forked from skorfmann/cloudfront-image-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
131 lines (126 loc) · 3.5 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
service: cloudfront-image-proxy
provider:
name: aws
runtime: nodejs6.10 # 8.1 isn't supported yet for lambda@edge
region: us-east-1 # only valid option for lambda@edge
stage: ${opt:stage, 'dev'}
defaultEnvironmentGroup: dev
iamRoleStatements:
- Effect: Allow
Action:
- s3:GetObject
Resource:
- "Fn::Join":
- "/"
-
- { "Fn::GetAtt": [ImageBucket, Arn] }
- "*"
- Effect: Allow
Action:
- s3:PutObject
Resource:
- "Fn::Join":
- "/"
-
- { "Fn::GetAtt": [ImageBucket, Arn] }
- "*"
package:
individually: true
functions:
viewerRequest:
handler: src/viewerRequest.handler
memorySize: 128 # viewer functions max 128
timeout: 1 # viewer functions max 5 seconds
lambdaAtEdge:
distribution: 'ImageProxyDistribution'
eventType: 'viewer-request'
viewerResponse:
handler: src/viewerResponse.handler
memorySize: 128
timeout: 1
lambdaAtEdge:
distribution: 'ImageProxyDistribution'
eventType: 'viewer-response'
originResponse:
handler: src/originResponse.handler
memorySize: 512
timeout: 15
lambdaAtEdge:
distribution: 'ImageProxyDistribution'
eventType: 'origin-response'
originRequest:
handler: src/originRequest.handler
memorySize: 512
timeout: 15
lambdaAtEdge:
distribution: 'ImageProxyDistribution'
eventType: 'origin-request'
plugins:
- serverless-webpack
- serverless-plugin-cloudfront-lambda-edge
custom:
objectPrefix: '${self:service}-${self:provider.stage}'
webpack:
webpackConfig: 'webpack.config.js'
includeModules: true
packager: 'npm'
resources:
Resources:
ImageBucket:
Type: 'AWS::S3::Bucket'
DeletionPolicy: Retain
Properties:
BucketName: '${self:custom.objectPrefix}-image-bucket'
AccessControl: 'PublicRead'
ImageBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: { "Ref": ImageBucket }
PolicyDocument:
Statement:
- Action:
- s3:GetObject
Effect: Allow
Principal: "*"
Resource:
- "Fn::Join":
- "/"
-
- { "Fn::GetAtt": [ImageBucket, Arn] }
- "*"
ImageProxyDistribution:
Type: 'AWS::CloudFront::Distribution'
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: 'ImageBucketOrigin'
ViewerProtocolPolicy: allow-all
DefaultTTL: 3600
MaxTTL: 3600
Compress: true
ForwardedValues:
QueryString: 'true'
QueryStringCacheKeys:
- d
Cookies:
Forward: 'none'
DefaultRootObject: 'index.html'
Enabled: true
PriceClass: 'PriceClass_100' # US / Canada / Europe
HttpVersion: 'http2'
ViewerCertificate:
CloudFrontDefaultCertificate: true
Origins:
-
Id: 'ImageBucketOrigin'
DomainName: { 'Fn::GetAtt': [ ImageBucket, DomainName ] }
S3OriginConfig: {}
Outputs:
ImageBucket:
Value: { "Ref": ImageBucket}
Export:
Name: ImageBucket
ImageProxyDistribution:
Value: { "Ref": ImageProxyDistribution}
Export:
Name: ImageProxyDistribution