forked from aws/serverless-application-model
-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
84 lines (74 loc) · 2.64 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
---
Transform: AWS::Serverless-2016-10-31
Globals:
Api:
# Allows www.example.com to call these APIs
# SAM will automatically add AllowMethods with a list of methods for this API
Cors: "'https://www.www.example.com'"
# API Gateway regional endpoints
EndpointConfiguration: REGIONAL
# Send/receive binary data through the APIs
BinaryMediaTypes:
# These are equivalent to image/gif and image/png when deployed
- image~1gif
- image~1png
# Logging, Metrics, Throttling, and all other Stage settings
MethodSettings: [{
# Turn on Info logging
"LoggingLevel": "INFO",
# Enable Metrics
"MetricsEnabled": True,
# Trace-level Logging
"DataTraceEnabled": True,
# On all Paths & methods
"ResourcePath": "/*",
"HttpMethod": "*",
}]
Resources:
LambdaFunction:
Type: AWS::Serverless::Function
Properties:
# Replace <bucket> with your bucket name
CodeUri: src/
Handler: index.handler
Runtime: nodejs6.10
Events:
ProxyApiRoot:
Type: Api
Properties:
Path: /
Method: ANY
ProxyApiGreedy:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
####### Necessary for API Gateway Logging ########
# Add the CloudWatchRole and Account resource to your template to give API Gateway permissions write to CloudWatch logs
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-account.html#aws-resource-apigateway-account-examples
#
# NOTE: This is a one time process. As long as you have this enabled once in a region, you can deploy other stacks
# without the need for each stack to create this role. As a good practice, create a separate stack altogether
# with just the API Gateway logging role so none of your application stacks need them.
ApiGwAccountConfig:
Type: "AWS::ApiGateway::Account"
Properties:
CloudWatchRoleArn: !GetAtt "ApiGatewayLoggingRole.Arn"
ApiGatewayLoggingRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- "apigateway.amazonaws.com"
Action: "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
Outputs:
ApiUrl:
Description: URL of your API endpoint
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod"