sam pipeline bootstrap

This command generates the required AWS infrastructure resources to connect to your CI/CD system. This step must be run for each deployment stage in your pipeline prior to running the sam pipeline init command.

This command sets up the following AWS infrastructure resources:

• Option of configuring pipeline permissions through:

  • A pipeline IAM user with access key ID and secret key access credentials to be shared with the CI/CD system.

    Note

    We recommend rotating access keys regularly. For more information, see Rotate access keys regularly for use cases that require long-term credentials in the IAM User Guide.

  • Supported CI/CD platforms through OIDC. For an introduction on using OIDC with AWS SAM pipeline, go to Using OIDC authentication with AWS SAM pipeline.

• An AWS CloudFormation execution IAM role assumed by AWS CloudFormation to deploy the AWS SAM application.

• An Amazon S3 bucket to hold the AWS SAM artifacts.

• Optionally, an Amazon ECR image repository to hold container image Lambda deployment packages (if you have a resource that is of package type Image).

Usage:

sam pipeline bootstrap [OPTIONS]

Options:

Option	Description
--config-env TEXT	The environment name that specifies the default parameter values in the configuration file to use. The default value is default. For more information about configuration files, see AWS SAM CLI configuration file.
--config-file PATH	The path and file name of the configuration file containing the default parameter values to use. The default value is samconfig.toml in the root of the project directory. For more information about configuration files, see AWS SAM CLI configuration file.
--interactive | --no-interactive	Disable interactive prompting for bootstrap parameters and fail if any required parameters are missing. The default value is --interactive. For this command, --stage is the only required parameter. Note: If --no-interactive is specified along with --use-oidc-provider, all required parameters for your OIDC provider must be included.
--stage TEXT	The name of the corresponding deployment stage. It is used as a suffix for the created AWS infrastructure resources.
--pipeline-user TEXT	The Amazon Resource Name (ARN) of the IAM user having its access key ID and secret access key shared with the CI/CD system. It is used to grant this IAM user permission to access the corresponding AWS account. If not provided, the command will create an IAM user along with the access key ID and secret access key credentials.
--pipeline-execution-role TEXT	The ARN of the IAM role to be assumed by the pipeline user to operate on this stage. Provide only if you want to use your own role. If not provided, this command will create a new role.
--cloudformation-execution-role TEXT	The ARN of the IAM role to be assumed by AWS CloudFormation while deploying the application's stack. Provide only if you want to use your own role. Otherwise, the command will create a new role.
--bucket TEXT	The ARN of the Amazon S3 bucket that holds the AWS SAM artifacts.
--create-image-repository | --no-create-image-repository	Specify whether to create an Amazon ECR image repository if none is provided. The Amazon ECR repository holds the container images of Lambda functions, or layers having a package type of Image. The default is --no-create-image-repository.
--image-repository TEXT	The ARN of an Amazon ECR image repository that holds the container images of Lambda functions, or layers that have a package type of Image. If provided, the --create-image-repository options is ignored. If not provided and --create-image-repository is specified, the command creates one.
--confirm-changeset | --no-confirm-changeset	Prompt to confirm the deployment of your resources.
--permissions-provider [oidc | iam]	Choose a permissions provider to assume the pipeline execution role. The default value is iam.
--oidc-provider-url TEXT	The URL for the OIDC provider. Value must begin with https://.
--oidc-client-id TEXT	The client ID configured for use with your OIDC provider.
--github-org TEXT	The GitHub organization that the repository belongs to. If no organization exists, enter the user name of the repository owner. This option is specific to using GitHub Actions OIDC for permissions.
--github-repo TEXT	Name of the GitHub repository that deployments will occur from. This option is specific to using GitHub Actions OIDC for permissions.
--deployment-branch TEXT	Name of the branch that deployments will occur from. This option is specific to using GitHub Actions OIDC for permissions.
--oidc-provider [github-actions | gitlab | bitbucket-pipelines]	Name of the CI/CD provider that will be used for OIDC permissions. GitLab, GitHub, and Bitbucket are supported.
--gitlab-group TEXT	The GitLab group that the repository belongs to. This option is specific to using GitLab OIDC for permissions.
--gitlab-project TEXT	The GitLab project name. This option is specific to using GitLab OIDC for permissions.
--bitbucket-repo-uuid TEXT	The UUID of the Bitbucket repository. This option is specific to using Bitbucket OIDC for permissions. Note This value can be found at https://bitbucket.org/workspace/repository/admin/addon/admin/pipelines/openid-connect
cicd-provider TEXT	The CI/CD platform for the AWS SAM pipeline.
--debug	Turns on debug logging and prints debug messages that the AWS SAM CLI generates, and to display timestamps.
--profile TEXT	The specific profile from your credential file that gets AWS credentials.
--region TEXT	The AWS Region to deploy to. For example, us-east-1.
-h, --help	Shows this message and exits.

Troubleshooting

Error: Missing required parameter

When --no-interactive is specified along with --use-oidc-provider and any of the required parameters are not provided, this error message will be displayed along with a description of the missing parameters.