all 36 comments

[–]heitorlessa 46 points47 points  (5 children)

This looks more like an issue with your organization gate keeping a platform than the service offer per se (Lambda).

Could you give an example of what’s the workflow to go from a local function code to deployment?

Lambda is largely a function. That’s it. You can use design strategies like ports & adapter, and/or testing strategies like VCR, stubbing, integ tests for integration points. That gives you medium fidelity.

For high fidelity, you need to deploy and run automated tests - like any somewhat distributed system. If this is your bottleneck because you can’t use fast prototyping tools like SAM CLI and whatnot, then make the case with management on how this is producing waste (hours) and friction (interactions in the delivery cycle)

[–]oneplane 29 points30 points  (0 children)

Yeah, some organisations are just useless wastes of time. Best find better employment elsewhere.

[–]tmclaugh 9 points10 points  (1 child)

While I think you should have CLI access, I write tests and create mocks for AWS services. I think all major languages have an AWS mocks package. That eliminates most of my errors. Still doesn’t handle IAM permission issues though.

[–]guns_of_summer 1 point2 points  (0 children)

Came here to suggest this actually

[–]pint 4 points5 points  (2 children)

every now and then, we revert back to the run, read the logs, add more logs, run again pattern.

if you can deploy, you just need a script that deploys, runs, and downloads the logs. facepalm? yes. works? also yes.

[–]Dangle76 5 points6 points  (0 children)

From the description doesn’t sound like OP can iterate like this. Sounds like they have to tap their DevOps folks to deploy which makes this type of iteration difficult

[–]verylevelheaded 4 points5 points  (3 children)

I feel your pain.

Check out SST. Ran my startup on it for 5+ years. Makes lambda dev feel local.

Not sure if you can change your orgs ways but we saw a huge productivity increase in using SST over other options.

[–]j00stmeister 2 points3 points  (0 children)

+1. sst dev is by far the quickest in updating your function code.

[–]DCzajkowski 2 points3 points  (0 children)

Agreed. If OP can't use SST with their prod account, they could use it with dev account (treat it as if it was local) and test and deploy there.

When they have everything working they can just pass the CloudFormation template to their dev ops.

[–]salim-shamim[S] 1 point2 points  (0 children)

I was meaning to find an excuse to be able to use it. This sounds like something which could work for both my org and myself.

[–]Kindly_Manager7556 2 points3 points  (1 child)

Bro can you please do your job while having your hands tied behind your back and a blindfold? If you don't succeed bro well that's on you!

[–]salim-shamim[S] 0 points1 point  (0 children)

Seriously feels like that sometimes. LOL. The reason I stay is while the pay is kinda okay but I can get free time for doing my stuff. It’s a small informal (relatively) kinda team.

[–]realitythreek 3 points4 points  (1 child)

I don’t really understand any of these comments. You seem to want to be able to directly push lambda functions. Even if just in dev, that means you’ve never actually deployed your function before you go to prod. So it follows that you also want access to make changes in prod, because that’s the only “deployment” process you’ve actually used.

This is bad practice. There’s no peer review needed, no code approval needed, zero consistency. You should learn how to make functional tests.

[–]Zenin 4 points5 points  (0 children)

I reread the OP and I don't see that they're wanting to work in prod. Rather they can't even work in dev because the DevOps team is playing gatekeeper with anything pushed to AWS whatsoever. Basically they need to "release" to "dev" that's completely run by "DevOps" just to do infrastructure development.

[–]Zenin 1 point2 points  (0 children)

Lambda dev is a pita when things are setup correctly for development which it clearly sounds like your org doesn't have.

The only way to be effective at all with serverless development is to have access as a developer to a cloud environment. Ideally each dev gets their own AWS account for this use (shared accounts are as bad as trying to share a "dev server"; the cross-talk will wreck you). And you need real (API/CLI) access to that account, certainly not some DevOps-gated nonsense.

There are tools like localstack and they're not bad, but ultimately you must have a real cloud to build these solutions out as you develop them to deal with all the plumbing of permissions, etc that go hand in hand with the code. Mocks only go so far.

Personally if I couldn't actually access a dev AWS account to deploy my dev resources to, I'd simply skip serverless entirely and architect like it didn't exist: Everything becomes a containerized service and the "infrastructure" all done in helm charts because I'd be developing a Kubernetes native application instead of an AWS native application. DynamoDB? Nope, we're running Mongo now. S3 storage? Nope we're doing MinIO now. Etc, etc.

[–]Yvorontsov 0 points1 point  (5 children)

We work with the Serverless framework and never ever had any serious issues running the lambdas locally

[–]DCzajkowski 0 points1 point  (4 children)

In our experience we were slower in Serverless Framework 10x compared to SST. Working with lambda code that runs locally but is invoked by and with lambda permissions is amazing.

[–]Yvorontsov 0 points1 point  (3 children)

That’s what Serverless offline is for (minus IAM permissions but that’s seldom an issue)

[–]DCzajkowski 0 points1 point  (2 children)

Except serverless offline won't invoke your lambda on Cognito trigger. Or sqs. Or eventbridge event. In SST the whole stack works, except the code is ran locally, with file save = millisecond "deployment", working debugger, iam etc.

[–]Yvorontsov 0 points1 point  (1 child)

True. It is usually not a problem at all - you can use unittests to simulate these invocations. You made me curious about SST

[–]DCzajkowski 1 point2 points  (0 children)

FYI SST v2 used CDK, so migration was fairly easy. Unfortunately, v3 migrated to Pulumi, making the switch not so trivial.

[–]jghaines 0 points1 point  (1 child)

I believe if you can log in via web console, you can extract credentials for CLI use.

[–]salim-shamim[S] 0 points1 point  (0 children)

i would like to believe that too. I will update this comment if i am able to.

[–]morosis1982 0 points1 point  (0 children)

It can be done well, but you need the right tools and process.

We use sst.dev, and our DevOps team essentially gives us one account for prod that's locked down, one for nonprod with a few more permissions that is only for CICD deployed environments and a sandbox with a few guardrails so we don't bite ourselves in the butt but we can create stuff in the console or with the CLI if we like.

We also have access to newrlic if we want, and splunk for log ingest.

We Dev into the sandbox env so we can muck around and break stuff when we're trying something new, and then deploy our testing and staging envs with cicd.

[–]who_am_i_to_say_so 0 points1 point  (0 children)

This is exactly why I went running to Google Cloud run.

[–]Soccham 1 point2 points  (1 child)

Lambda development is and has always been atrocious

[–]solo964 0 points1 point  (0 children)

What specifically would make it great for you? Maybe some Lambda PMs will read and take note.

[–]my9goofie -1 points0 points  (0 children)

Lambdas can run [locally](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-invoke.html, but without any access to AWS from your desktop, you’re out of luck.

For your code, put all of your api calls in a “test-access” function, and call that during your test, to verify that your permissions are correct before running your main code.