-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
138 lines (127 loc) · 3.41 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
service: sls-aws-scheduler-tasks
frameworkVersion: "3"
plugins:
- serverless-deployment-bucket
- serverless-offline
- serverless-plugin-optimize
- serverless-prune-plugin
provider:
name: aws
runtime: nodejs20.x
stage: ${opt:stage, 'hml'}
region: us-east-1
deploymentBucket:
name: ${self:service}-${self:provider.region}-deployments-lambdas
blockPublicAccess: true
environment:
QUEUE_ARN: ${self:custom.queueArn}
SCHEDULER_ROLE_ARN: ${self:custom.schedulerRoleArn}
SCHEDULER_GROUP_NAME: ${self:custom.schedulerGroupName}
REGION: ${self:provider.region}
httpApi:
payload: "2.0"
iam:
role:
statements:
- Effect: Allow
Action:
- scheduler:CreateSchedule
Resource: "*"
- Effect: Allow
Action:
- iam:PassRole
Resource: ${self:custom.schedulerRoleArn}
custom:
queueName: ${opt:stage, self:provider.stage}-scheduler-tasks-queue
schedulerGroupName: ${opt:stage, self:provider.stage}-scheduler-tasks-group
queueArn: !GetAtt SchedulerQueue.Arn
schedulerRoleArn: !GetAtt SchedulerRole.Arn
resources:
Resources:
SchedulerQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.queueName}.fifo
FifoQueue: true
ContentBasedDeduplication: true
RedrivePolicy:
deadLetterTargetArn: !GetAtt SchedulerQueueDql.Arn
maxReceiveCount: 3
SchedulerQueueDql:
Type: AWS::SQS::Queue
Properties:
FifoQueue: true
QueueName: ${self:custom.queueName}-dlq.fifo
SchedulerGroup:
Type: AWS::Scheduler::ScheduleGroup
Properties:
Name: ${self:custom.schedulerGroupName}
SchedulerRole:
Type: AWS::IAM::Role
Properties:
RoleName: SchedulerRole
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: "scheduler.amazonaws.com"
Action: sts:AssumeRole
Condition:
StringEquals:
aws:SourceAccount: ${aws:accountId}
Policies:
- PolicyName: SchedulerPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: sqs:SendMessage
Resource: ${self:custom.queueArn}
SchedulerQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: "scheduler.amazonaws.com"
Action: sqs:SendMessage
Resource: ${self:custom.queueArn}
Queues:
- Ref: SchedulerQueue
functions:
SchedulerProducer:
timeout: 10
memorySize: 128
handler: build/scheduler-producer.handler
events:
- http:
path: /scheduler-producer
method: get
SchedulerConsumer:
timeout: 10
memorySize: 128
handler: build/scheduler-consumer.handler
events:
- sqs:
arn: ${self:custom.queueArn}
batchSize: 1
package:
individually: true
patterns:
- src/**
- node_modules/**
- package.json
- package-lock.json
- tsconfig.json
- README.md
- .nvmrc
- .gitignore
- .git/**
- .env
- .serverless/**
- .serverless
- .vscode/**
- .vscode