This article delves into automating AWS Lambda deploys using Serverless framework.
Serverless is a NodeJs based toolkit which supports deploying AWS Lambdas alongwith their dependent resources – DynamoDB Tables, Trigger events, IAM roles etc.
Installing the framework is one liner :
npm install -g serverless
By default, when used to deploy a Lambda, it creates a unique S3 bucket and required IAM roles. However, this is not always desired. Serverless provides many configurations to customize the packaging and deployment. The configurations I will be using are :
- deploymentBucketName : The S3 bucket where serverless uploads the package for deploy.
- role : AWS IAM Role Arn. This is the role under which your Lambda will execute. The permissions associated depend on what services does your Lambda needs access to – S3, DynamoDb etc.
- profile : AWS credentials used to upload and deploy the package.
Let’s set up these configs now. Login in your AWS console.
- Deployment bucket : Create a new S3 bucket – give it default access and permissions. Don’t make it public.
- Lambda Role : Create a new IAM Role. Here I will be accessing DynamoDb and S3 from my lambda – so I assign these permissions only. I have used full access permissions here for simplicity sake only – this should not be done for a Production function. These should be fine grained to give only the necessary access level as per the function’s requirement.
- AWS Credentials Profile : Serverless needs a user with certain privileges to deploy and configure the function. We need to create an IAM user with limited access.
- Click on Users and then Add user. Enter a name and enable Programmatic access by clicking the checkbox.
- Click Next to go through to the Permissions page. Click on Attach existing policies directly. Search for and select AdministratorAccess then click Next:Review.
- Check everything looks good and click Create user. View and save the API Key & Secret for the user – THIS WILL BE THE ONLY TIME SECRET WILL BE VISIBLE.
- AWS credentials are stored in a file at ~/.aws/credentials. The new user credentials have to be added to this file. Run the following command to add the generated credentials to the file:
serverless config credentials –provider aws –profile –key –secret
Choose a unique profile name and also provide your own Api key and secret. eg:
serverless config credentials --provider aws --profile myprofile --key AKIAANEXAMPLEPROFILE --secret wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Setup is now essentially complete but before we can deploy our functions, we need to create a configuration file which defines our functions and their resources. This is the “serverless.yml” file and is read by the framework for packaging and deployment.
Here’s a sample config file:
# Welcome to Serverless! # # This file is the main config file for your service. # It's very minimal at this point and uses default values. # You can always add more config options for more control. # We've included some commented out config examples here. # Just uncomment any of them to get that config option. # # For full config options, check the docs: # docs.serverless.com # # Happy Coding! service: blog-examples provider: name: aws runtime: nodejs6.10 profile: <Profile_name> deploymentBucket: <bucket_name> memorySize: 128 timeout: 10 role: <role_arn> # you can overwrite defaults here stage: dev region: us-west-2 functions: user-data: handler: services/userDataHandler.userDataService
Update the following with your details:
- profile: Profile name given when storing the credentials as discussed in Step 3 above.
- deploymentBucket: The bucket name created in Step 1 above.
- role: AWS Role Arn for the role created in Step 2 above. You can get this from AWS console.
Other options in this file:
- service: This is like a single project – where you define it’s corresponding Lambda functions and their resources. eg: user-service, accounts-service.
- function: Lambda function details. Includes the function name and it’s handler. eg: In this example, function name is “user-data” and it’s handler is an exported function (“userDataService”) in a NodeJs file (“userDataHandler.js”) which is under a directory “services”.
- memory, timeout : Lambda options for compute resource. Can be specified for each individual function also.
For details about all configuration options in serverless.yml file, see here.
We are now ready to deploy our Lambda’s. To deploy our function, run:
This will deploy all the functions listed in the serverless.yml file. It essentially creates a Cloudformation stack and adds all the functions , their resources together as a unit. Behind the scenes, it does the following:
- Packages our function code into a zip file
- Creates a “serverless” folder in our bucket and uploads the zip
- Uses this zip to create a Lambda function named (“blog-examples-dev-user-data”), with memory = 128, timeout = 10 and handler = “services/userDataHandler.userDataService”
Over time, the config file will grow to contain more functions. It would make sense to deploy individual functions which have been updated. In that case use the following command:
serverless deploy function --function user-data
You can find more details about deployment here.
Serverless is a powerful framework which allows users to build & deploy auto-scaling, pay-per-execution, event-driven functions.
In this post I discussed some of it’s features related to AWS Lambda configuration and Deployment. It has many more capabilities and also integrates with various other Cloud providers. If you wish to delve into these details, please visit it’s homepage at Serverless.