serverless.yml

# For full config options, check the docs:
#    docs.serverless.com

service: data-pipeline
frameworkVersion: '3'
useDotenv: true
configValidationMode: error

plugins:
  - serverless-ruby-layer

custom:
  rubyLayer:
    use_docker: true
  currentStage: ${opt:stage, 'development'}
  buckets:
    inbox_bucket: es-${self:custom.currentStage}-data-inbox
    process_bucket: es-${self:custom.currentStage}-data-process
    compressed_bucket: es-${self:custom.currentStage}-data-uncompressed
    spreadsheet_bucket: es-${self:custom.currentStage}-data-spreadsheet
    amr_data_bucket: es-${self:custom.currentStage}-data-amr-data
    unprocessable_bucket: es-${self:custom.currentStage}-data-unprocessable

provider:
  name: aws
  runtime: ruby3.2
  profile: serverless
  region: eu-west-2
  stage: ${opt:stage, 'development'}
  environment:
    INBOX_BUCKET: ${self:custom.buckets.inbox_bucket}
    PROCESS_BUCKET: ${self:custom.buckets.process_bucket}
    COMPRESSED_BUCKET: ${self:custom.buckets.compressed_bucket}
    SPREADSHEET_BUCKET: ${self:custom.buckets.spreadsheet_bucket}
    AMR_DATA_BUCKET: ${self:custom.buckets.amr_data_bucket}
    UNPROCESSABLE_BUCKET: ${self:custom.buckets.unprocessable_bucket}
    ROLLBAR_ACCESS_TOKEN: ${env:ROLLBAR_ACCESS_TOKEN}
    # this allows bundler to pick up git gems in /opt/ruby/3.2.0/bundler from the ruby layer
    BUNDLE_PATH: /opt
  iam:
    role:
      statements:
        - Effect: "Allow"
          Action:
            - "s3:*"
          Resource:
            - { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ]]}
            - "arn:aws:s3:::${self:custom.buckets.inbox_bucket}/*"
            - "arn:aws:s3:::${self:custom.buckets.process_bucket}/*"
            - "arn:aws:s3:::${self:custom.buckets.compressed_bucket}/*"
            - "arn:aws:s3:::${self:custom.buckets.spreadsheet_bucket}/*"
            - "arn:aws:s3:::${self:custom.buckets.amr_data_bucket}/*"
            - "arn:aws:s3:::${self:custom.buckets.unprocessable_bucket}/*"

package:
  patterns:
    - '!**'
    - 'handlers/*.rb'
    - 'handler.rb'
    - 'Gemfile'
    - 'Gemfile.lock'

functions:
  unpack-attachments:
    handler: handler.DataPipeline::Handler.unpack_attachments
    events:
      - s3: ${self:provider.environment.INBOX_BUCKET}
  process-file:
    handler: handler.DataPipeline::Handler.process_file
    events:
      - s3: ${self:provider.environment.PROCESS_BUCKET}
  uncompress:
    handler: handler.DataPipeline::Handler.uncompress_file
    events:
      - s3: ${self:provider.environment.COMPRESSED_BUCKET}
  convert:
    handler: handler.DataPipeline::Handler.convert_file
    events:
      - s3: ${self:provider.environment.SPREADSHEET_BUCKET}

resources:
  Resources:
    InboxS3Policy:
      Type: AWS::S3::BucketPolicy
      DependsOn: S3BucketEs${self:custom.currentStage}datainbox
      Properties:
        Bucket:
          Ref: S3BucketEs${self:custom.currentStage}datainbox
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Sid: "SESInboxWriter"
              Principal:
                Service: "ses.amazonaws.com"
              Condition:
                StringEquals:
                  "aws:Referer": {Ref: 'AWS::AccountId'}
              Effect: Allow
              Action:
                - s3:PutObject
              Resource:
                - arn:aws:s3:::${self:provider.environment.INBOX_BUCKET}/*
    S3BucketAmrData:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:provider.environment.AMR_DATA_BUCKET}
    S3BucketUnprocessable:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:provider.environment.UNPROCESSABLE_BUCKET}