AWS Serverless Hero. Independent Consultant. Developer Advocate at Lumigo.
With AWS Lambda and the Serverless framework, deploying your code has become so simple and frictionless.
As you move more and more of your architecture to run on Lambda, you might find that, in addition to getting things done faster you are also deploying your code more frequently.
But, as you rejoice in this new found superpower to make your users and stakeholders happy, you need to keep an eye out for that regional limit of 75GB for all the uploaded deployment packages.
At Yubl, me and a small team of 6 server engineers managed to rack up nearly 20GB of deployment packages in 3 months.
We wrote all of our Lambda functions in Nodejs, and deployment packages were typically less than 2MB. But the frequency of deployments made sure that the overall size of deployment packages went up steadily.
Now that I’m writing most of my Lambda functions in Scala (it’s the weapon of choice for the Space Ape Games server team), I’m dealing with deployment packages that are significantly bigger!
By default, the Serverless framework would create a new version of your function every time you deploy.
In Serverless 0.X, this is (kinda) needed because it used function alias. For example, I can have multiple deployment stages for the same function —
production. But in the Lambda console there is only one function, and each stage is simply an alias pointing to a different version of the same function.
Unfortunately this behaviour also made it difficult to manage the IAM permissions because multiple versions of the same function share the same IAM role. Since you can’t version the IAM role with the function, this makes it hard for you to add or remove permissions without breaking older versions.
Fortunately, the developers listened to the community and since the 1.0 release each stage is deployed as a separate function.
Essentially, this allows you to “version” IAM roles with deployment stages since each stage gets a separate IAM role. So there’s technically no need for you to create a new version for every deployment anymore. But, that is still the default behaviour, unless you explicitly disable it in your
serverless.yml by setting
You might argue that having old versions of the function in production makes it quicker to rollback.
In that case, enable it for the production stage only. To do that, here’s a handy trick to allow a default configuration in your
serverless.yml to be overridable by deployment stage.
In my personal experience though, unless you have taken great care and used aliases to tag the production releases it’s actually quite hard to know which version correlates to what. Assuming that you have reproducible builds, I would have much more confidence if we rollback by deploying from a
support branch of our code.
versionFunctions in the
serverless.yml for all of your projects is hard to enforce, another approach would be to retroactively delete old versions of functions that are no longer referenced by an alias.
To do that, you can create a cron job (ie. scheduled CloudWatch event + Lambda) that will scan through your functions and look for versions that are not referenced and delete them.
After we employed this Janitor Lambda function, our total deployment package went from 20GB to ~1GB (we had a lot of functions…).
Hi, my name is Yan Cui. I’m an AWS Serverless Hero and the author of Production-Ready Serverless. I have run production workload at scale in AWS for nearly 10 years and I have been an architect or principal engineer with a variety of industries ranging from banking, e-commerce, sports streaming to mobile gaming. I currently work as an independent consultant focused on AWS and serverless.
Check out my new course, Complete Guide to AWS Step Functions.
In this course, we’ll cover everything you need to know to use AWS Step Functions service effectively. Including basic concepts, HTTP and event triggers, activities, design patterns and best practices.
Get your copy here.
Come learn about operational BEST PRACTICES for AWS Lambda: CI/CD, testing & debugging functions locally, logging, monitoring, distributed tracing, canary deployments, config management, authentication & authorization, VPC, security, error handling, and more.
You can also get 40% off the face price with the code ytcui.
Get your copy here.