CI/CD for Serverless with AWS SAM
A guide to automating the deployment of your serverless applications using the AWS Serverless Application Model (SAM) CLI. Learn how to use `sam build` and `sam deploy` to create a simple CI/CD pipeline.
Developing serverless applications with the AWS Serverless Application Model (SAM) is a great experience. It provides a simple, clean syntax for defining your Lambda functions, API Gateways, and DynamoDB tables. But once you've tested your application locally with sam local
, how do you automate its deployment to your AWS account in a repeatable and reliable way?
The answer is to build a CI/CD (Continuous Integration/Continuous Deployment) pipeline using the power of the SAM CLI's build
and deploy
commands.
The Goal: A Simple, Automated Workflow
Our goal is to create a workflow that automatically happens every time you push a change to your Git repository's main branch:
- Build: The application code is built, and dependencies are installed.
- Package: The built application is packaged into a deployment artifact.
- Deploy: The packaged application is deployed to AWS, updating your CloudFormation stack.
The Core SAM Commands for CI/CD
The SAM CLI provides two essential commands for this process: sam build
and sam deploy
.
1. sam build
This command is the first step in your pipeline. It reads your template.yaml
file, looks at your Lambda function resources, and does the following:
- It creates a
.aws-sam/build
directory. - For each function, it installs its dependencies (e.g., from a
requirements.txt
for Python orpackage.json
for Node.js) into a separate subdirectory. - It copies your source code into this directory.
- It creates an updated
template.yaml
file in the build directory, modifying theCodeUri
properties of your functions to point to their respective build subdirectories.
Why is this important? It prepares your application for packaging by creating a clean, self-contained build artifact for each function.
To run it in a CI/CD environment, you'll often use the --use-container
flag. This tells SAM to build your functions inside a Docker container that matches the Lambda runtime environment, which avoids any issues with platform-specific dependencies.
sam build --use-container
2. sam deploy
This is the command that does the heavy lifting of deploying your application. It performs two main actions:
- Package: It takes the build artifacts from the
.aws-sam/build
directory, zips them up, and uploads them to a specified S3 bucket. - Deploy: It then takes the updated
template.yaml
(which now references the code in the S3 bucket) and creates or updates a CloudFormation stack with your resources.
sam deploy
has a number of useful flags for automation:
--stack-name
: The name of the CloudFormation stack to create or update.--s3-bucket
: The name of the S3 bucket to upload the packaged code to.--capabilities CAPABILITY_IAM
: Required if your template creates IAM roles.--no-confirm-changeset
: This is crucial for CI/CD. It tells SAM not to prompt for interactive confirmation before deploying the changes.--region
: The AWS region to deploy to.
A Simple CI/CD Script
Putting it all together, a simple deployment script that you could run in a CI/CD environment (like GitHub Actions or AWS CodePipeline) would look like this:
#!/bin/bash
# Variables
STACK_NAME="my-serverless-app"
S3_BUCKET="my-deployment-bucket"
REGION="us-east-1"
# Exit immediately if a command exits with a non-zero status.
set -e
# 1. Build the application
echo "Building SAM application..."
sam build --use-container
# 2. Deploy the application
echo "Deploying SAM application..."
sam deploy \
--stack-name $STACK_NAME \
--s3-bucket $S3_BUCKET \
--capabilities CAPABILITY_IAM \
--no-confirm-changeset \
--region $REGION
echo "Deployment successful!"
Integrating with GitHub Actions
Here's how you could use this in a simple GitHub Actions workflow that deploys on every push to the main
branch.
# .github/workflows/deploy.yml
name: Deploy SAM Application
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up AWS SAM CLI
uses: aws-actions/setup-sam@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Build SAM application
run: sam build --use-container
- name: Deploy SAM application
run: |
sam deploy \
--stack-name my-serverless-app \
--s3-bucket ${{ secrets.AWS_S3_BUCKET }} \
--capabilities CAPABILITY_IAM \
--no-confirm-changeset \
--region us-east-1
Conclusion
The AWS SAM CLI provides a powerful and straightforward set of tools for automating your serverless deployments. By combining sam build
and sam deploy
in a simple script, you can create a robust CI/CD pipeline that ensures your application is built and deployed in a consistent and reliable way every time. This is a fundamental practice for any professional serverless development workflow.