AWS SAM prerequisites - AWS Serverless Application Model

AWS SAM prerequisites

Complete the following prerequisites before installing and using the AWS Serverless Application Model Command Line Interface (AWS SAM CLI).

To use the AWS SAM CLI, you need the following:

  • An AWS account, AWS Identity and Access Management (IAM) credentials, and an IAM access key pair.

  • The AWS Command Line Interface (AWS CLI) to configure AWS credentials.

Step 1: Sign up for an AWS account

If you do not have an AWS account, complete the following steps to create one.

To sign up for an AWS account
  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access.

Step 2: Create an IAM user account

To create an administrator user, choose one of the following options.

Choose one way to manage your administrator To By You can also
In IAM Identity Center

(Recommended)

Use short-term credentials to access AWS.

This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide.

Following the instructions in Getting started in the AWS IAM Identity Center User Guide. Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center in the AWS Command Line Interface User Guide.
In IAM

(Not recommended)

Use long-term credentials to access AWS. Following the instructions in Create an IAM user for emergency access in the IAM User Guide. Configure programmatic access by Manage access keys for IAM users in the IAM User Guide.

Step 3: Create an access key ID and secret access key

For CLI access, you need an access key ID and a secret access key. Use temporary credentials instead of long-term access keys when possible. Temporary credentials include an access key ID, a secret access key, and a security token that indicates when the credentials expire. For more information, see Using temporary credentials with AWS resources in the IAM User Guide.

Users need programmatic access if they want to interact with AWS outside of the AWS Management Console. The way to grant programmatic access depends on the type of user that's accessing AWS.

To grant users programmatic access, choose one of the following options.

Which user needs programmatic access? To By

Workforce identity

(Users managed in IAM Identity Center)

Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs.

Following the instructions for the interface that you want to use.

IAM Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. Following the instructions in Using temporary credentials with AWS resources in the IAM User Guide.
IAM

(Not recommended)

Use long-term credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs.

Following the instructions for the interface that you want to use.

Step 4: Install the AWS CLI

The AWS CLI is an open source tool that enables you to interact with AWS services using commands in your command-line shell. The AWS SAM CLI requires the AWS CLI for activities such as configuring credentials. To learn more about the AWS CLI, see What is the AWS Command Line Interface? in the AWS Command Line Interface User Guide.

To install the AWS CLI, see Installing or updating the latest version of the AWS CLI in the AWS Command Line Interface User Guide.

Step 5: Use the AWS CLI to configure AWS credentials

To configure credentials with IAM Identity Center
To configure credentials with the AWS CLI
  1. Run the aws configure command from the command line.

  2. Configure the following. Select each link to learn more:

    1. Access key ID

    2. Secret access key

    3. AWS Region

    4. Output format

    The following example shows sample values.

    $ aws configure AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-west-2 Default output format [None]: json

The AWS CLI stores this information in a profile (a collection of settings) named default in the credentials and config files. These files are located in the .aws file in your home directory. By default, the information in this profile is used when you run an AWS CLI command that doesn't explicitly specify a profile to use. For more information on the credentials file, see Configuration and credential file settings in the AWS Command Line Interface User Guide.

For more information on configuring credentials, such as using an existing configuration and credentials file, see Quick setup in the AWS Command Line Interface User Guide.

Next steps

You are now ready to install the AWS SAM CLI and start using AWS SAM. To install the AWS SAM CLI, see Install the AWS SAM CLI.