Automating Lambda Deployment With Travis-CI

Friday, September 27, 2019

This is a post from my old blog. Info in here may be out of date or useless.

January 11, 2017

I really hate doing things myself when I can have a computer do it for me.

So In this post I will describe how I automate lambda deployment with travis-ci.

Create a AWS role that has these permissions.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lambda:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

I wanted to lock down the permissions more but you basically need them all.

Get an access key for this role.

Second add your repo to travis. It’s easy I won’t tell you how to do it.

Now we create a .travis.yml file.

language: node_js
node_js:
- '4.3'
env:
  global:
  - AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID
  - AWS_DEFAULT_REGION=us-east-1
branches:
  only:
  - master
before_install:
- pip install --user awscli
- export PATH=$PATH:$HOME/.local/bin
script: make build

Here we add our AWS key id to the file. We’ll also want to add our secret key but we want to encrypt it. Using the travis CLI

travis encrypt AWS_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY --add env.global

We should be set on the travis side.

Now onto building and uploading

Here is my make file for building

.PHONY: build clean upload
build:
	npm install --only=production
	zip -r code.zip . -x *.git*

clean:
	if [ -a code.zip ]; then rm code.zip; fi

upload: build
	./upload.sh

here is my upload.sh

# !/bin/bash
aws lambda update-function-code \
--zip-file=fileb://code.zip \
--region=us-east-1 \
--function-name=NAME_OF_YOUR_LAMBDA

Now everytime you push to master it should update your lambda to the newest code!

This post is also available on DEV.