Prerequisites: read the main README first.
-
Go to Amazon IAM Management Console (
Services
->IAM
) and navigate to "Roles" tab. See screenshot. -
Create a new role for the "API Gateway" service called
apigateway-invoke-lambda
which will be used for calling Lambdas from API Gateway. When done via GUI it must be created for "API Gateway" service explicitly in order to get the correct "Trust Relationships" (Service: apigateway.amazonaws.com
). See screenshots: 1, 2, 3, 4. -
Attach the JSON policy to this new
apigateway-invoke-lambda
role. See screenshots: 1, 2, 3, 4, 5, 6, 7.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "*"
}]
}
Create a new role for running Lambda functions. When done via GUI it must be created for "Lambda" service explicitly in order to get the correct "Trust Relationships" (Service: lambda.amazonaws.com
). Attach an appropriate policy to this new role (e.g. AWSLambdaFullAccess
).
Create a new role for deploying Lambdas and attach the following JSON policy to it:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"lambda:GetAlias",
"lambda:CreateAlias",
"lambda:CreateFunction",
"lambda:DeleteAlias",
"lambda:DeleteFunction",
"lambda:GetFunctionConfiguration",
"lambda:UpdateAlias",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"iam:PassRole",
"apigateway:PUT",
"apigateway:POST"
],
"Resource": ["*"]
}]
}
Create a new user for deploying Lambdas, add the role for deploying Lambdas to this user, and create an access key for this user.
Add an aws
entry to the serverless.json
file of a project:
{
"name": "project-name",
"aws": {
"accessKeyId": "USER-FOR-DEPLOYING-LAMBDAS-ACCESS-KEY-ID",
"secretAccessKey": "hAx0rDaRkNeThAx0rDaRkNeThAx0rDaRkNeT",
"apiId": "AWS-API-GATEWAY-API-ID",
"region": "us-east-1",
"runtime": "nodejs12.x",
"role": "arn:aws:iam::1234567890:role/for-running-lambdas"
}
}
If no AWS API Gateway API exists yet then don't add aws.apiId
parameter yet — it will be created later.
Add new script
s to project's package.json
:
{
"scripts": {
"create-api": "serverless create-api",
"update-routes": "serverless update-routes dev",
"deploy": "serverless deploy dev"
}
}
If no AWS API Gateway API exists yet then create it:
npm run create-api dev
Where dev
is the name of the new "stage". It is common to create several "stages": dev
for development, prod
for production, test
for testing the code in QA before rolling it out to prod
. Additional stages can be created in AWS API Gateway dashboard later.
The create-api
command outputs the new API id: add it as the aws.apiId
parameter to serverless.json
.
Deploy a function on the dev
stage:
npm run deploy [function-name]
Deploy the AWS API Gateway routing configuration for the new function on dev
stage. This is only needed the first time the function is created, or when its "path"
or "method"
change:
npm run update-routes
Go to https://AWS-API-GATEWAY-API-ID.execute-api.REGION.amazonaws.com/STAGE-NAME/FUNCTION-URL-PATH
and see the function response.
Functions receive the following additonal parameters:
The execution envirnoment provides the following additional global constants:
REGION : string
— the AWS region the function is deployed in.
import { createApi, updateRoutes, deploy } from 'serverless-functions/aws-lambda'
import config from './serverless.json'
await createApi(stage, config, { cwd: process.cwd() })
await updateRoutes(stage, config, { cwd: process.cwd() })
await deploy(functionNames, stage, config, { cwd: process.cwd() })