...
resources:
  - ${file(./serverless-dynamodb-tables.yml)}
  - ${file(./serverless-gateway-responses.yml)}
...

serverless-dynamodb-tables.yml

Resources:
  users:
    Type: 'AWS::DynamoDB::Table'
    DeletionPolicy: Retain
    Properties:
      TableName: ${self:provider.environment.DYNAMODB_TABLE_PREFIX}-users
      AttributeDefinitions:
        - AttributeName: id
          AttributeType: S
        - AttributeName: displayUserId
          AttributeType: S
      KeySchema:
        - AttributeName: id
          KeyType: HASH
      BillingMode: PAY_PER_REQUEST
      GlobalSecondaryIndexes:
        - IndexName: byDisplayUserId
          KeySchema:
            - AttributeName: displayUserId
              KeyType: HASH
          Projection:
            ProjectionType: ALL

serverless-gateway-responses.yml

Resources:
  GatewayResponseACCESSDENIED:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: ACCESS_DENIED
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '403'
  GatewayResponseAPICONFIGURATIONERROR:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: API_CONFIGURATION_ERROR
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '500'
  GatewayResponseAUTHORIZERCONFIGURATIONERROR:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: AUTHORIZER_CONFIGURATION_ERROR
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '500'
  GatewayResponseAUTHORIZERFAILURE:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: AUTHORIZER_FAILURE
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '500'
  GatewayResponseBADREQUESTPARAMETERS:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: BAD_REQUEST_PARAMETERS
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '400'
  GatewayResponseBADREQUESTBODY:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: BAD_REQUEST_BODY
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '400'
  GatewayResponseDEFAULT4XX:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: DEFAULT_4XX
      RestApiId:
        Ref: 'ApiGatewayRestApi'
  GatewayResponseDEFAULT5XX:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: DEFAULT_5XX
      RestApiId:
        Ref: 'ApiGatewayRestApi'
  GatewayResponseEXPIREDTOKEN:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: EXPIRED_TOKEN
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '401'
  GatewayResponseINTEGRATIONFAILURE:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: INTEGRATION_FAILURE
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '504'
  GatewayResponseINTEGRATIONTIMEOUT:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: INTEGRATION_TIMEOUT
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '504'
  GatewayResponseINVALIDAPIKEY:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: INVALID_API_KEY
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '403'
  GatewayResponseINVALIDSIGNATURE:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: INVALID_SIGNATURE
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '403'
  GatewayResponseMISSINGAUTHENTICATIONTOKEN:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: MISSING_AUTHENTICATION_TOKEN
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '403'
  GatewayResponseQUOTAEXCEEDED:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: QUOTA_EXCEEDED
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '429'
  GatewayResponseREQUESTTOOLARGE:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: REQUEST_TOO_LARGE
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '413'
  GatewayResponseRESOURCENOTFOUND:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: RESOURCE_NOT_FOUND
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '404'
  GatewayResponseTHROTTLED:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: THROTTLED
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '429'
  GatewayResponseUNAUTHORIZED:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: UNAUTHORIZED
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '401'
  GatewayResponseUNSUPPORTEDMEDIATYPE:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: UNSUPPORTED_MEDIA_TYPE
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '415'
  GatewayResponseWAFFILTERED:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
        gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
        gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS,HEAD'"
      ResponseType: WAF_FILTERED
      RestApiId:
        Ref: 'ApiGatewayRestApi'
      StatusCode: '403'