cloudhus/template.yaml at main · Project-Hus/cloudhus · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
  cloudhus serverless microservices

Globals:
  Function:
    Timeout: 30 # Labmda function lifetime(1 ~ 900 sec)
    MemorySize: 128 # Lambda function memory size(128MB ~ 10240MB)
    Tracing: Active # AWS X-Ray tracing
    Environment:
      Variables: # --env-vars takes precedence over these values in sam local
        GOOGLE_CLIENT_ID: "{{resolve:ssm:GOOGLE_CLIENT_ID:1}}"
        HUS_SECRET_KEY: "{{resolve:ssm:HUS_SECRET_KEY:1}}"

        HUS_AUTH_DB_HOST: "{{resolve:ssm:HUS_AUTH_DB_HOST:1}}"
        HUS_AUTH_DB_NAME: "{{resolve:ssm:HUS_AUTH_DB_NAME:1}}"
        HUS_AUTH_DB_PASSWORD: "{{resolve:ssm:HUS_AUTH_DB_PASSWORD:1}}"
        HUS_AUTH_DB_PORT: "{{resolve:ssm:HUS_AUTH_DB_PORT:1}}"
        HUS_AUTH_DB_USER: "{{resolve:ssm:HUS_AUTH_DB_USER:1}}"

        HUS_ENV: "{{resolve:ssm:HUS_ENV:1}}"
  # Api:
  #   Cors: # CORS settings for all APIs
  #     AllowOrigin: "'*'"
  #     AllowHeaders: "'*'"
  #     AllowMethods: "'*'"
  #     MaxAge: "'43200'" # preflight cache max age
  #     #AllowCredentials: true # with wildcard origin, this is not allowed actually.
  #   TracingEnabled: true # AWS X-Ray tracing

Resources:
  # auth services ==================================================
  CloudhusAuthApi:
    Type: AWS::Serverless::HttpApi # API Gateway V2(HTTP API)
    Properties:
      # Auth:
      # Authorizer: NONE
      # ApiKeyRequired: false
      # AddDefaultAuthorizerToCorsPreflight: false
      Name: CloudhusAuthApi
      #StageName: prod # it can't be used when signle function works as whole service. because it attaches prefix path.
      Domain: # setting custom domain for API Gateway
        DomainName: "auth.cloudhus.com"
        # the domain name you want to use
        CertificateArn: "{{resolve:ssm:CLOUDHUS_ACM_ARN:1}}"
        # CertificateArn can be easily generated by AWS Certificate Manager
        EndpointConfiguration: REGIONAL
        # EDGE for global API, REGIONAL for regional API
        Route53:
          # Route53 Hosted Zone ID which manages the domain
          HostedZoneId: "{{resolve:ssm:CLOUDHUS_HOSTED_ZONE:1}}"
  CloudhusAuthService:
    Type: AWS::Serverless::Function # Lambda function
    Properties:
      PackageType: Zip # Zip(default) or Image
      CodeUri: services/hus-auth/ # local path to the code (S3 also supported)
      Handler: hus-auth # name of the executable file (but this prop did't make error no matter what it is set to when I tried)
      Runtime: go1.x # lambda function runtime
      Architectures: # lambda function ISA
        - x86_64
      Events: # events that trigger this lambda function.
        CloudhusAuthServiceRoot: # root path must be defined separately.
          Type: HttpApi # API Gateway V2(HTTP API)
          Properties:
            ApiId:
              Ref: CloudhusAuthApi # reference to the API that we defined above.
            Path: /auth # auth service uses subdomain, but to do proxy in sam local, prefix is needed to distinguish.
            Method: ANY # allowed HTTP methods
        CloudhusAuthServiceProxy: # proxy part for api
          Type: HttpApi
          Properties:
            ApiId:
              Ref: CloudhusAuthApi # same reference as above.
            Path: /auth/{proxy+} # {proxy+} is a special path that matches any path
            Method: ANY
      # VpcConfig:
      #   SubnetIds: # subnet for lambda function
      #     - "{{resolve:ssm:US_WEST_2A_SUBNET_ID:1}}"
      #   SecurityGroupIds: # security group for lambda function
      #     - "{{resolve:ssm:CLOUDHUS_SG_ID:1}}"

  # resource group for application insights
  ApplicationResourceGroup:
    Type: AWS::ResourceGroups::Group
    Properties:
      Name:
        Fn::Join: # "ApplicationInsights-SAM-cloudhus"
          - ""
          - - ApplicationInsights-SAM-
            - Ref: AWS::StackName
      ResourceQuery: # query for resources to be included in the group
        Type: CLOUDFORMATION_STACK_1_0 # all resources in the stack.
  # application insights
  ApplicationInsightsMonitoring:
    Type: AWS::ApplicationInsights::Application
    Properties:
      ResourceGroupName: # the group we defined above.
        Fn::Join:
          - ""
          - - ApplicationInsights-SAM-
            - Ref: AWS::StackName
      AutoConfigurationEnabled: "true"
    DependsOn: ApplicationResourceGroup # this resource depends on the group we defined above.

Outputs:
  # ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
  # Find out more about other implicit resources you can reference within SAM
  # https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
  CloudhusAuthApi:
    Description: Cloudhus auth api endpoint base url
    Value: "https://auth.cloudhus.com/auth"
  CloudhusAuthService:
    Description: CloudhusAuthService Lambda ARN
    Value: !GetAtt CloudhusAuthService.Arn
  CloudhusAuthServiceIamRole:
    Description: Implicit IAM Role created for CloudhusAuthService
    Value: !GetAtt CloudhusAuthServiceRole.Arn