Create your AWS SAM template
Create an AWS SAM template file that specifies the components in your infrastructure.
To create your AWS SAM template
-
Create a directory named
SAM-Tutorial
. -
In your
SAM-Tutorial
directory, create a file namedtemplate.yml
. -
Copy the following YAML code into
template.yml
. This is your AWS SAM template.AWSTemplateFormatVersion : '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: A sample SAM template for deploying Lambda functions. Resources: # Details about the myDateTimeFunction Lambda function myDateTimeFunction: Type: AWS::Serverless::Function Properties: Handler: myDateTimeFunction.handler Runtime: nodejs18.x # Instructs your myDateTimeFunction is published to an alias named "live". AutoPublishAlias: live # Grants this function permission to call lambda:InvokeFunction Policies: - Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "lambda:InvokeFunction" Resource: '*' DeploymentPreference: # Specifies the deployment configuration Type: Linear10PercentEvery1Minute # Specifies Lambda functions for deployment lifecycle hooks Hooks: PreTraffic: !Ref beforeAllowTraffic PostTraffic: !Ref afterAllowTraffic # Specifies the BeforeAllowTraffic lifecycle hook Lambda function beforeAllowTraffic: Type: AWS::Serverless::Function Properties: Handler: beforeAllowTraffic.handler Policies: - Version: "2012-10-17" # Grants this function permission to call codedeploy:PutLifecycleEventHookExecutionStatus Statement: - Effect: "Allow" Action: - "codedeploy:PutLifecycleEventHookExecutionStatus" Resource: !Sub 'arn:aws:codedeploy:${AWS::Region}:${AWS::AccountId}:deploymentgroup:${ServerlessDeploymentApplication}/*' - Version: "2012-10-17" # Grants this function permission to call lambda:InvokeFunction Statement: - Effect: "Allow" Action: - "lambda:InvokeFunction" Resource: !Ref myDateTimeFunction.Version Runtime: nodejs18.x # Specifies the name of the Lambda hook function FunctionName: 'CodeDeployHook_beforeAllowTraffic' DeploymentPreference: Enabled: false Timeout: 5 Environment: Variables: NewVersion: !Ref myDateTimeFunction.Version # Specifies the AfterAllowTraffic lifecycle hook Lambda function afterAllowTraffic: Type: AWS::Serverless::Function Properties: Handler: afterAllowTraffic.handler Policies: - Version: "2012-10-17" Statement: # Grants this function permission to call codedeploy:PutLifecycleEventHookExecutionStatus - Effect: "Allow" Action: - "codedeploy:PutLifecycleEventHookExecutionStatus" Resource: !Sub 'arn:aws:codedeploy:${AWS::Region}:${AWS::AccountId}:deploymentgroup:${ServerlessDeploymentApplication}/*' - Version: "2012-10-17" Statement: # Grants this function permission to call lambda:InvokeFunction - Effect: "Allow" Action: - "lambda:InvokeFunction" Resource: !Ref myDateTimeFunction.Version Runtime: nodejs18.x # Specifies the name of the Lambda hook function FunctionName: 'CodeDeployHook_afterAllowTraffic' DeploymentPreference: Enabled: false Timeout: 5 Environment: Variables: NewVersion: !Ref myDateTimeFunction.Version
This template specifies the following. For more information, see AWS SAM template concepts.
- A Lambda function called
myDateTimeFunction
-
When this Lambda function is published, the
AutoPublishAlias
line in the template links it to an alias namedlive
. Later in this tutorial, an update to this function triggers a deployment by AWS CodeDeploy that incrementally shifts production traffic from the original version to the updated version. - Two Lambda deployment validation functions
-
The following Lambda functions are executed during CodeDeploy lifecycle hooks. The functions contain code that validate the deployment of the updated
myDateTimeFunction
. The result of the validation tests are passed to CodeDeploy using itsPutLifecycleEventHookExecutionStatus
API method. If a validation test fails, the deployment fails and is rolled back.-
CodeDeployHook_beforeAllowTraffic
runs during theBeforeAllowTraffic
hook. -
CodeDeployHook_afterAllowTraffic
runs during theAfterAllowTraffic
hook.
The name of both functions start with
CodeDeployHook_
. TheCodeDeployRoleForLambda
role allows calls to the Lambdainvoke
method only in Lambda functions with names that start with this prefix. For more information, see AppSpec 'hooks' section for an AWS Lambda deployment and PutLifecycleEventHookExecutionStatus in the CodeDeploy API Reference. -
- Automatic detection of an updated Lambda function
-
The
AutoPublishAlias
term tells the framework to detect when themyDateTimeFunction
function changes, and then deploy it using thelive
alias. - A deployment configuration
-
The deployment configuration determines the rate at which your CodeDeploy application shifts traffic from the original version of the Lambda function to the new version. This template specifies the predefined deployment configuration
Linear10PercentEvery1Minute
.Note
You cannot specify a custom deployment configuration in an AWS SAM template. For more information, see Create a Deployment Configuration.
- Deployment lifecycle hook functions
-
The
Hooks
section specifies the functions to run during lifecycle event hooks.PreTraffic
specifies the function that runs during theBeforeAllowTraffic
hook.PostTraffic
specifies the function that runs during theAfterAllowTraffic
hook. - Permissions for Lambda to invoke another Lambda function
-
The specified
lambda:InvokeFunction
permission grants the role used by the AWS SAM application permission to invoke a Lambda function. This is required when theCodeDeployHook_beforeAllowTraffic
andCodeDeployHook_afterAllowTraffic
functions invoke the deployed Lambda function during validation tests.