mirror of
https://github.com/swift-server/swift-aws-lambda-runtime.git
synced 2026-05-03 07:22:27 +00:00
Sébastien Stormacq
74e4efdbac
Apply recommendations in code and documentation - [CI] restrict permissions to read-all instead of the default write-all - All examples README.md : add a note about Lambda functions configuration with improved security and scalability changes for production environment - Swift docc documentation: add a note about Lambda functions configuration with improved security and scalability changes for production environment --------- Co-authored-by: Sebastien Stormacq <stormacq@amazon.lu>
48 lines
2.3 KiB
YAML
48 lines
2.3 KiB
YAML
AWSTemplateFormatVersion: '2010-09-09'
|
|
Transform: AWS::Serverless-2016-10-31
|
|
Description: SAM Template for APIGateway Lambda Example
|
|
|
|
# This is an example SAM template for the purpose of this project.
|
|
# When deploying such infrastructure in production environment,
|
|
# we strongly encourage you to follow these best practices for improved security and resiliency
|
|
# - Enable access loggin on API Gateway
|
|
# See: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html)
|
|
# - Ensure that AWS Lambda function is configured for function-level concurrent execution limit
|
|
# See: https://docs.aws.amazon.com/lambda/latest/dg/lambda-concurrency.html
|
|
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html
|
|
# - Check encryption settings for Lambda environment variable
|
|
# See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars-encryption.html
|
|
# - Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)
|
|
# See: https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq
|
|
# - Ensure that AWS Lambda function is configured inside a VPC when it needs to access private resources
|
|
# See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
|
|
# Code Example: https://github.com/swift-server/swift-aws-lambda-runtime/tree/main/Examples/ServiceLifecycle%2BPostgres
|
|
|
|
Resources:
|
|
# Lambda function
|
|
APIGatewayLambda:
|
|
Type: AWS::Serverless::Function
|
|
Properties:
|
|
CodeUri: .build/plugins/AWSLambdaPackager/outputs/AWSLambdaPackager/APIGatewayLambda/APIGatewayLambda.zip
|
|
Timeout: 60
|
|
Handler: swift.bootstrap # ignored by the Swift runtime
|
|
Runtime: provided.al2
|
|
MemorySize: 128
|
|
Architectures:
|
|
- arm64
|
|
Environment:
|
|
Variables:
|
|
# by default, AWS Lambda runtime produces no log
|
|
# use `LOG_LEVEL: debug` for for lifecycle and event handling information
|
|
# use `LOG_LEVEL: trace` for detailed input event information
|
|
LOG_LEVEL: trace
|
|
Events:
|
|
HttpApiEvent:
|
|
Type: HttpApi
|
|
|
|
Outputs:
|
|
# print API Gateway endpoint
|
|
APIGatewayEndpoint:
|
|
Description: API Gateway endpoint UR"
|
|
Value: !Sub "https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com"
|