Your serverless app is not perfect (yet)
Are you currently learning serverless, or are you already an expert? Whatever... AWS offers so many services and possible configurations that it is hard to keep track of all the best practices.
With my team, we've been building serverless apps on AWS for several years now. We've learned a lot, and it seemed natural to us to share our knowledge with the community, with you!
Introducing sls-mentor, a free and open-source tool that automatically analyzes your AWS Serverless application and gives you tips to improve it!
sls-mentor will rate your application against 30 best practices, and then assign you a score in each of the following categories:
- 🌳 Green IT 🌳
- 🛡 Security 🛡
- 🚀 Speed 🚀
- 💰 IT Costs 💰
- 💪 Stability 💪
⬇️ I post serverless content very regularly, if you want more ⬇️
How does sls-mentor work?
Nothing simpler! With your AWS credentials loaded in your CLI, run the following command:
npx sls-mentor@latest --report
If you encounter errors when running the command, try specifying a profile with -p
and a region with -r
That's all!
ℹ️ We require credentials with AdminReadOnly permissions. sls-mentor basically executes a bunch of list
and describe
API calls against your resources
The sls-mentor analysis
sls-mentor will then analyze your app directly from the cloud, and produce a super nice report like this one:
The report will be generated in your current directory, in a file called .sls-mentor/index.html
Your app is assessed against 5 categories, and we give you 3 tips to quickly improve your score! For each tip, we give you an explanation of the problem, and a way to fix it.
Behind the scenes, sls-mentor is running a set of 30 rules that we've written. Want more details about what went wrong? The CLI will give you for each resource the list of rules that failed, and the reason why.
ℹ️ If you don't want a report, but just want to see the list of rules that failed, just remove the --report
flag.
What next? We need your help!
- Our reporting feature is quite new, we want to improve it! Things like service-wide stats, better recommendations are on our roadmap.
- sls-mentor lacks security rules related to IAM policies for example. We will add them soon!
- AWS is not only about serverless, if you have some serverful knowledge to share with us, feel free to contribute!
- We've got existing issues waiting for contributors, and we are open to new ideas too! Feel free to join us on GitHub!
Learn more about sls-mentor
See our website for more information, or check out our GitHub repository!
With the team, we already produced some articles featuring sls-mentor rules in depth. Feel free to check them out!
- Rule UseARM, written by Zineb El Bachiri
- Rule LightBundle, written by Eloi Alain
- Rule EnableHTTPSOnS3, written by Vincent Zanetta
- Rule LimitedAmountOfVersions, written by myself
- Rule NoDeprecatedRuntimes, written by myself
- Rule BlockPublicAccess, written by myself
A big thanks to everyone I am working with on this project, especially Juliette, Marek, Quentin and Vincent!
Top comments (3)
Do you guys have like a guide of best practices to understand how and what can we build in Lambda functions?
If you want to give a try to serverless and Lambda without previous experience, you should have a look to my "Learn serverless" series (dev.to/pchol22/series/22030)
I go through each AWS service that integrates well with lambda (DynamoDB, S3 etc...) with code examples, using IaC (Infra as Code)
The same would be cool for Vercel Edge functions or Cloudflare Workers, I don't use aws anymore for serverless