anonymousDan parent
Anyone here actually developing Python apps on AWS Lambda? If so do you use Serverless Framework or something else? I am part of a research project that is developing techniques for identifying security vulnerabilities in serverless apps so would be interested to understand what people are actually using for deployment and why.
If you try to use serverless (the framework) for Python, you very quickly learn that its support is a second-class citizen vs building in TS/JS.
Adjacent concern but: It also makes for unholy large Docker images to combine an entire JS toolchain with an entire Python toolchain.
Zappa is a better (more native) choice.
Terraform modules provide a decent Python Lambda experience.
AWS also has multiple semi-overlapping projects in the space. Chalice, SAM, and Powertools specifically to name a few. CDK more generally as well.
We deploy lambda using container images. We configure lambdas using terraform and deploy using GitHub actions.
We never considered using serverless or anything else because we also have ECS services, RDS databases, React frontends, and a lot more. It requires some knowhow to get a good setup, but it's hard to imagine anyone more opinionated framework doing what we want.
I'm pretty darned sure i used AWS's own boto3 python library for lambda, when working for Amazon a few years ago.
https://boto3.amazonaws.com/v1/documentation/api/latest/inde...
We’re using a FastAPI stack, plus or minus Mangum, to selectively deploy to Fargate or Lambda depending on the workload requirements. Deploy using Terraform, ECS tasks just expose the local uwsgi and Lambda/Mangum just wraps the app entry point. It’s simple and lets us keep the codebases/libraries consistent.
I switched from Chalice to Zappa several years ago and now manage several production projects with it.
CDK; don't love it, but it works.
tbf; with `aws_lambda_python_alpha.PythonFunction` in a Poetry based project, we do get a lot for free. I like small layer based deployments (so we can use things like `aws_lambda.ParamsAndSecretsLayerVersion` etc).
Gets a bit more hacky when you try and enable IPv6, but that is just AWS.