esdp/serverless/serverless.yml

service: esdp-api
app: esdp-api-app
frameworkVersion: '4'

package:
    patterns:
        - drizzle/**

stages:
    prod:
        # Enables observability in the prod stage
        observability: true

        # Sepcify parameter values to be used in the prod stage
        params:
            es_endpoint: https://insurtechtoolkit.com
            domain: es.imex.online
            es_user: Imex2
            es_password: Patrick
            infra_service: esdp-infra
            infra_stage: shared
    beta:
        # Enables observability in the prod stage
        observability: false

        # Sepcify parameter values to be used in the prod stage
        params:
            es_endpoint: https://4284-79073.el-alt.com
            domain: beta.es.imex.online
            es_user: Imex2
            es_password: Patrick
            infra_service: esdp-infra
            infra_stage: shared
    alpha:
        # Enables observability in the prod stage
        observability: false
        # Sepcify parameter values to be used in the prod stage
        params:
            es_endpoint: https://4284-79287.el-alt.com
            domain: alpha.es.imex.online
            es_user: Imex2
            es_password: Patrick
            infra_service: esdp-infra
            infra_stage: shared
    dev:
        # Enables observability in the prod stage
        observability: false
        # Sepcify parameter values to be used in the prod stage
        params:
            es_endpoint: https://4284-79287.el-alt.com
            domain: dev.es.imex.online
            es_user: Imex2
            es_password: Patrick
            infra_service: esdp-infra
            infra_stage: shared

custom:
    infra_stack: ${param:infra_service}-${param:infra_stage}

    db:
        host: ${cf:${self:custom.infra_stack}.DbProxyEndpoint}
        port: ${cf:${self:custom.infra_stack}.DbPort}
        name: ${cf:${self:custom.infra_stack}.DbName}
        secretArn: ${cf:${self:custom.infra_stack}.DbSecretArn}

# params:
#   dev:
#     domain: dev.es.imex.online
#   alpha:
#     domain: alpha.es.imex.online
#   beta:
#     domain: beta.es.imex.online
#   prod:
#     domain: es.imex.online

provider:
    name: aws
    runtime: nodejs22.x
    region: ca-central-1
    domain: ${param:domain}
    httpApi: # This creates a cheaper, faster "HTTP API" Gateway
        cors: true # Automatically configures CORS

    # Ensure all Lambdas can reach the shared RDS Proxy in the infra VPC
    vpc:
        securityGroupIds:
            - ${cf:${self:custom.infra_stack}.LambdaSecurityGroupId}
        subnetIds:
            - ${cf:${self:custom.infra_stack}.PrivateSubnetAId}
            - ${cf:${self:custom.infra_stack}.PrivateSubnetBId}

    # Default DB connection settings for all Lambdas (used by src/lib/db.ts)
    environment:
        DB_HOST: ${self:custom.db.host}
        DB_PORT: ${self:custom.db.port}
        DB_NAME: ${self:custom.db.name}
        DB_SECRET_ARN: ${self:custom.db.secretArn}

    # Allow Lambdas to fetch the DB credentials from Secrets Manager
    iam:
        role:
            statements:
                - Effect: Allow
                  Action:
                      - secretsmanager:GetSecretValue
                  Resource:
                      - ${self:custom.db.secretArn}

build:
    esbuild:
        bundle: true
        minify: false
        sourcemap: true
        exclude:
            - '@aws-sdk/*'
        target: node22
        platform: node

functions:
    vehicleType:
        handler: src/handlers/vehicleType.handler
        events:
            - httpApi:
                  path: /vehicleType
                  method: post
    scrub:
        handler: src/handlers/scrub.handler
        environment:
            ES_ENDPOINT: ${param:es_endpoint}
            ES_USER: ${param:es_user}
            ES_PASSWORD: ${param:es_password}
        events:
            - httpApi:
                  path: /scrub
                  method: post
    emsupload:
        handler: src/handlers/emsupload.handler
        environment:
            ES_ENDPOINT: ${param:es_endpoint}
            UPLOAD_BUCKET_NAME: ${self:service}-uploads-${sls:stage}
        iamRoleStatements:
            - Effect: Allow
              Action:
                  - s3:PutObject
                  - s3:PutObjectAcl
                  - s3:GetObject
              Resource:
                  - arn:aws:s3:::${self:service}-uploads-${sls:stage}/*
        events:
            - httpApi:
                  path: /emsupload
                  method: post

    dbMigrate:
        handler: src/handlers/dbMigrate.handler
        timeout: 30
        memorySize: 512
        iamRoleStatements:
            - Effect: Allow
              Action:
                  - secretsmanager:GetSecretValue
              Resource:
                  - ${cf:${self:custom.infra_stack}.DbSecretArn}

    dbPing:
        handler: src/handlers/dbPing.handler
        timeout: 15
        memorySize: 256
        iamRoleStatements:
            - Effect: Allow
              Action:
                  - secretsmanager:GetSecretValue
              Resource:
                  - ${cf:${self:custom.infra_stack}.DbSecretArn}

resources:
    Resources:
        UploadBucket:
            Type: AWS::S3::Bucket
            Properties:
                BucketName: ${self:service}-uploads-${sls:stage}
                CorsConfiguration:
                    CorsRules:
                        - AllowedOrigins:
                              - '*'
                          AllowedMethods:
                              - PUT
                              - POST
                          AllowedHeaders:
                              - '*'