Proper API Deployment with AWS Serverless Lambda

Intro

According to IBM, Serverless is a cloud application development and execution model that lets developers build and run code without managing servers, and without paying for idle cloud infrastructure

In the simplest terms, serverless computing is a way to run code without worrying about servers. You just make sure your code works, upload it and you’re done. Let cloud provider in this case AWS take care the rest. Sounds good ? it is.

Advantages of serverless computing include:

• Cost
  You’ll only pay for what you use. AWS Lambda charge per request or invocation.
• Flexibility.
  Serverless models scale without your intervention.
• Accuracy.
  Developers can focus on a specific function rather than worrying about the back-end architecture that supports that action.
• Speed.
  Developers don’t need to waste time worrying about estimating and allocating server space.

Architecture

Now our focus is deployment, not about developing Rest API. We gonna deploy Typescript REST API on top of AWS Cloud using Lambda serverless function with this kind of architecure.

The tech stack that we’re using are:

• Express Typescript Rest API (Github Repo)
• AWS Lambda
• API Gateway
• RDS (MySQL Server)
• AWS Parameter Store (environment variable storage / cheap alternative for secret manager)

1. Setup VPC

• go to aws console & search vpc

• click on button create, go to vpc & more to set the subnet simultaneously

• fill up the form with your need, in this example i wanna create vpc with spec:

  • 2 subnet on 2 AZ (minimum recomendation)
  • 2 private subnet & 2 public subnet
  • 1 nat gateway
  • 1 internet gateway

• then click create vpc button & wait the loading

• after that you can see the result by clicking view vpc

• you can see your subnet already create too

• go to security group tab, create new one for lambda, set outbound http & https so lambda can access outside private subnet later

• the final look for security group is like this. You have 2 security group (faeshal-vpc & lambda) inside your custom vpc.

2. Setup Lambda

• again search lambda on aws console
• click create function button
• choose author from stratch

• fill up basic info, type function name, runtime nodejs 20 etc.
• dropdown the advance setting & place lambda inside our VPC & private subnet which we create before.

• after that click create function.

• don’t forget to give lambda permission for accessing SSM parameter store later then we ready to go.

3. Setup API Gateway

• search api gateway
• scroll down on rest api section, then click build
• choose rest api protocol & leave the rest default setting then click create api.

• after that click action, choose click resource and tick on configure as proxy resource like this & save.

• click action again, click deploy api, name it “prod”, then click deploy. finish.

• now lambda have a trigger from API Gateway.

4. Setup RDS

Create RDS Instance

• search RDS
• click create database
• fill up form setting according to your needs, i’m using MySQL free tier for this time

• the important part is just like lambda, dont forget to place RDS on our vpc that create before & use private subnet (don’t use public subnet, for security best practices)

• click create database, wait loading until finish.

Setup RDS Proxy

• on the rds section, scroll down until you see connected compute resource, than click setup lambda connection

• fill the form, select our lambda function as a target, create proxy & wait creation process

• after that, final RDS summary config will look like this

4. AWS Parameter Store

• search parameter store
• click create parameter, fill up name & description
• on type section, choose secure string, paste your database credential with comma separation, for example: dbusername,dbpassword,dbname,dbhost
• leave rest as default setting
• then click create parameter

5. Setup CI/CD Github Action

• go to github repo select setting -> secrets & variables -> action

• on the secret tabs, create new repository secret & type your secret like pic above.

  • FUNCTION_NAME is your lambda function name
  • REGION is your region where you run lambda, for example: ap-southeast-1
  • AWS_ACCESS_KEY_ID & ACCESS_KEY is your aws credentials, you can generate it on IAM Dashboard.

• after that make sure main.yaml exist on the .github/workflows folders. That file basically contain instruction for github action to build, test & deploy to lambda.

name: Deploy
on:
push:
branches: - main

jobs:
deploy:
runs-on: ubuntu-latest
steps: - name: Checkout Code
uses: actions/checkout@v2

      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: "18"

      - name: Install Dependencies
        run: npm ci

      - name: Build
        run: npm run build

      - name: Move node_modules to dist
        run: mv node_modules dist/node_modules

      - name: Zip
        run: (cd dist && zip -r ../function.zip .)

      - name: Deploy to AWS
        uses: appleboy/lambda-action@master
        with:
          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws_region: ${{ secrets.REGION }}
          function_name: ${{ secrets.FUNCTION_NAME }}
          zip_file: function.zip

• Done. Now, everytime you push commit to repo (main branch), action will trigger & ci/cd will running, auto deploy to lambda.

Testing

if your config corect, you can directly try accessing lambda via postman / the web. If you dont know the url, go back to lambda dashboard on tab configurations->triggers, dont forget to add “/prod” before the main api route.

you can make a test too from lambda dashboard like this. Focus on coding, let AWS handle the Infra. That’s the beauty of Serverless.