AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: Private Composer registry for private PHP packages on AWS Serverless Parameters: LoggerLevel: Description: The level of logger Type: String Default: error AllowedValues: - error - warn - info - verbose ConstraintDescription: Must be "error", "warn", "info" or "verbose" ModeDebug: Description: Check if the debug must be enabled ("0" to disable, or "1" to enable) Type: String Default: 0 AllowedValues: - 0 - 1 ConstraintDescription: Must be "0" to disable, or "1" to enable RedirectToApp: Description: Check if root the url must be redirect to the path of the PWA ("0" to disable, or "1" to enable) Type: String Default: 1 AllowedValues: - 0 - 1 ConstraintDescription: Must be "0" to disable, or "1" to enable AppBasePath: Description: The base path to serve the PWA Type: String Default: /admin TugVersion: Description: The version defined by the tag name in the Releases page (https://github.com/fxpio/tug/releases) Type: String Default: 7452498d0fa79768b92280b5bde8c226fff9aa6f Resources: Endpoint: Type: AWS::Serverless::Api Description: Endpoint of Tug Properties: StageName: prod DefinitionBody: swagger: 2.0 info: title: Fn::Join: - '' - - Ref: AWS::StackName - 'Api' basePath: /prod schemes: - https paths: /: x-amazon-apigateway-any-method: produces: - application/json responses: '200': description: 200 response schema: $ref: "#/definitions/Empty" x-amazon-apigateway-integration: responses: default: statusCode: 200 uri: Fn::Join: - '' - - 'arn:aws:apigateway:' - Ref: AWS::Region - ':lambda:path/2015-03-31/functions/arn:aws:lambda:' - Ref: AWS::Region - ':' - Ref: AWS::AccountId - ':function:' - Ref: Server - '/invocations' passthroughBehavior: when_no_match httpMethod: POST type: aws_proxy options: consumes: - application/json produces: - application/json responses: '200': description: 200 response schema: $ref: "#/definitions/Empty" headers: Access-Control-Allow-Origin: type: string Access-Control-Allow-Methods: type: string Access-Control-Allow-Headers: type: string x-amazon-apigateway-integration: responses: default: statusCode: 200 responseParameters: method.response.header.Access-Control-Allow-Methods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'" method.response.header.Access-Control-Allow-Origin: "'https://example.com'" passthroughBehavior: when_no_match requestTemplates: application/json: "{\"statusCode\": 200}" type: mock /{proxy+}: x-amazon-apigateway-any-method: produces: - application/json parameters: - name: proxy in: path required: true type: string responses: {} x-amazon-apigateway-integration: uri: Fn::Join: - '' - - 'arn:aws:apigateway:' - Ref: AWS::Region - ':lambda:path/2015-03-31/functions/arn:aws:lambda:' - Ref: AWS::Region - ':' - Ref: AWS::AccountId - ':function:' - Ref: Server - '/invocations' httpMethod: POST type: aws_proxy options: consumes: - application/json produces: - application/json responses: '200': description: 200 response schema: $ref: "#/definitions/Empty" headers: Access-Control-Allow-Origin: type: string Access-Control-Allow-Methods: type: string Access-Control-Allow-Headers: type: string x-amazon-apigateway-integration: responses: default: statusCode: 200 responseParameters: method.response.header.Access-Control-Allow-Methods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'" method.response.header.Access-Control-Allow-Origin: "'https://example.com'" passthroughBehavior: when_no_match requestTemplates: application/json: "{\"statusCode\": 200}" type: mock x-amazon-apigateway-binary-media-types: - '*/*' definitions: Empty: type: object title: Empty Schema Server: Type: AWS::Serverless::Function Properties: Description: Logic of Tug Runtime: nodejs16.x Handler: server.handler CodeUri: Bucket: tug-dev Key: Fn::Join: - '' - - 'builds/' - Ref: TugVersion - '.zip' Timeout: 30 MemorySize: 1024 Role: Fn::GetAtt: - ExecutionRole - Arn Environment: Variables: AWS_ACCOUNT_ID: Ref: AWS::AccountId AWS_DYNAMODB_TABLE: Ref: Database AWS_S3_BUCKET: Ref: Storage AWS_SQS_QUEUE_URL: Ref: Queue REDIRECT_TO_APP: Ref: RedirectToApp APP_BASE_PATH: Ref: AppBasePath LOGGER_LEVEL: Ref: LoggerLevel DEBUG: Ref: ModeDebug Events: ProxyApiRoot: Type: Api Properties: Path: / Method: ANY RestApiId: Ref: Endpoint ProxyApiGreedy: Type: Api Properties: Path: /{proxy+} Method: ANY RestApiId: Ref: Endpoint SqsQueueEvent: Type: SQS Properties: BatchSize: 10 Queue: Fn::GetAtt: - Queue - Arn Queue: Type: AWS::SQS::Queue Properties: VisibilityTimeout: 60 Storage: Type: "AWS::S3::Bucket" DeletionPolicy: Retain Database: Type: "AWS::DynamoDB::Table" DeletionPolicy: Retain Properties: AttributeDefinitions: - AttributeName: id AttributeType: S - AttributeName: model AttributeType: S KeySchema: - AttributeName: id KeyType: HASH GlobalSecondaryIndexes: - IndexName: model-index KeySchema: - AttributeName: model KeyType: HASH Projection: ProjectionType: ALL ProvisionedThroughput: ReadCapacityUnits: 1 WriteCapacityUnits: 1 ProvisionedThroughput: ReadCapacityUnits: 1 WriteCapacityUnits: 1 LambdaPermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction Principal: apigateway.amazonaws.com FunctionName: Fn::GetAtt: - Server - Arn SourceArn: Fn::Join: - '' - - 'arn:aws:execute-api:' - Ref: AWS::Region - ':' - Ref: AWS::AccountId - ':' - Ref: Endpoint - /*/* ExecutionRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Version: '2012-10-17' Statement: Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Policies: - PolicyName: LogsAccess PolicyDocument: Version: '2012-10-17' Statement: - Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Effect: Allow Resource: Fn::Join: - '' - - 'arn:aws:logs:' - Ref: AWS::Region - ':' - Ref: AWS::AccountId - ':' - '*' - PolicyName: SQSAccess PolicyDocument: Version: '2012-10-17' Statement: - Action: - sqs:SendMessage - sqs:ReceiveMessage - sqs:DeleteMessage - sqs:GetQueueAttributes Effect: Allow Resource: Fn::Join: - '' - - 'arn:aws:sqs:' - Ref: AWS::Region - ':' - Ref: AWS::AccountId - ':' - '*' - PolicyName: DynamoDbAccess PolicyDocument: Version: '2012-10-17' Statement: - Action: - dynamodb:PutItem - dynamodb:DeleteItem - dynamodb:GetItem - dynamodb:BatchWriteItem - dynamodb:Query Effect: Allow Resource: - Fn::Join: - '' - - 'arn:aws:dynamodb:' - Ref: AWS::Region - ':' - Ref: AWS::AccountId - ':' - 'table/' - Ref: Database - Fn::Join: - '' - - 'arn:aws:dynamodb:' - Ref: AWS::Region - ':' - Ref: AWS::AccountId - ':' - 'table/' - Ref: Database - '/index/*' - PolicyName: S3AccessList PolicyDocument: Version: '2012-10-17' Statement: - Action: - s3:ListBucket Effect: Allow Resource: Fn::Join: - '' - - 'arn:aws:s3:::' - Ref: Storage - PolicyName: S3Access PolicyDocument: Version: '2012-10-17' Statement: - Action: - s3:GetObject - s3:PutObject - s3:DeleteObject Effect: Allow Resource: Fn::Join: - '' - - 'arn:aws:s3:::' - Ref: Storage - '/*' Outputs: ApiConsoleUrl: Description: Console URL for the API Gateway API's Stage. Value: Fn::Join: - '' - - https:// - Ref: AWS::Region - .console.aws.amazon.com/apigateway/home?region= - Ref: AWS::Region - '#/apis/' - Ref: Endpoint - /stages/prod ApiUrl: Description: Invoke URL for your API. Clicking this link will perform a GET request on the root resource of your API. Value: Fn::Join: - '' - - https:// - Ref: Endpoint - .execute-api. - Ref: AWS::Region - .amazonaws.com/prod/ LambdaConsoleUrl: Description: Console URL for the Lambda Function. Value: Fn::Join: - '' - - https:// - Ref: AWS::Region - .console.aws.amazon.com/lambda/home?region= - Ref: AWS::Region - '#/functions/' - Ref: Server SqsConsoleUrl: Description: Console URL for the SQS. Value: Fn::Join: - '' - - https:// - Ref: AWS::Region - .console.aws.amazon.com/sqs/home?region= - Ref: AWS::Region - '#queue-browser:selected=' - Ref: Queue DynamoDbConsoleUrl: Description: Console URL for the Dynamo DB. Value: Fn::Join: - '' - - https:// - Ref: AWS::Region - .console.aws.amazon.com/dynamodb/home?region= - Ref: AWS::Region - '#tables:selected=' - Ref: Database S3ConsoleUrl: Description: Console URL for the S3 bucket. Value: Fn::Join: - '' - - https://s3.console.aws.amazon.com/s3/buckets/ - Ref: Storage - /?region= - Ref: AWS::Region