Deploying serverless applications - Amazon Serverless Application Model
Deploying using CI/CD systemsDeploying using the Amazon SAM CLITroubleshooting deployments using the Amazon SAM CLIGradual deploymentsLearn more
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Deploying serverless applications

Amazon SAM uses Amazon CloudFormation as the underlying deployment mechanism. For more information, see What is Amazon CloudFormation? in the Amazon CloudFormation User Guide. The standard inputs to deploying serverless applications are the build artifacts created using the sam build command. For more information about sam build, see Building serverless applications.

You can deploy your application manually using Amazon SAM command line interface (CLI) commands. You can also automate the deployments of your application using a continuous integration and continuous deployment (CI/CD) system. You can use many common CI/CD systems for deploying Amazon SAM applications, including Amazon CodePipeline, Jenkins, GitLab CI/CD, and GitHub Actions.

Deploying using CI/CD systems

Amazon SAM helps organizations create pipelines for their preferred CI/CD systems, so that they can realize the benefits of CI/CD with minimal effort, such as accelerating deployment frequency, shortening lead time for changes, and reducing deployment errors.

Amazon SAM simplifies CI/CD tasks for serverless applications with the help of build container images. The images that Amazon SAM provides include the Amazon SAM CLI and build tools for a number of supported Amazon Lambda runtimes. This makes it easier to build and package serverless applications using the Amazon SAM CLI. These images also alleviate the need for teams to create and manage their own images for CI/CD systems. For more information about Amazon SAM build container images, see Image repositories.

Multiple CI/CD systems support Amazon SAM build container images. Which CI/CD system you should use depends on several factors. These include whether your application uses a single runtime or multiple runtimes, or whether you want to build your application within a container image or directly on a host machine, either a virtual machine (VM) or bare metal host.

Amazon SAM also provides a set of default pipeline templates for multiple CI/CD systems that encapsulate Amazon's deployment best practices. These default pipeline templates use standard JSON/YAML pipeline configuration formats, and the built-in best practices help perform multi-account and multi-region deployments, and verify that pipelines cannot make unintended changes to infrastructure.

You have two main options for using Amazon SAM to deploy your serverless applications: 1) Modify your existing pipeline configuration to use Amazon SAM CLI commands, or 2) Generate an example CI/CD pipeline configuration that you can use as a starting point for your own application.

For more information about these options, see the following topics:

Deploying using the Amazon SAM CLI

After you develop and test your serverless application locally, you can deploy your application using the sam deploy command.

To have Amazon SAM guide you through the deployment with prompts, specify the --guided flag. When you specify this flag, the sam deploy command zips your application artifacts, uploads them either to Amazon Simple Storage Service (Amazon S3) (for .zip file archives) or to Amazon Elastic Container Registry (Amazon ECR) (for container images). The command then deploys your application to the Amazon Cloud.

Example:

# Deploy an application using prompts:
sam deploy --guided

Troubleshooting deployments using the Amazon SAM CLI

Amazon SAM CLI error: "Security Constraints Not Satisfied"

When running sam deploy --guided, you're prompted with the question HelloWorldFunction may not have authorization defined, Is this okay? [y/N]. If you respond to this prompt with N (the default response), you see the following error:

 
Error: Security Constraints Not Satisfied

The prompt is informing you that the application you're about to deploy might have an Amazon API Gateway API configured without authorization. By responding N to this prompt, you're saying that this is not OK.

To fix this, you have the following options:

  • Configure your application with authorization. For information about configuring authorization, see Controlling access to API Gateway APIs.

  • Respond to this question with Y to indicate that you're OK with deploying an application that has an API Gateway API configured without authorization.

Gradual deployments

If you want to deploy your Amazon SAM application gradually rather than all at once, you can specify deployment configurations that Amazon CodeDeploy provides. For more information, see Working with deployment configurations in CodeDeploy in the Amazon CodeDeploy User Guide.

For information about configuring your Amazon SAM application to deploy gradually, see Deploying serverless applications gradually.

Learn more

For hands-on examples of deploying serverless applications, see the following from The Complete Amazon SAM Workshop:

  • Module 3 - Deploy manually – Learn how to build, package, and deploy a serverless application using the Amazon SAM CLI.

  • Module 4 - CI/CD – Learn how to automate the build, package, and deployment phases by creating a continuous integration and delivery (CI/CD) pipeline.