-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserverless.yml
More file actions
51 lines (47 loc) · 1.63 KB
/
serverless.yml
File metadata and controls
51 lines (47 loc) · 1.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
service: sophos-activity-log
custom:
pythonRequirements:
zip: false
provider:
name: aws
runtime: python3.7
stage: ${opt:stage,'dev'}
region: us-west-2
environment:
ENVIRONMENT: ${self:provider.stage}
REGION: ${opt:region, self:provider.region}
CONFIGFILE: config.${self:provider.stage}.yml
FIREHOSE_DELIVERY_STREAM: ${file(config.${self:provider.stage}.yml):FIREHOSE_DELIVERY_STREAM}
SOPHOS_API_KEY_NAME: ${file(config.${self:provider.stage}.yml):SOPHOS_API_KEY_NAME}
SOPHOS_BASIC_AUTH_STRING_NAME: ${file(config.${self:provider.stage}.yml):SOPHOS_BASIC_AUTH_STRING_NAME}
iamRoleStatements:
- Effect: Allow
Action:
- ssm:*
Resource:
- "arn:aws:ssm:${opt:region, self:provider.region}:*:parameter/sophos-events/lastquerytime"
- Effect: Allow
Action:
- secretsmanager:*
Resource:
- "arn:aws:secretsmanager:${opt:region, self:provider.region}:*:secret:${self:provider.environment.SOPHOS_API_KEY_NAME}*"
- "arn:aws:secretsmanager:${opt:region, self:provider.region}:*:secret:${self:provider.environment.SOPHOS_BASIC_AUTH_STRING_NAME}*"
- Effect: Allow
Action:
- firehose:PutRecord
- firehose:PutRecordBatch
Resource:
- "arn:aws:firehose:${opt:region, self:provider.region}:*:deliverystream/${self:provider.environment.FIREHOSE_DELIVERY_STREAM}"
functions:
sophos-activity:
handler: sophos-activity.handler
timeout: 600
reservedConcurrency: 1
events:
- schedule: rate(5 minutes)
package:
exclude:
- node_modules/**
- .pytest_cache/**
plugins:
- serverless-python-requirements