service: sapmodel

provider:
  name: aws
  region: eu-west-2
  architecture: x86_64
  environment:
    RUNTIME_ENVIRONMENT: ${env:RUNTIME_ENVIRONMENT}
    MODEL_DIRECTORY_BUCKET: ${env:MODEL_DIRECTORY_BUCKET}
    PREDICTIONS_BUCKET: ${env:PREDICTIONS_BUCKET}
    DATA_BUCKET: ${env:DATA_BUCKET}
    DOMAIN_NAME: ${env:DOMAIN_NAME}
    ECR_URI: ${env:ECR_URI}
    GITHUB_SHA: ${env:GITHUB_SHA}
  iam:
    role:
      name: sapmodel_s3_access
      statements:
        # Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
        - Effect: Allow
          Action:
            - s3:*
          #            - s3:GetObject
          #            - s3:ListBucket
          Resource:
            - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
            - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
            - arn:aws:s3:::${env:DATA_BUCKET}
            - arn:aws:s3:::${env:DATA_BUCKET}/*
        # Allow reading and writing to PREDICTIONS_BUCKET
        - Effect: Allow
          Action:
            - s3:GetObject
            - s3:PutObject
            - s3:ListBucket
          Resource:
            - arn:aws:s3:::${env:PREDICTIONS_BUCKET}
            - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*



plugins:
  - serverless-domain-manager

custom:
  customDomain:
    domainName: api.${self:provider.environment.DOMAIN_NAME}
    basePath: 'sapmodel'
    createRoute53Record: true
    certificateArn: ${ssm:/ssl_certificate_arn}

functions:
  sap_prediction_lambda:
    image:
      uri: ${env:ECR_URI}:${env:GITHUB_SHA}
    #    role: sapPredictionLambdaRole
    events:
      - http:
          path: /predict
          method: POST
    timeout: 120 # Set max run time to 2 minutes - we shouldn't need this much time so this can be reviewed