service: fastapi-lambda

provider:
  name: aws
  region: eu-west-2
  architecture: x86_64
  environment:
    API_KEY: ${env:API_KEY}
    ENVIRONMENT: ${env:ENVIRONMENT}
    SECRET_KEY: ${env:SECRET_KEY}
    PLAN_TRIGGER_BUCKET: ${env:PLAN_TRIGGER_BUCKET}
    DATA_BUCKET: ${env:DATA_BUCKET}
    DOMAIN_NAME: ${env:DOMAIN_NAME}
    EPC_AUTH_TOKEN: ${env:EPC_AUTH_TOKEN}
    DB_HOST: ${env:DB_HOST}
    DB_NAME: ${env:DB_NAME}
    DB_USERNAME: ${env:DB_USERNAME}
    DB_PASSWORD: ${env:DB_PASSWORD}
    DB_PORT: ${env:DB_PORT}
    ECR_URI: ${env:ECR_URI}
    GITHUB_SHA: ${env:GITHUB_SHA}
  # Give lambda access to read from the bucket
  iam:
    role:
      name: fastapi_backend_${env:PLAN_TRIGGER_BUCKET}_access
      statements:
        - Effect: Allow
          Action:
            - s3:GetObject
            - s3:ListBucket
          Resource:
            - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}
            - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}/*


plugins:
  - serverless-domain-manager

custom:
  customDomain:
    domainName: api.${self:provider.environment.DOMAIN_NAME}
    createRoute53Record: true
    certificateArn: ${ssm:/ssl_certificate_arn}

functions:
  app:
    image:
      uri: ${env:ECR_URI}:${env:GITHUB_SHA}
    events:
      - http:
          path: /{proxy+}
          method: ANY