ど素人が書いた、ただのメモです。
とりあえず最初に serverless.yml へコピペするやつ
serverless.yml
service: MyKoolService
plugins:
- serverless-dotenv-plugin
- serverless-pseudo-parameters
- serverless-prune-plugin
custom:
defaultStage: dev
profiles:
dev: develop
prod: production
prune:
automatic: true
number: 5
provider:
name: aws
runtime: nodejs8.10
region: ap-northeast-1
stage: ${opt:stage, self:custom.defaultStage}
profile: ${self:custom.profiles.${self:provider.stage}}
logRetentionInDays: 7
# 複数Lambda関数がある場合
# 個別にパッケージングしたい
package:
individually: true
exclude:
- src/**
functions:
Func1:
package:
include:
- src/Func1/**
handler: src/Func1/app.lambda_handler
events:
- http:
path: func1
method: get
authorizer: aws_iam
cors:
# TODO
origin: '*'
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
Func2:
package:
include:
- src/Func2/**
handler: src/Func2/app.lambda_handler
events:
- sns: OnFunc2Event
# めんどいので
# CloudFront でのトリガー設定は手動でよくね?
FuncAtEdge:
handler: src/FuncAtEdge/app.lambda_handler
memorySize: 128
timeout: 5
role: LambdaAtEdgeRole
package:
include:
- src/FuncAtEdge/**
resources:
Resources:
LambdaAtEdgeRole:
Type: AWS::IAM::Role
Properties:
Path: /
RoleName: LambdaAtEdgeRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- lambda.amazonaws.com
- edgelambda.amazonaws.com
ManagedPolicyArns:
# TODO
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AmazonSNSFullAccess
.env ファイル
serverless-dotenv-plugin を使って環境変数を外部ファイルに抜き出し。
一応、Lambda の環境変数は AWS 上では暗号化されるらしいが、、秘匿情報はできるだけ Secrets Manager や Systems Manager パラメータストアを使いましょう。
と言いつつ手抜き。
TEST_VAR="HOGE" TEST_PRIV_KEY=-----BEGIN RSA PRIVATE KEY-----\nxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\nxxxxxxxxxxxxxx……\n-----END RSA PRIVATE KEY-----
Step Functions
plugins:
- serverless-pseudo-parameters
- serverless-step-functions
package:
individually: true
exclude:
- src/**
functions:
Step1:
name: ${self:provider.stage}-Step1
handler: src/Step1/app.lambda_handler
package:
include:
- src/Step1/**
Step2:
name: ${self:provider.stage}-Step2
handler: src/Step2/app.lambda_handler
package:
include:
- src/Step2/**
OnFailure:
name: ${self:provider.stage}-OnFailure
handler: src/OnFailure/app.lambda_handler
package:
include:
- src/OnFailure/**
stepFunctions:
stateMachines:
MyStepFunc:
definition:
Comment: "Comment."
TimeoutSeconds: 1200
StartAt: Step1
States:
Step1:
Type: Task
Resource: "arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:provider.stage}-Step1"
Next: Step2
Catch:
- ErrorEquals:
- "States.ALL"
Next: OnFailure
Retry:
- ErrorEquals:
- "States.ALL"
MaxAttempts: 0
Step2:
Type: Task
Resource: "arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:provider.stage}-Step2"
End: true
Catch:
- ErrorEquals:
- "States.ALL"
Next: OnFailure
Retry:
- ErrorEquals:
- "States.ALL"
MaxAttempts: 0
OnFailure:
Type: Task
Resource: "arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:provider.stage}-OnFailure"
Next: Failure
Retry:
- ErrorEquals:
- "States.ALL"
MaxAttempts: 0
Failure:
Type: Fail
DynamoDB (With TTL)
plugins:
- serverless-dynamodb-ttl
custom:
dynamodb:
ttl:
- table: hoge_table
field: expiry
resources:
Resources:
DynamoDbTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: hoge_table
KeySchema:
- AttributeName: hoge_id
KeyType: HASH
AttributeDefinitions:
- AttributeName: hoge_id
AttributeType: S
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
