AWS Deploy Inspection Tools

[00:00:00]
>> Scott Moss: So all this is deployed. So let's go check on this and see what's actually happening and get a walk through of some of our tools that AWS gives us after we deploy our lambdas. So first thing you'll note is I used to have one function here. That's gone.

[00:00:14]
I'll have you notice I don't even remember the name of it. There was a function here, it's gone now, it got completely wiped out. And these three functions that we created are now here. So why did it do that? Well, the reason it did that, and it's not like I didn't want that to happen.

[00:00:28]
That's what I wanted to happen. It did that because I used to have another function with a different name in this exact same service that got deployed. So that created a stack for this service on Cloud formation. But we checked out to new branch, and I deleted that function out of my source code and added three new functions with the same service which is the same stack.

[00:00:52]
So when I redeploy just now, it's stateless. It realized that I didn't deploy with that same service or same function that I had before, so it's like you must want to delete it, so it deleted it for me. So we just deleted that form because I deployed a new service.

[00:01:09]
When I did service deploy, I'm literally pushing up the service. Here's everything the service is gonna have, and that function was no longer there. So therefore, it deleted it from AWS for me. If were just deploy one function, it would have still be there, because I didn't deploy the service.

[00:01:24]
This is a stateless deploy, it's going to overwrite anything that's there if you deploy the service. So if you deleted a function locally, but you still want it on AWS, don't redeploy the whole service cuz you will get rid of that function. But actually, that's not that big of a deal because Lambda functions deployments are so easy, you can just deploy again, and you wouldn't miss a beat.

[00:01:44]
So it's not that big of a deal. They're stateless, you're not losing anything, there's no state saved on Lambda. So even if you got rid of the function, just deploy it again and you're back. It's not that big a deal, it's not like a server where you're like, man, I gotta spin up an instance, I gotta do all this, and I gotta.

[00:01:57]
You don't have to worry about that, you just deploy it again. So that can be a side effect if you aren't aware of it. But let's get back to it. We got these three functions. They're running 08. This code size is how big the source code is for this function, and that's pretty big.

[00:02:14]
I wouldn't deploy functions that big. But this is that big because it's just literally bundling all the node modules, all of them for each function. So that's why it's used. Binaries, everything. So let's check on one of them, and let's see what's going on here. So now, we're gonna go down to this configuration and we're gonna look at a few things.

[00:02:33]
One thing to note here is they built this nice GUI now where you can see your function, and you can see all the events that are attached to this function. The one we know for sure is API Gateway, cuz we added that, right? So if we click on that, you can scroll down.

[00:02:47]
It'll even tell you, yeah, you have a GET method to this PATH, no authorization, and it's enabled. There you go. So you know all the information you have there. And again, we did that with service.yml.
>> Scott Moss: This CloudWatch one is something that we've never talked about, but this gets created for us by Serverless and CloudFormation.

[00:03:07]
And basically, this is where we can go to see the logs that we console.log inside of our lambda's. So if we were to run console.log, we can go here, and we can check it out. So, where is here? Well, if you go to services, you type in CloudWatch, and there's a lot of Cloud things in here.

[00:03:24]
[LAUGH] It's definitely CloudWatch.
>> Scott Moss: And let this load up. You'll click on Logs, and you'll see I got three different groups here. I've dev-api, dev-todo, dev-todos. So let's look at the todo one.
>> Scott Moss: And then, if I had any logs, they'll show up here. There'll be entries here, and you can click on them, and it'll just show you the logs.

[00:03:46]
And they're just streaming. And this is where you would see your logs without setting up an external logging service that you would use somewhere else, most likely. But this is how you would get your logs. And this was created for you automatically.
>> Scott Moss: So let's go back to Lambda.

[00:04:06]
>> Scott Moss: The other thing is the notes down here.
>> Scott Moss: If you read this right here, it says the deployment package of your Lambda function, serverless-dev-todos, is too large to enable inline code editing. However, you can still invoke your function right now. So what that's saying is because we packaged our lambdas up using Node modules, it's just too much code.

[00:04:24]
It's 6.2 megabytes. They can't show it right here. But if it was just a simple function, there's actually a editor, will load up right here, and we can edit it right here. And we can deploy different versions. And we can literally just write our lambda right here. But if you're doing crazy stuff you will almost never do that because you have too many dependencies.

[00:04:41]
But if you have a dependency-free function that's, I don't know what you would do with it. Yeah, you could just edit the code right here if you wanted to.
>> Scott Moss: This brings us down to environment variables, which is how you would inject environment variables into your application. So this is where you would do it.

[00:04:59]
You just do key values, and then they're set. If you want to encrypt them using KMS, then you can also encrypt them using KMS. Which is Amazon's key management system. That's what KMS stands for. And then, you would decrypt them inside your function. This is true for EC2.

[00:05:15]
Beanstalk, whatever platform or whatever container service on AWS that you use. They all use the same thing. So this is if you want encryption. Tags, these are just tags that you can add to your functions. So on the previous screen, where it's listing all the functions, you can just search for them easier just by tags.

[00:05:35]
Cuz eventually, you might have hundreds of functions in there, and they might be hard to search for. So you can add tags to them, so you can figure out what function is what, and you can find them much easier. So by default, it puts the stage tag on it to dev, so you can filter out by all your dev functions, which is very helpful.

[00:05:51]
>> Scott Moss: And then, you get down to all this crazy stuff. Okay, so execution role. Basically, your lambda needs to be invoked, assuming a role of some authorized user on AWS. Cuz user's not a person, user is just some, it's actually the lambda. You have to give the lambda some permission to execute.

[00:06:18]
And this tells your lambda whether it can access other AWS resources or not based on its execution authorization. If you never done IM Users or anything like that in AWS, all this stuff sounds complicated. But basically, all this means is think of your lambda as a person, and you have to give it some permissions so it can or cannot access other things.

[00:06:39]
So if you have a DynamoDB table or some other thing you're gonna access on AWS, this role needs to have permissions for it. By default, Serverless creates an execution role for your lambdas and it uses the namespace. Your service dash your stage dash your region dash lambda roles.

[00:06:59]
So then, you can go to iam, find that role and attach permissions to it. And that's how you can do things. So for instance, if I want to access s3 inside of this lambda, I would have to go to iam, find that role that I just found out, attach the s3 permissions to it, and then I can use it.

[00:07:19]
Otherwise, I can't use it inside of that lambda. Does that make sense?
>> Scott Moss: It's pretty complicated. Literally could be a startup around IM.
>> Scott Moss: If you've never looked at this, somebody could literally make a startup around this interface right here. So it's pretty bad.
>> Scott Moss: Any questions so far?

[00:07:40]
>> Scott Moss: On this stuff.
>> Speaker 2: How do you avoid bundling modules in these Webpack?
>> Scott Moss: Yeah, so if you aren't using Webpack, there's tons of tools. You can just look up service plugins to or whatever. If you are using Webpack, there's one tool that you want to use, and this is what we use.

[00:07:59]
It's a webpack-serverless, or is it serverless-webpack, I don't know. It's serverless-webpack, yeah. This one's really, really good. The developer that writes this is always on top of it. I mean, the dude just updated eight hours ago. So he's always on top of it. This one is really good.

[00:08:20]
It's very efficient at de-duping things. I mean, yeah, it's really good. I highly recommend using this one. And it kind of does a lot of the work for you. It even helps you set up your webpack configuration so you don't have to. So, yeah, I highly recommend using this if you're using webpack.

[00:08:37]
And if you're not using webpack, I still recommend just using this anyway just for the bundling options. Cuz it'll just do the webpack stuff for you. But this is definitely the one that you want. And it'll de-dupe and slim things down, and make sure, cuz basically it's webpack, right?

[00:08:52]
So it creates a tree. It looks at all your require statements, and it figures out from there what packages does this need, what packages does this need, and it goes all the way down to the leaf, the child. So recursively checks, looks like it's AST, so it only includes the stuff that you need.

[00:09:07]
So it's really good. But that could also bite you in the butt if you're using things that you're not requiring indirectly because you know that the module that you are requiring has installed that, then you will have an error on AWS. And it'll be crypted, you wouldn't even know what, you'd be like I don't know what's happening here.

[00:09:23]
AWS is like we just couldn't load your function, you wouldn't know why. And you have to go trace down all the requires like webpack would to figure out why you messed up. So it can be good and it can be bad.
>> Scott Moss: Yes?
>> Speaker 3: I'm wondering if you're planning on going through the configuring your AWS account with your Serverless.

[00:09:44]
Essentially just creating a role or a user, and then going in and getting that configured through Serverless. Cuz you kinda have to do the configuration setup. If you have the keys already on your computer, you kinda said it should pull them in?
>> Scott Moss: Yeah.
>> Speaker 3: Okay, I might just have to go through it again, but-

[00:10:00]
>> Scott Moss: Do you need help with that? Is your stuff not configured?
>> Speaker 3: It's not configured, and I just tried to do the configure with the provider and the secret and the key that I just generated, too?
>> Scott Moss: With the profile [INAUDIBLE] profile, okay.
>> Speaker 3: Yeah, and it's just saying that it doesn't exist when it tries to go up and find it.

[00:10:16]
And I don't wanna take time away from the class to do that, but-
>> Scott Moss: The short answer for that one is, if you're doing it, what you wanna do instead for that is you want to
>> Scott Moss: Instead of doing the profile setup, if you just export these in your bash, you should be fine.

[00:10:32]
And if you already have AWS stuff, just get rid of them before you start working on your other AWS stuff.
>> Speaker 3: Or make a new profile.
>> Scott Moss: Or just make a new profile, yeah. So yeah, this is probably the easiest way. That way, you don't have to mess around with the AWS profile stuff which is, yeah, this stuff is kinda tricky.

[00:10:48]
>> Speaker 3: Yeah, there's a couple of places where you can get off track, essentially.
>> Scott Moss: Right, yeah, so I would just stick for this as a temporary solution for the course, yeah.