Deploy the Auth Lambda to AWS.
Before deploying, ensure:
- ✅ Node.js 18+ installed locally
- ✅ AWS credentials configured (
aws configure) - ✅ Secrets created in AWS Secrets Manager (see Secrets Setup)
- ✅ Lambda IAM role has Secrets Manager permissions
- ✅ Code passes TypeScript checks:
npm run type-check
Recommended: Use automatic deployment via GitHub Actions.
Push code to repository
↓
GitHub Actions workflow triggered
↓
Detect branch (main or dev)
↓
Build and test code
↓
Deploy to appropriate Lambda function
↓
Slack notification with status
| Push to Branch | Deploys to | Uses Secret | Environment |
|---|---|---|---|
main |
fl-auth-service-lambda |
fl-auth-service-secrets |
Production |
dev |
dev-fl-auth-service-lambda |
dev-fl-auth-service-secrets |
Development |
# Deploy to production
git push origin main
# Deploy to development
git push origin devMonitor deployment:
- Go to repository → Actions tab
- Watch workflow run
- Check Slack for notification (if configured)
- Verify in CloudWatch logs
If you need to deploy manually:
npm run buildThis creates dist/ directory with compiled JavaScript.
# Include source code and node_modules
zip -r lambda-deployment.zip dist/ node_modules/ package.json package-lock.json# Install serverless globally (one-time)
npm install -g serverless
# Deploy to production
serverless deploy --aws-profile default
# Deploy to development
serverless deploy --stage dev --aws-profile default# Production
aws lambda update-function-code \
--function-name fl-auth-service-lambda \
--zip-file fileb://lambda-deployment.zip \
--region eu-west-2
# Development
aws lambda update-function-code \
--function-name dev-fl-auth-service-lambda \
--zip-file fileb://lambda-deployment.zip \
--region eu-west-2Check CloudWatch logs:
# Production
aws logs tail /aws/lambda/fl-auth-service-lambda --follow --region eu-west-2
# Development
aws logs tail /aws/lambda/dev-fl-auth-service-lambda --follow --region eu-west-2Look for: ✅ Successfully loaded secrets or ✅ Successfully connected to Neo4j
Before deploying to production:
- Code committed and pushed
-
npm run type-checkpasses (no TypeScript errors) -
npm testpasses (tests green) - Reviewed changes in git diff
- Secrets configured in AWS Secrets Manager
- Lambda IAM role has correct permissions
- Verified on development environment first
For production deployment specifically:
- Tested on
devbranch first - Database migration completed (if needed)
- Verified all auth flows work in dev
- Planning maintenance window if needed
- Have rollback plan ready
After deploying:
# Production
aws logs tail /aws/lambda/fl-auth-service-lambda --follow --region eu-west-2
# Look for these messages:
# ✅ Successfully loaded secrets
# ✅ Successfully connected to Neo4j
# ✅ Listening on port 3000# Get the API Gateway URL (check AWS console or GitHub Actions output)
API_URL="https://your-api-gateway-url/auth"
# Test signup endpoint
curl -X POST $API_URL/signup \
-H "Content-Type: application/json" \
-d '{
"email": "test@example.com",
"password": "TestPassword123!",
"firstName": "Test"
}'Watch CloudWatch for the next few minutes:
- Look for any database connection errors
- Check for "Failed to load secrets" messages
- Monitor error rate spike
If something goes wrong:
# Using Serverless Framework
serverless rollback --aws-profile default
# Using AWS CLI (redeploy previous code)
git revert HEAD
git push origin main # Will trigger re-deployment with previous codeIf you have a backup of the previous deployment:
aws lambda update-function-code \
--function-name fl-auth-service-lambda \
--zip-file fileb://previous-deployment.zip \
--region eu-west-2If you're deploying with database changes:
# Test on development database first
npm run migrate:members-to-users -- --environment development --dry-run
# Run actual migration
npm run migrate:members-to-users -- --environment development
# Verify migration completed
npm run migrate:members-to-users -- --environment developmentSee Database Migrations Guide for full details.
- Function:
fl-auth-service-lambda - Secret:
fl-auth-service-secrets - Database: Production Neo4j
- Notifications: Production email service
- Logs:
/aws/lambda/fl-auth-service-lambda
- Function:
dev-fl-auth-service-lambda - Secret:
dev-fl-auth-service-secrets - Database: Development Neo4j (@ dev-neo4j.firstlovecenter.com)
- Notifications: Development email service
- Logs:
/aws/lambda/dev-fl-auth-service-lambda
- Check CloudWatch logs for "Failed to load secrets"
- Verify IAM role has
secretsmanager:GetSecretValuepermission - Verify secret exists:
aws secretsmanager describe-secret --secret-id fl-auth-service-secrets
- Check database credentials in secret
- Verify database is accessible:
nc -zv your-neo4j-host 7687 - Check database logs for connection errors
- Verify security groups allow Lambda to database
# Check what changed
git diff HEAD~1
# Rollback if needed
git revert HEAD
git push origin main- Check GitHub Actions logs for errors
- Verify AWS credentials are configured
- Check if Lambda has network access (VPC/security groups)
- Check CloudWatch for any permissions errors
# High error rate
aws cloudwatch put-metric-alarm \
--alarm-name fl-auth-lambda-errors \
--alarm-description "Alert on Lambda errors" \
--metric-name Errors \
--namespace AWS/Lambda \
--statistic Sum \
--period 300 \
--threshold 10 \
--comparison-operator GreaterThanThreshold \
--dimensions Name=FunctionName,Value=fl-auth-service-lambda- Error Rate: Should be near 0%
- Duration: Typical: 100-500ms
- Concurrency: Scale based on load
- Cold Starts: First request takes longer
- Database Migrations - Run migrations if needed
- Monitor with CloudWatch - Set up alerts
- Configure Notifications - Set up email service
See Also: