Deployment Script
This example shows a basic deployment script configuration.
Script resource
- Executes script as a part of the deployment process
- The script is executed as a lambda function during deploy/delete operation
Basic example
resources:myDeploymentScript:type: deployment-scriptproperties:# Configures how your script code is turned into a deployment package (deployment artifact)## - Currently supported packaging types are:# - `stacktape-lambda-buildpack` - Stacktape automatically builds your source code from the supplied source file path.# - `custom-artifact` - You provide path to your own lambda artifact. Stacktape will zip it for you if it's not zipped.# - Your deployment artifacts are automatically uploaded to the S3 deployment bucket.## - Type: union (anyOf)# - Required: true## - Type: object# - Required: truepackaging:## - Type: string# - Required: truetype: stacktape-lambda-buildpack## - Type: object# - Required: trueproperties:# Path to the entry point of your compute resource (relative to the stacktape config file)## - Stacktape tries to bundle all your source code with its dependencies into a single file.# - If a certain dependency doesn't support static bundling (because it depends on binary executable, uses dynamic require() calls, etc.),# Stacktape will install it and copy it to the bundle## - Type: string# - Required: trueentryfilePath: ./src/index.ts# The handler function (method) ran when the lambda function is invoked.## - Type: string# - Required: falsehandlerFunction: example-value# Files that should be explicitly included in the deployment package (glob pattern)## - Example glob pattern: `images/*.jpg`# - The path is relative to the stacktape configuration file location or to `cwd` if configured using `--currentWorkingDirectory` command line option.## - Type: array<string># - Required: falseincludeFiles:- public/**/*- assets/*.png# Files that should be explicitly excluded from deployment package (glob pattern)## Example glob pattern: `images/*.jpg`## - Type: array<string># - Required: falseexcludeFiles:- *.test.ts- node_modules/**# Dependencies to ignore.## - These dependencies won't be a part of your deployment package.## - Type: array<string># - Required: falseexcludeDependencies:- example-value# Configuration of packaging properties specific to given language## - Type: union (anyOf)# - Required: false# Runtime used for script lambda execution environment## - Stacktape automatically detects the function's language and uses the latest runtime version associated with that language.# - Example: uses `nodejs22.x` for all files ending with `.js` and `.ts`.# - For the list of all available lambda runtimes, refer to [AWS docs](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html).## - Type: enum: [dotnet6, dotnet7, java11, java17, java8, java8.al2, nodejs18.x, nodejs20.x, nodejs22.x, provided.al2, provided.al2023, python3.10, python3.11, python3.12, python3.13, python3.8, python3.9, ruby3.2]# - Required: false# - Allowed values: [dotnet6, dotnet7, java11, java17, java8, java8.al2, nodejs18.x, nodejs20.x, nodejs22.x, provided.al2, provided.al2023, python3.10, python3.11, python3.12, python3.13, python3.8, python3.9, ruby3.2]runtime: dotnet6# Environment variables injected to the script.## - Environment variables can be used to inject information about infrastructure (database URLS, secrets ...) into script's runtime# - To pass complex objects into your script use `parameters` instead## - Type: array<object (reference)># - Required: falseenvironment:- name: NODE_ENVvalue: production- name: DATABASE_URLvalue: $ResourceParam(myDatabase, connectionString)# Parameters which will be passed to the script handler during execution## - Parameters can be used to pass complex information to your script handler## > You cannot pass secret values (i.e using `$Secret` directive) using parameters.# > To pass secret values use `environment` variables instead.## - Type: object# - Required: false# Amount of memory (in MB) available to the script lambda execution environment.## - Must be between 128 MB and 10,240 MB in 1-MB increments.# - Amount of CPU power available to the script lambda execution environment is also set using memory property - it's proportionate to the amount of available memory.# - Lambda with 1797MB has a CPU power equal to 1 virtual CPU. Lambda function can have a maximum of 6 vCPUs (at 10,240 MB of RAM).## - Type: number# - Required: falsememory: 2048# Maximum amount of time (in seconds) the script is allowed to run## Maximum allowed time is 900 seconds.## - Type: number# - Required: false# - Default: 10timeout: 3600# Connects the lambda function that executes the script to the default VPC## - Functions are NOT connected to the default VPC of your stack by default.# - To communicate with certain resources inside your VPC, you need to connect your function to the VPC.# Most common use-case for this is accessing a relational-database or a mongo-db-atlas-cluster that is configured to only allows connections from VPC.# - Connecting a function to the VPC makes it lose connection to the internet. (Outbound requests will fail).# To restore a connection to the internet, you would need to use NAT Gateway. We do dont recommend this, and advice you to re-architect your application instead.# - To learn more about VPCs, refer to [VPCs Stacktape documentation](https://docs.stacktape.com/user-guides/vpcs).## - Type: boolean# - Required: falsejoinDefaultVpc: true# Size of functions `/tmp` directory in MB## - Minimum is 512# - Maximum is 10240## - Type: number# - Required: false# - Default: 512storage: 512# Configures access to other resources of your stack (such as databases, buckets, event-buses, etc.) and aws services## By referencing resources (or services) in `connectTo` list, Stacktape automatically:# - configures correct compute resource's **IAM role permissions** if needed# - sets up correct **security group rules** to allow access if needed# - **injects relevant environment variables** containing information about resource you are connecting to into the compute resource's runtime# - names of environment variables use upper-snake-case and are in form `STP_[RESOURCE_NAME]_[VARIABLE_NAME]`,# - examples: `STP_MY_DATABASE_CONNECTION_STRING` or `STP_MY_EVENT_BUS_ARN`,# - list of injected variables for each resource type can be seen below.### Granted permissions and injected environment variables are different depending on resource type:### `Bucket`# - **Permissions:**# - list objects in a bucket# - create / get / delete / tag object in a bucket# - **Injected env variables**: `NAME`, `ARN`### `DynamoDB table`# - **Permissions:**# - get / put / update / delete item in a table# - scan / query a table# - describe table stream# - **Injected env variables**: `NAME`, `ARN`, `STREAM_ARN`### `MongoDB Atlas cluster`# - **Permissions:**# - Allows connection to a cluster with `accessibilityMode` set to `scoping-workloads-in-vpc`. To learn more about# MongoDB Atlas clusters accessibility modes, refer to# [MongoDB Atlas cluster docs](https://docs.stacktape.com/3rd-party-resources/mongo-db-atlas-clusters/#accessibility).# - Creates access "user" associated with compute resource's role to allow for secure credential-less access to the the cluster# - **Injected env variables**: `CONNECTION_STRING`### `Relational(SQL) database`# - **Permissions:**# - Allows connection to a relational database with `accessibilityMode` set to `scoping-workloads-in-vpc`. To learn more about# relational database accessibility modes, refer to [Relational databases docs](https://docs.stacktape.com/resources/relational-databases#accessibility).# - **Injected env variables**: `CONNECTION_STRING`, `JDBC_CONNECTION_STRING`, `HOST`, `PORT`# (in case of aurora multi instance cluster additionally: `READER_CONNECTION_STRING`, `READER_JDBC_CONNECTION_STRING`, `READER_HOST`)### `Redis cluster`# - **Permissions:**# - Allows connection to a redis cluster with `accessibilityMode` set to `scoping-workloads-in-vpc`. To learn more about# redis cluster accessibility modes, refer to [Redis clusters docs](https://docs.stacktape.com/resources/redis-clusters#accessibility).# - **Injected env variables**: `HOST`, `READER_HOST`, `PORT`### `Event bus`# - **Permissions:**# - publish events to the specified Event bus# - **Injected env variables**: `ARN`### `Function`# - **Permissions:**# - invoke the specified function# - invoke the specified function via url (if lambda has URL enabled)# - **Injected env variables**: `ARN`### `Batch job`# - **Permissions:**# - submit batch-job instance into batch-job queue# - list submitted job instances in a batch-job queue# - describe / terminate a batch-job instance# - list executions of state machine which executes the batch-job according to its strategy# - start / terminate execution of a state machine which executes the batch-job according to its strategy# - **Injected env variables**: `JOB_DEFINITION_ARN`, `STATE_MACHINE_ARN`### `User auth pool`# - **Permissions:**# - full control over the user pool (`cognito-idp:*`)# - for more information about allowed methods refer to [AWS docs](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitouserpools.html)# - **Injected env variables**: `ID`, `CLIENT_ID`, `ARN`#### `SNS Topic`# - **Permissions:**# - confirm/list subscriptions of the topic# - publish/subscribe to the topic# - unsubscribe from the topic# - **Injected env variables**: `ARN`, `NAME`#### `SQS Queue`# - **Permissions:**# - send/receive/delete message# - change visibility of message# - purge queue# - **Injected env variables**: `ARN`, `NAME`, `URL`### `Upstash Kafka topic`# - **Injected env variables**: `TOPIC_NAME`, `TOPIC_ID`, `USERNAME`, `PASSWORD`, `TCP_ENDPOINT`, `REST_URL`### `Upstash Redis`# - **Injected env variables**: `HOST`, `PORT`, `PASSWORD`, `REST_TOKEN`, `REST_URL`, `REDIS_URL`### `Private service`# - **Injected env variables**: `ADDRESS`### `aws:ses`(Macro)# - **Permissions:**# - gives full permissions to aws ses (`ses:*`).# - for more information about allowed methods refer to [AWS docs](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonses.html)## - Type: array<string># - Required: falseconnectTo:- myDatabase- myBucket# Raw AWS IAM role statements appended to your resources's role.## - Type: array<object (reference)># - Required: falseiamRoleStatements:- Resource: ["example-value"]Sid: example-value
Packaging alternatives
stacktape-lambda-buildpack
This example shows how to configure packaging using stacktape-lambda-buildpack.
resources:myDeploymentScript:type: deployment-scriptproperties:# Configures how your script code is turned into a deployment package (deployment artifact)## - Currently supported packaging types are:# - `stacktape-lambda-buildpack` - Stacktape automatically builds your source code from the supplied source file path.# - `custom-artifact` - You provide path to your own lambda artifact. Stacktape will zip it for you if it's not zipped.# - Your deployment artifacts are automatically uploaded to the S3 deployment bucket.## - Type: object# - Required: truepackaging:## - Type: string# - Required: truetype: stacktape-lambda-buildpack## - Type: object# - Required: trueproperties:# Path to the entry point of your compute resource (relative to the stacktape config file)## - Stacktape tries to bundle all your source code with its dependencies into a single file.# - If a certain dependency doesn't support static bundling (because it depends on binary executable, uses dynamic require() calls, etc.),# Stacktape will install it and copy it to the bundle## - Type: string# - Required: trueentryfilePath: ./src/index.ts# The handler function (method) ran when the lambda function is invoked.## - Type: string# - Required: falsehandlerFunction: example-value# Files that should be explicitly included in the deployment package (glob pattern)## - Example glob pattern: `images/*.jpg`# - The path is relative to the stacktape configuration file location or to `cwd` if configured using `--currentWorkingDirectory` command line option.## - Type: array<string># - Required: falseincludeFiles:- public/**/*- assets/*.png# Files that should be explicitly excluded from deployment package (glob pattern)## Example glob pattern: `images/*.jpg`## - Type: array<string># - Required: falseexcludeFiles:- *.test.ts- node_modules/**# Dependencies to ignore.## - These dependencies won't be a part of your deployment package.## - Type: array<string># - Required: falseexcludeDependencies:- example-value# Configuration of packaging properties specific to given language## - Type: union (anyOf)# - Required: false
custom-artifact
This example shows how to configure packaging using custom-artifact.
resources:myDeploymentScript:type: deployment-scriptproperties:# Configures how your script code is turned into a deployment package (deployment artifact)## - Currently supported packaging types are:# - `stacktape-lambda-buildpack` - Stacktape automatically builds your source code from the supplied source file path.# - `custom-artifact` - You provide path to your own lambda artifact. Stacktape will zip it for you if it's not zipped.# - Your deployment artifacts are automatically uploaded to the S3 deployment bucket.## - Type: object# - Required: truepackaging:## - Type: string# - Required: truetype: custom-artifact## - Type: object# - Required: trueproperties:# Path to the lambda package to use as the source for this lambda function## - If the specified package path is a directory or an non-zip file, it will be automatically zipped.## - Type: string# - Required: truepackagePath: ./path/to/packagePath# The handler function (method) ran when the lambda function is invoked.## - Path to the entryfile and method inside your package.# - The syntax is `{{filepath}}:{{functionName}}`.# - Example: `my-lambda/index.js:default`## - Type: string# - Required: falsehandler: example-value