Serverless Framework Full Lifecycle with Dashboard

serverless-framework-full-lifecycle-with-dashboard-playground

learn and understand how Serverless Framework – Now, Full Lifecycle works. This allows serverless to instrument code, send cloudwatch logs to the serverless SaaS. This allows serverless to provide the Serverless Dashboard features


Running serverless from cli to create project

The service, app, and org top-level properties added to serverless.yml enable serverless full lifecycle / dashboard

service: serverless-with-dashboard-playground-01
app: serverless-with-dashboard-playground-01
org: pfeilbr

To disable, add the following to serverless.yml

custom:
  enterprise:
    collectLambdaLogs: false

Serverless framework creates a role during the deploy. This allows for the cloudwatch log group logs to be sent to serverless SaaS app. e.g. arn:aws:iam::529276214230:role/serverless-with-dashboard-EnterpriseLogAccessIamRo-19SDI69RM1KJ4

inline policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "logs:FilterLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:us-east-1:529276214230:log-group:/aws/lambda/serverless-with-dashboard-playground-01-dev-hello:*"
            ],
            "Effect": "Allow"
        }
    ]
}

trust relationship

trust serverless aws account 802587217904

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::802587217904:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "ServerlessEnterprise-LGGXBmZw2Z47MmWq6b"
        }
      }
    }
  ]
}

Instrumented/wrapped Code Example

On deploy, serverless instruments/wraps your code/handlers. You don’t see this locally in your codebase. You only see on the deployment side in AWS.

embedded/bundled serverless SDK

SERVERLESS_ENTERPRISE wrapped log example

serverless hooks logging to stdout and stderr via serverlessSDK. This allows it to log structured JSON logs to cloudwatch logs with the prefix SERVERLESS_ENTERPRISE. This logging is additional, the console.logs are logged independently.

To see the log group subscription details

aws logs describe-subscription-filters --log-group-name '/aws/lambda/serverless-with-dashboard-playground-01-dev-hello'

{
    "subscriptionFilters": [
        {
            "filterPattern": "?\"REPORT RequestId: \" ?\"SERVERLESS_ENTERPRISE\"",
            "filterName": "serverless-with-dashboard-playground-01-dev-CloudWatchLogsSubscriptionFilterHelloLogGroup-1SAKWRFMW5JHE",
            "creationTime": 1566318781436,
            "logGroupName": "/aws/lambda/serverless-with-dashboard-playground-01-dev-hello",
            "destinationArn": "arn:aws:logs:us-east-1:802587217904:destination:LGGXBmZw2Z47MmWq6b#VlGYyRJNfvVVgHf8y1#serverless-with-dashboard-playground-01#dev",
            "distribution": "ByLogStream"
        }
    ]
}

It sends logs to the serverless AWS account (802587217904). The destinationArn: arn:aws:logs:us-east-1:802587217904:destination:LGGXBmZw2Z47MmWq6b#VlGYyRJNfvVVgHf8y1#serverless-with-dashboard-playground-01#dev is a kinesis stream within the serverless AWS account.

This is done via Cross-Account Log Data Sharing with Subscriptions


Serverless Dashboard | Views

“safeguard policies” are evaluated on serverless deploy

Send notifications (e.g. email)


Resources