Share

How to run npm ci from Terraform

Install Node dependencies during deployment in an optimized way

Author's image
Tamás Sallai
1 min
Want to learn AWS serverless development? Click here

NPM dependencies in Lambda

You can define Lambda code inline in an archive_file data source, but that works only for simple functions without any dependencies. For anything more serious, you'll need a package.json and npm to install third-party libraries.

But then, before you upload the code to AWS you need to run npm ci. Terraform's archive_file does little to help here: it's a dumb construct that zips anything that happens to be in the source directory. Which, if you forgot to install the dependencies breaks the function.

How to make Terraform run npm ci automatically?

Book
Building GraphQL APIs with AWS AppSync
How to design, implement, and deploy GraphQL-based APIs on the AWS cloud

Running external programs

Terraform supports the external data source that provides support for arbitrary commands. This allows complex builds to run as part of the deploy process.

Related
How to run a build script with Terraform
Static files are easy to deploy with Terraform. But what about compiled apps?

But npm ci is needed only occassionally, so if it's run every time you run terraform apply or terraform plan, it slows down all deployments considerably.

Fortunately, both the node_modules and the package-lock.json have a modification timestamp. npm ci is only needed if the time of the node_modules is earlier than the time of package-lock.json. And this is exactly what make supports.

Create a makefile that has a node_modules target that depends on package-lock.json:

# Makefile

node_modules: package-lock.json
	npm ci

In the Terraform config, run make node_modules:

# main.tf

data "external" "build" {
	program = ["bash", "-c", <<EOT
(make node_modules) >&2 && echo "{\"dest\": \".\"}"
EOT
	]
	working_dir = "${path.module}/src"
}

data "archive_file" "lambda_zip" {
	type        = "zip"
	output_path = "/tmp/lambda-${random_id.id.hex}.zip"
	source_dir  = "${data.external.build.working_dir}/${data.external.build.result.dest}"
}

resource "aws_lambda_function" "lambda" {
	# ...
	filename         = data.archive_file.lambda_zip.output_path
	source_code_hash = data.archive_file.lambda_zip.output_base64sha256
}

Note the result value of the external build ({dest: "."}) and the source_dir argument of the archive_file. This defines an implicit dependency between the two, so the dependencies are guaranteed to be installed when the archive_file zips the folder.

Master AWS serverless app development

Well-researched books and courses to help you with your serverless journey in one single package.

A package of 4 books and 1 course.

Build deep understanding and accelerate your learning of AWS, serverless, and web technologies.

More info and sign up >
March 15, 2022
Author's image
Tamás Sallai

I came to believe that great software craftsmanship starts with understanding the underlying technologies better. You can't rely on "easy solutions" and "quick fixes" when you want dependable systems. I write about technology to deepen my knowledge and also to help others solve problems.

I'm the author of several books and courses.

Author's image

Hi, I'm Tamás,

I write articles about AWS, Javascript, security, and web technologies.

I'm the author of several books and courses.

Free PDF guide

Sign up to our newsletter and download the "Foreign key constraints in DynamoDB" guide.

In this article
NPM dependencies in Lambda Running external programs