Merge pull request #213 from Hestia-Homes/main

restructuring serverless script
This commit is contained in:
KhalimCK 2023-09-04 18:10:38 +01:00 committed by GitHub
commit 2f3baae5fd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 73 additions and 49 deletions

View file

@ -20,7 +20,7 @@ jobs:
- name: Install Serverless and plugins - name: Install Serverless and plugins
run: | run: |
npm install -g serverless npm install -g serverless
# npm install -g serverless-domain-manager npm install -g serverless-domain-manager
- name: AWS credentials for dev - name: AWS credentials for dev
if: github.ref == 'refs/heads/dev' if: github.ref == 'refs/heads/dev'

View file

@ -12,63 +12,87 @@ provider:
DOMAIN_NAME: ${env:DOMAIN_NAME} DOMAIN_NAME: ${env:DOMAIN_NAME}
ECR_URI: ${env:ECR_URI} ECR_URI: ${env:ECR_URI}
GITHUB_SHA: ${env:GITHUB_SHA} GITHUB_SHA: ${env:GITHUB_SHA}
iam:
role:
name: fastapi_backend_${env:PLAN_TRIGGER_BUCKET}_access
statements:
# Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
- Effect: Allow
Action:
- s3:GetObject
- s3:ListBucket
Resource:
- arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
- arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
- arn:aws:s3:::${env:DATA_BUCKET}
- arn:aws:s3:::${env:DATA_BUCKET}/*
# Allow reading and writing to PREDICTIONS_BUCKET
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:ListBucket
Resource:
- arn:aws:s3:::${env:PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*
#plugins:
# - serverless-domain-manager plugins:
# - serverless-domain-manager
#custom:
# customDomain: custom:
# domainName: api.${self:provider.environment.DOMAIN_NAME} customDomain:
# basePath: 'sapmodel' domainName: api.${self:provider.environment.DOMAIN_NAME}
# createRoute53Record: true basePath: 'sapmodel'
# certificateArn: ${ssm:/ssl_certificate_arn} createRoute53Record: true
certificateArn: ${ssm:/ssl_certificate_arn}
functions: functions:
sap_prediction_lambda: sap_prediction_lambda:
image: image:
uri: ${env:ECR_URI}:${env:GITHUB_SHA} uri: ${env:ECR_URI}:${env:GITHUB_SHA}
role: sapPredictionLambdaRole # role: sapPredictionLambdaRole
events: events:
- http: - http:
path: /predict path: /predict
method: POST method: POST
resources: #resources:
Resources: # Resources:
sapPredictionLambdaRole: # sapPredictionLambdaRole:
Type: AWS::IAM::Role # Type: AWS::IAM::Role
Properties: # Properties:
RoleName: sap-prediction-lambda-role # RoleName: sap-prediction-lambda-role
AssumeRolePolicyDocument: # AssumeRolePolicyDocument:
Version: '2012-10-17' # Version: '2012-10-17'
Statement: # Statement:
- Effect: Allow # - Effect: Allow
Principal: # Principal:
Service: # Service:
- lambda.amazonaws.com # - lambda.amazonaws.com
Action: sts:AssumeRole # Action: sts:AssumeRole
Policies: # Policies:
- PolicyName: sapPredictionLambdaS3Access # - PolicyName: sapPredictionLambdaS3Access
PolicyDocument: # PolicyDocument:
Version: '2012-10-17' # Version: '2012-10-17'
Statement: # Statement:
# Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET # # Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
- Effect: Allow # - Effect: Allow
Action: # Action:
- s3:GetObject # - s3:GetObject
- s3:ListBucket # - s3:ListBucket
Resource: # Resource:
- arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET} # - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
- arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/* # - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
- arn:aws:s3:::${env:DATA_BUCKET} # - arn:aws:s3:::${env:DATA_BUCKET}
- arn:aws:s3:::${env:DATA_BUCKET}/* # - arn:aws:s3:::${env:DATA_BUCKET}/*
# Allow reading and writing to PREDICTIONS_BUCKET # # Allow reading and writing to PREDICTIONS_BUCKET
- Effect: Allow # - Effect: Allow
Action: # Action:
- s3:GetObject # - s3:GetObject
- s3:PutObject # - s3:PutObject
- s3:ListBucket # - s3:ListBucket
Resource: # Resource:
- arn:aws:s3:::${env:PREDICTIONS_BUCKET} # - arn:aws:s3:::${env:PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:PREDICTIONS_BUCKET}/* # - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*