Serverless Framework: ways to achieve full "infrastructure as code"?

Question

I've followed an excellent guide (Serverless Stack) that creates a typical CRUD serverless infrastructure with a react frontend. It's using the Serverless Framework for AWS.

What I don't like is that to bootstrap the setup, there is a lot of manual clicking in GUIs (mostly Amazon's console interface) involved. I.e. the setup is not version controlled and is not easily reproducible. It would not be easy to extend it with a CI/CD process etc. In this example the following resources need to be setup manually:

• AWS Cognito User Pool
• AWS Cognite User Pool Application
• AWS Cognito Federated Identity Pool
• AWS DynamoDB instance
• AWS S3 buckets (x3) (this also hosts the frontend)
• AWS CloudFront distribution
• AWS Route53 zone file

The only resources that are being built from code are the serverless functions (lambdas) themselves, as well as API Gateway instances. This is what the serverless framework does using its serverless.yml file. But all of the above resources are not automatically created. They sometimes need to be referenced to using their ARNs, but they are not being created by the serverless.yml configuration. Running such a system in production (which relies heavily on the manual creation of services through GUIs) would seem risky.

I was thinking that a solution for this would be to use Terraform or Cloudformation. But the Serverless Framework itself is using Cloudformation for the setup of Lambdas already, though not for other resources. So how would one eliminate this gap? In other words, how would one rebuilt the entire setup described at Serverless Stack in code?

It would seem strange, and perhaps not possible, to have CloudFormation setup Serverless, which then has its own Cloudformation templates to setup lambdas. It might make more sense to extend the Serverless Framework to not just define the functions and API Gateways that need to be created on a serverless deploy, but also other resources like a DynamoDB or a Cognito User Pool. Are there any examples or attempts of people doing this already?

Answer 1

I agree that documentation on this would make an excellent pull request here.

You're correct that serverless is using CloudFormation under the hood. The framework does expose the underlying CloudFormation machinery to you, by way of the resources key of your serverless.yml.

I think the intent of the framework is that you would put the rest of these resources (Cognito stuff, S3, etc.) in the resources: section of your serverless.yml file, using regular old CloudFormation syntax.

For example, this file will create a DynamoDB table and S3 bucket, in addition to the serverless function:

service: aws-nodejs # NOTE: update this with your service name
provider:
  name: aws
  runtime: nodejs6.10
functions:
  hello:
    handler: handler.deletecustomer
    events:
      - http:
          path: /deletecustomer
          method: post
          cors: true
resources:
  Resources:
    tablenotes:
      Type: AWS::DynamoDB::Table
      Properties:
        AttributeDefinitions:
          - AttributeName: noteId
            AttributeType: S
          - AttributeName: userId
            AttributeType: S
        KeySchema:
          - AttributeName: userId
            KeyType: HASH
          - AttributeName: noteId
            KeyType: RANGE
        ProvisionedThroughput:
          ReadCapacityUnits: '5'
          WriteCapacityUnits: '5'
    mysamplebucket:
      Type: AWS::S3::Bucket
      Properties:
        WebsiteConfiguration:
          IndexDocument: index.html
          ErrorDocument: error.html
        AccessControl: Private
        VersioningConfiguration:
          Status: Suspended

If you're new to CloudFormation, I'd also recommend taking a peek at CloudFormer.