This lambda uses serverless, a toolkit that makes building, deploying and
maintaining serverless apps like this lambda painless. The instructions assume you're using AWS, if you're not, you'll
have to tweak some things in serverless.yml
to make it work with your provider
Their getting started page is here, copy pasted for your convenience below (you'll also need to install npm first):
# Installing the serverless cli
npm install -g serverless
# Updating serverless from a previous version of serverless
npm install -g serverless
Then install some useful serverless
plugins (you can uses sls
as short for serverless
)
serverless-python-requirements
Its pretty annoying to add external requirements to a lambda when deploying manually. You have to build the wheels for the packages on an aws linux ami and include those in the zip that you upload. Luckily, there's a serverless plugin to make that all super easy.
sls plugin install -n serverless-python-requirements
serverless-local-schedule
*No more translating times to UTC! This plugin lets you setup your crons at local time with a specified timezone and takes care of the translation for you *
sls plugin install -n serverless-local-schedule
The Serverless Framework needs access to your cloud provider's account so that it can create and manage resources on your behalf.
If you already have the awscli
installed locally:
- If you have profile configured and setup in
~/.aws/credentials
, you're good to go. - If you don't have a profile setup you can use the serverless config credentials command to set one up for you
Else, read the serverless aws setup docs
Make sure the profile you're using to deploy has the permissions to modify all resources serverless needs. This is a
good base to start with but may need tweaking as the serverless
framework evolves:
{
"Sid": "BaseServerlessPermissions",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:ValidateTemplate",
"cloudformation:UpdateStack",
"cloudformation:ListStacks",
"iam:GetRole",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfig",
"lambda:GetFunctionConfiguration",
"lambda:ListVersionsByFunction",
"lambda:AddPermission",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": "*"
},
Above we made sure our developer account had the permissions to deploy and manage a serverless application. But we also need to setup the permissions for the lambda itself. It needs to access other aws resources, such as CloudWatch so it can write to a log and receive triggers.
- TODO
Serverless guide for this is here.
Permissions needed:
- AWSLambdaVPCAccessExecutionRole
We created a role with the following policy: todo:
- See the notes in the
serverless.yml
file underfunctions>set_alias>events>schedule
.