-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
58 lines (54 loc) · 1.82 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
service: serverless-secrets
provider:
name: aws
runtime: nodejs6.10
stage: ${opt:stage, self:custom.defaultStage}
environment:
DB_USER: "/services/sample1/${opt:stage, self:provider.stage}/DB_USER"
DB_PASSWORD: "/services/sample1/${opt:stage, self:provider.stage}/DB_PASSWORD"
DB_HOST: "/services/sample1/${opt:stage, self:provider.stage}/DB_HOST"
DB_NAME: "/services/sample1/${opt:stage, self:provider.stage}/DB_NAME"
iamRoleStatements:
- Effect: Allow
Action:
- ssm:DescribeParameters
- ssm:GetParameters
Resource: "arn:aws:ssm:${opt:region, self:provider.region}:*:parameter/services/sample1/${opt:stage, self:provider.stage}/*"
- Effect: Allow
Action:
- kms:Decrypt
Resource: "arn:aws:kms:${opt:region, self:provider.region}:*:key/${self:custom.kms_key.${opt:region, self:provider.region}.${self:provider.stage}}"
custom:
defaultStage: dev
# The following section is if you want the lambda to hook into the vpc
subnetIds:
"us-east-1":
prod:
- subnet-aaaaaaa
# The security group the lambda will run in, for vpc setups
securityGroupIds:
"us-east-1":
prod:
- sg-aaaaaaaa
kms_key:
"us-east-1":
prod: "the default kms key that will be used to decrypt params, get this for the az you're deploying to"
dev: "foo"
functions:
sample:
handler: sample.handler
memorySize: 1024
timeout: 300
events:
- http:
path: /sample
method: get
cors: true
vpc:
securityGroupIds: ${self:custom.securityGroupIds.${opt:region, self:provider.region}.${self:provider.stage}}
subnetIds: ${self:custom.subnetIds.${opt:region, self:provider.region}.${self:provider.stage}}
plugins:
- serverless-plugin-optimize
- serverless-offline
package:
individually: true