forked from aws-samples/aws-serverless-airline-booking
-
Notifications
You must be signed in to change notification settings - Fork 0
/
amplify.yml
68 lines (68 loc) · 3.14 KB
/
amplify.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
version: 0.1
backend:
phases:
preBuild:
commands:
- npm install -g @aws-amplify/[email protected] # pinned known working version
- make init # install OS packages and dev tools (awscli, sam-cli, linters, etc.)
build:
commands:
- "# Execute Amplify CLI with the helper script"
- amplifyPush --simple
##
# Extract Environment data
##
- export STACK_NAME=$(jq -r '.providers.awscloudformation.StackName' ./amplify/#current-cloud-backend/amplify-meta.json)
- export DEPLOYMENT_BUCKET_NAME=$(jq -r '.providers.awscloudformation.DeploymentBucketName' ./amplify/#current-cloud-backend/amplify-meta.json)
- export AWS_DEFAULT_REGION=$(jq -r '.providers.awscloudformation.Region' amplify/#current-cloud-backend/amplify-meta.json)
- export GRAPHQL_API_ID=$(jq -r '.api[(.api | keys)[0]].output.GraphQLAPIIdOutput' ./amplify/#current-cloud-backend/amplify-meta.json)
##
# List all data sources and capture DynamoDB table created from @model
##
- aws appsync list-data-sources --api-id ${GRAPHQL_API_ID} > datasources.json
- export FLIGHT_TABLE_NAME=$(jq -r '.dataSources[] | select(.name == "FlightTable") | .dynamodbConfig.tableName' datasources.json)
- export BOOKING_TABLE_NAME=$(jq -r '.dataSources[] | select(.name == "BookingTable") | .dynamodbConfig.tableName' datasources.json)
##
# Deploy SAM based back-end
##
- export STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY:-UNDEFINED}
- make deploy
frontend:
phases:
preBuild:
commands:
##
# Retrieve SAM Stack outputs and convert into VueJS compatible runtime env
##
- make outputs
- cd src/frontend
- npm install
build:
commands:
- npm run build
artifacts:
baseDirectory: src/frontend/dist
files:
- "**/*"
cache:
paths:
- node_modules/**/*
customHeaders:
- pattern: "**/*"
headers: # https://infosec.mozilla.org/guidelines/web_security
- key: "Strict-Transport-Security"
value: "max-age=31536000; includeSubDomains"
- key: "X-Content-Type-Options"
value: "nosniff"
- key: "X-XSS-Protection"
value: "1; mode=block"
- key: "X-Frame-Options"
value: "DENY"
# CSP generated using Laboratory: https://github.com/april/laboratory
# Caveats
## Stripe Elements adds inline JS and iFrame (unsafe-eval, frame-src)
## Allows any endpoint hosted on AWS - for prod, use custom domains
### REST and GraphQL have random identifiers so we allow the sub-domain (connect-src)
### connect-src doesn't parse cognito-idp.*.amazonaws.com used by Amplify Auth - for prod, use region(s) endpoint
- key: "Content-Security-Policy"
value: "'default-src 'none'; connect-src https://*.amazonaws.com; font-src 'self' https://fonts.gstatic.com; frame-src https://js.stripe.com; img-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com/v3/; style-src 'self' https://fonts.googleapis.com/css?family=Raleway 'unsafe-inline' https://fonts.googleapis.com'"