swift-server/swift-openapi-lambda
1
0
Fork 0
mirror of https://github.com/swift-server/swift-openapi-lambda.git synced 2026-05-03 07:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2.0.0
swift-openapi-lambda/Examples/quoteapi/template.yml
T
Sébastien Stormacq 10f3e99c4d Apply recommendation for security and reliability (#24) 
Apply recommendations in code and documentation

- [CI] restrict permissions to `read-all` instead of the default
`write-all`
- Example `openapi.yaml` : add a note about using `security:` definition
when deploying to production
- Example `README.md` : add a note about Lambda functions configuration
with improved security and scalability changes for production
environment
2025-09-27 12:05:20 +02:00

98 lines
3.6 KiB
YAML
Raw Permalink Blame History

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: SAM Template for QuoteService
# This is an example SAM template for the purpose of this project.
# When deploying such infrastructure in production environment,
# we strongly encourage you to follow these best practices for improved security and resiliency
# - Enable access loggin on API Gateway
# See: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html)
# - Ensure that AWS Lambda function is configured for function-level concurrent execution limit
# See: https://docs.aws.amazon.com/lambda/latest/dg/lambda-concurrency.html
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html
# - Check encryption settings for Lambda environment variable
# See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars-encryption.html
# - Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)
# See: https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq
# - Ensure that AWS Lambda function is configured inside a VPC when it needs to access private resources
# See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
# Code Example: https://github.com/swift-server/swift-aws-lambda-runtime/tree/main/Examples/ServiceLifecycle%2BPostgres
Globals:
Function:
Timeout: 60
CodeUri: .
Handler: swift.bootstrap
Runtime: provided.al2
MemorySize: 128
Architectures:
- arm64
Resources:
# QuoteService Lambda function
QuoteService:
Type: AWS::Serverless::Function
Properties:
Environment:
Variables:
# by default, AWS Lambda runtime produces no log
# use `LOG_LEVEL: debug` for for lifecycle and event handling information
# use `LOG_LEVEL: trace` for detailed input event information
LOG_LEVEL: trace
Events:
# pass through all HTTP verbs and paths
Api:
Type: HttpApi
Properties:
ApiId: !Ref MyProtectedApi
Path: /{proxy+}
Method: ANY
Metadata:
BuildMethod: makefile
# Lambda authorizer function
LambdaAuthorizer:
Type: AWS::Serverless::Function
Properties:
Timeout: 29 # max 29 seconds for Lambda authorizers
Environment:
Variables:
# by default, AWS Lambda runtime produces no log
# use `LOG_LEVEL: debug` for for lifecycle and event handling information
# use `LOG_LEVEL: trace` for detailed input event information
LOG_LEVEL: trace
Metadata:
BuildMethod: makefile
# The API Gateway
MyProtectedApi:
Type: AWS::Serverless::HttpApi
Properties:
Auth:
DefaultAuthorizer: MyLambdaAuthorizer
Authorizers:
MyLambdaAuthorizer:
FunctionArn: !GetAtt LambdaAuthorizer.Arn
Identity:
Headers:
- Authorization
AuthorizerPayloadFormatVersion: "2.0"
EnableSimpleResponses: true
# Give the API Gateway permissions to invoke the Lambda authorizer
AuthorizerPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref LambdaAuthorizer
Principal: apigateway.amazonaws.com
SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MyProtectedApi}/*
# print API endpoint
Outputs:
SwiftAPIEndpoint:
Description: "API Gateway endpoint URL for your application"
Value: !Sub "https://${MyProtectedApi}.execute-api.${AWS::Region}.amazonaws.com"
Reference in New Issue View Git Blame Copy Permalink