Aurora for serverless Laravel

Production Showcase Source Code

The why, the how and the what

An open source, alternative to Laravel Vapor. For instructions for how to this up, see https://stories.rdok.co.uk/2021/06/serverless-laravel/#setup

Use this repository to automate creating a serverless Laravel with Aurora MySQL environment.

It uses AWS SAM with GitHub CI/CD actions to create the AWS resources, including the Aurora & Laravel Lambdas.

Aurora

Aurora has the capability to auto pause after a given amount of time with no activity. During testing, it took around 30s for it to resume after paused.

Private Link VPC endpoints are a better alternative to NAT Gateways. Laravel lambdas use said private links to connect to Aurora, S3, and Secrets Manager AWS resources.

  • Network bandwidth is cheaper than NAT Gateway by four times.
  • More secure than NAT Gateway as the connection always stays in AWS private network.
  • Laravel & artisan fetch the secrets with database credentials on each cycle using a custom provider.
  • AWS does not allow duplicate private links DNS for secrets manager. As such, said private link are re-used for test and prod environments.

Secrets

Using IAM auth the Laravel lambda would not need to use a password when connecting to the database. This would also remove the need to rotate the database secrets. However, Aurora does not support IAM auth. Instead, SecretsManager are used.

Secrets rotation goes outside the scope of this repo. It requires creating a lambda to do so.

CI/CD

  • The CI/CD user assumes the role with relevant authorisation for creating the relevant resources.
  • For a new environment it takes ~15 minutes to build everything, while ~2 minutes to re-deploy any simple change.
  • Migrations automatically run through the Laravel artisan lambda on each deployment.
  • test environment is auto deployed for any change on main branch.
  • Developers have to manually trigger prod environment deployments.

Costs

  • Cost almost 2 dollars every day for the private link VPC endpoints. Minor to no costs for Aurora when paused.
  • To ensure low costs, the test environment is auto deleted every midnight.