service: serverless-oauth2 provider: name: aws runtime: nodejs6.10 stage: ${opt:stage, self:custom.defaultStage} environment: GIT_HOSTNAME: "/ctrl-alt-del/oauth/${opt:stage, self:provider.stage}/GIT_HOSTNAME" OAUTH_TOKEN_PATH: "/ctrl-alt-del/oauth/${opt:stage, self:provider.stage}/OAUTH_TOKEN_PATH" OAUTH_AUTHORIZE_PATH: "/ctrl-alt-del/oauth/${opt:stage, self:provider.stage}/OAUTH_AUTHORIZE_PATH" OAUTH_CLIENT_ID: "/ctrl-alt-del/oauth/${opt:stage, self:provider.stage}/OAUTH_CLIENT_ID" OAUTH_CLIENT_SECRET: "/ctrl-alt-del/oauth/${opt:stage, self:provider.stage}/OAUTH_CLIENT_SECRET" REDIRECT_URL: "/ctrl-alt-del/oauth/${opt:stage, self:provider.stage}/REDIRECT_URL" OAUTH_SCOPES: "/ctrl-alt-del/oauth/${opt:stage, self:provider.stage}/OAUTH_SCOPES" TZ: "utc" iamRoleStatements: - Effect: Allow Action: - ssm:DescribeParameters - ssm:GetParameters Resource: "arn:aws:ssm:${opt:region, self:provider.region}:*:parameter/ctrl-alt-del/oauth/${opt:stage, self:provider.stage}/*" - Effect: Allow Action: - kms:Decrypt Resource: "arn:aws:kms:${opt:region, self:provider.region}:*:key/${self:custom.kms_key.${opt:region, self:provider.region}.${self:provider.stage}}" custom: defaultStage: dev kms_key: "us-east-1": prod: "01660d80-64fb-4444-9b21-bb15ac2f97ec" dev: "foo" functions: auth: handler: auth.auth memorySize: 128 timeout: 5 events: - http: path: /auth method: get cors: true callback: handler: auth.callback memorySize: 128 timeout: 5 events: - http: path: /callback method: get cors: true success: handler: auth.success memorySize: 128 timeout: 5 events: - http: path: /success method: get cors: true default: handler: auth.default memorySize: 128 timeout: 5 events: - http: path: / method: get cors: true plugins: - serverless-plugin-optimize - serverless-offline package: individually: true