mirror of
https://github.com/serverless/serverless.git
synced 2026-01-18 14:58:43 +00:00
6.9 KiB
6.9 KiB
Read this on the main serverless docs site
Serverless.yml Reference
Here is a list of all available properties in serverless.yml when the provider is set to aws.
# serverless.yml
service:
name: myService
awsKmsKeyArn: arn:aws:kms:us-east-1:XXXXXX:key/some-hash # Optional KMS key arn which will be used for encryption for all functions
frameworkVersion: ">=1.0.0 <2.0.0"
provider:
name: aws
runtime: nodejs6.10
stage: dev # Set the default stage used. Default is dev
region: us-east-1 # Overwrite the default region used. Default is us-east-1
profile: production # The default profile to use with this service
memorySize: 512 # Overwrite the default memory size. Default is 1024
timeout: 10 # The default is 6
deploymentBucket:
name: com.serverless.${self:provider.region}.deploys # Deployment bucket name. Default is generated by the framework
serverSideEncryption: AES256 # when using server-side encryption
role: arn:aws:iam::XXXXXX:role/role # Overwrite the default IAM role which is used for all functions
cfnRole: arn:aws:iam::XXXXXX:role/role # ARN of an IAM role for CloudFormation service. If specified, CloudFormation uses the role's credentials
versionFunctions: false # Optional function versioning
environment: # Service wide environment variables
serviceEnvVar: 123456789
apiKeys: # List of API keys to be used by your service API Gateway REST API
- myFirstKey
- ${opt:stage}-myFirstKey
- ${env:MY_API_KEY} # you can hide it in a serverless variable
usagePlan: # Optional usage plan configuration
quota:
limit: 5000
offset: 2
period: MONTH
throttle:
burstLimit: 200
rateLimit: 100
stackTags: # Optional CF stack tags
key: value
iamRoleStatements: # IAM role statements so that services can be accessed in the AWS account
- Effect: 'Allow'
Action:
- 's3:ListBucket'
Resource:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: ServerlessDeploymentBucket
stackPolicy: # Optional CF stack policy. The example below allows updates to all resources except deleting/replacing EC2 instances (use with caution!)
- Effect: Allow
Principal: "*"
Action: "Update:*"
Resource: "*"
- Effect: Deny
Principal: "*"
Action:
- Update:Replace
- Update:Delete
Condition:
StringEquals:
ResourceType:
- AWS::EC2::Instance
functions:
usersCreate: # A Function
handler: users.create # The file and module for this specific function.
description: My function # The description of your function.
memorySize: 512 # memorySize for this specific function.
timeout: 10 # Timeout for this specific function. Overrides the default set above.
role: arn:aws:iam::XXXXXX:role/role # IAM role which will be used for this function
onError: arn:aws:sns:us-east-1:XXXXXX:sns-topic # Optional SNS topic arn which will be used for the DeadLetterConfig
awsKmsKeyArn: arn:aws:kms:us-east-1:XXXXXX:key/some-hash # Optional KMS key arn which will be used for encryption (overwrites the one defined on the service level)
environment: # Function level environment variables
functionEnvVar: 12345678
tags: # Function specific tags
foo: bar
events: # The Events that trigger this Function
- http: # This creates an API Gateway HTTP endpoint which can be used to trigger this function. Learn more in "events/apigateway"
path: users/create # Path for this endpoint
method: get # HTTP method for this endpoint
cors: true # Turn on CORS for this endpoint, but don't forget to return the right header in your response
private: true # Requires clients to add API keys values in the `x-api-key` header of their request
authorizer: # An AWS API Gateway custom authorizer function
name: authorizerFunc # The name of the authorizer function (must be in this service)
arn: xxx:xxx:Lambda-Name # Can be used instead of name to reference a function outside of service
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: someRegex
- s3:
bucket: photos
event: s3:ObjectCreated:*
rules:
- prefix: uploads/
- suffix: .jpg
- schedule:
rate: rate(10 minutes)
enabled: false
input:
key1: value1
key2: value2
stageParams:
stage: dev
- sns:
topicName: aggregate
displayName: Data aggregation pipeline
- stream:
arn: arn:aws:kinesis:region:XXXXXX:stream/foo
batchSize: 100
startingPosition: LATEST
enabled: false
- alexaSkill
- iot:
name: myIoTEvent
description: An IoT event
enabled: true
sql: "SELECT * FROM 'some_topic'"
sqlVersion: beta
- cloudwatchEvent:
event:
source:
- "aws.ec2"
detail-type:
- "EC2 Instance State-change Notification"
detail:
state:
- pending
# Note: you can either use "input" or "inputPath"
input:
key1: value1
key2: value2
stageParams:
stage: dev
inputPath: '$.stageVariables'
- cloudwatchLog:
logGroup: '/aws/lambda/hello'
filter: '{$.userIdentity.type = Root}'
- cognitoUserPool:
pool: MyUserPool
trigger: PreSignUp
# The "Resources" your "Functions" use. Raw AWS CloudFormation goes in here.
resources:
Resources:
usersTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: usersTable
AttributeDefinitions:
- AttributeName: email
AttributeType: S
KeySchema:
- AttributeName: email
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
# The "Outputs" that your AWS CloudFormation Stack should produce. This allows references between services.
Outputs:
UsersTableArn:
Description: The ARN for the User's Table
Value:
"Fn::GetAtt": [ usersTable, Arn ]
Export: ${self:service}:${opt:stage}:UsersTableArn # see Fn::ImportValue to use in other services and http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html for documentation on use.