sam pipeline bootstrap - AWS Serverless Application Model
UsageOptionsTroubleshooting

sam pipeline bootstrap

This page provides reference information for the AWS Serverless Application Model Command Line Interface (AWS SAM CLI) sam local pipeline bootstrap subcommand.

For an introduction to the AWS SAM CLI, see What is the AWS SAM CLI?.

The sam pipeline bootstrap subcommand generates the required AWS infrastructure resources to connect to your CI/CD system. This step must be run for each deployment stage in your pipeline prior to running the sam pipeline init command.

This subcommand sets up the following AWS infrastructure resources:

  • Option of configuring pipeline permissions through:

  • An AWS CloudFormation execution IAM role assumed by AWS CloudFormation to deploy the AWS SAM application.

  • An Amazon S3 bucket to hold the AWS SAM artifacts.

  • Optionally, an Amazon ECR image repository to hold container image Lambda deployment packages (if you have a resource that is of package type Image).

Usage

$ sam pipeline bootstrap <options>

Options

--bitbucket-repo-uuid TEXT

The UUID of the Bitbucket repository. This option is specific to using Bitbucket OIDC for permissions.

Note

This value can be found at https://bitbucket.org/workspace/repository/admin/addon/admin/pipelines/openid-connect

--bucket TEXT

The ARN of the Amazon S3 bucket that holds the AWS SAM artifacts.

--cicd-provider TEXT

The CI/CD platform for the AWS SAM pipeline.

--cloudformation-execution-role TEXT

The ARN of the IAM role to be assumed by AWS CloudFormation while deploying the application's stack. Provide only if you want to use your own role. Otherwise, the command will create a new role.

--config-env TEXT

The environment name that specifies the default parameter values in the configuration file to use. The default value is default. For more information about configuration files, see AWS SAM CLI configuration file.

--config-file PATH

The path and file name of the configuration file containing the default parameter values to use. The default value is samconfig.toml in the root of the project directory. For more information about configuration files, see AWS SAM CLI configuration file.

--confirm-changeset | --no-confirm-changeset

Prompt to confirm the deployment of your resources.

--create-image-repository | --no-create-image-repository

Specify whether to create an Amazon ECR image repository if none is provided. The Amazon ECR repository holds the container images of Lambda functions, or layers having a package type of Image. The default is --no-create-image-repository.

--debug

Turns on debug logging and prints debug messages that the AWS SAM CLI generates, and to display timestamps.

--deployment-branch TEXT

Name of the branch that deployments will occur from. This option is specific to using GitHub Actions OIDC for permissions.

--github-org TEXT

The GitHub organization that the repository belongs to. If no organization exists, enter the user name of the repository owner. This option is specific to using GitHub Actions OIDC for permissions.

--github-repo TEXT

Name of the GitHub repository that deployments will occur from. This option is specific to using GitHub Actions OIDC for permissions.

--gitlab-group TEXT

The GitLab group that the repository belongs to. This option is specific to using GitLab OIDC for permissions.

--gitlab-project TEXT

The GitLab project name. This option is specific to using GitLab OIDC for permissions.

--help, -h

Shows this message and exits.

--image-repository TEXT

The ARN of an Amazon ECR image repository that holds the container images of Lambda functions, or layers that have a package type of Image. If provided, the --create-image-repository options is ignored. If not provided and --create-image-repository is specified, the command creates one.

--interactive | --no-interactive

Disable interactive prompting for bootstrap parameters and fail if any required parameters are missing. The default value is --interactive. For this command, --stage is the only required parameter.

Note

If --no-interactive is specified along with --use-oidc-provider, all required parameters for your OIDC provider must be included.

--oidc-client-id TEXT

The client ID configured for use with your OIDC provider.

--oidc-provider [github-actions | gitlab | bitbucket-pipelines]

Name of the CI/CD provider that will be used for OIDC permissions. GitLab, GitHub, and Bitbucket are supported.

--oidc-provider-url TEXT

The URL for the OIDC provider. Value must begin with https://.

--permissions-provider [oidc | iam]

Choose a permissions provider to assume the pipeline execution role. The default value is iam.

--pipeline-execution-role TEXT

The ARN of the IAM role to be assumed by the pipeline user to operate on this stage. Provide only if you want to use your own role. If not provided, this command will create a new role.

--pipeline-user TEXT

The Amazon Resource Name (ARN) of the IAM user having its access key ID and secret access key shared with the CI/CD system. It is used to grant this IAM user permission to access the corresponding AWS account. If not provided, the command will create an IAM user along with the access key ID and secret access key credentials.

--profile TEXT

The specific profile from your credential file that gets AWS credentials.

--region TEXT

The AWS Region to deploy to. For example, us-east-1.

--save-params

Save the parameters that you provide at the command line to the AWS SAM configuration file.

--stage TEXT

The name of the corresponding deployment stage. It is used as a suffix for the created AWS infrastructure resources.

Troubleshooting

Error: Missing required parameter

When --no-interactive is specified along with --use-oidc-provider and any of the required parameters are not provided, this error message will be displayed along with a description of the missing parameters.