Serverless apps using SAM

Serverless app using SAM. AWS_EN

Using SAM to create a serverless application with API Gateway and Lambda

In the following pages, we have covered how to create a serverless app using API Gateway and Lambda, and now we would like to reproduce a similar configuration using SAM.

SAM (Serverless Application Model) is a framework for developing serverless application applications provided by AWS.

The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications. It provides shorthand syntax to express functions, APIs, databases, and event source mappings… During deployment, SAM transforms and expands the SAM syntax into AWS CloudFormation syntax, enabling you to build serverless applications faster.

AWS Serverless Application Model

In this page, we will check SAM by following the steps in the official AWS tutorial Tutorial: Deploying a Hello World application.


Diagram of serverless app using SAM.

We will build the same environment as in Serverless Application using Lambda and API Gateway.

We will create the application with the following settings.

  • Application name: fa-006
  • Runtime environment for Lambda functions: Python 3.8

SAM application creation

Create an application with AWS SAM CLI.

If you have not installed this tool, please refer to Installing the AWS SAM CLI.

$ sam init
Which template source would you like to use?
        1 - AWS Quick Start Templates
        2 - Custom Template Location
Choice: 1
What package type would you like to use?
        1 - Zip (artifact is a zip uploaded to S3)
        2 - Image (artifact is an image uploaded to an ECR image repository)
Package type: 1

Which runtime would you like to use?
        1 - nodejs12.x
        2 - python3.8
        3 - ruby2.7
        4 - go1.x
        5 - java11
        6 - dotnetcore3.1
        7 - nodejs10.x
        8 - python3.7
        9 - python3.6
        10 - python2.7
        11 - ruby2.5
        12 - java8.al2
        13 - java8
        14 - dotnetcore2.1
Runtime: 2

Project name [sam-app]: fa-006

Cloning app templates from

AWS quick start application templates:
        1 - Hello World Example
        2 - EventBridge Hello World
        3 - EventBridge App from scratch (100+ Event Schemas)
        4 - Step Functions Sample App (Stock Trader)
        5 - Elastic File System Sample App
Template selection: 1

    Generating application:
    Name: fa-006
    Runtime: python3.8
    Dependency Manager: pip
    Application Template: hello-world
    Output Directory: .Code language: Bash (bash)

SAM configuration file

Place the SAM template file at the following URL.

awstut-fa/template.yaml at main · awstut-an-r/awstut-fa
Contribute to awstut-an-r/awstut-fa development by creating an account on GitHub.

Template file points

We will cover the key points of each template file to configure this environment.

Lambda functions are defined with AWS::Serverless::Function type

Define a Lambda function in SAM.

    Type: AWS::Serverless::Function
      CodeUri: hello_world/
      Handler: app.lambda_handler
      Runtime: python3.8
          #Type: Api
          Type: HttpApi
            Path: /hello
            Method: getCode language: YAML (yaml)

In CloudFormation, the Type property specifies the type of resource to be created. Normally, when defining a Lambda function, “AWS::Lambda::Function” is used, but if you follow the SAM notation, it will be “AWS::Serverless::Function”.

In the CodeUri property, specify the directory PATH where the script to be executed is located. PATH can be specified relative to this template file. The PATH can be specified relative to the main template file. In this case, it means that the script will be placed in the “hello_world” directory, which is located in the same location as the main template file.

The Handler property is a parameter that specifies the actual function to be executed when the Lambda function is called. By specifying “app.lambda_handler”, it means that the lambda_handler function in the file located in the “hello_world” directory will be executed.

The Runtime property is a parameter that specifies the runtime environment for the function. In this case, we will specify Python 3.8 to run the function.

The Events property allows you to define the events associated with this function.

Specifies the events that trigger this function. Events consist of a type and a set of properties that depend on the type.


This time, we will use this property to define the API Gateway associated with this function.

You can specify the resource to be created in the Type property in the Events property.

Object describing properties of this event mapping. The set of properties must conform to the defined Type.

Type: S3|SNS|Kinesis|DynamoDB|SQS|Api|Schedule|CloudWatchEvent|EventBridgeRule|CloudWatchLogs|IoTRule|AlexaSkill|Cognito|HttpApi|MSK|MQ


Since we will be creating an HTTP API type API Gateway, specify “HttpApi”.

Specify the various parameters of the resource to be created in the Properties property.

The Path and Method properties are parameters related to the API Gateway root. In this case, we will specify that this function will be executed when “/hello”, the endpoint to be created, is accessed by GET.

The content of the function to be executed is the same as in Serverless apps using Lambda and API Gateway, so please check there.

SAM Application Deployment

Build and deploy with AWS SAM CLI.

First, let’s build.

$ sam build --use-container
Starting Build inside a container
Building codeuri: hello_world/ runtime: python3.8 metadata: {} functions: ['HelloWorldFunction']

Fetching amazon/aws-sam-cli-build-image-python3.8 Docker container image...................................................................................................................................................................................................................................................................
Mounting /your-directory/hello_world as /tmp/samcli/source:ro,delegated inside runtime container

Build Succeeded

Built Artifacts  : .aws-sam/build
Built Template   : .aws-sam/build/template.yaml

Commands you can use next
[*] Invoke Function: sam local invoke
[*] Deploy: sam deploy --guided
Running PythonPipBuilder:ResolveDependencies
Running PythonPipBuilder:CopySource
Code language: Bash (bash)

By using the use-container option, you can build your application in a dedicated Docker container.

If your functions depend on packages that have natively compiled dependencies, use this option to build your function inside a Lambda-like Docker container.

sam build

In this case, since we are using Python 3.8 as the runtime environment, the same environment must be available locally to run the CLI. However, by using this option, the build is completed in the container, so there is no need to worry about the local environment.

Next, we will proceed to deploy the application.

$ sam deploy --guided

Configuring SAM deploy

        Looking for config file [samconfig.toml] :  Not found

        Setting default arguments for 'sam deploy'
        Stack Name [sam-app]: fa-006
        AWS Region [us-east-1]: ap-northeast-1
        #Shows you resources changes to be deployed and require a 'Y' to initiate deploy
        Confirm changes before deploy [y/N]: y
        #SAM needs permission to be able to create roles to connect to the resources in your template
        Allow SAM CLI IAM role creation [Y/n]: y
        HelloWorldFunction may not have authorization defined, Is this okay? [y/N]: y
        Save arguments to configuration file [Y/n]: y
        SAM configuration file [samconfig.toml]:   
        SAM configuration environment [default]: 


        Deploying with following values
        Stack name                   : fa-006
        Region                       : ap-northeast-1
        Confirm changeset            : True
        Deployment s3 bucket         : [bucket-name]
        Capabilities                 : ["CAPABILITY_IAM"]
        Parameter overrides          : {}
        Signing Profiles             : {}

Initiating deployment
HelloWorldFunction may not have authorization defined.

Waiting for changeset to be created..

CloudFormation stack changeset
Operation                                LogicalResourceId                        ResourceType                             Replacement                            
+ Add                                    HelloWorldFunctionHelloWorldPermission   AWS::Lambda::Permission                  N/A                                    
+ Add                                    HelloWorldFunctionRole                   AWS::IAM::Role                           N/A                                    
+ Add                                    HelloWorldFunction                       AWS::Lambda::Function                    N/A                                    
+ Add                                    ServerlessHttpApiApiGatewayDefaultStage   AWS::ApiGatewayV2::Stage                 N/A                                    
+ Add                                    ServerlessHttpApi                        AWS::ApiGatewayV2::Api                   N/A                                    

Changeset created successfully. arn:aws:cloudformation:ap-northeast-1:[accound-id]:changeSet/samcli-deploy1641285770/e5418e4b-792d-4e96-93ae-5d10a45ee858

Previewing CloudFormation changeset before deployment
Deploy this changeset? [y/N]: y


CloudFormation outputs from deployed stack
Key                 HelloWorldFunctionIamRole                                                                                                                   
Description         Implicit IAM Role created for Hello World function                                                                                          
Value               arn:aws:iam::[account-id]:role/fa-006-HelloWorldFunctionRole-VBT1AK5MRG5J

Key                 HelloWorldApi                                                                                                                               
Description         API Gateway endpoint URL for Prod stage for Hello World function                                                                            

Key                 HelloWorldFunction                                                                                                                          
Description         Hello World Lambda Function ARN                                                                                                             
Value               arn:aws:lambda:ap-northeast-1:[account-id]:function:fa-006-HelloWorldFunction-qajs4WIMSN60

Successfully created/updated stack - fa-006 in ap-northeast-1
Code language: Bash (bash)

Deployment has been completed successfully.

From the deployment log, we can see that five resources have been created this time.

Also, from the output in the Outputs section, we can see that the API Gateway endpoint created this time is “”.

Access the SAM application

Now let’s actually access it.
{"message": "hello world from Awstut !"}
Code language: Bash (bash)

We were able to successfully retrieve the results of the Lambda function execution.

As you can see, by using SAM, we were able to build a serverless application more concisely than with the normal CloudFormation notation.

(Reference) Details of various resources created by SAM

We will check the status of various resources of the application deployed with SAM.

As we saw at the beginning, SAM is a variant of CloudFormation, so deploying a SAM application will create a CloudFormation stack.

Although not included in this stack, Route and Integration of API Gateway resources have also been created.

Check the status of the stack creation from the AWS Management Console.

The list of resources created by SAM

Although not directly defined in the template file, you can see that the Permission for API Gateway to call the Lambda function and the IAM role to be granted to the Lambda function are also automatically created.

The contents of Permission are as follows.

Permission automatically generated by SAM

The conditions for calling the Lambda function are defined. Only calls from the API Gateway created this time and from the GET method with the URL /hello will be allowed.

The following is the IAM role that has been created.

IAM roles automatically created by SAM

You can see that the AWS managed policy AWSLambdaBasicExecutionRole has been attached, which means that the minimum privileges for executing Lambda functions have been granted.

Although not included in this stack, API Gateway root and integration resources have also been created.

First is integration.

Integration automatically generated by SAM

You can see that the Lambda function we created is associated with it.

Next is the route.

Routes automatically generated by SAM

The GET method of /hello is associated with the previous integration. The combination of these settings will allow the Lambda function to be executed when the API Gateway is accessed.


We found that using SAM allows us to build serverless applications in a more concise manner compared to the usual CloudFormation notation.