Deploy AWS Lambda using Github Actions from scratch in 10 steps

Published in

CodeX

8 min readSep 2, 2024

This article will help you get started with github actions from scratch for building, testing and deploying pipelines on AWS.

I will be focussing on AWS Lambda specifically but once you are comfortable deploying a lambda using github actions, deploying anything else shouldn’t be too complicated since you’d have the basic hands-on knowledge.

To begin, what’s github actions?

GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production.

In other words, if you want to get started with automating your deployments using CI/CD, github actions does exactly that. There are other options as well, such as Jenkins, Gitlab CI/CD, Travis CI and so forth.

Lets begin:

1: Setting up a github repository

This step is a no-brainer, since you are going to be using github actions, you need a repository to store your source code. I assume you already have a github repository, if not please go ahead and create one, its free and simple.

2: Understanding Github hosted runners

The basic idea behind github actions is to define all your CI/CD steps inside a single workflow file, which will be a yaml file. These steps will be executed inside something called a github runner which is nothing but a virtual machine available and hosted on github platform. Its free of cost and comes with unlimited usage. Below are the different operating systems supported by Github hosted runners.

First things first, i want you to create a new Github repository for this tutorial. So go ahead and create a new repo, call it anything you want.

3: Understanding workflows

A typical workflow for any CI/CD pipeline has the below steps which needs to be executed in a sequence inside a github runner:

Step-1: Select the virtual machine(github hosted runner) on which you want to execute the CI/CD process

Step-2: Checkout the code (Fetching the source code from the repository)

Step-3: Install the dependency libraries (For eg: pandas,numpy, boto3, Python 3.X etc )

Step-4: Run tests (Unit testing) against the newly committed code

Step-5: Connect to the respective AWS cloud account using secrets

Step-6: Deploy the newly commited code by running aws-cli commands

To summarize , CI is the process of continuously integrating your code by building the artifacts and running tests against them and CD is the process of continuously deploying your code to the appropriate cloud service(Lambda,Glue, ECS etc).

Thats all there is to it. Simple right? Now lets define our first workflow for a lambda function.

4: Lambda function and unit test scripts

For AWS Lambda, we will use a simple python script as below which will deploy a lambda function to your AWS account on every code commit to the repository.

Create a python file called lambda_function.py . You can copy/paste the code into this file.

import json
def lambda_handler(event, context):
print(“Received event: “ + json.dumps(event, indent=2))
# Example processing
message = ‘Hello from Lambda!’
# Return a response
return {
‘statusCode’: 200,
‘body’: json.dumps({
‘message’: message
})
}

Now create another file called test_lambda_function.py using the below code.

import unittest
from lambda_function import lambda_handler
class TestLambdaFunction(unittest.TestCase):
def test_lambda_function(self):
event = {}
context = {}
response = lambda_handler(event, context)
self.assertEqual(response[‘statusCode’], 200)
self.assertIn(‘Hello from Lambda!’, response[‘body’])
if __name__ == ‘__main__’:
unittest.main()

5: Define workflow.yml file

As describe in Point 3 above, this is what your workflow will look like.

name: Deploy Lambda Function
on:
push:
branches:
- main
env:
AWS_REGION: us-east-1
LAMBDA_FUNCTION_NAME: MySimpleLambdaFunction
AWS_ROLE_TO_ASSUME: arn:aws:iam::{aws-account-number}:role/{lambda-role-name}
permissions:
id-token: write
contents: read
jobs:
deploy:
name: Deploy Lambda
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ‘3.8’
- name: Install dependencies
run: |
pip install awscli pytest
- name: Run unit tests
run: |
python -m unittest discover -s . -p ‘test_*.py’
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
role-session-name: GitHubActionsLambdaDeployment
- name: Zip the Lambda function
run: zip function.zip lambda_function.py
- name: Check if Lambda function exists
id: check_lambda
run: |
if aws lambda get-function — function-name ${{ env.LAMBDA_FUNCTION_NAME }}; then
echo “::set-output name=lambda_exists::true”
else
echo “::set-output name=lambda_exists::false”
fi
- name: Create or Update Lambda function
run: |
if [ “${{ steps.check_lambda.outputs.lambda_exists }}” == “false” ]; then
echo “Creating Lambda function…”
aws lambda create-function — function-name ${{ env.LAMBDA_FUNCTION_NAME }} \
— runtime python3.8 — role ${{ env.AWS_ROLE_TO_ASSUME }} \
— handler lambda_function.lambda_handler — zip-file fileb://function.zip
else
echo “Updating Lambda function…”
aws lambda update-function-code \
— function-name ${{ env.LAMBDA_FUNCTION_NAME }} \
— zip-file fileb://function.zip — publish
fi
- name: Clean up
run: rm function.zip

Create a file called workflow.yml and copy/paste this content inside of it. We will need to create an IAM role for github actions to be able to execute the steps mentioned in this workflow, which we will do in upcoming steps.

Summary of steps inside workflow

1: The runs-on keyword in this yaml file is where you specify the operating system for your github runners, which in this case is ubuntu-latest.

2: You can checkout the latest code from the repository using “actions” which is whats happening on the line : uses: actions/checkout@v3

3: Next, you setup Python (version 3.8) and install the dependencies inside the runner in the next 2 steps.

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ‘3.8’
- name: Install dependencies
run: |
pip install awscli

4: Once the dependencies (aws-cli ) are installed, you run the unit testing scripts

5: Configure the aws credentials for your pipeline which is where it fetches the AWS access and secret keys which we are yet to setup .

6: Deploy the lambda function

Thats it!! Not too complicated right? Now lets get started with the deployment.

6: Setup IAM Role and authentication for Github actions

Head over to your IAM dashboard on AWS and click on Create Role.

Select AWS Service and select Lambda in the use case drop-down.

For permission policies, select the Lambda full access policy and click Next.

Give your role a meaningful name and click Create Role.

Once the role is created, head back to the same role and click on the Trust relationships tab. Click on Edit trust policy.

Now paste the below json inside the json editor by replacing {aws-account-number} and {github-account-name} with your details.

{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “lambda.amazonaws.com”
},
“Action”: “sts:AssumeRole”
},
{
“Effect”: “Allow”,
“Principal”: {
“Federated”: “arn:aws:iam::{aws-account-number}:oidc-provider/token.actions.githubusercontent.com”
},
“Action”: “sts:AssumeRoleWithWebIdentity”,
“Condition”: {
“ForAllValues:StringLike”: {
“token.actions.githubusercontent.com:sub”: “repo:{github-account-name}/*”,
“token.actions.githubusercontent.com:aud”: “sts.amazonaws.com”
}
}
}
]
}

{github-account-name} is your github account name which you can grab from your github account and {aws-account-number} is the account number of your AWS account.

Once done, click Update policy.

7: Setup Identity Providers

Now select Identity Providers from the left navigation of your IAM Console. Click on Add provider

Add https://token.actions.githubusercontent.com as the Provider URL and audience as sts.amazonaws.com.

Click Add provider.

8: Configure AWS Credentials on Github

We’re almost done. Head over to your github repository that you created for this tutorial and select the Settings tab.

On the left bar, select Secrets and Variables and click on Actions.

This is where you will store your Access and Secret Key for the workflows to use them at run time.

Select New repository secret and add both your keys.

We are almost there!!

9: Deployment — Adding source code to the repository

Head back to your repository and add the 2 files: lambda_function.py and test_lambda_function.py to the root of your repository.

Thats your source code which will be deployed to AWS lambda.

10: Setup and execute github actions workflow

As the last step, all your need to do now is to upload the workflow.yml file to this repository and thats it. You will see the magic right away.

Click on Add file and select create new file.

Now just type .github/worflows/workflow.yml

And paste the contents of workflow.yml into the editor .

Make sure to change the IAM role name to that of yours against AWS_ROLE_TO_ASSUME keyword in the workflow.yml file. Also, change the AWS_REGION to your choice.