AWS has recently announced that AWS Lambda now supports GitHub Actions, providing a simplified way to deploy changes to Lambda functions using declarative configuration in GitHub Actions workflows. The new option supports both .zip file and container image deployments.
GitHub Actions is a tool that automatically runs tasks like building, testing, and deploying code whenever changes are made to a GitHub repository. The new action for AWS Lambda integrates with IAM using OpenID Connect (OIDC) authentication. It supports configuring function settings, including runtime, memory size, timeout, and environment variables, as well as dry-run mode, and Amazon S3-based deployment for larger .zip file packages.
OIDC allows GitHub Actions workflows to access AWS resources without storing AWS credentials as long-lived secrets. Shridhar Pandey, product lead at AWS, comments on LinkedIn:
Remember writing custom scripts to deploy Lambda functions from GitHub? Those days are over! Now you can automatically deploy your Lambda functions straight from your GitHub repository with simple, declarative configurations (…) I’m particularly excited about how this simplifies CI/CD pipelines for serverless applications. One less thing to maintain!
Development teams previously had to write custom scripts and manually handle packaging, permissions, and error handling to deploy Lambda functions from GitHub Actions, resulting in repetitive work and increased risk of errors. The new option provides a declarative, YAML interface that eliminates the complexity of manual deployment steps.
name: Deploy AWS Lambda
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
id-token: write # Required for OIDC authentication
contents: read # Required to check out the repository
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::123456789012:role/GitHubActionRole
aws-region: us-east-1
- name: Deploy Lambda Function
uses: aws-actions/aws-lambda-deploy@v1
with:
function-name: my-lambda-function
code-artifacts-dir: ./dist
GitHub Actions workflow for Lambda deployment. Source: AWS documentation
The ability to publish a Lambda function through a GitHub Action has received positive feedback from the community, with many developers questioning why it took so long. User raize_the_roof comments:
This has been a long time coming. Even with the integration, I’ve found that tweaking the runner environment can make a noticeable difference in how fast workflows finish (especially for bigger builds).
In the article “Why you probably don’t want to use AWS’ new GitHub Actions Lambda Deployment,” Mike Roberts, Partner at Symphonia, disagrees:
Capability-wise, this is precisely the same as making a couple of calls to the AWS Lambda CLI – there’s nothing much more to the new Action than that. (…) You’re still going to need to configure and deploy roles and permissions, and you’re still going to need to deploy trigger configuration. And that’s before all the other things I skimmed! Further, this Action doesn’t even build your Lambda function. (…) The other problem with deploying Lambda this way is it’s not the same way you’re going to deploy from a development environment
Corey Quinn, chief cloud economist at The Duckbill Group, adds in his newsletter :
Frankly what I think we all want is an AWS answer to Google Cloud Run: here’s a container image, go run it for me at scale.
The required parameters to deploy are function-name, code-artifacts-dir, handler, and runtime. If a function with the name specified by function-name does not exist, the role parameter is also required, and the function will be created with the provided code from code-artifacts-dir and configuration parameters using the CreateFunction API. Oleksii Semeniuk, an AWS DevOps engineer, tested the new feature and published an article on using GitHub Actions to deploy Lambda functions. Semeniuk concludes:
The process is quite straightforward and it significantly reduces the overhead that used to be required before.
The new GitHub action for Lambda functions is available in all AWS regions.
