serverless.yml

service: python-sesdynamodb-contactform

# You can pin your service to only deploy with a specific Serverless version
# Check out our docs for more details
# frameworkVersion: "=X.X.X"

plugins:
  - serverless-domain-manager

custom:
  secrets: ${file(secrets.json)}
  customDomain:
    domainName: ${self:custom.secrets.DOMAIN}
    certificateName: ${self:custom.secrets.CERTIFICATE}
    stage: ${self:provider.stage}
    createRoute53Record: true

provider:
  name: aws
  runtime: python3.6
  region: ${self:custom.secrets.REGION}
  profile: ${self:custom.secrets.PROFILE}
  stage: ${self:custom.secrets.ENV}
  memory: ${self:custom.secrets.MEMORY}
  timeout: ${self:custom.secrets.TIMEOUT}
  apiKeys:
    - ${self:provider.stage}-contactForm
    - ${self:provider.stage}-list
  usagePlan:
    quota:
      limit: 10000
      offset: 2
      period: MONTH
    throttle:
      burstLimit: 500
      rateLimit: 250
  environment:
    DYNAMODB_TABLE: ${self:service}-${opt:stage, self:provider.stage}
    SENDER_EMAIL: ${self:custom.secrets.SENDER_EMAIL}
    EMAIL_SUBJECT: ${self:custom.secrets.EMAIL_SUBJECT}
    SES_REGION: ${self:custom.secrets.SES_REGION, 'us-east-1'}
    CONFIG_SET: ConfigSet
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - ses:SendEmail
        - ses:SendRawEmail
      Resource: "*"
    - Effect: Allow
      Action:
        - dynamodb:Scan
        - dynamodb:PutItem
      Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}"

functions:
  sendMail:
    handler: handler.sendMail
    description: Send Email using AWS SES Service
    events:
      - http:
          path: sendMail
          method: post
          async: false
          private: true
          integration: lambda
          cors:
            origins: 
              - ${self:custom.secrets.ORIGINS.${self:provider.stage}}
            headers:
              - Content-Type
              - X-Amz-Date
              - Authorization
              - X-Api-Key
              - X-Amz-Security-Token
              - X-Amz-User-Agent
            allowCredentials: false
          response:
            headers:
              "Access-Control-Allow_Origin": "'${self:custom.secrets.ORIGINS.${self:provider.stage}}'"
  list:
    handler: handler.list
    description: List all the contact form submissions
    events:
      - http:
          path: list
          method: get
          async: false
          private: true
          integration: lambda
          cors:
            origins:
              - ${self:custom.secrets.ORIGINS.${self:provider.stage}}
            headers:
              - Content-Type
              - X-Amz-Date
              - Authorization
              - X-Api-Key
              - X-Amz-Security-Token
              - X-Amz-User-Agent
            allowCredentials: false
          response:
            headers:
              "Access-Control-Allow_Origin": "'${self:custom.secrets.ORIGINS.${self:provider.stage}}'"

resources:
  Resources:
    ContactFormDynamoDbTable:
      Type: 'AWS::DynamoDB::Table'
      DeletionPolicy: Retain
      Properties:
        AttributeDefinitions:
          -
            AttributeName: id
            AttributeType: S
        KeySchema:
          -
            AttributeName: id
            KeyType: HASH
        ProvisionedThroughput:
          ReadCapacityUnits: 1
          WriteCapacityUnits: 1
        TableName: ${self:provider.environment.DYNAMODB_TABLE}