| name | trigger-migration |
| description | Manually triggers the migration Lambda for deployed environments. Use when migrations need to be run outside of CI/CD. |
| allowed-tools | Bash(aws lambda invoke:*) |
Trigger Migration Lambda
Manually triggers database migrations in deployed environments.
When to Use
- After manual SST deployment (without CI/CD)
- To re-run failed migrations
- Emergency migration fixes
Commands
Development
aws lambda invoke --function-name template-saas-api-migrate-lambda-dev /dev/null
Production
aws lambda invoke --function-name template-saas-api-migrate-lambda-prod /dev/null
Prerequisites
- AWS CLI configured with correct profile/credentials
- Lambda function deployed (via SST)
- Database accessible from Lambda
How It Works
The Migration Lambda:
- Connects to PostgreSQL using
DbConnStrsecret - Runs Alembic migrations via
migration.sh - Returns success/failure status
Lambda Naming Convention
{project}-api-migrate-lambda-{stage}
For this project: template-saas-api-migrate-lambda-{dev|prod}
Checking Migration Status
View Lambda Logs
aws logs tail /aws/lambda/template-saas-api-migrate-lambda-dev --follow
Check Current Migration
# Via Docker locally
docker compose exec back uv run alembic current
# In production, check Lambda logs
CI/CD Integration
Normally, migrations run automatically in CI/CD:
- Backend deploy job completes
- Migrate job triggers Migration Lambda
- Pipeline fails if migration fails
See .github/workflows/deploy-backend.yml.
Manual Production Migration
For production migrations outside of CI/CD:
- Use
.github/workflows/migrate-production.yml - Requires typing "migrate-production" to confirm
- Creates audit trail in GitHub Actions
Troubleshooting
Lambda Timeout
- Check database connectivity
- Verify
DbConnStrsecret is set - Check Lambda has VPC access if needed
Migration Errors
- Check Lambda CloudWatch logs
- Verify migration files are correct
- Test locally first with Docker