AWS SAM prerequisites
Complete the following prerequisites before installing and using the AWS Serverless Application Model Command Line Interface (AWS SAM CLI).
To use the AWS SAM CLI, you need the following:
-
An AWS account, AWS Identity and Access Management (IAM) credentials, and an IAM access key pair.
-
The AWS Command Line Interface (AWS CLI) to configure AWS credentials.
Topics
Step 1: Sign up for an AWS account
If you do not have an AWS account, complete the following steps to create one.
To sign up for an AWS account
Open https://portal.aws.amazon.com/billing/signup
. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access.
Step 2: Create an IAM user account
To create an administrator user, choose one of the following options.
Choose one way to manage your administrator | To | By | You can also |
---|---|---|---|
In IAM Identity Center (Recommended) |
Use short-term credentials to access AWS. This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide. |
Following the instructions in Getting started in the AWS IAM Identity Center User Guide. | Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center in the AWS Command Line Interface User Guide. |
In IAM (Not recommended) |
Use long-term credentials to access AWS. | Following the instructions in Create an IAM user for emergency access in the IAM User Guide. | Configure programmatic access by Manage access keys for IAM users in the IAM User Guide. |
Step 3: Create an access key ID and secret access key
For CLI access, you need an access key ID and a secret access key. Use temporary credentials instead of long-term access keys when possible. Temporary credentials include an access key ID, a secret access key, and a security token that indicates when the credentials expire. For more information, see Using temporary credentials with AWS resources in the IAM User Guide.
Users need programmatic access if they want to interact with AWS outside of the AWS Management Console. The way to grant programmatic access depends on the type of user that's accessing AWS.
To grant users programmatic access, choose one of the following options.
Which user needs programmatic access? | To | By |
---|---|---|
Workforce identity (Users managed in IAM Identity Center) |
Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. |
Following the instructions for the interface that you want to use.
|
IAM | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions in Using temporary credentials with AWS resources in the IAM User Guide. |
IAM | (Not recommended) Use long-term credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. |
Following the instructions for the interface that you want to use.
|
Step 4: Install the AWS CLI
The AWS CLI is an open source tool that enables you to interact with AWS services using commands in your command-line shell. The AWS SAM CLI requires the AWS CLI for activities such as configuring credentials. To learn more about the AWS CLI, see What is the AWS Command Line Interface? in the AWS Command Line Interface User Guide.
To install the AWS CLI, see Installing or updating the latest version of the AWS CLI in the AWS Command Line Interface User Guide.
Step 5: Use the AWS CLI to configure AWS credentials
To configure credentials with IAM Identity Center
To configure credentials with IAM Identity Center, see Configure your profile with the AWS configure sso wizard.
To configure credentials with the AWS CLI
-
Run the
aws configure
command from the command line. -
Configure the following. Select each link to learn more:
The following example shows sample values.
$
aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:AKIAIOSFODNN7EXAMPLE
Default region name [None]:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default output format [None]:us-west-2
json
The AWS CLI stores this information in a profile (a collection of settings) named
default
in the credentials
and config
files. These files are
located in the .aws
file in your home directory. By default, the information in this profile is used
when you run an AWS CLI command that doesn't explicitly specify a profile to use. For more information on the
credentials
file, see
Configuration and credential file settings in the AWS Command Line Interface User Guide.
For more information on configuring credentials, such as using an existing configuration and credentials file, see Quick setup in the AWS Command Line Interface User Guide.
Next steps
You are now ready to install the AWS SAM CLI and start using AWS SAM. To install the AWS SAM CLI, see Install the AWS SAM CLI.