The storage construct deploys S3 buckets to store files.
service: my-app
provider:
name: aws
constructs:
avatars:
type: storage
plugins:
- serverless-liftOn serverless deploy, a properly configured S3 bucket will be created.
The storage construct creates and configures the S3 bucket for production:
- Files stored in the bucket are automatically encrypted (S3 takes care of encrypting and decrypting data on the fly, without change to our applications).
- File versioning is enabled to prevent any accidental data loss. Old versions are automatically purged after 30 days to avoid extra costs.
- Storage costs are optimized automatically via intelligent tiering.
To learn more about the architecture of this construct, read this article.
All storage constructs expose the following variables:
bucketName: the name of the deployed S3 bucketbucketArn: the ARN of the deployed S3 bucket
This can be used to reference the bucket from Lambda functions, for example:
constructs:
avatars:
type: storage
functions:
myFunction:
handler: src/index.handler
environment:
BUCKET_NAME: ${constructs:avatars.bucketName}How it works: the ${constructs:avatars.bucketName} variable will automatically be replaced with a CloudFormation reference to the S3 bucket.
By default, all the Lambda functions deployed in the same serverless.yml file will be allowed to read/write into the bucket.
In the example below, there are no IAM permissions to set up: myFunction will be allowed to read and write into the avatars bucket.
constructs:
avatars:
type: storage
functions:
myFunction:
handler: src/index.handler
environment:
BUCKET_NAME: ${constructs:avatars.bucketName}By default, files are encrypted using the default S3 encryption mechanism (free).
Alternatively, for example to comply with certain policies, it is possible to use KMS:
constructs:
avatars:
# ...
encryption: kmsLooking for more options in the construct configuration? Open a GitHub issue.