Serverless+Webpack:在 ZIP 中包含 .pem 文件
Serverless+Webpack: include .pem files in ZIP
我尝试使用无服务器将我的 lambda 函数部署到 AWS。一切正常,但该功能无法执行,因为找不到两个文件(这就是 fs.readFileSync 所说的)。我将它们包含在 serverless.yml 中的以下几行:
provider:
name: aws
runtime: nodejs10.x
stage: dev
region: eu-central-1
package:
exclude:
- .env
include:
- src/config/push-cert.pem
- src/config/push-key.pem
当我查看上传到 S3 的 .zip 文件时,两个 .pem 文件都不包括在内。我已经尝试使用 __dirname 来获取 lambda 函数的完整文件路径。
我的 webpack.config.js 如下所示:
const path = require("path");
const nodeExternals = require("webpack-node-externals");
const slsw = require("serverless-webpack");
module.exports = {
entry: slsw.lib.entries,
target: "node",
node: {
__dirname: true
},
mode: slsw.lib.webpack.isLocal?"development":"production",
externals: [nodeExternals()],
output: {
libraryTarget: "commonjs",
// pay attention to this
path: path.join(__dirname, ".webpack"),
filename: "[name].js"
},
module: {
rules: [
{
test: /\.js$/,
use: [
{
loader: "babel-loader",
options: {
// ... and this
presets: [["@babel/env", {targets: {node: "8.10"}}]],
plugins: [
"@babel/plugin-proposal-object-rest-spread"
]
}
}
]
},
{
test: /\.(graphql|gql)$/,
exclude: /node_modules/,
loader: "graphql-tag/loader"
}
]
}
};
你们中有人可以帮忙吗?
干杯!
虽然您绝对可以将您的证书文件作为部署包的一部分包含在内,并且在没有更多信息的情况下我不确定为什么不包含它们,但更安全的方法是存储您的 certificate/key 在 AWS Secrets Manager 中,然后在您的 Lambda 中访问该秘密。
您可以了解有关 AWS Secrets Manager 的更多信息here, and there is a tutorial to store and retrieve a secret here。
由于 serverless-webpack 为您打包而不是无服务器框架,因此您需要使用 Webpack 插件:
const path = require("path");
const nodeExternals = require("webpack-node-externals");
const slsw = require("serverless-webpack");
const CopyPlugin = require('copy-webpack-plugin');
module.exports = {
entry: slsw.lib.entries,
target: "node",
node: {
__dirname: true
},
mode: slsw.lib.webpack.isLocal?"development":"production",
externals: [nodeExternals()],
plugins: [
new CopyPlugin([
{ from: 'src/config/push-cert.pem', to: 'push-cert.pem' },
{ from: 'src/config/push-key.pem', to: 'push-key.pem' },
]),
],
output: {
libraryTarget: "commonjs",
// pay attention to this
path: path.join(__dirname, ".webpack"),
filename: "[name].js"
},
module: {
rules: [
{
test: /\.js$/,
use: [
{
loader: "babel-loader",
options: {
// ... and this
presets: [["@babel/env", {targets: {node: "8.10"}}]],
plugins: [
"@babel/plugin-proposal-object-rest-spread"
]
}
}
]
},
{
test: /\.(graphql|gql)$/,
exclude: /node_modules/,
loader: "graphql-tag/loader"
}
]
}
};
如@hephalump 所述,最好使用 AWS Secrets Manager(或参数 Store/Environment 变量)。
我尝试使用无服务器将我的 lambda 函数部署到 AWS。一切正常,但该功能无法执行,因为找不到两个文件(这就是 fs.readFileSync 所说的)。我将它们包含在 serverless.yml 中的以下几行:
provider:
name: aws
runtime: nodejs10.x
stage: dev
region: eu-central-1
package:
exclude:
- .env
include:
- src/config/push-cert.pem
- src/config/push-key.pem
当我查看上传到 S3 的 .zip 文件时,两个 .pem 文件都不包括在内。我已经尝试使用 __dirname 来获取 lambda 函数的完整文件路径。
我的 webpack.config.js 如下所示:
const path = require("path");
const nodeExternals = require("webpack-node-externals");
const slsw = require("serverless-webpack");
module.exports = {
entry: slsw.lib.entries,
target: "node",
node: {
__dirname: true
},
mode: slsw.lib.webpack.isLocal?"development":"production",
externals: [nodeExternals()],
output: {
libraryTarget: "commonjs",
// pay attention to this
path: path.join(__dirname, ".webpack"),
filename: "[name].js"
},
module: {
rules: [
{
test: /\.js$/,
use: [
{
loader: "babel-loader",
options: {
// ... and this
presets: [["@babel/env", {targets: {node: "8.10"}}]],
plugins: [
"@babel/plugin-proposal-object-rest-spread"
]
}
}
]
},
{
test: /\.(graphql|gql)$/,
exclude: /node_modules/,
loader: "graphql-tag/loader"
}
]
}
};
你们中有人可以帮忙吗?
干杯!
虽然您绝对可以将您的证书文件作为部署包的一部分包含在内,并且在没有更多信息的情况下我不确定为什么不包含它们,但更安全的方法是存储您的 certificate/key 在 AWS Secrets Manager 中,然后在您的 Lambda 中访问该秘密。
您可以了解有关 AWS Secrets Manager 的更多信息here, and there is a tutorial to store and retrieve a secret here。
由于 serverless-webpack 为您打包而不是无服务器框架,因此您需要使用 Webpack 插件:
const path = require("path");
const nodeExternals = require("webpack-node-externals");
const slsw = require("serverless-webpack");
const CopyPlugin = require('copy-webpack-plugin');
module.exports = {
entry: slsw.lib.entries,
target: "node",
node: {
__dirname: true
},
mode: slsw.lib.webpack.isLocal?"development":"production",
externals: [nodeExternals()],
plugins: [
new CopyPlugin([
{ from: 'src/config/push-cert.pem', to: 'push-cert.pem' },
{ from: 'src/config/push-key.pem', to: 'push-key.pem' },
]),
],
output: {
libraryTarget: "commonjs",
// pay attention to this
path: path.join(__dirname, ".webpack"),
filename: "[name].js"
},
module: {
rules: [
{
test: /\.js$/,
use: [
{
loader: "babel-loader",
options: {
// ... and this
presets: [["@babel/env", {targets: {node: "8.10"}}]],
plugins: [
"@babel/plugin-proposal-object-rest-spread"
]
}
}
]
},
{
test: /\.(graphql|gql)$/,
exclude: /node_modules/,
loader: "graphql-tag/loader"
}
]
}
};
如@hephalump 所述,最好使用 AWS Secrets Manager(或参数 Store/Environment 变量)。