> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt) # circleci/aws-sam-serverless Build, Test, and Deploy your AWS serverless applications on CircleCI utilizing the AWS Serverless Application Model. ## Commands ### build Build your Lambda source. The sam build command iterates through the functions in your application, looks for a manifest file (such as requirements.txt) that contains the dependencies, and automatically creates deployment artifacts that you can deploy to Lambda using the sam package and sam deploy commands. You can also use sam build in combination with other commands like sam local invoke to test your application locally. Ensure CLI has been installed before utilizing. | Parameter | Type | Default | Description | |---|---|---|---| | `base_dir` | string | | Resolves relative paths to the function's source code with respect to this folder. Use this if the AWS SAM template and your source code aren't in the same enclosing folder. By default, relative paths are resolved with respect to the template's location. | | `build_arguments` | string | | Additional arguments to pass to the build command. e.g. (--parallel) | | `build_container_vars` | string | | Environment variables to pass into the build container. Each instance of this option takes a key-value pair, where the key is the environment variable, and the value is the environment variable's value. Separate each key value pair with a comma, e.g build_container_vars: Function1.GITHUB_TOKEN=$TOKEN1, GLOBAL_ENV_VAR=$VAR2 NOTE: use_container parameter must be set to true in order to use build_container_vars. | | `build_dir` | string | | The path to a folder where the built artifacts are stored. | | `build_parameter_overrides` | string | | AWS CloudFormation parameter overrides encoded as key=value pairs for the sam build command. Use the same format as the AWS CLI. | | `debug` | boolean | false | Turns on debug logging. | | `profile_name` | string | default | Select a specific profile from your credential file to get AWS credentials. | | `region` | string | ${AWS_DEFAULT_REGION} | Sets the AWS Region of the service (for example, us-east-1). | | `template` | string | | The AWS SAM template file | | `use_container` | boolean | true | If your functions depend on packages that have natively compiled dependencies, use this flag to build your function inside an AWS Lambda-like Docker container. | | `validate` | boolean | true | Validate your template file. This will run unless manually set to false. | ### deploy Deploys an AWS SAM application. It is recommended to create a Workflow to build and deploy your SAM app to a development stack for testing before deploying to a production stack. | Parameter | Type | Default | Description | |---|---|---|---| | `arguments` | string | | Additional arguments to pass to the deploy command. e.x. (--resolve-image-repos) | | `capabilities` | string | CAPABILITY_IAM | Comma separated list of capabilities for AWS Cloudformation to create stacks. The only valid values are CAPABILITY_IAM and CAPABILITY_NAMED_IAM. If you have IAM resources, you can specify either capability. If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM. | | `debug` | boolean | false | Turns on debug logging. | | `image_repositories` | string | | Comma separated list of the ECR image repositories to push the Lambda container. If this option is set, the SAM package command will be run automatically. | | `no_fail_on_empty_changeset` | boolean | true | Specify if deploy command should return a zero exit code if there are no changes to be made to the stack. | | `parameter_overrides` | string | | AWS CloudFormation parameter overrides encoded as key=value pairs. Use the same format as the AWS CLI. | | `profile_name` | string | default | Select a specific profile from your credential file to get AWS credentials. | | `region` | string | ${AWS_DEFAULT_REGION} | (defaults to AWS_DEFAULT_REGION) | | `resolve_s3` | boolean | false | Automatically create an Amazon S3 bucket to use for packaging and deploying for non-guided deployments. If you specify the --guided option, then the AWS SAM CLI ignores --resolve-s3. If you specify both the --s3-bucket and --resolve-s3 options, then an error occurs. | | `s3_bucket` | string | | The name of the S3 bucket where this command uploads the artifacts that are referenced in your template. If this option is set, the SAM package command will be run automatically. | | `stack_name` | string | | The name of the AWS CloudFormation stack you're deploying to. If you specify an existing stack, the command updates the stack. If you specify a new stack, the command creates it. | | `template` | string | | The path where your AWS SAM template file is located. | ### install Install the AWS SAM CLI. | Parameter | Type | Default | Description | |---|---|---|---| | `python_version` | string | | If set, this version of Python will be installed and set with pyenv globally. ex: "3.7.0" This is only for the local environment and will not have any effect if use_container is enabled. | | `version` | string | latest | SAM CLI version to be installed. | ### local_start_api Run your SAM app locally in the background and wait until the server is online. This is an alias to the SAM CLI. | Parameter | Type | Default | Description | |---|---|---|---| | `debug` | boolean | false | Enable debug logging | | `dockerize_version` | string | 0.6.1 | Dockerize is a utility that will continuously attempt to connect to an endpoint. Used to wait for the API to come online. | | `endpoint` | string | | After invoking the local-api this endpoint will be tested against until it is online before allowing the job to continue. | | `env_vars` | string | | The JSON file that contains values for the Lambda function's environment variables. | | `port` | integer | 3000 | The local port number to listen on | | `template` | string | | The path where your AWS SAM template file is located. | | `timeout` | integer | 5 | The number in minutes to wait for the API to come online. | | `warm_containers` | enum | | Specifies how AWS SAM CLI manages containers for each function with two available options: EAGER: Containers for all functions are loaded at startup and persist between invocations. LAZY: Containers are only loaded when each function is first invoked. Those containers persist for additional invocations. | ## Jobs ### deploy Deploy serverless applications. | Parameter | Type | Default | Description | |---|---|---|---| | `arguments` | string | | Additional arguments to pass to the deploy command. e.x. (--resolve-image-repos) | | `auth` | steps | | The authentication method used to access your AWS account. Import the aws-cli orb in your config and provide the aws-cli/setup command to authenticate with your preferred method. View examples for more information. | | `base_dir` | string | | Resolves relative paths to the function's source code with respect to this folder. Use this if the AWS SAM template and your source code aren't in the same enclosing folder. By default, relative paths are resolved with respect to the template's location. | | `build_arguments` | string | | Additional arguments to pass to the build command. e.g. (--parallel) | | `build_container_vars` | string | | Environment variables to pass into the build container. Each instance of this option takes a key-value pair, where the key is the environment variable, and the value is the environment variable's value. Separate each key value pair with a comma, e.g build_container_vars: Function1.GITHUB_TOKEN=$TOKEN1, GLOBAL_ENV_VAR=$VAR2 NOTE: use_container parameter must be set to true in order to use build_container_vars. | | `build_dir` | string | | The path to a folder where the built artifacts are stored. | | `build_parameter_overrides` | string | | AWS CloudFormation parameter overrides encoded as key=value pairs for the sam build command. Use the same format as the AWS CLI. | | `capabilities` | string | CAPABILITY_IAM | Comma separated list of capabilities for AWS Cloudformation to create stacks. The only valid values are CAPABILITY_IAM and CAPABILITY_NAMED_IAM. If you have IAM resources, you can specify either capability. If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM. | | `debug` | boolean | false | Turns on debug logging. | | `image_repositories` | string | | Comma separated list of the ECR image repositories to push the Lambda container. If this option is set, the SAM package command will be run automatically. | | `machine_image` | string | ubuntu-2204:current | The CircleCI Linux Machine VM Image for this job. Find other available machine images here: https://circleci.com/docs/2.0/configuration-reference/#available-machine_images | | `no_fail_on_empty_changeset` | boolean | true | Specify if deploy command should return a zero exit code if there are no changes to be made to the stack. | | `parameter_overrides` | string | | AWS CloudFormation parameter overrides encoded as key=value pairs. Use the same format as the AWS CLI. | | `pre_deploy` | steps | | Run these steps prior to deploying the application, but after the checkout, install, build, and package steps. | | `profile_name` | string | default | Select a specific profile from your credential file to get AWS credentials. | | `python_version` | string | | If set, this version of Python will be installed and set with pyenv globally. ex: "3.7.0" This is only for the local environment and will not have any effect if use_container is enabled. | | `region` | string | ${AWS_DEFAULT_REGION} | Sets the AWS Region of the service (for example, us-east-1). | | `resolve_s3` | boolean | false | Automatically create an Amazon S3 bucket to use for packaging and deploying for non-guided deployments. If you specify the --guided option, then the AWS SAM CLI ignores --resolve_s3. If you specify both the --s3_bucket and --resolve_s3 options, then an error occurs. | | `s3_bucket` | string | | The name of the S3 bucket where this command uploads the artifacts that are referenced in your template. If this option is set, the SAM package command will be run automatically. | | `stack_name` | string | | The name of the AWS CloudFormation stack you're deploying to. If you specify an existing stack, the command updates the stack. If you specify a new stack, the command creates it. | | `template` | string | | The AWS SAM template file | | `use_container` | boolean | true | If your functions depend on packages that have natively compiled dependencies, use this flag to build your function inside an AWS Lambda-like Docker container. | | `validate` | boolean | true | Validate your template file. This will run unless manually set to false. | | `version` | string | latest | SAM CLI version to be installed. | ## Executors ### default Machine executor provided by CircleCI. Needed for privileged access to Docker for the SAM CLI. | Parameter | Type | Default | Description | |---|---|---|---| | `machine_image` | string | ubuntu-2204:current | The CircleCI Linux Machine VM Image for this job. Find other available machine images here: https://circleci.com/docs/2.0/configuration-reference/#available-machine-images | ## Examples ### build_test_deploy_oidc Test your Lambda functions in a staging environment before deploying to production with the "deploy" job using OIDC authentication. Import the aws-cli orb and authenticate using the aws-cli/setup command with a valid role-arn for OIDC authentication. ```yaml version: '2.1' orbs: aws-cli: circleci/aws-cli@4.0 sam: circleci/aws-sam-serverless@5.0 jobs: test_my_api: docker: - image: cimg/node:lts steps: - run: echo "Run your API tests here" workflows: test_and_deploy: jobs: - sam/deploy: auth: - aws-cli/setup: profile: OIDC-USER role_arn: arn:aws:iam::123456789012:role/VALID_OIDC_SAM_ROLE context: CircleCI_OIDC_Token name: deploy-staging profile: OIDC-USER s3_bucket: my-s3-bucket stack_name: staging-stack template: ./path/to/template.yml - test_my_api: requires: - deploy-staging - sam/deploy: auth: - aws-cli/setup: profile: OIDC-USER role_arn: arn:aws:iam::123456789012:role/VALID_OIDC_SAM_ROLE context: CircleCI_OIDC_Token name: deploy-production profile: OIDC-USER requires: - test_my_api stack_name: production-stack template: ./path/to/template.yml ``` ### deploy_lambda_container Deploy a Lambda Docker container via SAM using static AWS keys for authentication. Import the aws-cli orb and authenticate using the aws-cli/setup command with static AWS keys stored as env_vars (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). ```yaml version: '2.1' orbs: aws-cli: circleci/aws-cli@4.0 sam: circleci/aws-sam-serverless@5.0 jobs: test_my_api: docker: - image: cimg/node:lts steps: - run: echo "Run your API tests here" workflows: deploy_image: jobs: - sam/deploy: auth: - aws-cli/setup context: aws-credentials-context image_repositories: $IMG_URI stack_name: staging-stack template: ./path/to/template.yml ``` ### install_cli Install the SAM CLI to interact with the CLI directly. using static AWS keys for authentication. Import the aws-cli orb and authenticate using the aws-cli/setup command with static AWS keys stored as env_vars (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). ```yaml version: '2.1' orbs: aws-cli: circleci/aws-cli@4.0 sam: circleci/aws-sam-serverless@5.0 jobs: build_app: executor: sam/default steps: - checkout - aws-cli/setup - sam/install - run: sam build workflows: my-workflow: jobs: - build_app ``` ### local_test Install the SAM CLI to interact with the CLI directly. ```yaml version: '2.1' orbs: aws-cli: circleci/aws-cli@4.0 sam: circleci/aws-sam-serverless@5.0 jobs: build_and_package: executor: sam/default steps: - checkout - aws-cli/install - sam/install - sam/local_start_api workflows: null ```