Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
serverless
Advanced tools
[![Serverless Framework AWS Lambda AWS DynamoDB AWS API Gateway](https://github.com/serverless/serverless/assets/2752551/66a8c6a9-bc4a-4116-b139-90c12963337e)](https://serverless.com)
The serverless npm package is a framework that allows you to build serverless applications using cloud providers like AWS Lambda, Azure Functions, Google Cloud Functions, and more. It abstracts away the infrastructure management tasks, enabling developers to focus on writing application logic.
Deployment Automation
Automates the deployment of your serverless application to the cloud provider. The 'serverless deploy' command packages your application, uploads it to the cloud provider, and sets up the necessary services like AWS Lambda, API Gateway, etc.
serverless deploy
Function Invocation
Allows you to invoke a deployed function directly from the command line. The '-f' flag specifies the function name you want to invoke, in this case, 'hello'.
serverless invoke -f hello
Local Development
Enables local development and testing of serverless applications. The 'serverless offline' plugin simulates AWS Lambda and API Gateway on your local machine to speed up development cycles.
serverless offline start
Logs Retrieval
Retrieves logs for a specific function from the cloud provider. The '-f' flag specifies the function name whose logs you want to view, in this case, 'hello'.
serverless logs -f hello
Configuration Management
Allows you to define your serverless application's configuration in a 'serverless.yml' file. This includes the service name, provider details, runtime, functions, events, and other resources.
service: myService
provider:
name: aws
runtime: nodejs12.x
functions:
hello:
handler: handler.hello
The Serverless Framework – Makes it easy to use AWS Lambda and other managed cloud services to build applications that auto-scale, cost nothing when idle, and overall result in radically low maintenance.
The Serverless Framework is a command-line tool with approachable YAML syntax to deploy both your code and cloud infrastructure needed to make tons of serverless application use-cases, like APIs, front-ends, data pipelines and scheduled tasks. It's a multi-language framework that supports Node.js, Typescript, Python, Go, Java, and more. It's also completely extensible via over 1,000 plugins which add more serverless use-cases and workflows to the Framework.
Actively maintained by Serverless Inc.
September 24th, 2024 – We have introduced a ton of new features since the release of Serverless Framework V4 GA in May. Check out the list below for everything recently launched. If you are upgrading to V.4, see our Upgrading to Serverless Framework V4 Documentation. If you need to access documentation for Serverless Framework V.3, you can find it here.
Here's a list of everything that's new in V.4, so far:
.ts
handlers in your AWS Lambda functions in serverless.yml
and have them build automatically upon deploy. ESBuild is now included in the Framework which makes this possible. More info here.serverless dev
to have events from your live architecture routed to your local code, enabling you to make fast changes without deployment. More info here.stages
and set default
config to fallback to.serverless
command has been re-written to be more helpful when setting up a new or existing project.nodejs20.x
.We're seeking to avoid breaking changes for the "aws" Provider. However, there are a few large things that are changing to be aware of:
If you stumble upon additional breaking changes, please create an issue. To learn more about what's different and potential breaking changes, please see our Upgrading to Serverless Framework V4 Documentation.
Please note, the structure and licensing of the V.4 repository differ from the V.4 npm module. The npm module contains some proprietary licensed software, as V.4 transitions to a common SaaS product, as previously announced. The original Serverless Framework source code and more will continue to remain MIT license software, the repository will soon be restructured to clearly distinguish between proprietary and open-source components.
Here's how to install the Serverless Framework, set up a project and deploy it to Amazon Web Services on serverless infrastructure like AWS Lambda, AWS DynamoDB, AWS S3 and more.
First, you must have the Node.js runtime installed, version 18.20.3 or greater, then you can install the Serverless Framework via NPM.
Open your CLI and run the command below to install the Serverless Framework globally.
npm i serverless -g
Run serverless
to verify your installation is working, and show the current version.
As of version 4, the Serverless Framework automatically updates itself and performs a check to do so every 24 hours.
You can force an update by running this command:
serverless update
Or, you can set this environment variable:
SERVERLESS_FRAMEWORK_FORCE_UPDATE=true
serverless
CommandThe Serverless Framework ships with a serverless
command that walks you through getting a project created and deployed onto AWS. It helps with downloading a Template, setting up AWS Credentials, setting up the Serverless Framework Dashboard, and more, while explaining each concept along the way.
This guide will also walk you through getting started with the Serverless Framework, but please note, simply typing the serverless
command may be the superior experience.
serverless
The primary concept for a project in the Serverless Framework is known as a "Service", and its declared by a serverless.yml
file, which contains simplified syntax for deploying cloud infrastructure, such as AWS Lambda functions, infrastructure that triggers those functions with events, and additional infrastructure your AWS Lambda functions may need for various use-cases (e.g. AWS DynamoDB database tables, AWS S3 storage buckets, AWS API Gateways for recieving HTTP requests and forwarding them to AWS Lambda).
A Service can either be an entire application, logic for a specific domain (e.g. "blog", "users", "products"), or a microservice handling one task. You decide how to organize your project. Generally, we recommend starting with a monolithic approach to everything to reduce complexity, until breaking up logic is absolutely necessary.
To create and fully set up a Serverless Framework Service, use the serverless
command, which offers an interactive set-up workflow.
serverless
This will show you several Templates. Choose one that fits the language and use-case you want.
Serverless ϟ Framework
Welcome to Serverless Framework V.4
Create a new project by selecting a Template to generate scaffolding for a specific use-case.
? Select A Template: …
❯ AWS / Node.js / Starter
AWS / Node.js / HTTP API
AWS / Node.js / Scheduled Task
AWS / Node.js / SQS Worker
AWS / Node.js / Express API
AWS / Node.js / Express API with DynamoDB
AWS / Python / Starter
AWS / Python / HTTP API
AWS / Python / Scheduled Task
AWS / Python / SQS Worker
AWS / Python / Flask API
AWS / Python / Flask API with DynamoDB
(Scroll for more)
After selecting a Service Template, its files will be downloaded and you will have the opportunity to give your Service a name.
? Name Your Service: ›
Please use only lowercase letters, numbers and hyphens. Also, keep Service names short, since they are added into the name of each cloud resource the Serverless Framework creates, and some cloud resources have character length restrictions in their names.
Learn more about Services and more in the Core Concepts documentation.
As of Serverless Framework V.4, if you are using the serverless
command to set up a Service, it will eventually ask you to log in.
If you need to log in outside of that, run serverless login
.
Logging in will redirect you to the Serverless Framework Dashboard within your browser. After registering or logging in, go back to your CLI and you will be signed in.
Please note, you can get up and running with the Serverless Framework CLI and Dashboard for free, and the CLI will always be free for small orgs and indiehackers. For more information on pricing, check out our pricing page.
The "App" concept is a parent container for one or many "Services" which you can optionally set via the app
property in your serverless.yml
. Setting an app
also enables Serverless Framework Dashboard features for that Service, like tracking your Services and their deployments in Serverless Framework Dashboard, enabling sharing outputs between them, sharing secrets between them, and enabling metrics, traces and logs.
If you are using the serverless
onboarding command, it will help you set up an app
and add it to your Service. You can use the serverless
command to create an App on an existing Service as well, or create an App in the Dashboard.
❯ Create A New App
ecommerce
blog
acmeinc
Skip Adding An App
The app can also be set manually in serverless.yml via the app
property:
service: my-service
app: my-app
If you don't want to use the Serverless Framework Dashboard's features, simply don't add an app
property. Apps are not required.
To deploy cloud infrastructure to AWS, you must give the Serverless Framework access to your AWS credentials.
Running the Serverless Framework's serverless
command in a new or existing Service will help identify if AWS credentials have been set correctly or if they are expired, or help you set them up from scratch.
No valid AWS Credentials were found in your environment variables or on your machine. Serverless Framework needs these to access your AWS account and deploy resources to it. Choose an option below to set up AWS Credentials.
❯ Create AWS IAM Role (Easy & Recommended)
Save AWS Credentials in a Local Profile
Skip & Set Later (AWS SSO, ENV Vars)
We recommend creating an AWS IAM Role that's stored in the Serverless Framework Dashboard. We'll be supporting a lot of Provider Credentials in the near future, and the Dashboard is a great place to keep these centralized across your team, helping you stay organized, and securely eliminating the need to keep credentials on the machines of your teammates.
If you are using AWS SSO, we recommend simply pasting your temporary SSO credentials within the terminal as environment variables.
To learn more about setting up your AWS Credentials, read this guide.
After you've used the serverless
command to set up everything, it's time to deploy your Service to AWS.
Make sure your terminal session is within the directory that contains your serverless.yml
file. If you just created a Service, don't forget to cd
into it.
cd [your-new-service-name]
Deploying will create/update cloud infrastructure and code on AWS, all at the same time.
Run the deploy
command:
serverless deploy
More details on deploying can be found here.
Many Serverless Framework and serverless developers generally choose to develop on the cloud, since it matches reality (i.e. your production environment), and emulating Lambda and other infrastructure dependencies locally can be complex.
In Serverless Framework V.4, we've created a hybrid approach to development, to help developers develop rapidly with the accuracy of the real cloud environment. This is the new dev
command:
serverless dev
When you run this command, the following happens...
An AWS Cloudformation deployment will happen to slightly modify all of the AWS Lambda functions within your Service so that they include a lightweight wrapper.
Once this AWS Cloudformation deployment has completed, your live AWS Lambda functions within your Service will still be able to receive events and be invoked within AWS.
However, the events will be securely and instantly proxied down to your machine, and the code on your machine which will be run, rather than the code within your live AWS Lambda functions.
This allows you to make changes to your code, without having to deploy or recreate every aspect of your architecture locally, allowing you to develop rapidly.
Logs from your local code will also be shown within your terminal dev
session.
Once your code has finished, the response from your local code will be forwarded back up to your live AWS Lambda functions, and they will return the response—just like a normal AWS Lambda function in the cloud would.
Please note, dev
is only designed for development or personal stages/environments and should not be run in production or any stage where a high volume of events are being processed.
Once you are finished with your dev
session, you MUST re-deploy, using serverless deploy
to push your recent local changes back to your live AWS Lambda functions—or your AWS Lambda functions will fail(!)
More details on dev mode can be found here.
To invoke your AWS Lambda function on the cloud, you can find URLs for your functions w/ API endpoints in the serverless deploy
output, or retrieve them via serverless info
. If your functions do not have API endpoints, you can use the invoke
command, like this:
sls invoke -f hello
# Invoke and display logs:
serverless invoke -f hello --log
More details on the invoke
command can be found here.
To deploy code changes quickly, you can skip the serverless deploy
command which is much slower since it triggers a full AWS CloudFormation update, and deploy only code and configuration changes to a specific AWS Lambda function.
To deploy code and configuration changes to individual AWS Lambda functions in seconds, use the deploy function
command, with -f [function name in serverless.yml]
set to the function you want to deploy.
serverless deploy function -f my-api
More details on the deploy function
command can be found here.
You can use Serverless Framework to stream logs from AWS Cloudwatch directly to your terminal. Use the sls logs
command in a separate terminal window:
sls logs -f [Function name in serverless.yml] -t
Target a specific function via the -f
option and enable tailing (i.e. streaming) via the -t
option.
Many Serverless Framework users choose to emulate their entire serverless architecture locally. Please note, emulating AWS Lambda and other cloud services is never accurate and the process can be complex, especially as your project and teammates grow. As of V.4, we highly recommend using the new dev
mode with personal stages.
If you do choose to develop locally, we recommend the following workflow...
Use the invoke local
command to invoke your function locally:
sls invoke local -f my-api
You can also pass data to this local invocation via a variety of ways. Here's one of them:
sls invoke local --function functionName --data '{"a":"bar"}'
More details on the invoke local
command can be found here
Serverless Framework also has a great plugin that allows you to run a server locally and emulate AWS API Gateway. This is the serverless-offline
command.
More details on the serverless-offline plugins command can be found here.
A big benefit of Serverless Framework is within its Plugin ecosystem.
Plugins extend or overwrite the Serverless Framework, giving it new use-cases or capabilites, and there are hundreds of them.
Some of the most common Plugins are:
If you want to delete your service, run remove
. This will delete all the AWS resources created by your project and ensure that you don't incur any unexpected charges. It will also remove the service from Serverless Dashboard.
serverless remove
More details on the remove
command can be found here.
Serverless Framework Compose allows you to work with multiple Serverless Framework Services at once, and do the following...
Here is what a project structure might look like:
my-app/
service-a/
src/
...
serverless.yml
service-b/
src/
...
serverless.yml
Using Serverless Framework Compose requires a serverless-compose.yml
file. In it, you specify which Services you wish to deploy. You can also share data from one Service to another, which also creates a deployment order.
# serverless-compose.yml
services:
service-a:
path: service-a
service-b:
path: service-b
params:
queueUrl: ${service-a.queueUrl}
Currently, outputs to be inherited by another Service must be AWS Cloudformation Outputs.
# service-a/serverless.yml
# ...
resources:
Resources:
MyQueue:
Type: AWS::SQS::Queue
# ...
Outputs:
queueUrl:
Value: !Ref MyQueue
The value will be passed to service-b
as a parameter named queueUrl
. Parameters can be referenced in Serverless Framework configuration via the ${param:xxx}
syntax:
# service-b/serverless.yml
provider:
...
environment:
# Here we inject the queue URL as a Lambda environment variable
SERVICE_A_QUEUE_URL: ${param:queueUrl}
More details on Serverless Framework Compose can be found here.
In Serverless Framework V.4, we've introduced the serverless support
command, a standout feature that lets you generate issue reports, or directly connect with our support team. It automatically includes relevant context and omits sensitive details like secrets and account information, which you can check before submission. This streamlined process ensures your issues are quickly and securely addressed.
To use this feature, after an error or any command, run:
sls support
After each command, whether it succeeded or not, the context is saved within your current working directory in the .serverless
folder.
To open a new support ticket, run the sls support
command and select Get priority support...
. Optionally you'll be able to review and edit the generated report. Opening support tickets is only available to users who sign up for a Subscription.
You can also generate reports without submitting a new support ticket. This is useful for sharing context with others, opening Github issues, or using it with an AI prompt like ChatGPT. To do this, run the sls support
command and select Create a summary report...
, or Create a comprehensive report..
. You can skip the prompt by running sls support --summary
or sls support --all
. This is especially useful for capturing the report into the clipboard (e.g. sls support --summary | pbcopy
).
If you want to delete your service, run remove
. This will delete all the AWS resources created by your project and ensure that you don't incur any unexpected charges. It will also remove the service from Serverless Dashboard.
sls remove
More details on the remove
command can be found here.
Here are some helpful resources for continuing with the Serverless Framework:
serverless.yml
guideWe take security seriously. If you discover a security issue, please responsibly disclose it by contacting us at support@serverless.com. Please do not publicly disclose vulnerabilities until we have addressed them.
For more details, see our Security Policy.
FAQs
[![Serverless Framework AWS Lambda AWS DynamoDB AWS API Gateway](https://github.com/serverless/serverless/assets/2752551/66a8c6a9-bc4a-4116-b139-90c12963337e)](https://serverless.com)
The npm package serverless receives a total of 402,470 weekly downloads. As such, serverless popularity was classified as popular.
We found that serverless demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.