The Default Security – (Permissions)
By default Lambda functions are “not” authorized to do access other AWS services. Hence, it is required to explicitly give access (permissions) to each and every AWS service.(i.e. accessing S3 to store images, accessing external databases such as DynamoDB, etc). These permissions are managed by AWS IAM roles.
Changing the Default Security – (Permissions)
If you are using the Serverless Framework you can customize the default settings by changing the serverless.yaml file (in the “iamRoleStatements:” block).
iamRoleStatements: - Effect: "Allow" Action: - "lambda:*" Resource: - "*"
The above will “Allow” all (“*”) to be invoked from the Lambda Function.
The Default Security – (Network)
By default, Lambda functions are not launched in a VPC. But you can change this by creating a Lambda function within a VPC. Furthermore, you can extend further by applying “Security Groups” as an additional layer of security within a VPC.
Changing the Default Security – (Network)
If you are using the Serverless Framework you can customize the default settings by changing the serverless.yaml file. Here is the code snippet that might use for this.
provider: name: aws runtime: python2.7 profile: serverless-admin region: us-east-1 vpc: securityGroupIds: - <security-group-id> subnetIds: - <subnet-1> - <subnet-2>
The Serverless Framework (https://serverless.com/framework/) is an open-source CLI for building serverless architectures to cloud providers (AWS, Microsoft Azure, IBM OpenWhisk, Google Cloud Platform, etc).
This article will brief you on the important steps you may require to get on with the AWS platform. This Framework works well with CI/CD tools and has the full support of AWS CloudFormation. With this it can provision your AWS Lambda functions,events, and infrastructure resources.
Step 1: Installing NodeJS
Serverless is a Node.js CLI tool so the first thing you need to do is to install Node.js on your machine. Refer the official NodeJS web site and download and follow the instructions to install NodeJS.
Serverless Framework runs on Node v6.5.0 or higher. You can verify that NodeJS is installed successfully by executing node -v in your terminal.
If all fine, we may proceed to the second step.
Step 2: Installing Serverless Framework
$ npm install -g serverless
Once installed, you may verify it.
$ serverless --version
Step 3: Setting up Cloud Provider (AWS) Credentials
The Serverless Framework needs access to your cloud provider’s account so that it can create and manage resources on your behalf. You may set it up with this Youtube link
Once above is completed, you may add the AWS credentials to your client machine to work as a CLI. You may use the following command to do that.
$ serverless config credentials --provider aws --key XXXXXXXXXXXXXXXXX --secret XXXXXXXXXXXXXXXXX --profile serverless-admin
This will basically add an entry to the credentials file, which is located in the $<home-folder>/.aws folder. (assumes the AWS user is serverless-admin)
[serverless-admin] aws_access_key_id = XXXXXXXXXXXXXXXX aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXX
If all above is OK, you are ready to create your first Serverless function (Lambda Function) with AWS.
Step 3: Creating your Serverless Project
You may build your projects based on the templates/ archetypes given by the framework.
By default, there are multiple templates/ archetypes given. (i.e. “aws-nodejs”, “aws-python”, “aws-python3″, “aws-groovy-gradle”, “aws-java-maven”, “aws-java-gradle”, “aws-scala-sbt”, “aws-csharp”, etc)
So lets create a “aws-python” project for fun…
$ serverless create --template aws-python --path hello-world-python
The above will create a folder named “hello-world-python”.
Just browse the folder. You would see two files.
1. handler.py – (This is the Serverless Function. Your Business Logic goes here)
Here just edit the handler.py to have a simple output.
def hello(event, context): print "Hello Crishantha" return "Hello World!"
2. serverless.yml – (The Serverless Function Configuration.)
P.Note: You may check the following configuration especially before you executing the rest of the key commands
If you are new to YAML and know JSON well, you may use https://www.jason2yaml.com link to convert JSON to YAML and vice versa.
provider: name: aws runtime: python2.7 profile: serverless-admin region: us-east-1
If all above is ok, you are good to go and deploy the function on AWS. So lets move to the next step. (Step 4)
Step 4: Deploy the Serverless Function
As explained, move to “hello-world-python” folder and execute the following command.
$ serverless deploy -v
The above will run the automated script creating all the background scripts including CloudFormation scripts to deploy the respective application. It is pretty awesome!
Step 5: Invoke the Serverless Function
Use the following to see the output.
$ serverless invoke -f hello -l
The above will return a simple “hello” for you (The output that you have mentioned in the handler.py)
It is that simple!!!
Step 6: Verify
If you want to verify all this, you can log in to the AWS console and see what you have done is reflected in the AWS Lambda area. Sure you will.
Step 7: Remove All
OK. We just did some testing. So probably you want to remove the serverless function and all its dependencies (IAM roles, Cloudwatch Log groups, etc)
- Move to the folder that the function that you want to delete.
- Execute the following
$ serverless remove
The above will clean the whole thing up!…
So, if you are a AWS Developer, you may find it very useful as much as I do at the moment. Happy Coding!
1. Serverless Framework Page – https://serverless.com/framework/docs/providers/aws/guide/services/
2. AWS Provider Documentation – https://serverless.com/framework/docs/providers/aws/
3. Serverless AWS Lambda Guide – https://serverless.com/framework/docs/providers/aws/guide/
4. Serverless Framework GitHub – https://github.com/serverless/serverless
5. YAML to JSON tool – https://www.jason2yaml.com
6. The Serverless Framework: A deep overview of the best AWS Lambda + API Gateway Automation Solution – https://cloudacademy.com/blog/serverless-framework-aws-lambda-api-gateway-python/