shorty/template.yaml at main · aulvi/shorty · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
AWSTemplateFormatVersion: 2010-09-09
Description: >-
  shorty

Transform:
- AWS::Serverless-2016-10-31

Globals:
  Function:
    Tags:
      Project: shorty
      Environment: Prod

Parameters:
  DomainNameParameter:
    Description: Your custom domain name
    Type: String
  RegionalCertificateArnParameter:
    Description: The ARN of the SSL cert for your domain hosted in ACM
    Type: String

Resources:

  # Adding Cognito resources
  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: !Sub ${AWS::StackName}-user-pool
      AutoVerifiedAttributes:
        - email
      Policies:
        PasswordPolicy:
          MinimumLength: 8
          RequireLowercase: true
          RequireNumbers: true
          RequireSymbols: true
          RequireUppercase: true

  CognitoUserPoolClient:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      UserPoolId: !Ref CognitoUserPool
      ClientName: !Sub ${AWS::StackName}-client
      GenerateSecret: false
      ExplicitAuthFlows:
        - ALLOW_USER_PASSWORD_AUTH
        - ALLOW_REFRESH_TOKEN_AUTH

  # RestApi resource
  RestApi:
      Type: AWS::Serverless::Api
      Properties:
        StageName: Prod
        EndpointConfiguration:
          Type: REGIONAL
        Cors:
          AllowMethods: "'*'"
          AllowHeaders: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
          AllowOrigin: "'*'"
          MaxAge: "'600'"
        Auth:
          Authorizers:
            CognitoAuthorizer:
              UserPoolArn: !GetAtt CognitoUserPool.Arn

  # Custom Domain name for the api endpoint
  DomainName:
    Type: AWS::ApiGateway::DomainName
    Properties:
      DomainName: !Ref DomainNameParameter
      EndpointConfiguration:
        Types:
          - REGIONAL
      RegionalCertificateArn: !Ref RegionalCertificateArnParameter
    DependsOn: RestApi

  # Base Path Mapping to Link the API to the Custom Domain
  BasePathMapping:
    Type: AWS::ApiGateway::BasePathMapping
    Properties:
      DomainName: !Ref DomainName
      RestApiId: !Ref RestApi
      Stage: Prod

  # Function definition for handling "GET /{shortid}"
  getLinkByShortIdFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: src/handlers/get-link-by-shortid.getLinkByShortIdFunction
      Runtime: nodejs22.x
      Architectures:
        - x86_64
      MemorySize: 128
      Timeout: 100
      Description: HTTP GET handler to fetch a Link to the DynamoDB table and redirect to the target.
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref LinkTable
      Environment:
        Variables:
          LINK_TABLE: !Ref LinkTable
      Events:
        Api:
          Type: Api
          Properties:
            Path: /{shortid}
            Method: GET
            RestApiId: !Ref RestApi

  postLinkFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: src/handlers/post-link.postLinkFunction
      Runtime: nodejs22.x
      Architectures:
        - x86_64
      MemorySize: 128
      Timeout: 100
      Description: HTTP POST handler to add a Link to the DynamoDB table.
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref LinkTable
      Environment:
        Variables:
          LINK_TABLE: !Ref LinkTable
      Events:
        Api:
          Type: Api
          Properties:
            Path: /
            Method: POST
            RestApiId: !Ref RestApi
            Auth:
              Authorizer: CognitoAuthorizer

  LinkTable:
    Type: AWS::Serverless::SimpleTable
    Properties:
      PrimaryKey:
        Name: shortid
        Type: String
      ProvisionedThroughput:
        ReadCapacityUnits: 2
        WriteCapacityUnits: 2

  WebsiteS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      PublicAccessBlockConfiguration:
        BlockPublicAcls: false
        BlockPublicPolicy: false
        IgnorePublicAcls: false
        RestrictPublicBuckets: false
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: error.html
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain

  WebsiteBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      PolicyDocument:
        Id: MyPolicy
        Version: 2012-10-17
        Statement:
          - Sid: PublicReadForGetBucketObjects
            Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Join
              - ''
              - - 'arn:aws:s3:::'
                - !Ref WebsiteS3Bucket
                - /*
      Bucket: !Ref WebsiteS3Bucket

Outputs:
  ApiEndpoint:
    Description: "API Gateway endpoint URL for Prod stage"
    Value: !Sub "https://${RestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod"
  ApiHostname:
    Description: "API Gateway endpoint hostname"
    Value: !Sub "${RestApi}.execute-api.${AWS::Region}.amazonaws.com"
  StaticWebsiteURL:
    Value: !Sub "http://${WebsiteS3Bucket}.s3-website-${AWS::Region}.amazonaws.com"
    Description: URL for static website hosted on S3
  S3BucketName:
    Value: !Ref WebsiteS3Bucket
    Description: Name of S3 bucket to hold website content
  UserPoolId:
    Description: "Cognito User Pool ID"
    Value: !Ref CognitoUserPool
  UserPoolClientId:
    Description: "Cognito User Pool Client ID"
    Value: !Ref CognitoUserPoolClient