-
Notifications
You must be signed in to change notification settings - Fork 1
/
serverless.yml
110 lines (104 loc) · 2.85 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Welcome to Serverless!
# For full config options, check the docs:
# docs.serverless.com
service: aws-2fa-proxy
frameworkVersion: "=1.67.3"
custom: ${file(./config.yml)}
provider:
name: aws
region: ap-southeast-2
description: Proxies and encrypts SMS messages received through Pinpoint
runtime: nodejs12.x
memorySize: 2048
timeout: 10
iamRoleStatements:
- Effect: 'Allow'
Action:
- 'sns:*'
Resource:
- Ref: ForwardingSnsTopic
- Effect: 'Allow'
Action:
- 'sns:*'
Resource:
- Ref: ReceivingSnsTopic
package:
include:
- handler.js
- openpgp.js
- package.json
- package-lock.json
- node_modules
exclude:
- images/**
- keys/**
- .nvmrc
- config.yml.example
- config.yml
- README.md
- serverless.yml
- structure.png
functions:
2fa-proxy:
handler: handler.entrypoint
# Trigger lambda for SNS topic created in this file
# See issues https://github.com/serverless/serverless/issues/5198
events:
- sns:
arn: !Ref ReceivingSnsTopic
topicName: 2FAReceivingTopic
environment:
PUBLIC_KEY: ${self:custom.public_key}
PHONE_NUMBER: ${self:custom.mobile}
EMAIL: ${self:custom.email}
TOPIC_ARN: ${self:resources.Outputs.OutputForwardingSNSTopic.Value}
# you can add CloudFormation resource templates here
resources:
Resources:
PinPointApp:
Type: AWS::Pinpoint::App
Properties:
Name: ${self:service}
# PinPoint SMS channels with short or long codes need to be manually requested via AWS console
PinPointSmsChannel:
Type: AWS::Pinpoint::SMSChannel
Properties:
ApplicationId: !Ref PinPointApp
Enabled: true
ReceivingSnsTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName: ${self:service}
TopicName: 2FARecevingTopic
LambdaSubscription:
Type: AWS::SNS::Subscription
Properties:
Protocol: lambda
Endpoint:
Fn::GetAtt:
- 2faDashproxyLambdaFunction
- Arn
TopicArn: !Ref ReceivingSnsTopic
ForwardingSnsTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName: ${self:service}
TopicName: 2FAForwardingTopic
SmsSubscription:
Type: AWS::SNS::Subscription
Properties:
Protocol: sms
Endpoint: ${self:custom.mobile}
TopicArn: !Ref ForwardingSnsTopic
EmailSubscription:
Type: AWS::SNS::Subscription
Properties:
Protocol: email
Endpoint: ${self:custom.email}
TopicArn: !Ref ForwardingSnsTopic
#https://github.com/serverless-operations/serverless-step-functions/issues/78
Outputs:
OutputForwardingSNSTopic:
Description: "The ARN of the forwarding SNS Topic for SMS, Email and Lambda forwarding"
Value:
Ref: ForwardingSnsTopic