Infra as GitHub Actions - AWS Serverless Function for nodejs
Alonso Suarez
Posted on June 13, 2024
In the last post we talked about the need to simplify infra while also moving it back to the application repo
As I started to work on the next infra as GitHub actions, which was a secured website with authentication@edge. It became clear that AWS lambda was a fundamental building block in the journey
Introducing actions-aws-function-node π
Now with very few dependencies, you can provision your node backend in literally a minute ποΈ
Getting started
Let's start with familiar code
// src/index.js
exports.handler = async (event, context) => {
return {
"statusCode": 200,
"headers": {
"Content-Type": "*/*"
},
"body": "hello world"
}
}
Add the workflow
# .github/workflows/on-push-main.yml
name: demo
on:
push:
branches:
- main
jobs:
deploy:
environment:
name: main
url: ${{ steps.backend.outputs.url }}
permissions:
id-token: write
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.ROLE_ARN }}
role-session-name: ${{ github.actor }}
- uses: alonch/actions-aws-backend-setup@main
with:
instance: sample
- uses: alonch/actions-aws-function-node@main
with:
name: actions-aws-function-node-sample
entrypoint-file: index.js
entrypoint-function: handler
artifacts: src
allow-public-access: true
Add the secret ROLE_ARN with access to AWS and that's it, after pushing to main you have a GitHub deployment with you backend running π
You can clone this sample from Github too
Of course, there are a lot more options
Permissions
You can allow access to services by just adding the resource name and the access, either read or write
For example:
- uses: alonch/actions-aws-function-node@main
with:
name: actions-aws-function-node-demo
entrypoint-file: index.js
entrypoint-function: handler
artifacts: src
allow-public-access: true
permissions: |
s3: read
dynamodb: write
This configuration will attach AmazonS3ReadOnly and AmazonDynamoDBFullAccess managed policies to the function's role
Environment Variables
Similar to permissions, you can attach function variables as follow:
- uses: alonch/actions-aws-function-node@main
with:
name: actions-aws-function-node-demo
entrypoint-file: index.js
entrypoint-function: handler
artifacts: src
allow-public-access: true
env: |
DD_ENV: production
DD_SERVICE: demo
DD_VERSION: ${{ github.sha }}
The rest of the options are standard attributes like memory, timeout or selecting ARM architecture
The best part is that it takes a minute to provision it and even less time to destroy π
Iβm excited about the future developments and improvements that can be made to this workflow. If you have any feedback, questions, or suggestions, feel free to leave a comment below or reach out directly. Letβs continue this journey of simplifying infrastructure together!
Thank you for reading, and happy coding!
Posted on June 13, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.