How to Publish Applications
This section provides you with procedures for publishing your serverless application to the Amazon Serverless Application Repository by using the Amazon SAM CLI or the Amazon Web Services Management Console. It also shows you how to share your application to allow others to deploy it, and deleting your application from the Amazon Serverless Application Repository.
Important
The information that you enter when you publish an application isn't encrypted. This information includes data such as the author name. If you have personally identifiable information that you don't want to be stored or made public, we recommend that you don't enter this information when publishing your application.
Publishing an Application (Amazon CLI)
The easiest way to publish an application to the Amazon Serverless Application Repository is to use a set of Amazon SAM CLI commands. For more information, see Publishing an Application Using the Amazon SAM CLI in the Amazon Serverless Application Model (Amazon SAM) Developer Guide.
Publishing a New Application (Console)
This section shows you how to use the Amazon Web Services Management Console to publish a new application to the Amazon Serverless Application Repository. For instructions on publishing a new version of an existing application, see Publishing a New Version of an Existing Application.
Prerequisites
Before you publish an application to the Amazon Serverless Application Repository, you need the following:
-
A valid Amazon account.
-
A valid Amazon Serverless Application Model (Amazon SAM) template that defines the Amazon resources that are used. For more information about Amazon SAM templates, see Amazon SAM Template Basics.
-
A package for your application that you created by using the Amazon CloudFormation
packagecommand for the Amazon CLI. This command packages the local artifacts (local paths) that your Amazon SAM template references. For more details, see package in the Amazon CloudFormation documentation. -
A URL that points to your application's source code, in case you want to publish your application publicly.
-
A readme.txt file. This file should describe how customers can use your application, and how to configure it before deploying it in their own Amazon accounts.
-
A license.txt file or a valid license identifier from the SPDX website
. Note that a license is only required if you want to share your application publicly. If you're going to keep your application private or only share it privately, you don't need to specify a license. -
A valid Amazon S3 bucket policy that grants the service read permissions for artifacts that were uploaded to Amazon S3 when you packaged your application. To set this policy, follow these steps:
-
Open the Amazon S3 console at https://console.amazonaws.cn/s3/
. -
Choose the Amazon S3 bucket that you used to package your application.
-
Choose the Permissions tab.
-
Choose the Bucket Policy button.
-
Paste the following policy statement into the Bucket policy editor. Make sure to substitute your bucket name in the
Resourceelement, and your Amazon account ID in theConditionelement. The expression in theConditionelement ensure Amazon Serverless Application Repository only has permission to access applications from the specified Amazon account. For more information about policy statements, see IAM JSON policy elements reference in the IAM User Guide.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "serverlessrepo.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::bucketname/*", "Condition" : { "StringEquals": { "aws:SourceAccount": "123456789012" } } } ] } -
Choose the Save button.
-
Procedure
Create a new application in the Amazon Serverless Application Repository by using the following procedure.
To create a new application in the Amazon Serverless Application Repository
-
Open the Amazon Serverless Application Repository console
and choose Publish applications. -
On the Publish an application page, enter the following application information, and then choose Publish application:
Property Required Description Application name TRUE The name of the application.
Minimum length=1. Maximum length=140.
Pattern: "[a-zA-Z0-9\\-]+";
Author TRUE The name of the author publishing the application.
Minimum length=1. Maximum length=127.
Pattern: "^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$";
Home page FALSE A URL with more information about the application—for example, the location of your GitHub repository for the application. Description TRUE The description of the application.
Minimum length=1. Maximum length=256.
Labels FALSE The labels that improve the discovery of applications in search results.
Minimum length=1. Maximum length=127. Maximum number of labels: 10.
Pattern: "^[a-zA-Z0-9+\\-_:\\/@]+$";
Spdx license (drop-down list) FALSE Choose a valid license identifier from the drop-down that contains licenses that are available on the SPDX website . Choosing an item in the drop-down populates the License text box below it. Note: Choosing a license in the drop-down replaces the contents of the License text box, and discards any manual edits that you have made. License FALSE Upload a .txt license file, or choose a license from the Spdx license drop-down described in the previous row. Choosing a license from the Spdx license drop-down automatically populates the License text box. You can manually edit the contents of this text box after uploading a license file or choosing one from the Spdx license drop-down. However, if another Spdx license is chosen from the drop-down, any manual edits that you have made are discarded.
This is an optional field, but you must provide a license in order to share the application publicly.
Readme FALSE Upload the contents of the Readme file, which can be in text or markdown format. These contents are displayed on the application's detail page in the Amazon Serverless Application Repository. You can manually edit the contents of this text box after uploading a file.
Semantic version FALSE The semantic version of the application. For more information, see the Semantic Versioning website
. You must provide a value for this property in order to make your application public.
Source code Url FALSE A link to a public repository for the source code of your application. SAM template TRUE A valid Amazon Serverless Application Model (Amazon SAM) template that defines the Amazon resources that are used.
Sharing an Application
Published applications can have permissions set in one of the three following categories:
-
Private (default) – Applications that were created with the same account, and haven't been shared with any other Amazon account. Only consumers that share your Amazon account have permission to deploy private applications.
-
Privately shared – Applications that the publisher has explicitly shared with a specific set of Amazon accounts, or with Amazon accounts in an Amazon Organization. Consumers have permission to deploy applications that have been shared with their Amazon account or Amazon Organization. For more information about Amazon Organizations, see the Amazon Organizations User Guide.
-
Publicly shared – Applications that the publisher has shared with everyone. All consumers have permission to deploy any publicly shared application.
After you have published an application to the Amazon Serverless Application Repository, by default it is set to private. This section shows you how to share an application privately with specific Amazon accounts or an Amazon Organization, or share it publicly with everyone.
Sharing an Application Through the Console
You have two options for sharing your application with others: 1) Share it with specific Amazon accounts or the Amazon accounts within your Amazon organization, or 2) Share it publicly with everyone. For more information about Amazon Organizations, see the Amazon Organizations User Guide.
Option 1: To share your application with specific Amazon account(s) or accounts within your Amazon organization
-
On the navigation pane, choose Published Applications to bring up the list of applications that you've created.
-
Choose the application that you want to share.
-
Choose the Sharing tab.
-
In the Application policy statements section, choose the Create Statement button.
-
In the Statement Configuration window fill out the fields based on how you want to share your application.
Note
If you are sharing with an organization, you can only specify the organization that your Amazon account is a member of. If you try to specify an Amazon Organization that you are not a member of, an error will result.
To share your application with your Amazon Organization, you must acknowledge that the
UnshareApplicationaction will be added to your policy statement, in case the sharing needs to be revoked in the future. -
Choose the Save button.
Option 2: To share your application publicly with everyone
-
On the navigation pane, choose Published Applications to bring up the list of applications that you've created.
-
Choose the application that you want to share.
-
Choose the Sharing tab.
-
In the Public Sharing section, choose the Edit button.
-
Under Public sharing choose the Enabled radio button.
-
In the text box type the name of your application, then choose the Save button.
Note
In order to share an application publicly, it must have both the
SemanticVersion and LicenseUrl properties
set.
Sharing an Application Through the Amazon CLI
To share an application using the Amazon CLI you grant permissions using the
put-application-policy command to specify the Amazon account(s)
you want to share with as principals.
For more information about sharing your application by using the Amazon CLI, see Amazon Serverless Application Repository Application Policy Examples.
Unsharing an Application
There are two options for unsharing an application from an Amazon Organization:
-
The publisher of the application can remove permissions using the
put-application-policycommand. -
A user from the management account of an Amazon Organization can perform an unshare application operation on any application shared with the organization, even if the application was published by a user from a different account.
Note
When an application is unshared from an Amazon Organization with the "unshare application" operation, it cannot be shared with Amazon Organization again.
For more information about Amazon Organizations, see the Amazon Organizations User Guide.
Publisher Removing Permissions
Publisher Removing Permissions Through the Console
To unshare an application through the Amazon Web Services Management Console, you remove the policy statement that shares it with other Amazon accounts. To do this, follow these steps:
-
Choose Available Applications in the left navigation pane.
-
Choose the application that you want to unshare.
-
Choose the Sharing tab.
-
In the Application policy statements section, select the policy statement that is sharing the application with the accounts that you want to unshare from.
-
Choose Delete.
-
A confirmation message will appear. Choose Delete again.
Publisher Removing Permissions Through the Amazon CLI
To unshare an application through the Amazon CLI, the publisher can remove or
otherwise change permissions using the put-application-policy command to make the application
private, or share with a different set of Amazon accounts.
For more information about changing permissions using the Amazon CLI, see Amazon Serverless Application Repository Application Policy Examples.
Management account unsharing an application
Management account unsharing an application from an Amazon Organization through the console
To unshare an application from an Amazon Organization through the Amazon Web Services Management Console, a user from the management account can do the following:
-
Choose Available Applications in the left navigation pane.
-
In the application's tile, choose Unshare.
-
In the unshare message box, confirm you want to unshare the application by entering the Organization ID and application name, then choosing Save.
Management account unsharing an application from an Amazon Organization Through the Amazon CLI
To unshare an application from an Amazon Organization, a user from the
management account can run the
aws
serverlessrepo unshare-application command.
The following command unshares an application from an Amazon Organization, where
application-id is the Amazon Resource Name (ARN)
of the application, and organization-id is the Amazon
Organization ID:
aws serverlessrepo unshare-application --application-idapplication-id--organization-idorganization-id
Deleting an Application
You can delete applications from the Amazon Serverless Application Repository by using either the Amazon Web Services Management Console or the Amazon SAM CLI.
Deleting an Application (Console)
To delete a published application through the Amazon Web Services Management Console, do the following.
-
For My Applications, choose the application that you want to delete.
-
In the application's detail page, choose Delete application.
-
Choose Delete application to complete the deletion.
Deleting an Application (Amazon CLI)
To delete a published application using the Amazon CLI, run the aws serverlessrepo
delete-application command.
The following command deletes an application, where
application-id
aws serverlessrepo delete-application --application-idapplication-id