CI/CD for Serverless with AWS SAM

CI/CD for Serverless with AWS SAM

Published November 28, 2023 · by Eric Wilson · in devops

A guide to automating the deployment of your serverless applications using the AWS Serverless Application Model (SAM) CLI. Learn how to use `sam build` and `sam deploy` to create a simple CI/CD pipeline.

Developing serverless applications with the AWS Serverless Application Model (SAM) is a great experience. It provides a simple, clean syntax for defining your Lambda functions, API Gateways, and DynamoDB tables. But once you've tested your application locally with sam local, how do you automate its deployment to your AWS account in a repeatable and reliable way?

The answer is to build a CI/CD (Continuous Integration/Continuous Deployment) pipeline using the power of the SAM CLI's build and deploy commands.

The Goal: A Simple, Automated Workflow

Our goal is to create a workflow that automatically happens every time you push a change to your Git repository's main branch:

  1. Build: The application code is built, and dependencies are installed.
  2. Package: The built application is packaged into a deployment artifact.
  3. Deploy: The packaged application is deployed to AWS, updating your CloudFormation stack.

The Core SAM Commands for CI/CD

The SAM CLI provides two essential commands for this process: sam build and sam deploy.

1. sam build

This command is the first step in your pipeline. It reads your template.yaml file, looks at your Lambda function resources, and does the following:

  • It creates a .aws-sam/build directory.
  • For each function, it installs its dependencies (e.g., from a requirements.txt for Python or package.json for Node.js) into a separate subdirectory.
  • It copies your source code into this directory.
  • It creates an updated template.yaml file in the build directory, modifying the CodeUri properties of your functions to point to their respective build subdirectories.

Why is this important? It prepares your application for packaging by creating a clean, self-contained build artifact for each function.

To run it in a CI/CD environment, you'll often use the --use-container flag. This tells SAM to build your functions inside a Docker container that matches the Lambda runtime environment, which avoids any issues with platform-specific dependencies.

sam build --use-container

2. sam deploy

This is the command that does the heavy lifting of deploying your application. It performs two main actions:

  1. Package: It takes the build artifacts from the .aws-sam/build directory, zips them up, and uploads them to a specified S3 bucket.
  2. Deploy: It then takes the updated template.yaml (which now references the code in the S3 bucket) and creates or updates a CloudFormation stack with your resources.

sam deploy has a number of useful flags for automation:

  • --stack-name: The name of the CloudFormation stack to create or update.
  • --s3-bucket: The name of the S3 bucket to upload the packaged code to.
  • --capabilities CAPABILITY_IAM: Required if your template creates IAM roles.
  • --no-confirm-changeset: This is crucial for CI/CD. It tells SAM not to prompt for interactive confirmation before deploying the changes.
  • --region: The AWS region to deploy to.

A Simple CI/CD Script

Putting it all together, a simple deployment script that you could run in a CI/CD environment (like GitHub Actions or AWS CodePipeline) would look like this:

#!/bin/bash

# Variables
STACK_NAME="my-serverless-app"
S3_BUCKET="my-deployment-bucket"
REGION="us-east-1"

# Exit immediately if a command exits with a non-zero status.
set -e

# 1. Build the application
echo "Building SAM application..."
sam build --use-container

# 2. Deploy the application
echo "Deploying SAM application..."
sam deploy \
    --stack-name $STACK_NAME \
    --s3-bucket $S3_BUCKET \
    --capabilities CAPABILITY_IAM \
    --no-confirm-changeset \
    --region $REGION

echo "Deployment successful!"

Integrating with GitHub Actions

Here's how you could use this in a simple GitHub Actions workflow that deploys on every push to the main branch.

# .github/workflows/deploy.yml
name: Deploy SAM Application

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up AWS SAM CLI
        uses: aws-actions/setup-sam@v2

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1

      - name: Build SAM application
        run: sam build --use-container

      - name: Deploy SAM application
        run: |
          sam deploy \
            --stack-name my-serverless-app \
            --s3-bucket ${{ secrets.AWS_S3_BUCKET }} \
            --capabilities CAPABILITY_IAM \
            --no-confirm-changeset \
            --region us-east-1

Conclusion

The AWS SAM CLI provides a powerful and straightforward set of tools for automating your serverless deployments. By combining sam build and sam deploy in a simple script, you can create a robust CI/CD pipeline that ensures your application is built and deployed in a consistent and reliable way every time. This is a fundamental practice for any professional serverless development workflow.

Back to All Blogs