【Serverless Framework】個人的 serverless.yml 備忘録

ど素人が書いた、ただのメモです。

とりあえず最初に serverless.yml へコピペするやつ

serverless.yml

service: MyKoolService

plugins:
  - serverless-dotenv-plugin
  - serverless-pseudo-parameters
  - serverless-prune-plugin

custom:
  defaultStage: dev
  profiles:
    dev: develop
    prod: production
  prune:
    automatic: true
    number: 5

provider:
  name: aws
  runtime: nodejs8.10
  region: ap-northeast-1
  stage: ${opt:stage, self:custom.defaultStage}
  profile: ${self:custom.profiles.${self:provider.stage}}
  logRetentionInDays: 7

# 複数Lambda関数がある場合
# 個別にパッケージングしたい
package:
  individually: true
  exclude:
    - src/**

functions:
  Func1:
    package:
      include:
        - src/Func1/**
    handler: src/Func1/app.lambda_handler
    events:
      - http:
          path: func1
          method: get
          authorizer: aws_iam
          cors:
            # TODO
            origin: '*'
            headers:
              - Content-Type
              - X-Amz-Date
              - Authorization
              - X-Api-Key
              - X-Amz-Security-Token
              - X-Amz-User-Agent
            allowCredentials: true

  Func2:
    package:
      include:
        - src/Func2/**
    handler: src/Func2/app.lambda_handler
    events:
      - sns: OnFunc2Event

  # めんどいので
  # CloudFront でのトリガー設定は手動でよくね?
  FuncAtEdge:
    handler: src/FuncAtEdge/app.lambda_handler
    memorySize: 128
    timeout: 5
    role: LambdaAtEdgeRole
    package:
      include:
        - src/FuncAtEdge/**

resources:
  Resources:
    LambdaAtEdgeRole:
      Type: AWS::IAM::Role
      Properties:
        Path: /
        RoleName: LambdaAtEdgeRole
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Action: sts:AssumeRole
              Principal:
                Service:
                  - lambda.amazonaws.com
                  - edgelambda.amazonaws.com
        ManagedPolicyArns:
          # TODO
          - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
          - arn:aws:iam::aws:policy/AmazonSNSFullAccess

.env ファイル

serverless-dotenv-plugin を使って環境変数を外部ファイルに抜き出し。

一応、Lambda の環境変数は AWS 上では暗号化されるらしいが、、秘匿情報はできるだけ Secrets ManagerSystems Manager パラメータストアを使いましょう。

と言いつつ手抜き。

TEST_VAR="HOGE"
TEST_PRIV_KEY=-----BEGIN RSA PRIVATE KEY-----\nxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\nxxxxxxxxxxxxxx……\n-----END RSA PRIVATE KEY-----

Step Functions

plugins:
  - serverless-pseudo-parameters
  - serverless-step-functions

package:
  individually: true
  exclude:
    - src/**

functions:
  Step1:
    name: ${self:provider.stage}-Step1
    handler: src/Step1/app.lambda_handler
    package:
      include:
        - src/Step1/**
  Step2:
    name: ${self:provider.stage}-Step2
    handler: src/Step2/app.lambda_handler
    package:
      include:
        - src/Step2/**
  OnFailure:
    name: ${self:provider.stage}-OnFailure
    handler: src/OnFailure/app.lambda_handler
    package:
      include:
        - src/OnFailure/**

stepFunctions:
  stateMachines:
    MyStepFunc:
      definition:
        Comment: "Comment."
        TimeoutSeconds: 1200
        StartAt: Step1
        States:
          Step1:
            Type: Task
            Resource: "arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:provider.stage}-Step1"
            Next: Step2
            Catch:
              - ErrorEquals:
                  - "States.ALL"
                Next: OnFailure
            Retry:
              - ErrorEquals:
                  - "States.ALL"
                MaxAttempts: 0

          Step2:
            Type: Task
            Resource: "arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:provider.stage}-Step2"
            End: true
            Catch:
              - ErrorEquals:
                  - "States.ALL"
                Next: OnFailure
            Retry:
              - ErrorEquals:
                  - "States.ALL"
                MaxAttempts: 0

          OnFailure:
            Type: Task
            Resource: "arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:provider.stage}-OnFailure"
            Next: Failure
            Retry:
              - ErrorEquals:
                  - "States.ALL"
                MaxAttempts: 0

          Failure:
            Type: Fail

DynamoDB (With TTL)

plugins:
  - serverless-dynamodb-ttl

custom:
  dynamodb:
    ttl:
      - table: hoge_table
        field: expiry

resources:
  Resources:
    DynamoDbTable:
      Type: AWS::DynamoDB::Table
      Properties:
        TableName: hoge_table
        KeySchema:
          - AttributeName: hoge_id
            KeyType: HASH
        AttributeDefinitions:
          - AttributeName: hoge_id
            AttributeType: S
        ProvisionedThroughput:
          ReadCapacityUnits: 5
          WriteCapacityUnits: 5