AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications with a shorthand syntax for common cloud resources.
All of this project’s code can be found in the First Look monorepo on my GitHub.
Introduction
AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications. It provides shorthand syntax to express functions, APIs, databases, and event source mappings. Much like AWS CDK, SAM transforms and expands its own syntax into CloudFormation syntax during deployment.
CDK uses common languages such as JavaScript, TypeScript, or Python to imperatively provision resources similar to Pulumi
SAM CLI is currently used to build locally, test, and package serverless applications defined using AWS CloudFormation or SAM templates. However, there is currently early support for using the SAM CLI to build and test with the CDK.
Setup
Configure AWS CLI
Make sure you have the AWS CLI installed and an AWS account. For general use, aws configure is recommended as the fastest way to set up your AWS CLI installation.
When you enter this command, the AWS CLI prompts you for four pieces of information:
Access key ID
Secret access key
AWS Region
Output format
Go to My Security Credentials to find your Access Key ID, Secret Access Key, and default region. You can leave the output format blank.
Give your project a name. I named my project ajcwebdev-sam.
Select Example Application
Select Hello World Example.
Output:
Project Structure
SAM Template
This example app uses a single Lambda function along with API Gateway.
These are defined in template.yaml which includes a SAM template for specifying your application’s AWS resources.
App Entry Point
The hello-world directory contains code for the application’s Lambda function inside app.js and a package.json file for the necessary dependencies and scripts needed for our build process.
You specify dependencies in a manifest file that you include in your application. Since our example is using Node.js functions, our manifest file is package.json. This file is required for sam build.
Test Handler
The hello-world directory also contains a tests directory with a unit directory for unit tests and a test-handler.js file.
Events
The events directory contains invocation events. There are a lot of events in event.json, so we’ll take a look at each key and its corresponding value.
Event
Definition
body
HTTP body containing data associated with the request (like content of an HTML form), or the document associated with a response.
resource
Sets a proxy in front of the resource.
path
Sets a path for the proxy to send the request.
httpMethod
The HTTP POST method sends data to the server. The type of the body of the request is indicated by the Content-Type header.
isBase64Encoded
Base encoding
queryStringParameters
Query string parameters
pathParameters
Proxies the request to our resources.
stageVariables
Variables for staging
headers includes a bunch of headers. I definitely know what all of these do. Totally.
The requestContext object is a map of key-value pairs. In each pair, the key is the name of a $context variable property, and the value is the value of that property.
Deploy to AWS
Build Application
The sam build command will build your serverless application and prepare it for subsequent steps in your workflow, like locally testing the application or deploying it to AWS.
Output:
This command builds any dependencies that your application has, and copies your application source code to folders under .aws-sam/build to be zipped and uploaded to Lambda.
Configure SAM Deploy
For the question, “HelloWorldFunction may not have authorization defined,” AWS SAM is informing you that the sample application configures an API Gateway API without authorization. When you deploy the sample application, AWS SAM creates a publicly available URL.
CloudFormation outputs from deployed stack:
Copy the URL contained in the Value for HelloWorldApi and send a request with your API tool of choice such as cURL, Postman, or Insomnia.
You can also just use a good ol’ fashion web browser.
Delete Stack
Since this is a simple hello world application with an unsecured API endpoint, you should consider tearing the project down unless you intend on adding addition security features. To delete the sample application that you created:
If you send another request to the endpoint you will receive a 500 error message.