Merge pull request #213 from Hestia-Homes/main

restructuring serverless script
2026-06-08 11:17:27 +00:00 · 2023-09-04 18:10:38 +01:00 · 2023-09-04 18:10:38 +01:00 · 2f3baae5fd
commit 2f3baae5fd
parent fab8d97218 b58d69f8c8
2 changed files with 73 additions and 49 deletions
--- a/.github/workflows/deploy_sap_model_lambda.yml
+++ b/.github/workflows/deploy_sap_model_lambda.yml
@ -20,7 +20,7 @@ jobs:
      - name: Install Serverless and plugins
        run: |
          npm install -g serverless
-      #          npm install -g serverless-domain-manager
+          npm install -g serverless-domain-manager

      - name: AWS credentials for dev
        if: github.ref == 'refs/heads/dev'
--- a/sapmodel.serverless.yml
+++ b/sapmodel.serverless.yml
@ -12,63 +12,87 @@ provider:
    DOMAIN_NAME: ${env:DOMAIN_NAME}
    ECR_URI: ${env:ECR_URI}
    GITHUB_SHA: ${env:GITHUB_SHA}
+  iam:
+    role:
+      name: fastapi_backend_${env:PLAN_TRIGGER_BUCKET}_access
+      statements:
+        # Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
+        - Effect: Allow
+          Action:
+            - s3:GetObject
+            - s3:ListBucket
+          Resource:
+            - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
+              - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
+              - arn:aws:s3:::${env:DATA_BUCKET}
+              - arn:aws:s3:::${env:DATA_BUCKET}/*
+        # Allow reading and writing to PREDICTIONS_BUCKET
+        - Effect: Allow
+          Action:
+            - s3:GetObject
+            - s3:PutObject
+            - s3:ListBucket
+          Resource:
+            - arn:aws:s3:::${env:PREDICTIONS_BUCKET}
+            - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*


-#plugins:
-#  - serverless-domain-manager
-#
-#custom:
-#  customDomain:
-#    domainName: api.${self:provider.environment.DOMAIN_NAME}
-#    basePath: 'sapmodel'
-#    createRoute53Record: true
-#    certificateArn: ${ssm:/ssl_certificate_arn}
+
+plugins:
+  - serverless-domain-manager
+
+custom:
+  customDomain:
+    domainName: api.${self:provider.environment.DOMAIN_NAME}
+    basePath: 'sapmodel'
+    createRoute53Record: true
+    certificateArn: ${ssm:/ssl_certificate_arn}

 functions:
  sap_prediction_lambda:
    image:
      uri: ${env:ECR_URI}:${env:GITHUB_SHA}
-    role: sapPredictionLambdaRole
+    #    role: sapPredictionLambdaRole
    events:
      - http:
          path: /predict
          method: POST

-resources:
-  Resources:
-    sapPredictionLambdaRole:
-      Type: AWS::IAM::Role
-      Properties:
-        RoleName: sap-prediction-lambda-role
-        AssumeRolePolicyDocument:
-          Version: '2012-10-17'
-          Statement:
-            - Effect: Allow
-              Principal:
-                Service:
-                  - lambda.amazonaws.com
-              Action: sts:AssumeRole
-        Policies:
-          - PolicyName: sapPredictionLambdaS3Access
-            PolicyDocument:
-              Version: '2012-10-17'
-              Statement:
-                # Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
-                - Effect: Allow
-                  Action:
-                    - s3:GetObject
-                    - s3:ListBucket
-                  Resource:
-                    - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
-                    - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
-                    - arn:aws:s3:::${env:DATA_BUCKET}
-                    - arn:aws:s3:::${env:DATA_BUCKET}/*
-                # Allow reading and writing to PREDICTIONS_BUCKET
-                - Effect: Allow
-                  Action:
-                    - s3:GetObject
-                    - s3:PutObject
-                    - s3:ListBucket
-                  Resource:
-                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}
-                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*
+#resources:
+#  Resources:
+#    sapPredictionLambdaRole:
+#      Type: AWS::IAM::Role
+#      Properties:
+#        RoleName: sap-prediction-lambda-role
+#        AssumeRolePolicyDocument:
+#          Version: '2012-10-17'
+#          Statement:
+#            - Effect: Allow
+#              Principal:
+#                Service:
+#                  - lambda.amazonaws.com
+#              Action: sts:AssumeRole
+#        Policies:
+#          - PolicyName: sapPredictionLambdaS3Access
+#            PolicyDocument:
+#              Version: '2012-10-17'
+#              Statement:
+#                # Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
+#                - Effect: Allow
+#                  Action:
+#                    - s3:GetObject
+#                    - s3:ListBucket
+#                  Resource:
+#                    - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
+#                    - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
+#                    - arn:aws:s3:::${env:DATA_BUCKET}
+#                    - arn:aws:s3:::${env:DATA_BUCKET}/*
+#                # Allow reading and writing to PREDICTIONS_BUCKET
+#                - Effect: Allow
+#                  Action:
+#                    - s3:GetObject
+#                    - s3:PutObject
+#                    - s3:ListBucket
+#                  Resource:
+#                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}
+#                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*