service: serverless-todo frameworkVersion: ">=1.1.0 <2.0.0" provider: name: aws runtime: python2.7 environment: DYNAMODB_TABLE: ${self:service}-${opt:stage, self:provider.stage} deploymentBucket: name: todos-artifacts-rr iamRoleStatements: - Effect: Allow Action: - dynamodb:Query - dynamodb:Scan - dynamodb:GetItem - dynamodb:PutItem - dynamodb:UpdateItem - dynamodb:DeleteItem Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}" package: individually: true path: dist functions: create: handler: todos/create.create events: - http: path: todos method: post cors: true authorizer: type: COGNITO_USER_POOLS authorizerId: Ref: TodoApiGatewayAuthorizer list: handler: todos/list.list events: - http: path: todos method: get cors: true get: handler: todos/get.get events: - http: path: todos/{id} method: get cors: true update: handler: todos/update.update events: - http: path: todos/{id} method: put cors: true delete: handler: todos/delete.delete events: - http: path: todos/{id} method: delete cors: true resources: Resources: TodosDynamoDbTable: Type: 'AWS::DynamoDB::Table' Properties: AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - AttributeName: id KeyType: HASH ProvisionedThroughput: ReadCapacityUnits: 1 WriteCapacityUnits: 1 TableName: ${self:provider.environment.DYNAMODB_TABLE} TodoCognitoUserPool: Type: AWS::Cognito::UserPool Properties: UserPoolName: TodoPool TodoCognitoUserPoolClient: Type: AWS::Cognito::UserPoolClient Properties: ClientName: TodoWebApp GenerateSecret: false UserPoolId: Ref: "TodoCognitoUserPool" ExplicitAuthFlows: - "ADMIN_NO_SRP_AUTH" TodoApiGatewayAuthorizer: Type: AWS::ApiGateway::Authorizer Properties: Name: Todo RestApiId: Ref: ApiGatewayRestApi Type: COGNITO_USER_POOLS ProviderARNs: - Fn::GetAtt: [ TodoCognitoUserPool, Arn ] IdentitySource: method.request.header.Authorization