing
              - Get
    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:Query
        # TODO resource: use "Fn::GetAtt"
        Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.LISTINGS_TABLE}/index/${self:provider.environment.LISTINGS_INDEX_UPDATED_AT}
      - Effect: Allow
        Action:
          - xray:PutTraceSegments
        Resource:
          - "*"

  CreateListing:
    handler: src/lambda/http/createListing.handler
    events:
      - http:
          method: post
          path: listings
          cors: true
          authorizer: Auth
          reqValidatorName: RequestBodyValidator
          documentation:
            summary: "Create a Listing"
            description: "Create a new Listing item"
            tags:
              - Listing
              - Create
            requestModels:
              "application/json": CreateListingRequestSchema
    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:PutItem
        Resource:
          - { "Fn::GetAtt": ["ListingTable", "Arn"] }
      - Effect: Allow
        Action:
          - xray:PutTraceSegments
        Resource:
          - "*"

  DeleteListing:
    handler: src/lambda/http/deleteListing.handler
    events:
      - http:
          method: delete
          path: listings/{listingId}
          authorizer: Auth
          cors: true
          documentation:
            summary: "Delete a Listing"
            description: "Delete a Listing from its id"
            tags:
              - Listing
              - Delete
    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:DeleteItem
        Resource:
          - { "Fn::GetAtt": ["ListingTable", "Arn"] }
      - Effect: Allow
        Action:
          - xray:PutTraceSegments
        Resource:
          - "*"

  UpdateListing:
    handler: src/lambda/http/updateListing.handler
    events:
      - http:
          method: patch
          path: listings/{listingId}
          authorizer: Auth
          cors: true
          reqValidatorName: RequestBodyValidator
          documentation:
            summary: "Update a Listing"
            description: "Modify an existing Listing"
            tags:
              - Listing
              - Update
            requestModels:
              "application/json": UpdateListingRequestSchema
    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:UpdateItem
        Resource:
          - { "Fn::GetAtt": ["ListingTable", "Arn"] }
      - Effect: Allow
        Action:
          - xray:PutTraceSegments
        Resource:
          - "*"

  GenerateUploadUrl:
    handler: src/lambda/http/generateUploadUrl.handler
    events:
      - http:
          method: post
          path: listings/{listingId}/attachment
          authorizer: Auth
          cors: true
          documentation:
            summary: "Signed url and attachmentUrl update"
            description: "Generate a signed url and update/add the attachmentUrl property to the listing"
            tags:
              - Listing
              - Update
    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:UpdateItem
        Resource:
          - { "Fn::GetAtt": ["ListingTable", "Arn"] }
      - Effect: Allow
        Action:
          - s3:PutObject
          - s3:GetObject
        Resource: arn:aws:s3:::${self:provider.environment.LISTINGS_IMAGES_BUCKET}/*
      - Effect: Allow
        Action:
          - xray:PutTraceSegments
        Resource:
          - "*"

# you can add CloudFormation resource templates here
resources:
  Resources:
    ListingTable:
      Type: AWS::DynamoDB::Table
      Properties:
        KeySchema: # Primary key
          - AttributeName: userId
            KeyType: HASH # Partition Key
          - AttributeName: listingId
            KeyType: RANGE # Sort key
        AttributeDefinitions: # An array of attributes that describe the _key schema_ for the table and indexes.
          - AttributeName: userId
            AttributeType: S
          - AttributeName: listingId
            AttributeType: S
          - AttributeName: updatedAt
            AttributeType: S
        BillingMode: PAY_PER_REQUEST # PROVISIONED for predictable workloads, PAY_PER_REQUEST for unpredictable
        TableName: ${self:provider.environment.LISTINGS_TABLE}
        GlobalSecondaryIndexes:
          - IndexName: ${self:provider.environment.LISTINGS_INDEX_UPDATED_AT}
            KeySchema:
              - AttributeName: userId
                KeyType: HASH
              - AttributeName: updatedAt
                KeyType: RANGE
            Projection:
              ProjectionType: ALL # All of the table attributes are projected into the index.

    ListingImagesBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:provider.environment.LISTINGS_IMAGES_BUCKET}
        CorsConfiguration:
          CorsRules:
            - AllowedOrigins:
                - "*"
              AllowedHeaders:
                - "*"
              AllowedMethods:
                - GET
                - PUT
                - POST
                - DELETE
                - HEAD
              MaxAge: 3000

    BucketPolicy:
      Type: AWS::S3::BucketPolicy
      Properties:
        PolicyDocument:
          Id: ListingImagesBucketPolicy
          Version: "2012-10-17"
          Statement:
            - Sid: PublicReadForGetBucketObjects
              Effect: Allow
              Principal: "*"
              Action: "s3:GetObject"
              Resource: "arn:aws:s3:::${self:provider.environment.LISTINGS_IMAGES_BUCKET}/*"
        Bucket: !Ref ListingImagesBucket

    RequestBodyValidator:
      Type: AWS::ApiGateway::RequestValidator
      Properties:
        Name: "request-body-validator"
        RestApiId:
          Ref: ApiGatewayRestApi
        ValidateRequestBody: true
        ValidateRequestParameters: false

    GatewayResponseDefault4XX:
      Type: AWS::ApiGateway::GatewayResponse
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
          gatewayresponse.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE,PATCH,PUT'"
        ResponseType: DEFAULT_4XX
        RestApiId:
          Ref: ApiGatewayRestApi

    GatewayResponseDefault5XX:
      Type: AWS::ApiGateway::GatewayResponse
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
          gatewayresponse.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE,PATCH,PUT'"
        ResponseType: DEFAULT_5XX
        RestApiId:
          Ref: ApiGatewayRestApi