-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudformation.yml
131 lines (115 loc) · 3.52 KB
/
cloudformation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
AWSTemplateFormatVersion: 2010-09-09
Parameters:
CertificateArn:
Type: String
Resources:
Api:
Type: AWS::ApiGatewayV2::Api
Properties:
Name: !Ref AWS::StackName
ProtocolType: HTTP
Target: !GetAtt Lambda.Arn
CredentialsArn: !GetAtt ApiRole.Arn
ApiOverrides:
Type: AWS::ApiGatewayV2::ApiGatewayManagedOverrides
Properties:
ApiId: !Ref Api
Stage:
AccessLogSettings:
DestinationArn: !GetAtt ApiLogGroup.Arn
Format: '{"sourceIp":"$context.identity.sourceIp","httpMethod":"$context.httpMethod","path":"$context.path","status":"$context.status","responseLength":"$context.responseLength","responseLatency":"$context.responseLatency","requestTime":"$context.requestTime","protocol":"$context.protocol","userAgent":"$context.identity.userAgent","requestId":"$context.requestId"}'
ApiLogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 180
ApiRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
Action: sts:AssumeRole
Principal:
Service: apigateway.amazonaws.com
Effect: Allow
Policies:
- PolicyName: policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: lambda:InvokeFunction
Resource: !GetAtt Lambda.Arn
LambdaLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/aws/lambda/${Lambda}"
RetentionInDays: 90
LambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
Action: sts:AssumeRole
Principal:
Service: lambda.amazonaws.com
Effect: Allow
Policies:
- PolicyName: policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:PutLogEvents
Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*"
Lambda:
Type: AWS::Lambda::Function
Properties:
Code: main.py
Handler: main.lambda_handler
MemorySize: 128
Role: !GetAtt LambdaRole.Arn
Runtime: python3.9
Timeout: 30
Hyp3DomainName:
Type: AWS::ApiGatewayV2::DomainName
Properties:
DomainName: hyp3.asf.alaska.edu
DomainNameConfigurations:
- CertificateArn: !Ref CertificateArn
EndpointType: REGIONAL
Hyp3Mapping:
Type: AWS::ApiGatewayV2::ApiMapping
Properties:
ApiId: !Ref Api
DomainName: !Ref Hyp3DomainName
Stage: $default
Hyp3ApiDomainName:
Type: AWS::ApiGatewayV2::DomainName
Properties:
DomainName: api.hyp3.asf.alaska.edu
DomainNameConfigurations:
- CertificateArn: !Ref CertificateArn
EndpointType: REGIONAL
Hyp3ApiMapping:
Type: AWS::ApiGatewayV2::ApiMapping
Properties:
ApiId: !Ref Api
DomainName: !Ref Hyp3ApiDomainName
Stage: $default
Hyp3DownloadDomainName:
Type: AWS::ApiGatewayV2::DomainName
Properties:
DomainName: hyp3-download.asf.alaska.edu
DomainNameConfigurations:
- CertificateArn: !Ref CertificateArn
EndpointType: REGIONAL
Hyp3DownloadMapping:
Type: AWS::ApiGatewayV2::ApiMapping
Properties:
ApiId: !Ref Api
DomainName: !Ref Hyp3DownloadDomainName
Stage: $default