Deployment
The best way to deploy your app is through the npm run deploy command.
This ensures that:
- Infrastructure defined in serverless.yml is deployed to AWS.
- Nuxt static site is built.
- Nuxt site is pushed to the S3 bucket created in step 1.
deployment-params.yml
The deploy command uses properties defined in deployment-params.yml.
| Parameter | Type | Description |
|---|---|---|
| EmailEnabled | boolean | Enables Email. |
| ForwardingEmailAddress | string | Address to which to forward inbound emails. |
| GitHubRepositoryName | string | Name of repository running your CI workflow. Used to create GitHub role. |
| HostedZoneId | string | Hosted zone for your Custom domain. |
| PaymentsEnabled | boolean | Enables Payments. |
| RootDomain | string | Root domain for your Custom domain. |
| ServiceName | string | Prefix used to name resources created in AWS. |
| SignInEnabled | boolean | Enables Sign in. |
| SiteName | string | Name of your webapp, used in UI and email. |
| WaitListEnabled | boolean | Enables Waitlist. |
Advanced deployment commands
For faster feedback, it's helpful to also know the following commands.
sls deploy- deploys infrastructure only.npm run generate- generates the Nuxt static site.sls s3sync- pushes the static site to the S3 bucket.
After modifying Lambda function code, quickly deploy the change using sls deploy function -f <function-name>.
The sls command by default uses the dev stage.
Run the command for prod by appending --stage prod.
Removing all infrastructure
To remove all dev infrastructure resources run sls remove.
To remove all prod resources, first manually disable deletion protection on your user pool.
In the AWS Console, select your user pool,
then go to Settings > Deletion protection > Deactivate. Now you can run sls remove, adding --stage prod.
Security
Take into account these security best-practices when deploying your webapp.
- Custom domain - do not launch your webapp without a custom domain (i.e. using the default
xxxxxxxxxxxxx.cloudfront.netdomain). When you deploy without a custom domain, API calls can come from any*origin. With a custom domain, API calls are restricted to theRootDomainset in deployment-params.yml, which is more secure. - GitHub deployment permissions - GitHub assumes the AWS role that is created when you run
npm run deployInitial. If you need to add other kinds of AWS resources to serverless.yml, modify the default GitHub role to avoid permissions errors in CI. Add permissions to initial-aws-setup.yml then runnpm run deployInitial.