serverless.yml

service: capstone-image-storage

plugins:
  - serverless-iam-roles-per-function
  - serverless-plugin-tracing

provider:
  name: aws
  runtime: go1.x
  lambdaHashingVersion: 20201221

  stage: ${opt:stage, 'dev'}
  region: ${opt:region, 'us-east-1'}

  tracing:
    lambda: true
    apiGateway: true

  environment:
    IMAGE_S3_BUCKET: capstone-image-storage-981561515630-${self:provider.stage}
    SIGNED_URL_EXPIRATION: 300
    AUTH_API_ID: https://udacity.luoma.dev
    AUTH_API_DOMAIN: dev-sz67ap41.us.auth0.com

  logs:
    # Enable API Gateway logs
    restApi: true

  httpApi:
    authorizers:
      auth:
        type: request
        functionName: auth

  iam:
    role:
      statements:
        - Effect: Allow
          Action:
            - xray:PutTelemetryRecords
            - xray:PutTraceSegments
          Resource: "*"

package:
  exclude:
    - ./**
  include:
    - ./gobin/**

functions:
  auth:
    handler: gobin/auth
    
  create-image-url:
    handler: gobin/image
    events:
      - http: 
          path: /images/{id}
          method: post
          cors: true
          authorizer: 
            name: auth
    iamRoleStatements:
      - Effect: Allow
        Action:
          - s3:PutObject
          - s3:GetObject
        Resource: arn:aws:s3:::${self:provider.environment.IMAGE_S3_BUCKET}/*

resources:
  Resources:
    GatewayResponseDefault4XX:
      Type: AWS::ApiGateway::GatewayResponse
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
          gatewayresponse.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'"
        ResponseType: DEFAULT_4XX
        RestApiId:
          Ref: ApiGatewayRestApi

    ImageBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:provider.environment.IMAGE_S3_BUCKET}
        CorsConfiguration:
          CorsRules:
            -
              AllowedOrigins:
                - '*'
              AllowedHeaders:
                - '*'
              AllowedMethods:
                - GET
                - PUT
                - POST
                - DELETE
                - HEAD
              MaxAge: 3000

    BucketPolicy:
      Type: AWS::S3::BucketPolicy
      Properties:
        PolicyDocument:
          Id: ImageBucketPolicy
          Version: "2012-10-17"
          Statement:
            - Sid: PublicReadForGetBucketObjects
              Effect: Allow
              Principal: '*'
              Action: 's3:GetObject'
              Resource: 'arn:aws:s3:::${self:provider.environment.IMAGE_S3_BUCKET}/*'
        Bucket: !Ref ImageBucket