-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathserverless.yml
More file actions
150 lines (147 loc) · 7.62 KB
/
serverless.yml
File metadata and controls
150 lines (147 loc) · 7.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
service: scenemodels
useDotenv: true
provider:
name: aws
region: eu-central-1
runtime: provided.al2
apiGateway:
binaryMediaTypes:
- '*/*'
environment:
BREF_BINARY_RESPONSES: '1'
PGHOST: ${env:PGHOST}
PGPASSWORD: ${env:PGPASSWORD}
PGUSER: ${env:PGUSER}
PGPORT: ${env:PGPORT}
PGDATABASE: ${env:PGDATABASE}
SMTPHOST: ${env:SMTPHOST}
SMTPPORT: ${env:SMTPPORT}
SMTPUSER: ${env:SMTPUSER}
SMTPPASSWORD: ${env:SMTPPASSWORD}
MAINTAINERS: 'flightgear-scenemodels-review@lists.sourceforge.net'
plugins:
- ./vendor/bref/bref
- ./vendor/bref/extra-php-extensions
functions:
api:
handler: scenemodels/app.php
description: 'The scenemodels database frontend'
timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
layers:
- ${bref:layer.php-74-fpm}
- ${bref:extra.pgsql-php-74}
- ${bref:extra.gd-php-74}
# Ref name is generated by TitleCasing the layer name & appending LambdaLayer
# - {Ref: AwssdkLambdaLayer}
events:
- httpApi: '*'
pending:
handler: scenemodels/submission/pending_submissions.php
description: 'Send pending requests'
timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
layers:
- ${bref:layer.php-74-fpm}
- ${bref:extra.pgsql-php-74}
# Exclude files from deployment
package:
exclude:
- 'node_modules/**'
- 'tests/**'
resources:
Resources:
# The S3 bucket that stores the assets
Assets:
Type: AWS::S3::Bucket
Properties:
BucketName: scenemodels
# The policy that makes the bucket publicly readable
AssetsBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref Assets # References the bucket we defined above
PolicyDocument:
Statement:
- Effect: Allow
Principal: '*' # everyone
Action: 's3:GetObject' # to read
Resource: !Join ['/', [!GetAtt Assets.Arn, '*']] # things in the bucket
# alternatively you can write out Resource: 'arn:aws:s3:::<bucket-name>/*'
WebsiteCDN:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: true
# Cheapest option by default (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_DistributionConfig.html)
PriceClass: PriceClass_100
Aliases:
- scenery.flightgear.org
ViewerCertificate:
AcmCertificateArn: ${env:SSL_CERTIFICATE_ARN}
SslSupportMethod: sni-only
# Enable http2 transfer for better performances
HttpVersion: http2
# Origins are where CloudFront fetches content
Origins:
# The website (AWS Lambda)
- Id: Website
DomainName: !Join ['.', [!Ref HttpApi, 'execute-api', !Ref AWS::Region, 'amazonaws.com']]
CustomOriginConfig:
OriginProtocolPolicy: 'https-only' # API Gateway only supports HTTPS
# CloudFront does not forward the original `Host` header. We use this
# to forward the website domain name to PHP via the `X-Forwarded-Host` header.
# Learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
#OriginCustomHeaders:
# - HeaderName: 'X-Forwarded-Host'
# HeaderValue: example.com # our custom domain
# The assets (S3)
- Id: Assets
DomainName: !GetAtt Assets.RegionalDomainName
S3OriginConfig: {} # this key is required to tell CloudFront that this is an S3 origin, even though nothing is configured
# If you host a static website, like a SPA, use s3-website URLs instead of the config above
# See https://stackoverflow.com/questions/15309113/amazon-cloudfront-doesnt-respect-my-s3-website-buckets-index-html-rules#15528757
# DomainName: !Select [2, !Split ["/", !GetAtt Assets.WebsiteURL]]
# CustomOriginConfig:
# OriginProtocolPolicy: 'http-only' # S3 websites only support HTTP
# You'll also need to enable website hosting on your s3 bucket by configuring the WebsiteConfiguration property
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-websiteconfiguration
# The default behavior is to send everything to AWS Lambda
DefaultCacheBehavior:
AllowedMethods: [GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE]
TargetOriginId: Website # the PHP application
# Disable caching for the PHP application https://aws.amazon.com/premiumsupport/knowledge-center/prevent-cloudfront-from-caching-files/
DefaultTTL: 0
MinTTL: 0
MaxTTL: 0
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-forwardedvalues.html
ForwardedValues:
QueryString: true
Cookies:
Forward: all # Forward cookies to use them in PHP
# We must *not* forward the `Host` header else it messes up API Gateway
Headers:
- 'Accept'
- 'Accept-Encoding'
- 'Accept-Language'
- 'Authorization'
- 'Origin'
- 'Referer'
# CloudFront will force HTTPS on visitors (which is more secure)
ViewerProtocolPolicy: redirect-to-https
CacheBehaviors:
# Assets will be served under the `/static/` prefix
- PathPattern: 'static/*'
TargetOriginId: Assets # the static files on S3
AllowedMethods: [GET, HEAD]
ForwardedValues:
# No need for all that with assets
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
Compress: true # Serve files with gzip for browsers that support it (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html)
CustomErrorResponses:
# Force CloudFront to not cache HTTP errors
- ErrorCode: 500
ErrorCachingMinTTL: 0
- ErrorCode: 504
ErrorCachingMinTTL: 0