Prerequisites: read the main README first.
-
Go to Amazon IAM Management Console (
Services->IAM) and navigate to "Roles" tab. See screenshot. -
Create a new role for the "API Gateway" service called
apigateway-invoke-lambdawhich will be used for calling Lambdas from API Gateway. When done via GUI it must be created for "API Gateway" service explicitly in order to get the correct "Trust Relationships" (Service: apigateway.amazonaws.com). See screenshots: 1, 2, 3, 4. -
Attach the JSON policy to this new
apigateway-invoke-lambdarole. See screenshots: 1, 2, 3, 4, 5, 6, 7.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "*"
}]
}Create a new role for running Lambda functions. When done via GUI it must be created for "Lambda" service explicitly in order to get the correct "Trust Relationships" (Service: lambda.amazonaws.com). Attach an appropriate policy to this new role (e.g. AWSLambdaFullAccess).
Create a new role for deploying Lambdas and attach the following JSON policy to it:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"lambda:GetAlias",
"lambda:CreateAlias",
"lambda:CreateFunction",
"lambda:DeleteAlias",
"lambda:DeleteFunction",
"lambda:GetFunctionConfiguration",
"lambda:UpdateAlias",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"iam:PassRole",
"apigateway:PUT",
"apigateway:POST"
],
"Resource": ["*"]
}]
}Create a new user for deploying Lambdas, add the role for deploying Lambdas to this user, and create an access key for this user.
Add an aws entry to the serverless.json file of a project:
{
"name": "project-name",
"aws": {
"accessKeyId": "USER-FOR-DEPLOYING-LAMBDAS-ACCESS-KEY-ID",
"secretAccessKey": "hAx0rDaRkNeThAx0rDaRkNeThAx0rDaRkNeT",
"apiId": "AWS-API-GATEWAY-API-ID",
"region": "us-east-1",
"runtime": "nodejs12.x",
"role": "arn:aws:iam::1234567890:role/for-running-lambdas"
}
}If no AWS API Gateway API exists yet then don't add aws.apiId parameter yet — it will be created later.
Add new scripts to project's package.json:
{
"scripts": {
"create-api": "serverless create-api",
"update-routes": "serverless update-routes dev",
"deploy": "serverless deploy dev"
}
}If no AWS API Gateway API exists yet then create it:
npm run create-api dev
Where dev is the name of the new "stage". It is common to create several "stages": dev for development, prod for production, test for testing the code in QA before rolling it out to prod. Additional stages can be created in AWS API Gateway dashboard later.
The create-api command outputs the new API id: add it as the aws.apiId parameter to serverless.json.
Deploy a function on the dev stage:
npm run deploy [function-name]
Deploy the AWS API Gateway routing configuration for the new function on dev stage. This is only needed the first time the function is created, or when its "path" or "method" change:
npm run update-routes
Go to https://AWS-API-GATEWAY-API-ID.execute-api.REGION.amazonaws.com/STAGE-NAME/FUNCTION-URL-PATH and see the function response.
Functions receive the following additonal parameters:
The execution envirnoment provides the following additional global constants:
REGION : string— the AWS region the function is deployed in.
import { createApi, updateRoutes, deploy } from 'serverless-functions/aws-lambda'
import config from './serverless.json'
await createApi(stage, config, { cwd: process.cwd() })
await updateRoutes(stage, config, { cwd: process.cwd() })
await deploy(functionNames, stage, config, { cwd: process.cwd() })