aws-sam-faker-rest-api/template.yaml at main · john-james-gh/aws-sam-faker-rest-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: AWS SAM Faker REST API

# Globals apply to all AWS::Serverless::Function resources
Globals:
  Function:
    Timeout: 3 # Function timeout in seconds
    Runtime: nodejs22.x # Node.js runtime version
    Architectures:
      - x86_64
    Environment:
      Variables:
        FAKER_TABLE: !Ref ProductsDynamoDbTable # DynamoDB table name for Lambda functions
        LOCAL_DDB_ENDPOINT: "" # Used for local development

Resources:
  # IAM Role for API Gateway to push logs to CloudWatch
  ApiGatewayCloudWatchLogsRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: apigateway.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs

  # API Gateway account configuration to enable CloudWatch logging
  ApiGatewayAccountConfig:
    Type: AWS::ApiGateway::Account
    Properties:
      CloudWatchRoleArn: !GetAtt ApiGatewayCloudWatchLogsRole.Arn

  # The main API Gateway REST API
  RestApi:
    Type: AWS::Serverless::Api
    DependsOn: ApiGatewayAccountConfig # Ensure logging is set up first
    Properties:
      StageName: Prod # API Gateway stage name
      Auth:
        ApiKeyRequired: true # Require API key for all methods
      AccessLogSetting:
        DestinationArn: !GetAtt RestApiLogGroup.Arn # Send access logs to CloudWatch
        Format: "$context.requestId - $context.identity.sourceIp - $context.httpMethod $context.resourcePath - $context.status"
      MethodSettings:
        - ResourcePath: "/*"
          HttpMethod: "*"
          LoggingLevel: INFO # Enable info-level logging
          MetricsEnabled: true # Enable CloudWatch metrics

  # CloudWatch Log Group for API Gateway access logs
  RestApiLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub "/aws/apigateway/FakerRestApi-${RestApi}"
      RetentionInDays: 7 # Retain logs for 7 days

  # API Gateway Usage Plan to control API access and throttling
  RestApiUsagePlan:
    Type: AWS::ApiGateway::UsagePlan
    DependsOn: RestApiProdStage # Ensure the stage exists first
    Properties:
      ApiStages:
        - ApiId: !Ref RestApi
          Stage: Prod
      Throttle:
        BurstLimit: 100 # Max burst requests
        RateLimit: 50 # Steady-state requests per second

  # API Key for accessing the API
  RestApiKey:
    Type: AWS::ApiGateway::ApiKey
    Properties:
      Enabled: true

  # Link the API Key to the Usage Plan
  RestUsagePlanKey:
    Type: AWS::ApiGateway::UsagePlanKey
    Properties:
      KeyId: !Ref RestApiKey
      KeyType: API_KEY
      UsagePlanId: !Ref RestApiUsagePlan

  # Lambda function to get all products
  GetAllProductsFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: src/get-all-products.handler # Entry point for Lambda
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref ProductsDynamoDbTable # Allow CRUD on the table
      Events:
        Api:
          Type: Api
          Properties:
            RestApiId: !Ref RestApi
            Path: /products/all
            Method: GET
    Metadata:
      BuildMethod: esbuild # Use esbuild for faster builds

  # Lambda function to create a new product
  CreateProductFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: src/create-product.handler
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref ProductsDynamoDbTable
      Events:
        Api:
          Type: Api
          Properties:
            RestApiId: !Ref RestApi
            Path: /products/create
            Method: POST
    Metadata:
      BuildMethod: esbuild

  # Lambda function to get a product by ID
  GetProductByIdFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: src/get-product-by-id.handler
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref ProductsDynamoDbTable
      Events:
        Api:
          Type: Api
          Properties:
            RestApiId: !Ref RestApi
            Path: /products/by-id
            Method: GET
    Metadata:
      BuildMethod: esbuild

  # DynamoDB table to store product data
  ProductsDynamoDbTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: FakerRestApi-ProductsDynamoDbTable-1KL76QRAUCEN
      BillingMode: PAY_PER_REQUEST # On-demand billing
      AttributeDefinitions:
        - AttributeName: pk # Partition key
          AttributeType: S
        - AttributeName: sk # Sort key
          AttributeType: S
      KeySchema:
        - AttributeName: pk
          KeyType: HASH
        - AttributeName: sk
          KeyType: RANGE