I'm new to Serverless and lambdas
I'm trying to deploy my serverless functions to AWS but it's showing this error:
This is my serverless.yml file:
service: aws-node-http-api-project
frameworkVersion: "3"
provider:
name: aws
runtime: nodejs12.x
region: ap-southeast-1
functions:
hello:
handler: handler.hello
events:
- httpApi:
path: /
method: get
I have set the AWS CLI and IAM user.
Not sure if this is related, but in my CloudFormation, it is showing one stack:
The stack was created, but the changeset failed to execute and hence the stack is stuck at the REVIEW_IN_PROGRESS state.
Find out why the changeset wasn't executed and fix it.
Delete the stack and redeploy.
Related
I'm trying out the Serverless Framework to deploy AWS Lambda to process Kafka Messages and write result to Database.
The trigger is Kafka Messages from a SelfManagedKafka cluster and I specify them in serverless.yml
frameworkVersion: '1'
provider:
name: aws
runtime: go1.x
region: eu-central-1
package:
exclude:
- ./**
include:
- ./bin/**
functions:
hello:
handler: bin/handlerFunc
vpc:
securityGroupIds:
- <Id>
subnetIds:
- <subnet1>
- <subnet2>
- <subnet3>
events:
- kafka:
topic: my_topic
consumerGroupId: my_group
bootstrapServers:
- host:port
accessConfigurations:
saslScram256Auth: <URI to secretsManager>
serverRootCaCertificate: <URI to secretsManager>
vpcSubnet:
- subnet1
- subnet1
- subnet1
vpcSecurityGroup: <Id>
enabled: true
When I deploy this serverless deploy, on the AWS Console for Lambda, there's no Trigger configured and no error, no logs.
serverless deploy shows warning
Configuration warning at 'functions.hello.events[0]': unsupported function event
I'm following the documentation here https://www.serverless.com/framework/docs/providers/aws/events/kafka
and don't understand what I'm missing.
Any suggestions on where/what to look for?
Turns out event type kafka is not supported in SeverlessFramework version 1.
I had to update to version 3 and update the serverless.yml to refere to FrameworkVersion: '3'
And was able to Deploy Lambda with Apache Kafka as Tigger.
I am trying to deploy lambda function with Serverless framework
I've added my ADMIN credentials in the aws cli
and I am getting this error message every time I try to deploy
Warning: Not authorized to perform: lambda:GetFunction for at least one of the lambda functions. Deployment will not be skipped even if service files did not change.
Error:
CREATE_FAILED: HelloLambdaFunction (AWS::Lambda::Function)
Resource handler returned message: "null (Service: Lambda, Status Code: 403, Request ID: ********)" (RequestToken: ********, HandlerErrorCode: GeneralServiceException)
I've also removed everything from my project and from the YML file and nothing worked
service: test
frameworkVersion: '3'
provider:
name: aws
runtime: nodejs12.x
iam:
role:
statements:
- Effect: "Allow"
Action:
- lambda:*
- lambda:InvokeFunction
- lambda:GetFunction
- lambda:GetFunctionConfiguration
Resource: "*"
functions:
hello:
handler: handler.hello
Deployments default to us-east-1 region and used the default profile set on the machine where the serverless command is run. Perhaps you dont have permission to deploy is that region or serverless is using a different profile than intended. (e.g If i run serverless from an EC2 and login separately, it would still use the default profile, i.e the EC2 instance Profile.)
Can you update your serverless.yml file to include the region as well.
provider:
name: aws
runtime: nodejs12.x
region: <region_id>
profile: profile name if not Default
When I tried to create a lambda function manually from the AWS website I found that I've no permission to view or create any lambda function
And after that I found that my account was suspended due to a behavior I've done that is not acceptable in AWS policy
I've followed the steps the support has sent me and then my account was back and everything worked fine
I am trying to create an AWS SQS queue using the serverless framwework,
But I am getting the following error on deploying the severless.yaml
The provided execution role does not have permissions to call SendMessage on SQS
The issue is the IAM role is created by serverless framework and I have no control of what permissions the framework adds to the role,
Ideally, if the function trigger is an SQS, or needs a DLQ configured,
I was hoping the framework would add Send and Receive message permissions to the role, but I guess it did not
Serveless.yaml -
service: dlq
provider:
name: aws
runtime: nodejs12.x
profile: csStage
region: ap-southeast-1
plugins:
- serverless-plugin-lambda-dead-letter
functions:
dlqFunction:
handler: handler.hello
deadLetter:
sqs: dl-queue
You have complete control over the permissions added to that role. You can add an iamRoleStatements section to your serverless.yml file under provider that describes the permissions you wish to apply to the role applied to functions. It would look something like:
provider:
iamRoleStatements:
- Effect: Allow
Action:
- "sqs:SendMessage"
Resource:
- arn:aws:sqs:region:accountid:queueid
You can find out more in the official documentation here: https://www.serverless.com/framework/docs/providers/aws/guide/iam/#iam/
You can use iamRoleStatements to give that permission to your Lambda function. The following template worked for me:
service: dlq
provider:
name: aws
runtime: nodejs12.x
profile: csStage
region: ap-southeast-1
iamRoleStatements:
- Effect: Allow
Action:
- sqs:SendMessage
Resource: !GetAtt DLQ.Arn
plugins:
- serverless-plugin-lambda-dead-letter
functions:
dlqFunction:
handler: handler.hello
deadLetter:
targetArn:
GetResourceArn: DLQ
resources:
Resources:
DLQ:
Type: AWS::SQS::Queue
Properties:
QueueName: dl-queue
I'm creating a Nodejs microservice for AWS Lambda. I scaffolded by project using AWS Codestar, and that set me up with a CI/CD pipeline that automatically deploys the lambda function. Nice.
The issue is that every time it deploys the lambda function it must delete and recreate the function, thus deleting any versions or aliases I made.
This means I really can't roll back to other releases. I basically have use git to actually revert the project, push to git, wait for the super-slow AWS Code Pipeline to flow through successfully, and then have it remake the function. To me that sounds like a pretty bad DR strategy, and I would think the right way to rollback should be simple and fast.
Unfortunately, it looks like the CloudFormation section of AWS doesn't offer any help here. When you drill into your stack on the first CloudFormation page it only shows you information about the latest formation that occurred. Dear engineers of AWS CloudFormation: if there was a page for each stack that showed a history of CloudFormation for this stack and an option to rollback to it, that would be really awesome. For now, though, there's not. There's just information about the latest formation that's been clouded. One initially promising option was "Rollback Triggers", but this is actually just something totally different that lets you send a SNS notification if your build doesn't pass.
When I try to change the CodePipeline stage for deploy from CREATE_CHANGE_SET to CREATE_UPDATE I then get this error when it tries to execute:
Action execution failed UpdateStack cannot be used with templates
containing Transforms. (Service: AmazonCloudFormation; Status Code:
400; Error Code: ValidationError; Request ID:
bea5f687-470b-11e8-a616-c791ebf3e8e1)
My template.yml looks like this by the way:
AWSTemplateFormatVersion: 2010-09-09
Transform:
- AWS::Serverless-2016-10-31
- AWS::CodeStar
Parameters:
ProjectId:
Type: String
Description: AWS CodeStar projectID used to associate new resources to team members
Resources:
HelloWorld:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
Runtime: nodejs8.10
Environment:
Variables:
NODE_ENV: staging
Role:
Fn::ImportValue:
!Join ['-', [!Ref 'ProjectId', !Ref 'AWS::Region', 'LambdaTrustRole']]
Events:
GetEvent:
Type: Api
Properties:
Path: /
Method: get
PostEvent:
Type: Api
Properties:
Path: /
Method: post
The only options in the CodePipeline "Deploy" action are these:
It would be really great if someone could help me to see how in AWS you can make Lambda functions with CodePipeline in a way that they are easy and fast to rollback. Thanks!
I want to attach an existing role to my serverless.yml file, I have created a role in aws console, my code works fine when I test it in aws console, but when I try to test it with the http endpoint it gives me the following:
{"message": "Internal server error"}
I think is because I did not specify any role in the serverless.yml file for the simple reason that I don't know how to do it.
Here is my serverless.yml file :
Resources:
ec2-dev-instance-status:
Properties:
Path: "arn:aws:iam::119906431229:role/lambda-ec2-describe-status"
RoleName: lambda-ec2-describe-status
Type: "AWS::IAM::Role"
functions:
instance-status:
description: "Status ec2 instances"
events:
-
http:
method: get
path: users/create
handler: handler.instance_status
role: "arn:aws:iam::119906431229:role/lambda-ec2-describe-status"
provider:
name: aws
region: us-east-1
runtime: python2.7
stage: dev
resources: ~
service: ec2
Please help.
Thank you.
According to the documentation, there's a few ways to attach existing roles to a function (or entire stack)
Role defined as a Serverless resource
resources:
Resources:
myCustRole0:
Type: AWS::IAM::Role
# etc etc
functions:
func0:
role: myCustRole0
Role defined outside of the Serverless stack
functions:
func0:
role: arn:aws:iam::0123456789:role//my/default/path/roleInMyAccount
Note that the role you use must have additional permissions to log to cloudwatch etc, otherwise you won't get logging.