serverless.yml

service: dazser-encrypter
org: networkadmin
app: dazser-mailer-app

provider:
  name: aws
  runtime: nodejs12.x
  stage: dev
  timeout: 300
  region: us-east-1
  iamRoleStatements:
    # This permission is needed to allow us to use dynamodb
    - Effect: Allow
      Action:
        - dynamodb:GetItem
        - dynamodb:PutItem
      Resource: !GetAtt encrypterDynamoDbTable.Arn
      # This permission is to allow us to upload the pdf to the s3 bucket
    - Effect: Allow
      Action:
        - s3:*
      Resource: "*"
    - Effect: Allow
      Action:
        - sqs:*
      Resource: "*"

package:
  exclude:
    - typescript/**
    - tests/**

custom:
  DYNAMODB_TABLE: ${self:service}-${opt:stage, self:provider.stage}
  SQS_QUEUE_NAME: ${self:service}-${opt:stage, self:provider.stage}
  S3_BUCKET_NAME: ${self:service}-${opt:stage, self:provider.stage}

functions:
  encrypter:
    handler: dist/handler.default
    layers:
      - arn:aws:lambda:us-east-1:863441837526:layer:qpdf:2
    environment:
      DYNAMODB_TABLE: !Ref encrypterDynamoDbTable
      SQS_QUEUE_NAME: !GetAtt encrypterSQSQueue.QueueName
      SQS_QUEUE_ARN: !GetAtt encrypterSQSQueue.Arn
      SQS_QUEUE_URL: !Ref encrypterSQSQueue
      S3_BUCKET: "dazser-files"
      SQS_EMAIL_QUEUE: ${ssm:/api/sqs/mailer}
      DB_HOST: ${ssm:/api/sql/host~true}
      DB_USER: ${ssm:/api/sql/user~true}
      DB_PASS: ${ssm:/api/sql/pass~true}
    events:
      - sqs:
          arn: !GetAtt encrypterSQSQueue.Arn
          batchSize: 1

resources:
  Resources:
    encrypterDynamoDbTable:
      Type: "AWS::DynamoDB::Table"
      DeletionPolicy: Retain
      Properties:
        AttributeDefinitions:
          -
            AttributeName: id
            AttributeType: S
        KeySchema:
          -
            AttributeName: id
            KeyType: HASH
        ProvisionedThroughput:
          ReadCapacityUnits: 1
          WriteCapacityUnits: 1
        TimeToLiveSpecification:
          AttributeName: expires
          Enabled: true
        TableName: ${self:custom.DYNAMODB_TABLE}
    encrypterSQSDLQQueue:
      Type: "AWS::SQS::Queue"
      Properties:
        QueueName: dlq-${self:custom.SQS_QUEUE_NAME}
        KmsMasterKeyId: alias/aws/sqs
        KmsDataKeyReusePeriodSeconds: 12000
    encrypterSQSQueue:
      Type: "AWS::SQS::Queue"
      Properties:
        QueueName: ${self:custom.SQS_QUEUE_NAME}
        KmsMasterKeyId: alias/aws/sqs
        KmsDataKeyReusePeriodSeconds: 12000
        VisibilityTimeout: 1800
        RedrivePolicy:
          deadLetterTargetArn: !GetAtt encrypterSQSDLQQueue.Arn
          maxReceiveCount: 5

  Outputs:
    encrypterDynamoDbTableName:
      Value: !Ref encrypterDynamoDbTable
    encrypterDynamoDbTableArn:
      Value: !GetAtt encrypterDynamoDbTable.Arn
    encrypterSQSDLQQueueArn:
      Value: !GetAtt encrypterSQSDLQQueue.Arn
    encrypterSQSQueueArn:
      Value: !GetAtt encrypterSQSQueue.Arn