serverless.yml

service: dorametrix

provider:
  name: aws
  runtime: nodejs20.x
  architecture: arm64
  stage: ${opt:stage, 'prod'}
  region:  ${opt:region, 'eu-north-1'}
  memorySize: ${opt:memory, 1024}
  timeout: ${opt:timeout, 10}
  logRetentionInDays: ${param:logRetentionInDays, 7}
  versionFunctions: false
  httpApi:
    cors: true
    #disableDefaultEndpoint: true
    authorizers:
      AuthorizerAdd:
        functionName: AuthorizerAdd
        resultTtlInSeconds: ${self:custom.config.aws.apiGatewayCachingTtl.${self:provider.stage}, '0'}
        identitySource:
          - $request.querystring.authorization
        type: request
        enableSimpleResponses: true
      AuthorizerGet:
        functionName: AuthorizerGet
        resultTtlInSeconds: ${self:custom.config.aws.apiGatewayCachingTtl.${self:provider.stage}, '0'}
        identitySource:
          - $request.header.Authorization
        type: request
        enableSimpleResponses: true
  deploymentBucket:
    blockPublicAccess: true
    maxPreviousDeploymentArtifacts: 5
    serverSideEncryption: AES256
  stackTags:
    Usage: ${self:service}
  tags:
    Usage: ${self:service}
  apiGateway:
    minimumCompressionSize: 1024

plugins:
  - serverless-esbuild
  - serverless-offline
  - serverless-iam-roles-per-function

package:
  individually: true

custom:
  config:
    apiKey: ${param:apiKey, '82490d5a-1950-4527-ab2f-5c984c861462'} # Add your desired valid API key here or use the default
    awsAccountNumber: ${param:awsAccountNumber, '123412341234'} # Set this to your value if you want to use a fallback value
    maxDateRange: ${param:maxDateRange, '30'}
    maxLifeInDays: ${param:maxLifeInDays, '90'}
    tableName: ${self:service}-${self:provider.stage}
    shortcut:
      shortcutApiToken: ${param:shortcutApiToken, ''} # Set this to your value if you want to use a fallback value
      shortcutIncidentLabelId: ${param:shortcutIncidentLabelId, '0'} # Set this to your value if you want to use a fallback value
      shortcutRepoName: ${param:shortcutRepoName, 'unknown'}
  aws:
    databaseArn: arn:aws:dynamodb:${aws:region}:${self:custom.config.awsAccountNumber}:table/${self:custom.config.tableName}
    apiGatewayCachingTtl:
      prod: 30
      dev: 0
      test: 0
    apiGatewayCachingTtlValue: ${self:custom.aws.apiGatewayCachingTtl.${self:provider.stage}, self:custom.aws.apiGatewayCachingTtl.test} # See: https://forum.serverless.com/t/api-gateway-custom-authorizer-caching-problems/4695
  esbuild:
    bundle: true
    minify: true

functions:
  AuthorizerAdd:
    handler: src/infrastructure/authorizers/Authorizer.handler
    description: ${self:service} authorizer for adding metrics
    environment:
      API_KEY: ${self:custom.config.apiKey}
  AuthorizerGet:
    handler: src/infrastructure/authorizers/Authorizer.handler
    description: ${self:service} authorizer for getting metrics
    environment:
      API_KEY: ${self:custom.config.apiKey}
  AddEvent:
    handler: src/infrastructure/adapters/web/AddEvent.handler
    description: Report new event (this will then be automatically also created as a change, deployment, or incident)
    events:
      - httpApi:
          method: POST
          path: /event
          authorizer:
            name: AuthorizerAdd
    iamRoleStatements:
      - Effect: "Allow"
        Action:
          - dynamodb:PutItem
          - dynamodb:Query
        Resource: ${self:custom.aws.databaseArn}
    environment:
      REGION: ${aws:region}
      TABLE_NAME: ${self:custom.config.tableName}
      MAX_DATE_RANGE: ${self:custom.config.maxDateRange}
      MAX_LIFE_IN_DAYS: ${self:custom.config.maxLifeInDays}
      SHORTCUT_TOKEN: ${self:custom.config.shortcut.shortcutApiToken}
      SHORTCUT_INCIDENT_LABEL_ID: ${self:custom.config.shortcut.shortcutIncidentLabelId}
      SHORTCUT_REPONAME: ${self:custom.config.shortcut.shortcutRepoName}
  GetMetrics:
    handler: src/infrastructure/adapters/web/GetMetrics.handler
    description: Get DORA metrics
    events:
      - httpApi:
          method: GET
          path: /metrics
          authorizer:
            name: AuthorizerGet
    iamRoleStatements:
      - Effect: "Allow"
        Action:
          - dynamodb:PutItem
          - dynamodb:Query
        Resource: ${self:custom.aws.databaseArn}
    environment:
      REGION: ${aws:region}
      TABLE_NAME: ${self:custom.config.tableName}
      MAX_DATE_RANGE: ${self:custom.config.maxDateRange}
  GetLastDeployment:
    handler: src/infrastructure/adapters/web/GetLastDeployment.handler
    description: Get the commit ID of the last production deployment
    events:
      - httpApi:
          method: GET
          path: /lastdeployment
          authorizer:
            name: AuthorizerGet
    iamRoleStatements:
      - Effect: "Allow"
        Action:
          - dynamodb:Query
        Resource: ${self:custom.aws.databaseArn}
    environment:
      REGION: ${aws:region}
      TABLE_NAME: ${self:custom.config.tableName}
      MAX_DATE_RANGE: ${self:custom.config.maxDateRange}

resources:
  Resources:
    # DynamoDB
    DorametrixTable:
      Type: AWS::DynamoDB::Table
      DeletionPolicy: Retain
      UpdateReplacePolicy: Retain
      Properties:
        TableName: ${self:custom.config.tableName}
        AttributeDefinitions:
          - AttributeName: pk
            AttributeType: S
          - AttributeName: sk
            AttributeType: S
        KeySchema:
          - AttributeName: pk
            KeyType: HASH
          - AttributeName: sk
            KeyType: RANGE
        TimeToLiveSpecification:
          AttributeName: expiresAt
          Enabled: true
        StreamSpecification:
          StreamViewType: NEW_AND_OLD_IMAGES
        BillingMode: PAY_PER_REQUEST
        PointInTimeRecoverySpecification:
          PointInTimeRecoveryEnabled: true