-
Notifications
You must be signed in to change notification settings - Fork 89
/
Copy pathserverless.yml
158 lines (154 loc) · 5.18 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
service: ai-chat-api
stages:
default:
params:
modelId: meta.llama3-70b-instruct-v1:0
customDomainNameChatApi: chat.${param:customDomainName}
dynamoDbUsageTableName: ${self:service}-usage-table-${sls:stage}
throttleMonthlyLimitUser: 20
throttleMonthlyLimitGlobal: 4000
provider:
name: aws
runtime: nodejs20.x
iam:
role:
statements:
- Effect: Allow
Action:
# This permission is required for ConverseStreamCommand
- bedrock:InvokeModelWithResponseStream
Resource:
- arn:aws:bedrock:${aws:region}::foundation-model/${param:modelId}
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource:
- Fn::GetAtt:
- DynamoDbUsageTable
- Arn
build:
esbuild:
# By default the @aws-sdk/* packages are marked as external because they are
# included in the Lambda runtime; however, the lambda runtime packages are
# behind the latest release. At the time of writing, the lambda runtime did
# not include the @aws-sdk/bedrock-runtime-client. By setting the external
# and exclude options to [], we instruct ESBuild to include these packages
# in the bundle.
exclude:
- "@aws-sdk/*"
- "!@aws-sdk/client-bedrock-runtime"
functions:
api:
handler: handler.handler
timeout: 60
url:
invokeMode: RESPONSE_STREAM
cors: true
environment:
MODEL_ID: ${param:modelId}
SHARED_TOKEN_SECRET: ${param:sharedTokenSecret}
USAGE_TABLE_NAME: ${param:dynamoDbUsageTableName}
THROTTLE_MONTHLY_LIMIT_USER: ${param:throttleMonthlyLimitUser}
THROTTLE_MONTHLY_LIMIT_GLOBAL: ${param:throttleMonthlyLimitGlobal}
resources:
# This condition is used to determine whether the custom domain name is
# enabled. The CloudFront distribution and Route 53 record set group are
# only created if the custom domain name is enabled. Otherwise the default
# Lambda function URL is used.
Conditions:
CustomDomainNameEnabled:
Fn::Equals:
- ${param:customDomainNameEnabled}
- true
Resources:
DynamoDbUsageTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: PK
AttributeType: S
- AttributeName: SK
AttributeType: S
KeySchema:
- AttributeName: PK
KeyType: HASH
- AttributeName: SK
KeyType: RANGE
BillingMode: PAY_PER_REQUEST
TableName: ${param:dynamoDbUsageTableName}
ApiCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Condition: CustomDomainNameEnabled
DeletionPolicy: Delete
Properties:
DistributionConfig:
Enabled: true
PriceClass: PriceClass_100
HttpVersion: http2
Comment: Distribution to support the custom domain name ${param:customDomainNameChatApi} for the AI Chat API Service
Origins:
- Id: ChatAPILambdaFunction
DomainName:
!Select [
2,
!Split ["/", !GetAtt ApiLambdaFunctionUrl.FunctionUrl],
]
OriginPath: ""
CustomOriginConfig:
HTTPPort: 80
HTTPSPort: 443
OriginProtocolPolicy: https-only
OriginSSLProtocols: [TLSv1, TLSv1.1, TLSv1.2]
DefaultCacheBehavior:
TargetOriginId: ChatAPILambdaFunction
ViewerProtocolPolicy: redirect-to-https
Compress: true
AllowedMethods:
- HEAD
- DELETE
- POST
- GET
- OPTIONS
- PUT
- PATCH
ForwardedValues:
QueryString: true
Headers:
- Authorization
Cookies:
Forward: all
Aliases:
- ${param:customDomainNameChatApi}
ViewerCertificate:
SslSupportMethod: sni-only
MinimumProtocolVersion: TLSv1.2_2021
AcmCertificateArn: ${param:customDomainCertificateARN}
ApiRecordSetGroup:
Type: AWS::Route53::RecordSetGroup
DeletionPolicy: Delete
Condition: CustomDomainNameEnabled
DependsOn:
- ApiCloudFrontDistribution
Properties:
HostedZoneName: ${param:customDomainName}.
RecordSets:
- Name: ${param:customDomainNameChatApi}
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2 # Cloudfront default hosted zone ID
DNSName: { "Fn::GetAtt": [ApiCloudFrontDistribution, DomainName] }
Outputs:
Outputs:
# This exports the URL of the endpoint with the custom domain name, if it is
# available, otherwise it provides the default Lambda function URL.
ChatApiUrl:
Value:
Fn::If:
- CustomDomainNameEnabled
- !Sub "https://${param:customDomainNameChatApi}"
- !GetAtt ApiLambdaFunctionUrl.FunctionUrl