serverless.yml

service: lambda-authorizer-demo

frameworkVersion: "3"

provider:
  name: aws
  runtime: nodejs12.x
  region: us-east-1
  stage: dev
  lambdaHashingVersion: 20201221
  # API HTTP
  httpApi:
    authorizers:
      customAuthorizer:
        type: request
        functionName: custom-authorizer-http
  iamRoleStatements:
    - Effect: "Allow"
      Action: "secretsmanager:GetSecretValue"
      Resource: "*"
    - Effect: Allow
      Action:
        - codedeploy:*
      Resource:
        - "*"
  tracing:
    lambda: true
  environment:
    NODE_PATH: "./:/opt"

package:
  exclude:
    - layes/secretsManager/**

plugins:
  - serverless-plugin-aws-alerts
  - serverless-plugin-canary-deployments
  - serverless-api-gateway-throttling
  - serverless-add-api-key
  - serverless-offline

custom:
  alerts:
    dashboards: true
  # They apply to all http endpoints, unless specifically overridden
  apiGatewayThrottling:
    maxRequestsPerSecond: 1000
    maxConcurrentRequests: 500
  serverless-offline:
    ignoreJWTSignature: true
  apiKeys:
    dev:
      - name: dev/api-key-private

layers:
  SecretsManager:
    path: layers/secretsManager
    description: "script to handle with AWS SecretsManager"

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: /hello-rest
          method: get
          private: true
          authorizer: custom-authorizer-rest # API REST
          throttling:
            maxRequestsPerSecond: 2000
            maxConcurrentRequests: 1000
    deploymentSettings:
      type: Canary10Percent5Minutes
      alias: Live
      preTrafficHook: preHook
      postTrafficHook: postHook
      alarms:
        - name: LambdaTestAlarmA

  hello-http:
    handler: handler.hello
    events:
      - httpApi:
          path: /hello-http
          method: get
          authorizer:
            name: customAuthorizer

  custom-authorizer-rest:
    handler: authorizer-rest.handler
    layers:
      - { Ref: SecretsManagerLambdaLayer }

  custom-authorizer-http:
    handler: authorizer-http.handler
    layers:
      - { Ref: SecretsManagerLambdaLayer }

  preHook:
    handler: hooks.pre

  postHook:
    handler: hooks.post