Menu
AWS Lambda
Developer Guide

Building a Pipeline for Your Serverless Application

In the following tutorial, you will create an AWS CodePipeline that automates the deployment of your serverless application. First, you will need to set up a source stage to trigger your pipeline. For the purposes of this tutorial:

  • We will use GitHub. For instructions on how to create a GitHub repository, see Create a Repository in GitHub.

  • You will need to create an AWS CloudFormation role and add the AWSLambdaExecute policy to that role, as outlined below:

    1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

    2. Follow the steps in Creating a Role to Delegate Permissions to an AWS Service in the IAM User Guide to create an IAM role (execution role) and go to the To create a role for an AWS service section. As you follow the steps to create a role, note the following:

      • In Select Role Type, choose AWS Service Roles, and then choose CloudFormation. Choose Next: Permissions.

      • In Attach permissions policies, use the search bar to find and then choose AWSLambdaExecute. Choose Next: Review.

      • In Role Name, use a name that is unique within your AWS account (for example, cloudformation-lambda-execution-role) and then choose Create role.

      • Open the role you just created and under the Permissions tab, choose Add inline policy.

      • In Create Policy choose the JSON tab and enter the following:

        Note

        Make sure to replace the region and id placeholders with your region and account id.

        { "Statement": [ { "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketVersioning" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::codepipeline*" ], "Effect": "Allow" }, { "Action": [ "lambda:*" ], "Resource": [ "arn:aws:lambda:region:id:function:*" ], "Effect": "Allow" }, { "Action": [ "apigateway:*" ], "Resource": [ "arn:aws:apigateway:region::*" ], "Effect": "Allow" }, { "Action": [ "iam:GetRole", "iam:CreateRole", "iam:DeleteRole", "iam:PutRolePolicy" ], "Resource": [ "arn:aws:iam::id:role/*" ], "Effect": "Allow" }, { "Action": [ "iam:AttachRolePolicy", "iam:DeleteRolePolicy", "iam:DetachRolePolicy" ], "Resource": [ "arn:aws:iam::id:role/*" ], "Effect": "Allow" }, { "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Effect": "Allow" }, { "Action": [ "cloudformation:CreateChangeSet" ], "Resource": [ "arn:aws:cloudformation:region:aws:transform/Serverless-2016-10-31" ], "Effect": "Allow" }, { "Action": [ "codedeploy:CreateApplication", "codedeploy:DeleteApplication", "codedeploy:RegisterApplicationRevision" ], "Resource": [ "arn:aws:codedeploy:region:id:application:*" ], "Effect": "Allow" }, { "Action": [ "codedeploy:CreateDeploymentGroup", "codedeploy:CreateDeployment", "codedeploy:GetDeployment" ], "Resource": [ "arn:aws:codedeploy:region:id:deploymentgroup:*" ], "Effect": "Allow" }, { "Action": [ "codedeploy:GetDeploymentConfig" ], "Resource": [ "arn:aws:codedeploy:region:id:deploymentconfig:*" ], "Effect": "Allow" } ], "Version": "2012-10-17" }
      • Choose Validate Policy and then choose Apply Policy.

Step 1: Set Up Your Repository

You can use any of the Lambda supported runtimes when setting up a repository. The following example uses Node.js.

To set up your repository, do the following:

  • Add an index.js file containing the code following:

    var time = require('time'); exports.handler = (event, context, callback) => { var currentTime = new time.Date(); currentTime.setTimezone("America/Los_Angeles"); callback(null, { statusCode: '200', body: 'The time in Los Angeles is: ' + currentTime.toString(), }); };
  • Add a samTemplate.yaml file, containing the content following. This is4 the SAM template that defines the resources in your application. This SAM template defines a Lambda function that is triggered by API Gateway. Note that the runtime parameter uses nodejs6.10 but you can also specify nodejs8.10. For more information about AWS SAM see AWS Serverless Application Model.

    AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: Outputs the time Resources: TimeFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler Runtime: nodejs6.10 CodeUri: ./ Events: MyTimeApi: Type: Api Properties: Path: /TimeResource Method: GET
  • Add a buildspec.yml file. A build spec is a collection of build commands and related settings, in YAML format, that AWS CodeBuild uses to run a build. For more information, see Build Specification Reference for AWS CodeBuild. In this example, the build action will be:

    • Use npm to install the time package.

    • Run the Package command to prepare your deployment package for subsequent deployment steps in your pipeline. For more information on the package command, see Uploading Local Artifacts to an S3 Bucket

      version: 0.1 phases: install: commands: - npm install time - aws cloudformation package --template-file samTemplate.yaml --s3-bucket bucket-name --output-template-file outputSamTemplate.yaml artifacts: type: zip files: - samTemplate.yaml - outputSamTemplate.yaml

      Note that you need to supply the --s3-bucket parameter value with the name of the your Amazon S3 bucket, similar to the step you would take if you were manually going to package the deployment package with SAM, as discussed in the Packaging step of the previous tutorial.

Step 2: Create Your Pipeline

Follow the steps following to create your AWS CodePipeline.

  1. Sign in to the AWS Management Console and open the AWS CodePipeline console.

  2. Choose Get Started Now.

  3. In Pipeline name: enter a name for your pipeline and then choose Next step.

  4. In Source provider: choose GitHub.

  5. Choose Connect to GitHub: and then choose the Repository and Branch you want to connect to. Every git push to the branch you select will trigger your pipeline. Choose Next step.

  6. Choose AWS CodeBuild as your Build provider.

  7. Choose Create a new build project and enter a project name.

  8. Choose Ubuntu as the operating system.

  9. Choose Node.js as the runtime.

  10. In Version choose aws/codebuild/nodejs:version

  11. In Build specification choose Use the buildspec.yml in the source code root directory

  12. Choose Save build project.

    Note

    A service role for AWS CodeBuild will automatically be created on your behalf.

    Choose Next step.

  13. In Deployment provider* choose AWS CloudFormation.

    By selecting this option, AWS CloudFormation commands will be used to deploy the SAM template. For more information see Serverless Resources Within AWS SAM.

  14. In Action mode: choose Create or replace a change set.

  15. In Stack name: enter MyBetaStack.

  16. In Change set name: enter MyChangeSet.

  17. In Template file: enter outputSamTemplate.yaml.

  18. In Capabilities: choose CAPABILITY_IAM.

  19. In Role select the AWS CloudFormation role you created at the beginning of this tutorial and then choose Next step.

  20. Choose Create role. Choose Next and then choose Allow. Choose Next step.

  21. Review your pipeline and then choose Create pipeline.

Step 3: Update the Generated Service Policy

Complete the following steps to allow CodeBuild to upload build artifacts to your Amazon S3 bucket.

  1. Go to the IAM Management Console.

  2. Choose Roles.

  3. Open the service role that was generated for your project, typically code-build-project-name-service-role.

  4. Under the Permissions tab, choose Add inline policy.

  5. In service, choose Choose a service.

  6. In Select a service below, choose S3.

  7. In Actions, choose Select actions.

  8. Expand Write under Access level groups and then choose PutObject.

  9. Choose Resources and then choose the Any checkbox.

  10. Choose Review policy.

  11. Enter a Name* and then choose Create policy. Then return to the pipeline you created in the previous section.

Step 4: Complete Your Beta Deployment Stage

Use the following steps to complete your Beta stage.

  1. Choose Edit.

  2. Choose the + icon next to MyBetaStack.

  3. In Action category:, if not already selected, choose Deploy.

  4. In Deployment provider*, if not already selected, choose AWS CloudFormation.

  5. In Action mode* choose Execute a change set. This is similar to the step you would take if you were manually going to deploy the package, as discussed in the Deployment step of the previous tutorial. CreateChangeSet transforms the SAM template to the full AWS CloudFormation format and deployChangeSet deploys the AWS CloudFormation template.

  6. In Stack name* enter or choose MyBetaStack.

  7. In Change set name* enter MyChangeSet.

  8. Choose Add action.

  9. Choose Save pipeline changes.

  10. Choose Save and continue.

Your pipeline is ready. Any git push to the branch you connected to this pipeline is going to trigger a deployment. To test your pipeline and deploy your application for the first time, do one of the following:

  • Perform a git push to the branch connected to your pipeline.

  • Go the AWS CodePipeline console, choose the name of the pipeline you created and then choose Release change.

Next Step

Gradual Code Deployment