DEV Community

AWS Community Builders profile image Alonso Suarez
Alonso Suarez for AWS Community Builders

Posted on • Originally published at mymakerspace.substack.com

Infra as GitHub Actions - AWS Serverless Function for nodejs

#javascript #aws #githubactions #terraform

In the last post we talked about the need to simplify infra while also moving it back to the application repo

As I started to work on the next infra as GitHub actions, which was a secured website with authentication@edge. It became clear that AWS lambda was a fundamental building block in the journey

Introducing actions-aws-function-node 🎉
Now with very few dependencies, you can provision your node backend in literally a minute 🏎️

Getting started

Let's start with familiar code

// src/index.js exports.handler = async (event, context) => { return { "statusCode": 200, "headers": { "Content-Type": "*/*" }, "body": "hello world" } }
Enter fullscreen mode Exit fullscreen mode

Add the workflow

# .github/workflows/on-push-main.yml name: demo on: push: branches: - main jobs: deploy: environment: name: main url: ${{ steps.backend.outputs.url }} permissions: id-token: write runs-on: ubuntu-latest steps: - name: Check out repo uses: actions/checkout@v4 - uses: aws-actions/configure-aws-credentials@v4 with: aws-region: us-east-1 role-to-assume: ${{ secrets.ROLE_ARN }} role-session-name: ${{ github.actor }} - uses: alonch/actions-aws-backend-setup@main with: instance: sample - uses: alonch/actions-aws-function-node@main with: name: actions-aws-function-node-sample entrypoint-file: index.js entrypoint-function: handler artifacts: src allow-public-access: true
Enter fullscreen mode Exit fullscreen mode

Add the secret ROLE_ARN with access to AWS and that's it, after pushing to main you have a GitHub deployment with you backend running 🎉
You can clone this sample from Github too
Of course, there are a lot more options

Permissions

You can allow access to services by just adding the resource name and the access, either read or write

For example:

 - uses: alonch/actions-aws-function-node@main with: name: actions-aws-function-node-demo entrypoint-file: index.js entrypoint-function: handler artifacts: src allow-public-access: true permissions: | s3: read dynamodb: write
Enter fullscreen mode Exit fullscreen mode

This configuration will attach AmazonS3ReadOnly and AmazonDynamoDBFullAccess managed policies to the function's role

Environment Variables

Similar to permissions, you can attach function variables as follow:

 - uses: alonch/actions-aws-function-node@main with: name: actions-aws-function-node-demo entrypoint-file: index.js entrypoint-function: handler artifacts: src allow-public-access: true env: | DD_ENV: production DD_SERVICE: demo DD_VERSION: ${{ github.sha }}
Enter fullscreen mode Exit fullscreen mode

The rest of the options are standard attributes like memory, timeout or selecting ARM architecture

The best part is that it takes a minute to provision it and even less time to destroy 👏

I’m excited about the future developments and improvements that can be made to this workflow. If you have any feedback, questions, or suggestions, feel free to leave a comment below or reach out directly. Let’s continue this journey of simplifying infrastructure together!

Thank you for reading, and happy coding!

Top comments (0)