Deploying Astro with AWS SST

Introduction

If you are looking to deploy your application on AWS, the Serverless Stack Framework (SST) is a powerful tool that simplifies the process. In this blog post, we’ll guide you through the steps to deploy your app using AWS SST.

AWS SST is a bit more complicated than other deployment services such as Vercel or Heroku ($20 - $25 per month) but the main advantage is that is very cheap and you will learn AWS a bit more, which is what we all want right? 😁

What is AWS SST?

AWS Service Stack (SST) is an open-source framework for building serverlessapplications on AWS. It simplifies the development and deployment process by providing a higher-level abstraction and encouraging best practices for serverlessapplication architecture. SST works well with a variety of AWS services like Lambda, API Gateway, DynamoDB, and more, making it a great choice for deploying apps.

Prerequisites

Before we dive into deploying your app, you’ll need the following prerequisites:

  1. An AWS account: You’ll need an AWS account to create and manage your serverless resources.

  2. Node.js: Ensure you have Node.js installed on your local machine.

  3. AWS CLI: Install the AWS Command Line Interface and configure it with your AWS credentials.

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

  1. And of course, your Astro, or Svelte app

Step 1: Create IAM and set up your credentials

Creating an IAM policy

I recommend to generate a role with the least privilege policies.

For SST to deploy and manage your applications, it requires certain IAM permissions. Below there is a link to an IAM policy with the list of required permissions which you can copy and paste directly into your AWS IAM console and assign the policy to your user.

https://docs.sst.dev/advanced/iam-credentials#iam-permissions

Add AWS credentials to your project

You can configure your credentials using ‘aws config’ [png]

or keep your AWS credentials in a file. By default, SST uses the credentials for the [default] profile. Don’t forget to add to your git ignore list.

~/.aws/credentials on Linux, Unix, and macOS; C:\Users\USER_NAME.aws\credentials on Windows

[default]
aws_access_key_id = <DEFAULT_ACCESS_KEY_ID>
aws_secret_access_key = <DEFAULT_SECRET_ACCESS_KEY>

[staging]
aws_access_key_id = <STAGING_ACCESS_KEY_ID>
aws_secret_access_key = <STAGING_SECRET_ACCESS_KEY>

[production]
aws_access_key_id = <PRODUCTION_ACCESS_KEY_ID>
aws_secret_access_key = <PRODUCTION_SECRET_ACCESS_KEY>

Step 2: Install and Configure AWS SST

To get started, you need to install SST globally using your package manager of choise:

pnpm create sst
pnpm install        # Install SST dependencies

This will create an sst.config.ts file that handles your configuration and metadata.

import type { SSTConfig } from "sst";
import { AstroSite, Bucket } from "sst/constructs";

export default {
  config(_input) {
    return {
      name: "portfolio",
      region: "eu-central-1",
      profile: 'default',
    };
  },
  stacks(app) {
   app.stack(function Site({ stack }) {

      const bucket = new Bucket(stack, "public");
      
      const site = new AstroSite(stack, "site", {
        bind: [bucket],
        customDomain:{
          domainName: "f4bra.com",
          domainAlias: "www.f4bra.com",
        }
      });
      stack.addOutputs({
        url: site.url,
      });
    });
  },
} satisfies SSTConfig;

From here we can create a bucket that will store ourapp files and in my case modify the region. Make sure you import the Bucket construc from sst resources.

Add

Install

pnpm add @aws-sdk/client-s3
pnpm add @aws-sdk/s3-request-presigner

Add the following code to your index.astro

const command = new PutObjectCommand({
  ACL: "public-read",
  Key: crypto.randomUUID(),
  Bucket: Bucket.public.bucketName,
});
const url = await getSignedUrl(new S3Client({}), command);

🚀 Step 7: Deploy your app: Continuous Deployment

For seamless continuous deployment, consider setting up a CI/CD pipeline using AWS CodePipeline and AWS CodeBuild. This allows automatic deployment of changes to your app whenever you push code to your repository.

name: SST deployment
on: push

concurrency:
  group: merge-${{ github.ref }}

permissions:
  id-token: write
  contents: read

jobs:
  DeployApp:
    runs-on: ubuntu-latest
    steps:
      - name: Git clone the repository
        uses: actions/checkout@v3
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: arn:aws:iam::893906031708:role/GitHub
          role-duration-seconds: 3600
          aws-region: eu-central-1
      - name: Setup pnpm
        uses: pnpm/action-setup@v2
        with:
          version: 8
      - name: Deploy app
        run: |
          pnpm i && pnpm sst deploy

Conclusion

Deploying a app using AWS SST streamlines the process of leveraging AWS services for your serverless webapplications. SST simplifies deployment, enabling you to concentrate on your application’s functionality. By following the steps provided in this blog post, you can quickly launch your app on AWS within a serverless architecture. Happy coding and deploying!