Hi, I’m currently building an app with lambda with github workflows
I have this serverless.yml file :
org: midas
service: midas-player-backend
frameworkVersion: '3'
plugins:
- serverless-iam-roles-per-function
- serverless-domain-manager
- serverless-webpack
package:
individually: true
custom:
stage: ${opt:stage, 'dev'}
vpc:
dev:
securityGroupId: xxx
subnetId: xxx
stag:
securityGroupId: xxx
subnetId: xxx
prep:
securityGroupId: xxx
subnetId: xxx
prod:
securityGroupId: xxx
subnetId: xxx
domain:
prod: xxx.com
domainCertificate:
prod: xxx.com
domainWebsocket:
prod: xxx.com
domainWebsocketCertificate:
prod: xxx.com
customDomain:
rest:
websocket:
postgre:
dev:
stag:
prep:
prod:
dynamodbTable:
dev:
stag:
prep:
prod:
invoke:
walletService:
dev:
stag:
prep:
prod:
gpSbo:
dev:
stag:
prep:
prod:
cryptoWallet:
dev:
stag:
prep:
prod:
provider:
name: aws
versionFunctions: false
runtime: nodejs14.x
region: ap-southeast-1
stage: ${opt:stage, 'dev'}
timeout: 10
apiGateway:
binaryMediaTypes:
- 'multipart/form-data'
environment:
# # JWT_SECRET: ${self:custom.secrets.JWT_SECRET}
# AWS_ID: ${self:custom.secrets.AWS_ID}
STAGE: ${self:provider.stage}
AWS_CURRENT_REGION: ${self:provider.region}
# POSTGRE
PG_DATABASE_NAME: '${self:custom.postgre.${self:provider.stage}.databaseName}'
# more POSTGRES
# DYNAMODB
DDB_TABLE_NAME_USER: ${self:custom.dynamodbTable.${self:provider.stage}.user}
# more DYNAMODB
# more API KEY
# INVOKE
# - wallet servicee
# lists
# - sbo
iam:
role:
statements:
- Effect: 'Allow'
Action:
- 's3:GetObject'
- 's3:PutObject'
- 's3:PutObjectAcl'
- 's3:DeleteObject'
Resource:
- 'arn:aws:s3:::xxx.com/*'
- Effect: 'Allow'
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
- lambda:InvokeFunction
Resource:
# - !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${self:custom.userTableName}'
- !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${self:provider.environment.DDB_TABLE_NAME_USER}'
- !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${self:provider.environment.DDB_TABLE_NAME_USER}/*'
- !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${self:provider.environment.DDB_TABLE_NAME_USER_LOGIN}'
- Effect: Allow
Action:
- lambda:InvokeFunction
- lambda:InvokeAsync
- qldb:PartiQLInsert
- qldb:PartiQLSelect
- qldb:PartiQLUpdate
Resource:
- !Sub 'arn:aws:qldb:${AWS::Region}:${AWS::AccountId}:ledger/midasWallet/*'
- Effect: Allow
Action:
- qldb:SendCommand
Resource:
- !Sub 'arn:aws:qldb:${AWS::Region}:${AWS::AccountId}:ledger/midasWallet'
- Effect: 'Allow'
Action:
- 'rds-data:DeleteItems'
- 'rds-data:ExecuteSql'
- 'rds-data:ExecuteStatement'
- 'rds-data:GetItems'
- 'rds-data:InsertItems'
- 'rds-data:UpdateItems'
Resource:
- !Sub 'arn:aws:rds:${AWS::Region}:${AWS::AccountId}:cluster:*'
- !Sub 'arn:aws:rds:${AWS::Region}:${AWS::AccountId}:cluster:*:*'
- Effect: 'Allow'
Action:
- 'secretsmanager:GetSecretValue'
Resource:
- !Sub 'arn:aws:secretsmanager:*:*:secret:*'
- Effect: 'Allow'
Action:
- 'states:TagResource'
- 'states:UntagResource'
- 'states:DeleteActivity'
- 'states:DeleteStateMachine'
- 'states:StopExecution'
Resource:
- !Sub 'arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:*'
- Effect: 'Allow'
Action:
- lambda:InvokeFunction
- lambda:InvokeAsync
Resource:
- '*'
- Effect: 'Allow'
Action:
- es:ESHttpGet
- es:ESHttpPost
functions:
# functions....
and this is my workflow file :
name: deploy
run-name: Deploy ${{github.repository}} to ${{github.ref_name}}
on:
push:
branches:
- prod
- prep
- stag
jobs:
build:
name: Deploy ${{github.repository}} to ${{github.ref_name}}
environment: ${{github.ref_name}}
runs-on: ubuntu-latest
steps:
- name: Checkout to repo branch ${{github.ref_name}}
uses: actions/checkout@v3
with:
ref: ${{github.ref_name}}
- name: Setup node environment
uses: actions/setup-node@v3
with:
node-version: '14.x'
- name: Install serverless globally
run: npm install -g serverless
- name: Install dependencies
run: npm i
- name: Configure AWS authentication
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Deploy lambda function
run: sls create_domain --verbose --stage ${{github.ref_name}} && sls deploy --verbose --stage ${{github.ref_name}}
which will triggered everytime i push to one of those three branches.
It worked but I get this error :
I actually have another repo with the exact same serverless.yml & workflow config file, and its working perfectly fine :
My webpack config is basically empty. And both repo have the exact same webpack config file.
Any idea what went wrong or what should I check?
