Last update: June 2020
AWS is notorious for it's incredibly complicated security model. This guide will walk you through setting up a fully-featured build & upload script for your Lambda functions.
- An AWS account
- The AWS CLI
Here's what we'll be doing:
- Create a new Lambda function triggered by a public URL
- Obtain secure credentials for updating your function's code from the command line.
- Add a fully-featured deploy script to your project
- In the AWS Lambda console, click "Create Function"
- Select "Author from Scratch"
- Enter a name. Use this name whenever I mention
YOUR_FUNCTION_NAME
- Select your runtime. (I use the latest Node.js)
- Click "Create Function"
- Take note of your Lambda ARN. It's listed in the top-right corner of your Lambda dashboard.
If you'd like to call your Lambda from an HTTP endpoint, follow these additional steps:
- Visit your Lambda function's homepage (
https://console.aws.amazon.com/lambda/home/functions/<YOUR_FUNCTION_NAME>?tab=configuration
) - Click on
Designer
, if it isn't already open - Click
Add Trigger
- Select
API Gateway
. - Click
Create an API
- Select
HTTP API
- Under Security, select
Open
(Your API will be publically available with no auth. For protected APIs, see the official docs) - Click
Add
- You will be returned to your Lambda function's homepage.
You can get the URL of your new HTTP endpoint by clicking on
API Gateway
in the Designer, and then copying the displayedAPI endpoint
url.
Create a IAM policy for updating the code:
- In the IAM console, click
Create Policy
- Under
Service
selectLambda
: - Under
Actions
search for theUpdateFunctionCode
permission. Add it. - Under
Reseources
selectSpecific
thenAdd ARN
then paste in your Lambda function ARN (You can find it in the Lambda console at the top right) - Click
Review Policy
- Add a name (remember it, we'll need it soon), and click
Create Policy
- In the IAM console, click
New User
- Enter a username, and enable
Programmatic Access
- At the
Permissions
stage, selectAdd Permissions Directly
- Click
Filter Policies
and selectCustomer Managed
- Select the policy you created in the previous section
- Skip through the
Tags
section - Click
Create User
- Copy the AWS
Access key ID
andSecret Access Key
- In your command line, enter
aws configure --profile <MY_PROFILE_NAME>
- Enter your
Access Key ID
and aSecret Access Key
.
- Create a
.env
file (if you don't already have one, for containing your upload credentials:
LAMBDA_NAME=mylambda
AWS_IAM_PROFILE=<MY_PROFILE_NAME>
LAMBDA_ENDPOINT_URL=https://*****.execute-api.us-east-1.amazonaws.com/default/****
SLACK_NOTIFICATION_WEBHOOK_URL=https://hooks.slack.com/services/****
- In your project create a new bash script
deploy.sh
- Give it execute permissions with
chmod +x deploy.sh
export $(egrep -v '^#' .env | xargs) # This allows us to access environment variables from a .env file
echo "🌀 Uploading..."
rm function.zip
zip -r function.zip index.js node_modules package.json
aws lambda update-function-code \
--function=$LAMBDA_NAME \
--profile=$AWS_IAM_PROFILE \
--zip-file=fileb://function.zip
terminal-notifier -title 'Deploy Lambda' -message 'Deploy complete'
echo "✅ Done"
- Run
./upload.sh
to build a ZIP file and upload it to Lambda
You can add other notifications to your upload script. I like adding:
terminal-notifier
to get native macOS notifications when my upload is done (macOS only)- A Slack webhook to send a notification so I can get up and stretch and come back once the upload is done.
- A bash
echo
prints the Lambda URL to the console so I can immediately try it out
Example script:
#... our upload code, then:
# Native macOS notification
# The `-open` flag lets me click on the notification to jump directly to the Lambda console
terminal-notifier -title 'Deploy PDF Lambda' -message '✅ Deploy Complete' -open "https://console.aws.amazon.com/lambda/home?region=us-east-1#/functions/${LAMBDA_NAME}"
# Slack notification
curl -X POST -H 'Content-type: application/json' $SLACK_NOTIFICATION_WEBHOOK_URL --data '{\"text\":\"Lambda Deploy complete\"}'
# Print the deploy URL to the console
echo 'Deployed to production:\n$LAMBDA_ENDPOINT_URL \nOperation completed'