Automate Multi‑Environment Serverless Deployments with Terraform and Serverless Devs

Background

In modern cloud adoption, platform teams abstract cloud resources for developers while infrastructure teams manage security, cost, and account boundaries. This separation creates divergent lifecycle expectations for applications and infrastructure, increasing communication overhead and slowing iteration.

Key Concepts

Service : Describes a workload (e.g., a function or container) and contains only program‑related configuration such as function settings or log paths.

Environment : The runtime carrier that defines network, cluster, storage, and operational settings (autoscaling, resource specs, etc.).

Pipeline : CI/CD definition that builds code and deploys the service to all environments.

Application : A collection of services, environments, and pipelines.

Template‑Based Workflow

Platform admins package network, logging, storage, and database resources into environment templates and package Function Compute (FC) functions and Serverless Application Engine (SAE) applications into service templates .

Infrastructure admins review the templates and assign appropriate sub‑accounts.

Platform admins create test, pre‑release, and production environments from the templates and grant developers the necessary permissions.

Developers create services from service templates and bind them to the chosen environment.

Developers trigger pipelines manually or via code commits to execute CI/CD.

Why Serverless Devs Needs Environment Support

Serverless Devs stores code and infrastructure together in a single s.yaml. In multi‑environment scenarios this causes three problems:

Maintaining a separate s.yaml per environment is costly and forces unnecessary redeployments.

Platform‑level configurations (VPC, NAS, RAM roles) are opaque to developers, reducing efficiency and increasing security risk.

Component‑level resource changes (e.g., database engine, VPC) may trigger instance recreation; component developers often lack the logic to handle these edge cases.

The template approach described above resolves these issues by separating infrastructure from application code.

Defining Environment Templates with Terraform

Terraform is the de‑facto IaC standard. An environment template is a directory that contains:

Variable definitions ( variable) exposing parameters for developers.

Resource definitions ( resource) that create the actual cloud resources.

Outputs ( output) that expose values for downstream services.

policy.json listing the minimal RAM permissions required by the template.

Example Terraform files can be found at:

https://github.com/devsapp/fc/blob/main/examples/multi-envs/infra/main.tf

https://github.com/devsapp/fc/blob/main/examples/multi-envs/infra/policy.json

Publishing an Environment Template

Platform admins register a template with the following command:

s env apply-template --name testing --description 'it is a demo' --code ./infra

Parameters:

name (required): Environment template name.

description (optional): Human‑readable description.

code (optional): Path to the template code directory.

Successful execution returns the template’s variables, outputs, status, policy, and version information.

Creating an Environment from a Template

Developers run an interactive command to instantiate an environment: s env init The wizard prompts for environment name, region, role, template name, and parameter values. After completion a file .s/env/fc-env-testing.yaml is generated locally.

Deploying a Function to a Specific Environment

Developers write an s.yaml that references the environment’s outputs and name, then deploy with: s deploy --env fc-env-testing The tool first checks whether the environment is ready; if not, it provisions the environment before deploying the service.

Summary

By separating responsibilities into environment, service, and pipeline templates, teams can work autonomously while preserving security and cost controls. Terraform provides a robust IaC foundation for reusable environment templates, and Serverless Devs acts as the orchestration layer that ties template publishing, environment provisioning, and application deployment into a seamless DevOps pipeline.