

# Generate a starter CI/CD pipeline with AWS SAM
<a name="serverless-generating-example-ci-cd"></a>

When you are ready automate deployment, you can use one of AWS SAM’s starter pipeline templates to generate a deployment pipeline for the CI/CD system you choose to use. Your deployment pipeline is what you configure and use to automate the deployment of your serverless application. A starter pipeline template is pre-configured to help you quickly set up your deployment pipeline for your serverless application. 

With a starter pipeline template, you can generate pipelines in minutes using the [sam pipeline init](sam-cli-command-reference-sam-pipeline-init.md) command.

The starter pipeline templates use the familiar JSON/YAML syntax of the CI/CD system, and incorporate best practices such as managing artifacts across multiple accounts and regions, and using the minimum amount of permissions required to deploy the application. Currently, the AWS SAM CLI supports generating starter CI/CD pipeline configurations for [AWS CodePipeline](https://aws.amazon.com/codepipeline), [Jenkins](https://www.jenkins.io/), [GitLab CI/CD](https://docs.gitlab.com/ee/ci/), [GitHub Actions](https://github.com/features/actions), and [Bitbucket Pipelines](https://support.atlassian.com/bitbucket-cloud/docs/get-started-with-bitbucket-pipelines/).

Here are the high-level tasks you need to perform to generate a starter pipeline configuration:

1. **Create infrastructure resources** – Your pipeline requires certain AWS resources, for example the IAM user and roles with necessary permissions, an Amazon S3 bucket, and optionally an Amazon ECR repository.

1. **Connect your Git repository with your CI/CD system** – Your CI/CD system needs to know which Git repository will trigger the pipeline to run. Note that this step may not be necessary, depending on which combination of Git repository and CI/CD system you are using.

1. **Generate your pipeline configuration** – This step generates a starter pipeline configuration that includes two deployment stages.

1. **Commit your pipeline configuration to your Git repository** – This step is necessary to ensure your CI/CD system is aware of your pipeline configuration, and will run when changes are committed.

After you've generated the starter pipeline configuration and committed it to your Git repository, whenever someone commits a code change to that repository your pipeline will be triggered to run automatically.

The ordering of these steps, and details of each step, vary based on your CI/CD system:
+ If you are using AWS CodePipeline, see [Generating starter pipeline for AWS CodePipeline in AWS SAM](serverless-generating-example-ci-cd-codepipeline.md).
+ If you are using Jenkins, GitLab CI/CD, GitHub Actions, or Bitbucket Pipelines, see [Use AWS SAM to generate starter pipelines for Jenkins, GitLab CI/CD, GitHub Actions, Bitbucket Pipelines](serverless-generating-example-ci-cd-others.md).

# Generating starter pipeline for AWS CodePipeline in AWS SAM
<a name="serverless-generating-example-ci-cd-codepipeline"></a>

To generate a starter pipeline configuration for AWS CodePipeline, perform the following tasks in this order:

1. Create infrastructure resources

1. Generate the pipeline configuration

1. Commit your pipeline configuration to Git

1. Connect your Git repository with your CI/CD system

**Note**  
The following procedure utilizes two AWS SAM CLI commands, `sam pipeline bootstrap` and `sam pipeline init`. The reason there are two commands is to handle the use case where administrators (that is, users who need permission to set up infrastructure AWS resource like IAM users and roles) have more permission that developers (that is, users who just need permission to set up individual pipelines, but not the required infrastructure AWS resources).

## Step 1: Create infrastructure resources
<a name="generating-example-step-1"></a>

Pipelines that use AWS SAM require certain AWS resources, like an IAM user and roles with necessary permissions, an Amazon S3 bucket, and optionally an Amazon ECR repository. You must have a set of infrastructure resources for each deployment stage of the pipeline.

You can run the following command to help with this setup:

```
sam pipeline bootstrap
```

**Note**  
Run the previous command for each deployment stage of your pipeline.

## Step 2: Generate the pipeline configuration
<a name="generating-example-step-2"></a>

To generate the pipeline configuration, run the following command:

```
sam pipeline init
```

## Step 3: Commit your pipeline configuration to Git repository
<a name="generating-example-step-3"></a>

This step is necessary to ensure your CI/CD system is aware of your pipeline configuration, and will run when changes are committed.

## Step 4: Connect your Git repository with your CI/CD system
<a name="generating-example-step-4"></a>

For AWS CodePipeline you can now create the connection by running the following command:

```
sam deploy -t codepipeline.yaml --stack-name <pipeline-stack-name> --capabilities=CAPABILITY_IAM --region <region-X>
```

If you are using GitHub or Bitbucket, after running the **sam deploy** command previously, complete the connection by following the steps under **To complete a connection** found on the [Update a pending connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-update.html) topic in the *Developer Tools console user guide*. In addition, store a copy of the `CodeStarConnectionArn` from the output of the **sam deploy** command, because you will need it if you want to use AWS CodePipeline with another branch than `main`.

## Configuring other branches
<a name="configuring-other-branches"></a>

By default, AWS CodePipeline uses the `main` branch with AWS SAM. If you want to use a branch other than `main`, you must run the **sam deploy** command again. Note that depending on which Git repository you are using, you may also need to provide the `CodeStarConnectionArn`:

```
# For GitHub and Bitbucket
sam deploy -t codepipeline.yaml --stack-name <feature-pipeline-stack-name> --capabilities=CAPABILITY_IAM --parameter-overrides="FeatureGitBranch=<branch-name> CodeStarConnectionArn=<codestar-connection-arn>"

# For AWS CodeCommit
sam deploy -t codepipeline.yaml --stack-name <feature-pipeline-stack-name> --capabilities=CAPABILITY_IAM --parameter-overrides="FeatureGitBranch=<branch-name>"
```

## Learn more
<a name="serverless-generating-cicd-learn"></a>

For a hands-on example of setting up a CI/CD pipeline, see [ CI/CD with AWS CodePipeline](https://catalog.workshops.aws/complete-aws-sam/en-US/module-4-cicd) in *The Complete AWS SAM Workshop*.

# Use AWS SAM to generate starter pipelines for Jenkins, GitLab CI/CD, GitHub Actions, Bitbucket Pipelines
<a name="serverless-generating-example-ci-cd-others"></a>

To generate a starter pipeline configuration for Jenkins, GitLab CI/CD, GitHub Actions, or Bitbucket Pipelines perform the following tasks in this order:

1. Create infrastructure resources

1. Connect your Git repository with your CI/CD system

1. Create credential objects

1. Generate the pipeline configuration

1. Commit your pipeline configuration to Git repository

**Note**  
The following procedure utilizes two AWS SAM CLI commands, `sam pipeline bootstrap` and `sam pipeline init`. The reason there are two commands is to handle the use case where administrators (that is, users who need permission to set up infrastructure AWS resource like IAM users and roles) have more permission that developers (that is, users who just need permission to set up individual pipelines, but not the required infrastructure AWS resources).

## Step 1: Create infrastructure resources
<a name="generating-example-step-1"></a>

Pipelines that use AWS SAM require certain AWS resources, like an IAM user and roles with necessary permissions, an Amazon S3 bucket, and optionally an Amazon ECR repository. You must have a set of infrastructure resources for each deployment stage of the pipeline.

You can run the following command to help with this setup:

```
sam pipeline bootstrap
```

**Note**  
Run the previous command for each deployment stage of your pipeline.

You must capture the AWS credentials (key id and secret key) for the pipeline users for each deployment stage of your pipeline, because they are needed for subsequent steps.

## Step 2: Connect your Git repository with your CI/CD system
<a name="generating-example-step-2"></a>

Connecting your Git repository to your CI/CD system is necessary so that the CI/CD system is able to access your application source code for builds and deployments.

**Note**  
You can skip this step if you are using one of the following combinations, because the connection is done for you automatically:  
GitHub Actions with GitHub repository
GitLab CI/CD with GitLab repository
Bitbucket Pipelines with a Bitbucket repository

To connect your Git repository with your CI/CD system, do one of the following:
+ If you're using Jenkins, see the [Jenkins documentation](https://www.jenkins.io/doc/book/pipeline/multibranch/) for "Adding a branch source."
+ If you're using GitLab CI/CD and a Git repository other than GitLab, see the [GitLab documentation](https://docs.gitlab.com/ee/ci/ci_cd_for_external_repos/) for "connecting an external repository."

## Step 3: Create credential objects
<a name="generating-example-step-3"></a>

Each CI/CD system has its own way of managing credentials needed for the CI/CD system to access your Git repository.

To create the necessary credential objects, do one of the following:
+ If you're using Jenkins, create a single "credential" that stores both the key id and secret key. Follow the instructions in the [Building a Jenkins Pipeline with AWS SAM](https://aws.amazon.com/blogs/compute/building-a-jenkins-pipeline-with-aws-sam/) blog, in the **Configure Jenkins** section. You will need the "Credential id" for the next step.
+ If you're using GitLab CI/CD, create two "protected variables", one for each of key id and secret key. Follow the instructions in the [GitLab documentation](https://docs.gitlab.com/ee/ci/variables/) – you will need two "variable keys" for the next step.
+ If you're using GitHub Actions, create two "encrypted secrets", one for each of key and secret key. Follow the instructions in the [GitHub documentation](https://docs.github.com/en/actions/reference/encrypted-secrets) - you will need two "secret names" for the next step.
+ If you're using Bitbucket Pipelines, create two "secure variables", one for each of key id and secret key. Follow the instructions in the [Variables and secrets ](https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets) - you will need two "secret names" for the next step.

## Step 4: Generate the pipeline configuration
<a name="generating-example-step-4"></a>

To generate the pipeline configuration, run the following command. You will need to input the credential object that you created in the previous step:

```
sam pipeline init
```

## Step 5: Commit your pipeline configuration to Git repository
<a name="generating-example-step-5"></a>

This step is necessary to ensure your CI/CD system is aware of your pipeline configuration, and will run when changes are committed.

## Learn more
<a name="serverless-generating-other-cicd-learn"></a>

For a hands-on example of setting up a CI/CD pipeline using GitHub Actions, see [CI/CD with GitHub](https://s12d.com/sam-ws-en-gh) in *The Complete AWS SAM Workshop*.