Serverless Framework: ways to achieve full "infrastructure as code"?

10
votes

I've followed an excellent guide (Serverless Stack) that creates a typical CRUD serverless infrastructure with a react frontend. It's using the Serverless Framework for AWS.

What I don't like is that to bootstrap the setup, there is a lot of manual clicking in GUIs (mostly Amazon's console interface) involved. I.e. the setup is not version controlled and is not easily reproducible. It would not be easy to extend it with a CI/CD process etc. In this example the following resources need to be setup manually:

  • AWS Cognito User Pool
  • AWS Cognite User Pool Application
  • AWS Cognito Federated Identity Pool
  • AWS DynamoDB instance
  • AWS S3 buckets (x3) (this also hosts the frontend)
  • AWS CloudFront distribution
  • AWS Route53 zone file

The only resources that are being built from code are the serverless functions (lambdas) themselves, as well as API Gateway instances. This is what the serverless framework does using its serverless.yml file. But all of the above resources are not automatically created. They sometimes need to be referenced to using their ARNs, but they are not being created by the serverless.yml configuration. Running such a system in production (which relies heavily on the manual creation of services through GUIs) would seem risky.

I was thinking that a solution for this would be to use Terraform or Cloudformation. But the Serverless Framework itself is using Cloudformation for the setup of Lambdas already, though not for other resources. So how would one eliminate this gap? In other words, how would one rebuilt the entire setup described at Serverless Stack in code?

It would seem strange, and perhaps not possible, to have CloudFormation setup Serverless, which then has its own Cloudformation templates to setup lambdas. It might make more sense to extend the Serverless Framework to not just define the functions and API Gateways that need to be created on a serverless deploy, but also other resources like a DynamoDB or a Cognito User Pool. Are there any examples or attempts of people doing this already?

3
amazon-cloudformationterraformserverless-frameworkserverless

3 Answers

9
votes

I agree that documentation on this would make an excellent pull request here.

You're correct that serverless is using CloudFormation under the hood. The framework does expose the underlying CloudFormation machinery to you, by way of the resources key of your serverless.yml.

I think the intent of the framework is that you would put the rest of these resources (Cognito stuff, S3, etc.) in the resources: section of your serverless.yml file, using regular old CloudFormation syntax.

For example, this file will create a DynamoDB table and S3 bucket, in addition to the serverless function:

service: aws-nodejs # NOTE: update this with your service name
provider:
  name: aws
  runtime: nodejs6.10
functions:
  hello:
    handler: handler.deletecustomer
    events:
      - http:
          path: /deletecustomer
          method: post
          cors: true
resources:
  Resources:
    tablenotes:
      Type: AWS::DynamoDB::Table
      Properties:
        AttributeDefinitions:
          - AttributeName: noteId
            AttributeType: S
          - AttributeName: userId
            AttributeType: S
        KeySchema:
          - AttributeName: userId
            KeyType: HASH
          - AttributeName: noteId
            KeyType: RANGE
        ProvisionedThroughput:
          ReadCapacityUnits: '5'
          WriteCapacityUnits: '5'
    mysamplebucket:
      Type: AWS::S3::Bucket
      Properties:
        WebsiteConfiguration:
          IndexDocument: index.html
          ErrorDocument: error.html
        AccessControl: Private
        VersioningConfiguration:
          Status: Suspended

If you're new to CloudFormation, I'd also recommend taking a peek at CloudFormer.

0
votes

Base on @Mike Patrick's options, adding my understanding for serverless framework and other similar serverless-focus tools.

As you have mentioned, for serverless projects, there are a lot of resources involved. Combine them together is not simple job. So choice a right tool is hard.

Compare Serverless framework to Cloudformation and Terraform, serverless framework is serverless specialist, Cloudformation and Terraform are GP

Cloudformation and terraform are fully Infrastructure as Code which covered most resources.

Serverless framework is a middle layer only to generate Cloudformation template which mostly only for serverless related resources.

You can write all in Cloudformation template directly, but the template file will be large, it is hard to maintain by its JSON/Yaml template. With a few dozen lines in serverless.yml, serverless framework can generate a thousand or several thousand lines of cloudformation template. It saves a lot of time to deal with the cloudformation codes.

It doesn't make sense to let serverless framework deal with all AWS resources, that other tools do most well already.

Serverless framework is still in developing, because of its popularity, many developers are involved to add features into it daily. Maybe one day you can get what you need, but now you have to mix serverless framework with Cloudformation or Terraform or other tools together in some case.

0
votes

You can surely already deploy almost everything as IaC (in fact we do this daily at work) using various deployment tools.

If you happen to work primarily with Serverless;, then you can pick something like Serverless Framework (SF) to abstract some of the complexity/inflexibility inherent in working with CloudFormation (CF). Whatever CF can do, SF can do but SF have a plugin system which allows to run codes to cal out APIs (which for example can allow you to create resources that haven't been supported by CF).