Infra as GitHub Actions - AWS Serverless Functions for nodejs
Let's deploy a nodejs backend writing less than 50 lines and in under a minute 🏎️
In the last post we talked about the need to simplify infra while also moving it back to the application repo
As I started to work on the next infra as GitHub actions, which was a secured website with authentication@edge. It became clear that AWS lambda was a fundamental building block in the journey
Introducing actions-aws-function-node 🎉
Now with very few dependencies, you can provision your node backend in literally a minute 🏎️
Getting started
Let's start with familiar code
// src/index.js
exports.handler = async (event, context) => {
return {
"statusCode": 200,
"headers": {
"Content-Type": "*/*"
},
"body": "hello world"
}
}
Next, add the Github Workflow
# .github/workflows/on-push-main.yml
name: sample
on:
push:
branches:
- main
jobs:
deploy:
environment:
name: main
url: ${{ steps.backend.outputs.url }}
permissions:
id-token: write
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.ROLE_ARN }}
role-session-name: ${{ github.actor }}
- uses: alonch/actions-aws-backend-setup@main
with:
instance: sample
- uses: alonch/actions-aws-function-node@main
with:
name: actions-aws-function-node-sample
entrypoint-file: index.js
entrypoint-function: handler
artifacts: src
allow-public-access: true
Add the secret ROLE_ARN with access to AWS and that's it, after pushing to main you have a GitHub deployment with you backend running 🎉
You can clone this sample from Github too
Of course, there are a lot more options
Permissions
You can allow access to services by adding the resource name and the access, either read or write
For example:
- uses: alonch/actions-aws-function-node@main
with:
name: actions-aws-function-node-demo
entrypoint-file: index.js
entrypoint-function: handler
artifacts: src
allow-public-access: true
permissions: |
s3: read
dynamodb: write
This configuration will attach AmazonS3ReadOnly and AmazonDynamoDBFullAccess managed policies to the function's role
Environment Variables
Similar to permissions, you can attach function variables as follow:
- uses: alonch/actions-aws-function-node@main
with:
name: actions-aws-function-node-demo
entrypoint-file: index.js
entrypoint-function: handler
artifacts: src
allow-public-access: true
env: |
DD_ENV: production
DD_SERVICE: demo
DD_VERSION: ${{ github.sha }}
The rest of the options are standard attributes like memory, timeout or selecting ARM architecture
The best part is that it takes a minute to provision it and even less time to destroy 👏
I’m excited about the future developments and improvements that can be made to this workflow. If you have any feedback, questions, or suggestions, feel free to leave a comment below or reach out directly. Let’s continue this journey of simplifying infrastructure together!
Thank you for reading and happy coding!