service: sapmodel

provider:
  name: aws
  region: eu-west-2
  architecture: x86_64
  environment:
    RUNTIME_ENVIRONMENT: ${env:RUNTIME_ENVIRONMENT}
    MODEL_DIRECTORY_BUCKET: ${env:MODEL_DIRECTORY_BUCKET}
    PREDICTIONS_BUCKET: ${env:PREDICTIONS_BUCKET}
    DATA_BUCKET: ${env:DATA_BUCKET}
    DOMAIN_NAME: ${env:DOMAIN_NAME}
    ECR_URI: ${env:ECR_URI}
    GITHUB_SHA: ${env:GITHUB_SHA}
  iam:
    role:
      name: fastapi_backend_${env:PLAN_TRIGGER_BUCKET}_access
      statements:
        # Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
        - Effect: Allow
          Action:
            - s3:GetObject
            - s3:ListBucket
          Resource:
            - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
              - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
              - arn:aws:s3:::${env:DATA_BUCKET}
              - arn:aws:s3:::${env:DATA_BUCKET}/*
        # Allow reading and writing to PREDICTIONS_BUCKET
        - Effect: Allow
          Action:
            - s3:GetObject
            - s3:PutObject
            - s3:ListBucket
          Resource:
            - arn:aws:s3:::${env:PREDICTIONS_BUCKET}
            - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*



plugins:
  - serverless-domain-manager

custom:
  customDomain:
    domainName: api.${self:provider.environment.DOMAIN_NAME}
    basePath: 'sapmodel'
    createRoute53Record: true
    certificateArn: ${ssm:/ssl_certificate_arn}

functions:
  sap_prediction_lambda:
    image:
      uri: ${env:ECR_URI}:${env:GITHUB_SHA}
    #    role: sapPredictionLambdaRole
    events:
      - http:
          path: /predict
          method: POST

#resources:
#  Resources:
#    sapPredictionLambdaRole:
#      Type: AWS::IAM::Role
#      Properties:
#        RoleName: sap-prediction-lambda-role
#        AssumeRolePolicyDocument:
#          Version: '2012-10-17'
#          Statement:
#            - Effect: Allow
#              Principal:
#                Service:
#                  - lambda.amazonaws.com
#              Action: sts:AssumeRole
#        Policies:
#          - PolicyName: sapPredictionLambdaS3Access
#            PolicyDocument:
#              Version: '2012-10-17'
#              Statement:
#                # Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
#                - Effect: Allow
#                  Action:
#                    - s3:GetObject
#                    - s3:ListBucket
#                  Resource:
#                    - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
#                    - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
#                    - arn:aws:s3:::${env:DATA_BUCKET}
#                    - arn:aws:s3:::${env:DATA_BUCKET}/*
#                # Allow reading and writing to PREDICTIONS_BUCKET
#                - Effect: Allow
#                  Action:
#                    - s3:GetObject
#                    - s3:PutObject
#                    - s3:ListBucket
#                  Resource:
#                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}
#                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*