Sergey Nivens - Fotolia
AWS Serverless Application Repository explained
To address the needs of its serverless users, AWS released its Serverless Application Repository. Explore the ways users can benefit and a few best practices everyone should follow when they use this feature.
Everyone is looking for the next best tools, technologies and infrastructures for IT workloads. As serverless computing grows, providers are enhancing serverless portfolios to better enable developers to run applications without having to provision or manage infrastructure.
AWS kicked things off with Lambda in 2014 and API Gateway in 2015. Since then, AWS has released a number of products and features, such as AWS Serverless Application Repository, that make serverless architectures predictable and production-ready.
AWS Serverless Application Repository gives developers a central place to publish serverless components for public or private consumption. The concept is similar to that of a Docker repository, where users can store components that other users download and deploy in their own environments. However, instead of Docker images, the Serverless Application Repository manages AWS serverless applications.
AWS serverless application basics
In AWS, a serverless application consists of a group of components that are managed in a centralized way, through CloudFormation configuration templates or the Serverless Application Model (SAM). SAM templates are an extension of CloudFormation, geared for serverless components. All resources defined by either a CloudFormation or SAM template are part of a single serverless application.
A user accesses a serverless application via AWS Lambda console, which serves as a single place to keep track of the application's deployment history, as well as the consolidated monitoring data and logs for all components that are part of an application.
Application deployment
The Serverless Application Repository is available through the AWS console, the SAM command-line interface or the AWS software development kits.
To publish an application to the AWS Serverless Application Repository, you must have all components defined and packaged using SAM templates. Users deploy an application via SAM in three steps:
- Define all components using a SAM template.
- Package all code and configuration components into a .zip file that is available in Amazon S3.
- Deploy the package by creating or updating a CloudFormation stack.
The SAM CLI offers commands for packaging and deploying applications. Users of the Serverless Application Repository need to have their application already packaged and available in S3 if they want to share it with others. To publish code to the repository, upload the SAM template that points to the packaged application stored in S3, and provide additional details, such as the application name, author, description and readme text. Publishers can also provide a version number, which consumers can refer to if they want to deploy a particular version of that serverless application other than the newest. Developers can upload multiple versions as they update the application over time.
Best practices for publishing and consuming code
Publishers should know how they want code shared -- and how much -- before they start using the Serverless Application Repository.
Applications published to the repository can be either public or private. Developers must provide version information for public applications, while versioning is optional with private applications. Private apps can be shared with specific AWS accounts, which is useful for organizations with multiple accounts, or for publishers who want to limit access to their applications.
Users can browse or search public applications at the repository URL and can see a list of private applications shared with their AWS account.
From a consumer point of view, deploying an application from the AWS Serverless Application Repository is a simple process. Simply click on the app's link and approve its deployment. But take these precautions first.
Always review the AWS Identity and Access Management permissions for each application and check if it has unnecessary elevated permissions or introduces a security risk before consuming it. When possible, deploy applications from a trusted developer, with a Verified Author badge. To become a Verified Author, developers must be processed and reviewed by AWS.
Application owners can use the Serverless Application Repository as part of their software release process. With the repository, users can manage and release serverless application versions internally. For example, the team can point the production stack on Lambda to a stable application version in the repository, while development and test work on newer versions with separate stacks in Lambda. As soon as a version is ready for production, the team updates the application to point to it. This process can be applied in a single AWS account or across multiple AWS accounts.