serverless-framework-full-lifecycle-with-dashboard-playground
learn and understand how Serverless Framework – Now, Full Lifecycle works. This allows serverless to instrument code, send cloudwatch logs to the serverless SaaS. This allows serverless to provide the Serverless Dashboard features
Running serverless
from cli to create project
The service
, app
, and org
top-level properties added to serverless.yml
enable serverless full lifecycle / dashboard
service: serverless-with-dashboard-playground-01
app: serverless-with-dashboard-playground-01
org: pfeilbr
To disable, add the following to serverless.yml
custom:
enterprise:
collectLambdaLogs: false
Serverless framework creates a role during the deploy. This allows for the cloudwatch log group logs to be sent to serverless SaaS app. e.g. arn:aws:iam::529276214230:role/serverless-with-dashboard-EnterpriseLogAccessIamRo-19SDI69RM1KJ4
inline policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:FilterLogEvents"
],
"Resource": [
"arn:aws:logs:us-east-1:529276214230:log-group:/aws/lambda/serverless-with-dashboard-playground-01-dev-hello:*"
],
"Effect": "Allow"
}
]
}
trust relationship
trust serverless aws account
802587217904
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::802587217904:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "ServerlessEnterprise-LGGXBmZw2Z47MmWq6b"
}
}
}
]
}
Instrumented/wrapped Code Example
On deploy, serverless instruments/wraps your code/handlers. You don’t see this locally in your codebase. You only see on the deployment side in AWS.
embedded/bundled serverless SDK
SERVERLESS_ENTERPRISE
wrapped log example
serverless hooks logging to stdout and stderr via serverlessSDK
. This allows it to log structured JSON logs to cloudwatch logs with the prefix SERVERLESS_ENTERPRISE
. This logging is additional, the console.log
s are logged independently.
To see the log group subscription details
aws logs describe-subscription-filters --log-group-name '/aws/lambda/serverless-with-dashboard-playground-01-dev-hello'
{
"subscriptionFilters": [
{
"filterPattern": "?\"REPORT RequestId: \" ?\"SERVERLESS_ENTERPRISE\"",
"filterName": "serverless-with-dashboard-playground-01-dev-CloudWatchLogsSubscriptionFilterHelloLogGroup-1SAKWRFMW5JHE",
"creationTime": 1566318781436,
"logGroupName": "/aws/lambda/serverless-with-dashboard-playground-01-dev-hello",
"destinationArn": "arn:aws:logs:us-east-1:802587217904:destination:LGGXBmZw2Z47MmWq6b#VlGYyRJNfvVVgHf8y1#serverless-with-dashboard-playground-01#dev",
"distribution": "ByLogStream"
}
]
}
It sends logs to the serverless AWS account (802587217904
). The destinationArn: arn:aws:logs:us-east-1:802587217904:destination:LGGXBmZw2Z47MmWq6b#VlGYyRJNfvVVgHf8y1#serverless-with-dashboard-playground-01#dev
is a kinesis stream within the serverless AWS account.
This is done via Cross-Account Log Data Sharing with Subscriptions
Serverless Dashboard | Views
“safeguard policies” are evaluated on serverless deploy
Send notifications (e.g. email)
Twitter • Reddit