-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathtemplate.yaml
More file actions
237 lines (236 loc) · 7.55 KB
/
template.yaml
File metadata and controls
237 lines (236 loc) · 7.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
# Build and Deploy Template for DC API
#
# Note: Any comment starting with `#*` will be removed
# at build time. This allows us to run without the
# dependency layer in development without removing the
# layer from the build.
AWSTemplateFormatVersion: "2010-09-09"
Transform:
- AWS::Serverless-2016-10-31
- AWS::LanguageExtensions
Description: dc-api-v2
Parameters:
ApiConfigPrefix:
Type: String
Description: Secret Name for API Configuration (if not provided, will use SecretsPath)
Default: ""
ApiTokenName:
Type: String
Description: Name of the jwt that DC API issues
ApiTokenSecret:
Type: String
Description: Secret Key for Encrypting JWTs (must match IIIF server)
CustomDomainCertificateArn:
Type: String
Description: SSL Certificate for the Custom Domain Name
CustomDomainZone:
Type: String
Description: Hosted Zone Name for Custom Domain
CustomDomainHost:
Type: String
Description: Hostname within ApiDomainName for Custom Domain
DcApiEndpoint:
Type: String
Description: URL for DC API
DcUrl:
Type: String
Description: URL of Digital Collections website
DeployAPI:
Type: String
Description: Set to true to deploy API
Default: "true"
DeployAVDownload:
Type: String
Description: Set to true to deploy AVDownload
Default: "true"
DeployChat:
Type: String
Description: Set to true to deploy Chat
Default: "true"
DeployDocs:
Type: String
Description: Set to true to deploy Docs
Default: "false"
DevTeamNetIds:
Type: String
Description: Northwestern NetIDs of the development team
EnvironmentPrefix:
Type: String
Description: Index Prefix
Default: ""
HoneybadgerApiKey:
Type: String
Description: Honeybadger API Key
Default: ""
HoneybadgerEnv:
Type: String
Description: Honeybadger Environment
Default: ""
HoneybadgerRevision:
Type: String
Description: Honeybadger Revision
Default: ""
MediaConvertDestinationBucket:
Type: String
Description: S3 bucket destination for transcoded AV resource
Default: ""
MediaConvertEndpoint:
Type: String
Description: MediaConvert endpoint
Default: ""
MediaConvertJobQueueArn:
Type: String
Description: Job Queue ARN for MediaConvert
Default: ""
MediaConvertRoleArn:
Type: String
Description: MediaConvert role ARN
Default: ""
ProviderCapabilities:
Type: String
Description: Currently enabled features per auth provider
Default: |
{"magic":["chat"],"nusso":["chat"]}
PyramidBucket:
Type: String
Description: Meadow Pyramid Bucket
ReadingRoomIPs:
Type: String
Description: Comma-delimited list of IP addresses to serve private resources to
RepositoryEmail:
Type: String
Description: Verified email address to use as sender
SecretsPath:
Type: String
Description: Prefix to use when loading configs from Secrets Manager
StreamingBucket:
Type: String
Description: Meadow Streaming Bucket
WriteConfigSecret:
Type: String
Description: Set to something other than "true" to _not_ write configuration secrets
Default: "true"
Conditions:
CustomConfigSecret:
Fn::Not: [!Equals [!Ref ApiConfigPrefix, ""]]
DeployAPI:
Fn::Equals: [!Ref DeployAPI, "true"]
DeployAVDownload:
Fn::Equals: [!Ref DeployAVDownload, "true"]
DeployChat:
Fn::Equals: [!Ref DeployChat, "true"]
DeployDocs:
Fn::Equals: [!Ref DeployDocs, "true"]
Resources:
readSecretsPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: GetSecrets
Effect: Allow
Action:
- secretsmanager:GetSecretValue
Resource:
- !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${SecretsPath}/*"
- Fn::If:
- CustomConfigSecret
- !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${ApiConfigPrefix}/*"
- !Ref AWS::NoValue
- Sid: BatchGetSecrets
Effect: Allow
Action:
- secretsmanager:BatchGetSecretValue
Resource: "*"
api:
Type: AWS::Serverless::Application
DependsOn: rootApi
Properties:
Location: ./api/template.yaml
Parameters:
ApiConfigPrefix: !Ref ApiConfigPrefix
ApiTokenName: !Ref ApiTokenName
ApiTokenSecret: !Ref ApiTokenSecret
ChatWebSocketURI: !If [DeployChat, !GetAtt [chatWebsocket, Outputs.WebSocketURI], ""]
CustomDomainCertificateArn: !Ref CustomDomainCertificateArn
CustomDomainZone: !Ref CustomDomainZone
CustomDomainHost: !Ref CustomDomainHost
DcApiEndpoint: !Ref DcApiEndpoint
DcUrl: !Ref DcUrl
DeployAPI: !Ref DeployAPI
DeployAVDownload: !Ref DeployAVDownload
DeployChat: !Ref DeployChat
DevTeamNetIds: !Ref DevTeamNetIds
EnvironmentPrefix: !Ref EnvironmentPrefix
HoneybadgerApiKey: !Ref HoneybadgerApiKey
HoneybadgerEnv: !Ref HoneybadgerEnv
HoneybadgerRevision: !Ref HoneybadgerRevision
ProviderCapabilities: !Ref ProviderCapabilities
PyramidBucket: !Ref PyramidBucket
ReadingRoomIPs: !Ref ReadingRoomIPs
RepositoryEmail: !Ref RepositoryEmail
SecretsPath: !Ref SecretsPath
SecretsPolicy: !Ref readSecretsPolicy
WriteConfigSecret: !Ref WriteConfigSecret
avDownload:
Type: AWS::Serverless::Application
Condition: DeployAVDownload
Properties:
Location: ./av-download/template.yaml
Parameters:
MediaConvertDestinationBucket: !Ref MediaConvertDestinationBucket
MediaConvertEndpoint: !Ref MediaConvertEndpoint
MediaConvertJobQueueArn: !Ref MediaConvertJobQueueArn
MediaConvertRoleArn: !Ref MediaConvertRoleArn
PyramidBucket: !Ref PyramidBucket
RepositoryEmail: !Ref RepositoryEmail
SecretsPath:
Fn::If:
- CustomConfigSecret
- !Ref ApiConfigPrefix
- !Ref SecretsPath
SecretsPolicy: !Ref readSecretsPolicy
StreamingBucket: !Ref StreamingBucket
chatWebsocket:
Type: AWS::Serverless::Application
Condition: DeployChat
Properties:
Location: ./chat/template.yaml
Parameters:
ApiConfigPrefix: !Ref ApiConfigPrefix
ApiTokenName: !Ref ApiTokenName
EnvironmentPrefix: !Ref EnvironmentPrefix
HoneybadgerApiKey: !Ref HoneybadgerApiKey
HoneybadgerEnv: !Ref HoneybadgerEnv
HoneybadgerRevision: !Ref HoneybadgerRevision
SecretsPath: !Ref SecretsPath
SecretsPolicy: !Ref readSecretsPolicy
docs:
Type: AWS::Serverless::Application
Condition: DeployDocs
Properties:
Location: ./docs/template.yaml
Parameters:
CustomDomainHost: !Ref CustomDomainHost
CustomDomainZone: !Ref CustomDomainZone
RootApiID: !Ref rootApi
# API Gateway Resources
# root API
rootApi:
Type: AWS::Serverless::HttpApi
Properties:
StageName: latest
Domain:
DomainName: !Sub "${CustomDomainHost}.${CustomDomainZone}"
BasePath: ["/"]
CertificateArn: !Ref CustomDomainCertificateArn
Route53:
HostedZoneName: !Sub "${CustomDomainZone}."
Outputs:
Endpoint:
Description: "The base API endpoint for the stack"
Value: !Sub "https://${CustomDomainHost}.${CustomDomainZone}/api/v2"
WebSocketURI:
Description: "The WebSocket URI for the chat application"
Value: !If [DeployChat, !GetAtt [chatWebsocket, Outputs.WebSocketURI], ""]