DEV Community

AWS Community Builders profile image Alonso Suarez
Alonso Suarez for AWS Community Builders

Posted on • Originally published at mymakerspace.substack.com

Infra as GitHub Actions - AWS Serverless Function for nodejs

#javascript #aws #githubactions #terraform

In the last post we talked about the need to simplify infra while also moving it back to the application repo

As I started to work on the next infra as GitHub actions, which was a secured website with authentication@edge. It became clear that AWS lambda was a fundamental building block in the journey

Introducing actions-aws-function-node 🎉
Now with very few dependencies, you can provision your node backend in literally a minute 🏎️

Getting started

Let's start with familiar code

// src/index.js
exports.handler = async (event, context) => {
    return {
        "statusCode": 200,
        "headers": {
            "Content-Type": "*/*"
        },
        "body": "hello world"
    }
}
Enter fullscreen mode Exit fullscreen mode

Add the workflow

# .github/workflows/on-push-main.yml
name: demo
on:
  push:
    branches:
      - main
jobs:
  deploy:
    environment:
      name: main
      url: ${{ steps.backend.outputs.url }}
    permissions: 
      id-token: write
    runs-on: ubuntu-latest
    steps:
      - name: Check out repo
        uses: actions/checkout@v4
      - uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: us-east-1
          role-to-assume: ${{ secrets.ROLE_ARN }}
          role-session-name: ${{ github.actor }}
      - uses: alonch/actions-aws-backend-setup@main
        with: 
          instance: sample
      - uses: alonch/actions-aws-function-node@main
        with: 
          name: actions-aws-function-node-sample
          entrypoint-file: index.js
          entrypoint-function: handler
          artifacts: src
          allow-public-access: true
Enter fullscreen mode Exit fullscreen mode

Add the secret ROLE_ARN with access to AWS and that's it, after pushing to main you have a GitHub deployment with you backend running 🎉
You can clone this sample from Github too
Of course, there are a lot more options

Permissions

You can allow access to services by just adding the resource name and the access, either read or write

For example:

      - uses: alonch/actions-aws-function-node@main
        with: 
          name: actions-aws-function-node-demo
          entrypoint-file: index.js
          entrypoint-function: handler
          artifacts: src
          allow-public-access: true
          permissions: |
            s3: read
            dynamodb: write
Enter fullscreen mode Exit fullscreen mode

This configuration will attach AmazonS3ReadOnly and AmazonDynamoDBFullAccess managed policies to the function's role

Environment Variables

Similar to permissions, you can attach function variables as follow:

      - uses: alonch/actions-aws-function-node@main
        with: 
          name: actions-aws-function-node-demo
          entrypoint-file: index.js
          entrypoint-function: handler
          artifacts: src
          allow-public-access: true
          env: |
            DD_ENV: production 
            DD_SERVICE: demo
            DD_VERSION: ${{ github.sha }}
Enter fullscreen mode Exit fullscreen mode

The rest of the options are standard attributes like memory, timeout or selecting ARM architecture

The best part is that it takes a minute to provision it and even less time to destroy 👏

I’m excited about the future developments and improvements that can be made to this workflow. If you have any feedback, questions, or suggestions, feel free to leave a comment below or reach out directly. Let’s continue this journey of simplifying infrastructure together!

Thank you for reading, and happy coding!

Top comments (0)