# Getting started with AWS SAM
Get started with AWS SAM by reviewing and completing the topics in this section. [AWS SAM prerequisites](prerequisites.md) provides detailed instructions on setting up an AWS account, creating IAM users, creating key access, and installing and configuring the AWS SAM CLI. After completing the prerequisites, you can choose your development approach:
+ [Install the AWS SAM CLI](install-sam-cli.md), which you can do on Linux, Windows, and macOS operating systems.
+ [Getting started with AWS SAM using VS Code Toolkit](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/sam-get-started.html) for a visual development experience with integrated debugging and testing capabilities.
After installation is complete, you can optionally walk through the AWS SAM Hello World tutorial. Following this tutorial will walk you through the process of creating a basic serverless application with AWS SAM. After completing the tutorial, you'll be ready to review the concepts detailed in [How to use AWS Serverless Application Model (AWS SAM)](chapter-using-sam.md).
**Topics**
+ [
# AWS SAM prerequisites
](prerequisites.md)
+ [
# Install the AWS SAM CLI
](install-sam-cli.md)
+ [
# Tutorial: Deploy a Hello World application with AWS SAM
](serverless-getting-started-hello-world.md)
+ [
# Converting Lambda Functions to AWS SAM Applications
](convert-lambda-to-sam.md)
# AWS SAM prerequisites
Complete the following prerequisites before installing and using the AWS Serverless Application Model Command Line Interface (AWS SAM CLI).
To use the AWS SAM CLI, you need the following:
+ An AWS account, AWS Identity and Access Management (IAM) credentials, and an IAM access key pair.
+ The AWS Command Line Interface (AWS CLI) to configure AWS credentials.
**Topics**
+ [
## Step 1: Sign up for an AWS account
](#prerequisites-sign-up)
+ [
## Step 2: Create an IAM user account
](#prerequisites-create-user)
+ [
## Step 3: Create an access key ID and secret access key
](#prerequisites-create-keys)
+ [
## Step 4: Install the AWS CLI
](#prerequisites-install-cli)
+ [
## Step 5: Use the AWS CLI to configure AWS credentials
](#prerequisites-configure-credentials)
+ [
## Step 6: (Optional) Install AWS Toolkit for VS Code
](#prerequisites-install-vscode)
+ [
## Next steps
](#prerequisites-next-steps)
## Step 1: Sign up for an AWS account
If you do not have an AWS account, complete the following steps to create one.
**To sign up for an AWS account**
1. Open [https://portal.aws.amazon.com/billing/signup](https://portal.aws.amazon.com/billing/signup).
1. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad.
When you sign up for an AWS account, an *AWS account root user* is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform [tasks that require root user access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks).
## Step 2: Create an IAM user account
To create an administrator user, choose one of the following options.
****
| Choose one way to manage your administrator | To | By | You can also |
| --- | --- | --- | --- |
| In IAM Identity Center (Recommended) | Use short-term credentials to access AWS.This aligns with the security best practices. For information about best practices, see [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the *IAM User Guide*. | Following the instructions in [Getting started](https://docs.aws.amazon.com//singlesignon/latest/userguide/getting-started.html) in the AWS IAM Identity Center User Guide. | Configure programmatic access by [Configuring the AWS CLI to use AWS IAM Identity Center](https://docs.aws.amazon.com//cli/latest/userguide/cli-configure-sso.html) in the AWS Command Line Interface User Guide. |
| In IAM (Not recommended) | Use long-term credentials to access AWS. | Following the instructions in [ Create an IAM user for emergency access](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started-emergency-iam-user.html) in the IAM User Guide. | Configure programmatic access by [Manage access keys for IAM users](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_credentials_access-keys.html) in the IAM User Guide. |
## Step 3: Create an access key ID and secret access key
For CLI access, you need an access key ID and a secret access key. Use temporary credentials instead of long-term access keys when possible. Temporary credentials include an access key ID, a secret access key, and a security token that indicates when the credentials expire. For more information, see [ Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the *IAM User Guide*.
Users need programmatic access if they want to interact with AWS outside of the AWS Management Console. The way to grant programmatic access depends on the type of user that's accessing AWS.
To grant users programmatic access, choose one of the following options.
****
| Which user needs programmatic access? | To | By |
| --- | --- | --- |
| IAM | (Recommended) Use console credentials as temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions for the interface that you want to use. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/prerequisites.html) |
| Workforce identity (Users managed in IAM Identity Center) | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions for the interface that you want to use. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/prerequisites.html) |
| IAM | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions in [Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the IAM User Guide. |
| IAM | (Not recommended)Use long-term credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions for the interface that you want to use. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/prerequisites.html) |
## Step 4: Install the AWS CLI
The AWS CLI is an open source tool that enables you to interact with AWS services using commands in your command-line shell. The AWS SAM CLI requires the AWS CLI for activities such as configuring credentials. To learn more about the AWS CLI, see [What is the AWS Command Line Interface?](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html) in the *AWS Command Line Interface User Guide*.
To install the AWS CLI, see [ Installing or updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) in the *AWS Command Line Interface User Guide*.
## Step 5: Use the AWS CLI to configure AWS credentials
**To configure credentials with IAM Identity Center**
+ To configure credentials with IAM Identity Center, see [Configure your profile with the AWS configure sso wizard](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html#cli-configure-sso-configure).
**To configure credentials with the AWS CLI**
1. Run the `aws configure` command from the command line.
1. Configure the following. Select each link to learn more:
1. [ Access key ID](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds)
1. [ Secret access key](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds)
1. [AWS Region](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-region)
1. [ Output format](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-format)
The following example shows sample values.
```
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json
```
The AWS CLI stores this information in a *profile* (a collection of settings) named `default` in the `credentials` and `config` files. These files are located in the `.aws` file in your home directory. By default, the information in this profile is used when you run an AWS CLI command that doesn't explicitly specify a profile to use. For more information on the `credentials` file, see [ Configuration and credential file settings](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) in the *AWS Command Line Interface User Guide*.
For more information on configuring credentials, such as using an existing configuration and credentials file, see [Quick setup](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html) in the *AWS Command Line Interface User Guide*.
## Step 6: (Optional) Install AWS Toolkit for VS Code
For developers who prefer an integrated development environment, the AWS Toolkit for VS Code provides powerful features for serverless development including visual debugging, CodeLens integration, and streamlined deployment workflows.
**Prerequisites for VS Code development**
+ Visual Studio Code (version 1.73.0 or a later version) installed on your system
+ YAML language support extension for VS Code
**To install the AWS Toolkit for VS Code**
1. Open Visual Studio Code
1. Open the Extensions view (Ctrl\$1Shift\$1X or Cmd\$1Shift\$1X)
1. Search for "AWS Toolkit"
1. Install the "AWS Toolkit" extension by Amazon Web Services
1. Install the "YAML" extension by Red Hat (required for SAM template CodeLens features)
**Benefits of using VS Code with AWS SAM**
+ Visual debugging: Set breakpoints and step through your Lambda functions locally
+ CodeLens integration: Build, deploy, and invoke functions directly from your SAM template
+ Integrated terminal: Access AWS SAM AWS CLI commands without leaving your editor
+ Template validation: Real-time validation and IntelliSense for SAM templates
For information about configuring your AWS credentials in VS Code, see [ Setting up credentials](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/setup-credentials.html) in the AWS Toolkit for VS Code User Guide.
## Next steps
+ You are now ready to install the AWS SAM CLI and start using AWS SAM. To install the AWS SAM CLI, see [Install the AWS SAM CLI](install-sam-cli.md).
+ To set up Visual Studio Code for serverless development, see [Setting up the AWS Toolkit for VS Code](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/setting-up.html).
# Install the AWS SAM CLI
Install the latest release of the AWS Serverless Application Model Command Line Interface (AWS SAM CLI) on supported operating systems by following instructions in [Step 4: Install the AWS CLI](prerequisites.md#prerequisites-install-cli).
For information on managing a currently installed version of the AWS SAM CLI, including how to upgrade, uninstall, or manage nightly builds, see [Managing AWS SAM CLI versions](manage-sam-cli-versions.md).
**Is this your first time installing the AWS SAM CLI?**
Complete all [prerequisites](prerequisites.md) in the previous section before moving forward. This includes:
Signing up for an AWS account.
Setting up secure access to AWS.
Creating an access key ID and secret access key.
Installing the AWS CLI.
Configuring AWS credentials.
**Topics**
+ [
## Installing the AWS SAM CLI
](#install-sam-cli-instructions)
+ [
## Troubleshooting installation errors
](#sam-cli-troubleshoot-install)
+ [
## Next steps
](#install-sam-cli-next-steps)
+ [
# Optional: Verify the integrity of the AWS SAM CLI installer
](reference-sam-cli-install-verify.md)
## Installing the AWS SAM CLI
**Note**
Starting September 2023, AWS will no longer maintain the AWS managed Homebrew installer for the AWS SAM CLI (`aws/tap/aws-sam-cli`). If you use Homebrew to install and manage the AWS SAM CLI, see the following options:
To continue using Homebrew, you can use the community managed installer. For more information, see [Managing the AWS SAM CLI with Homebrew](manage-sam-cli-versions.md#manage-sam-cli-versions-homebrew).
We recommend using one of the first party installation methods that are documented on this page. Before using one of these methods, see [Switch from Homebrew](manage-sam-cli-versions.md#manage-sam-cli-versions-switch).
For additional details, refer to [Release version: 1.121.0](https://github.com/aws/aws-sam-cli/releases).
To install the AWS SAM CLI, follow the instructions for your operating system.
### Linux
------
#### [ x86\$164 - command line installer ]
1. Download the [AWS SAM CLI .zip file](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip) to a directory of your choice.
1. **(Optional)** You can verify the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md).
1. Unzip the installation files into a directory of your choice. The following is an example, using the `sam-installation` subdirectory.
**Note**
If your operating system doesn't have the built-in **unzip** command, use an equivalent.
```
$ unzip aws-sam-cli-linux-x86_64.zip -d sam-installation
```
1. Install the AWS SAM CLI by running the `install` executable. This executable is located in the directory used in the previous step. The following is an example, using the `sam-installation` subdirectory:
```
$ sudo ./sam-installation/install
```
1. Verify the installation.
```
$ sam --version
```
To confirm a successful installation, you should see an output that replaces the following bracketed text with the latest available version:
```
SAM CLI,
```
------
#### [ arm64 - command line installer ]
1. Download the [AWS SAM CLI .zip file](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip) to a directory of your choice.
1. **(Optional)** You can verify the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md).
1. Unzip the installation files into a directory of your choice. The following is an example, using the `sam-installation` subdirectory.
**Note**
If your operating system doesn't have the built-in **unzip** command, use an equivalent.
```
$ unzip aws-sam-cli-linux-arm64.zip -d sam-installation
```
1. Install the AWS SAM CLI by running the `install` executable. This executable is located in the directory used in the previous step. The following is an example, using the `sam-installation` subdirectory:
```
$ sudo ./sam-installation/install
```
1. Verify the installation.
```
$ sam --version
```
To confirm a successful installation, you should see an output like the following but that replaces the bracketed text with the latest SAM CLI version:
```
SAM CLI,
```
------
### macOS
#### Installation steps
Use the package installer to install the AWS SAM CLI. Additionally, the package installer has two installation methods that you can choose from: **GUI** and **Command line**. You can install for **all users** or just your **current user**. To install for all users, superuser authorization is required.
**Note**
AWS SAM CLI doesn't support MacOS versions older than MacOS 13.x. Upgrade to a supported version of MacOS or install AWS SAM CLI with Homebrew.
------
#### [ GUI - All users ]
**To download the package installer and install the AWS SAM CLI**
**Note**
If you previously installed the AWS SAM CLI through Homebrew or pip, you need to uninstall it first. For instructions, see [Uninstalling the AWS SAM CLI](manage-sam-cli-versions.md#manage-sam-cli-versions-uninstall).
1. Download the macOS `pkg` to a directory of your choice:
+ **For Macs running Intel processors, choose x86\$164** – [ aws-sam-cli-macos-x86\$164.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-x86_64.pkg)
+ **For Macs running Apple silicon, choose arm64** – [ aws-sam-cli-macos-arm64.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-arm64.pkg)
**Note**
You have the option of verifying the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md).
1. Run your downloaded file and follow the on-screen instructions to continue through the **Introduction**, **Read Me**, and **License** steps.
1. For **Destination Select**, select **Install for all users of this computer**.
1. For **Installation Type**, choose where the AWS SAM CLI will be installed and press **Install**. The recommended default location is `/usr/local/aws-sam-cli`.
**Note**
To invoke the AWS SAM CLI with the **sam** command, the installer automatically creates a symlink between `/usr/local/bin/sam` and either `/usr/local/aws-sam-cli/sam` or the installation folder you chose.
1. The AWS SAM CLI will install and **The installation was successful** message will display. Press **Close**.
**To verify a successful installation**
+ Verify that the AWS SAM CLI has properly installed and that your symlink is configured by running:
```
$ which sam
/usr/local/bin/sam
$ sam --version
SAM CLI,
```
------
#### [ GUI - Current user ]
**To download and install the AWS SAM CLI**
**Note**
If you previously installed the AWS SAM CLI through Homebrew or pip, you need to uninstall it first. For instructions, see [Uninstalling the AWS SAM CLI](manage-sam-cli-versions.md#manage-sam-cli-versions-uninstall).
1. Download the macOS `pkg` to a directory of your choice:
+ **For Macs running Intel processors, choose x86\$164** – [ aws-sam-cli-macos-x86\$164.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-x86_64.pkg)
+ **For Macs running Apple silicon, choose arm64** – [ aws-sam-cli-macos-arm64.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-arm64.pkg)
**Note**
You have the option of verifying the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md).
1. Run your downloaded file and follow the on-screen instructions to continue through the **Introduction**, **Read Me**, and **License** steps.
1. For **Destination Select**, select **Install for me only**. If you don't see this option, go to the next step.
1. For **Installation Type**, do the following:
1. Choose where the AWS SAM CLI will be installed. The default location is `/usr/local/aws-sam-cli`. Select a location that you have write permissions for. To change the installation location, select **local** and choose your location. Press **Continue** when done.
1. If you didn't get the option to choose **Install for me only** in the previous step, select **Change Install Location** > **Install for me only** and press **Continue**.
1. Press **Install**.
1. The AWS SAM CLI will install and **The installation was successful** message will display. Press **Close**.
**To create a symlink**
+ To invoke the AWS SAM CLI with the **sam** command, you must manually create a symlink between the AWS SAM CLI program and your `$PATH`. Create your symlink by modifying and running the following command:
```
$ sudo ln -s /path-to/aws-sam-cli/sam /path-to-symlink-directory/sam
```
+ *sudo* – If your user has write permissions to `$PATH`, **sudo** is not required. Otherwise, **sudo** is required.
+ *path-to* – Path to where you installed the AWS SAM CLI program. For example, `/Users/myUser/Desktop`.
+ *path-to-symlink-directory* – Your `$PATH` environment variable. The default location is `/usr/local/bin`.
**To verify a successful installation**
+ Verify that the AWS SAM CLI has properly installed and that your symlink is configured by running:
```
$ which sam
/usr/local/bin/sam
$ sam --version
SAM CLI,
```
------
#### [ Command line - All users ]
**To download and install the AWS SAM CLI**
**Note**
If you previously installed the AWS SAM CLI through Homebrew or pip, you need to uninstall it first. For instructions, see [Uninstalling the AWS SAM CLI](manage-sam-cli-versions.md#manage-sam-cli-versions-uninstall).
1. Download the macOS `pkg` to a directory of your choice:
+ **For Macs running Intel processors, choose x86\$164** – [ aws-sam-cli-macos-x86\$164.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-x86_64.pkg)
+ **For Macs running Apple silicon, choose arm64** – [ aws-sam-cli-macos-arm64.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-arm64.pkg)
**Note**
You have the option of verifying the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md).
1. Modify and run the installation script:
```
$ sudo installer -pkg path-to-pkg-installer/name-of-pkg-installer -target /
installer: Package name is AWS SAM CLI
installer: Upgrading at base path /
installer: The upgrade was successful.
```
**Note**
To invoke the AWS SAM CLI with the **sam** command, the installer automatically creates a symlink between `/usr/local/bin/sam` and `/usr/local/aws-sam-cli/sam`.
**To verify a successful installation**
+ Verify that the AWS SAM CLI has properly installed and that your symlink is configured by running:
```
$ which sam
/usr/local/bin/sam
$ sam --version
SAM CLI,
```
------
#### [ Command line - Current user ]
**To download and install the AWS SAM CLI**
**Note**
If you previously installed the AWS SAM CLI through Homebrew or pip, you need to uninstall it first. For instructions, see [Uninstalling the AWS SAM CLI](manage-sam-cli-versions.md#manage-sam-cli-versions-uninstall).
1. Download the macOS `pkg` to a directory of your choice:
+ **For Macs running Intel processors, choose x86\$164** – [ aws-sam-cli-macos-x86\$164.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-x86_64.pkg)
+ **For Macs running Apple silicon, choose arm64** – [ aws-sam-cli-macos-arm64.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-arm64.pkg)
**Note**
You have the option of verifying the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md).
1. Determine an installation directory that you have write permissions to. Then, create an `xml` file using the template and modify it to reflect your installation directory. The directory must already exist.
For example, if you replace *path-to-my-directory* with `/Users/myUser/Desktop`, the `aws-sam-cli` program folder will be installed there.
```
choiceAttribute
customLocation
attributeSetting
path-to-my-directory
choiceIdentifier
default
```
1. Save the `xml` file and verify that its valid by running the following:
```
$ installer -pkg path-to-pkg-installer \
-target CurrentUserHomeDirectory \
-showChoicesAfterApplyingChangesXML path-to-your-xml-file
```
The output should display the preferences that will be applied to the AWS SAM CLI program.
1. Run the following to install the AWS SAM CLI:
```
$ installer -pkg path-to-pkg-installer \
-target CurrentUserHomeDirectory \
-applyChoiceChangesXML path-to-your-xml-file
# Example output
installer: Package name is AWS SAM CLI
installer: choices changes file 'path-to-your-xml-file' applied
installer: Upgrading at base path base-path-of-xml-file
installer: The upgrade was successful.
```
**To create a symlink**
+ To invoke the AWS SAM CLI with the **sam** command, you must manually create a symlink between the AWS SAM CLI program and your `$PATH`. Create your symlink by modifying and running the following command:
```
$ sudo ln -s /path-to/aws-sam-cli/sam /path-to-symlink-directory/sam
```
+ *sudo* – If your user has write permissions to `$PATH`, **sudo** is not required. Otherwise, **sudo** is required.
+ *path-to* – Path to where you installed the AWS SAM CLI program. For example, `/Users/myUser/Desktop`.
+ *path-to-symlink-directory* – Your `$PATH` environment variable. The default location is `/usr/local/bin`.
**To verify a successful installation**
+ Verify that the AWS SAM CLI has properly installed and that your symlink is configured by running:
```
$ which sam
/usr/local/bin/sam
$ sam --version
SAM CLI,
```
------
### Windows
Windows Installer (MSI) files are the package installer files for the Windows operating system.
Follow these steps to install the AWS SAM CLI using the MSI file.
1. Download the AWS SAM CLI [64-bit](https://github.com/aws/aws-sam-cli/releases/latest/download/AWS_SAM_CLI_64_PY3.msi).
1. **(Optional)** You can verify the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md).
1. Verify the installation.
After completing the installation, verify it by opening a new command prompt or PowerShell prompt. You should be able to invoke `sam` from the command line.
```
sam --version
```
After successful installation of the AWS SAM CLI, you should see output like the following:
```
SAM CLI,
```
1. Enable long paths (Windows 10 and newer only).
**Important**
The AWS SAM CLI might interact with filepaths that exceed the Windows max path limitation. This may cause errors when running `sam init` due to Windows 10 **MAX\$1PATH** limitations. To resolve this issue, the new long paths behavior must be configured.
To enable long paths, see [Enable Long Paths in Windows 10, Version 1607, and Later](https://learn.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=powershell#enable-long-paths-in-windows-10-version-1607-and-later) in the *Microsoft Windows App Development Documentation*.
1. Install Git.
To download sample applications using the `sam init` command, you must also install Git. For instructions, see [Installing Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git).
## Troubleshooting installation errors
### Linux
#### Docker error: "Cannot connect to the Docker daemon. Is the docker daemon running on this host?"
In some cases, to provide permissions for the `ec2-user` to access the Docker daemon, you might have to reboot your instance. If you receive this error, try rebooting your instance.
#### Shell error: "command not found"
If you receive this error, your shell can't locate the AWS SAM CLI executable in the path. Verify the location of the directory where you installed the AWS SAM CLI executable, and then verify that the directory is on your path.
#### AWS SAM CLI error: "/lib64/libc.so.6: version `GLIBC\$12.14' not found (required by /usr/local/aws-sam-cli/dist/libz.so.1)"
If you receive this error, you're using an unsupported version of Linux, and the built-in glibc version is out of date. Try either of the following:
+ Upgrade your Linux host to the 64-bit version of a recent distribution of CentOS, Fedora, Ubuntu, or Amazon Linux 2.
+ Follow the instructions for [Install the AWS SAM CLI](#install-sam-cli).
### macOS
#### The installation failed
![\[Image of the AWS SAM CLI installer showing an installation failed message\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/images/sam-cli-troubleshoot-install-macos-install-failed.jpg)
If you are installing the AWS SAM CLI for your user and selected an installation directory that you don’t have write permissions for, this error could occur. Try either of the following:
1. Select a different installation directory that you have write permissions for.
1. Delete the installer. Then, download and run it again.
## Next steps
To learn more about the AWS SAM CLI and to begin building your own serverless applications, see the following:
+ [Tutorial: Deploy a Hello World application with AWS SAM](serverless-getting-started-hello-world.md) – Step-by-step instructions to download, build, and deploy a basic serverless application.
+ [The Complete AWS SAM Workshop](https://catalog.workshops.aws/complete-aws-sam/en-US) – A workshop designed to teach you many of the major features that AWS SAM provides.
+ [AWS SAM example applications and patterns](https://serverlessland.com/patterns?framework=AWS+SAM) – Sample applications and patterns from community authors that you can further experiment with.
# Optional: Verify the integrity of the AWS SAM CLI installer
When installing the AWS Serverless Application Model Command Line Interface (AWS SAM CLI) using a package installer, you can verify its integrity before installation. This is an optional, but highly recommended step.
The two options of verification available to you are:
+ Verify the package installer signature file.
+ Verify the package installer hash value.
When available for your platform, we recommend verifying the signature file option. This option offers an extra layer of security since the key values are published here and managed separately from our GitHub repository.
**Topics**
+ [
## Verify the installer signature file
](#reference-sam-cli-install-verify-signature)
+ [
## Verify the hash value
](#reference-sam-cli-install-verify-hash)
## Verify the installer signature file
### Linux
#### arm64 - command line installer
AWS SAM uses [GnuPG](https://www.gnupg.org/) to sign the AWS SAM CLI .zip installer. Verification is performed in the following steps:
1. Use the primary public key to verify the signer public key.
1. Use the signer public key to verify the AWS SAM CLI package installer.
**To verify the integrity of the signer public key**
1. Copy the primary public key and save it to your local machine as a `.txt` file. For example, *`primary-public-key.txt`*.
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQINBGRuSzMBEADsqiwOy78w7F4+sshaMFRIwRGNRm94p5Qey2KMZBxekFtoryVD
D9jEOnvupx4tvhfBHz5EcUHCEOdl4MTqdBy6vVAshozgxVb9RE8JpECn5lw7XC69
4Y7Gy1TKKQMEWtDXElkGxIFdUWvWjSnPlzfnoXwQYGeE93CUS3h5dImP22Yk1Ct6
eGGhlcbg1X4L8EpFMj7GvcsU8f7ziVI/PyC1Xwy39Q8/I67ip5eU5ddxO/xHqrbL
YC7+8pJPbRMej2twT2LrcpWWYAbprMtRoa6WfE0/thoo3xhHpIMHdPfAA86ZNGIN
kRLjGUg7jnPTRW4Oin3pCc8nT4Tfc1QERkHm641gTC/jUvpmQsM6h/FUVP2i5iE/
JHpJcMuL2Mg6zDo3x+3gTCf+Wqz3rZzxB+wQT3yryZs6efcQy7nROiRxYBxCSXX0
2cNYzsYLb/bYaW8yqWIHD5IqKhw269gp2E5Khs60zgS3CorMb5/xHgXjUCVgcu8a
a8ncdf9fjl3WS5p0ohetPbO2ZjWv+MaqrZOmUIgKbA4RpWZ/fU97P5BW9ylwmIDB
sWy0cMxg8MlvSdLytPieogaM0qMg3u5qXRGBr6Wmevkty0qgnmpGGc5zPiUbtOE8
CnFFqyxBpj5IOnG0KZGVihvn+iRxrv6GO7WWO92+Dc6m94U0EEiBR7QiOwARAQAB
tDRBV1MgU0FNIENMSSBQcmltYXJ5IDxhd3Mtc2FtLWNsaS1wcmltYXJ5QGFtYXpv
bi5jb20+iQI/BBMBCQApBQJkbkszAhsvBQkHhM4ABwsJCAcDAgEGFQgCCQoLBBYC
AwECHgECF4AACgkQQv1fenOtiFqTuhAAzi5+ju5UVOWqHKevOJSO08T4QB8HcqAE
SVO3mY6/j29knkcL8ubZP/DbpV7QpHPI2PB5qSXsiDTP3IYPbeY78zHSDjljaIK3
njJLMScFeGPyfPpwMsuY4nzrRIgAtXShPA8N/k4ZJcafnpNqKj7QnPxiC1KaIQWm
pOtvb8msUF3/s0UTa5Ys/lNRhVC0eGg32ogXGdojZA2kHZWdm9udLo4CDrDcrQT7
NtDcJASapXSQL63XfAS3snEc4e1941YxcjfYZ33rel8K9juyDZfi1slWR/L3AviI
QFIaqSHzyOtP1oinUkoVwL8ThevKD3Ag9CZflZLzNCV7yqlF8RlhEZ4zcE/3s9El
WzCFsozb5HfE1AZonmrDh3SyOEIBMcS6vG5dWnvJrAuSYv2rX38++K5Pr/MIAfOX
DOI1rtA+XDsHNv9lSwSy0lt+iClawZANO9IXCiN1rOYcVQlwzDFwCNWDgkwdOqS0
gOA2f8NF9lE5nBbeEuYquoOl1Vy8+ICbgOFs9LoWZlnVh7/RyY6ssowiU9vGUnHI
L8f9jqRspIz/Fm3JD86ntZxLVGkeZUz62FqErdohYfkFIVcv7GONTEyrz5HLlnpv
FJ0MR0HjrMrZrnOVZnwBKhpbLocTsH+3t5It4ReYEX0f1DIOL/KRwPvjMvBVkXY5
hblRVDQoOWc=
=d9oG
-----END PGP PUBLIC KEY BLOCK-----
```
1. Import the primary public key to your keyring.
```
$ gpg --import primary-public-key.txt
gpg: directory `/home/.../.gnupg' created
gpg: new configuration file `/home/.../.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/.../.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/.../.gnupg/secring.gpg' created
gpg: keyring `/home/.../.gnupg/pubring.gpg' created
gpg: /home/.../.gnupg/trustdb.gpg: trustdb created
gpg: key 73AD885A: public key "AWS SAM CLI Primary " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
```
1. Copy the signer public key and save it to your local machine as a `.txt` file. For example, *`signer-public-key.txt`*.
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQINBGgrxIgBEADGCTudveeeVbWpZDGX9Ni57mBRMVSJwQJ6F/PC34jw0DozxTtd
H+ZPsXLvLwerN/DVXbK8E1qNZ5RGptak8j7MPz+MC3n4txibEJpB61vpjJJM+9cC
7whaMLDT/SbykHYXdrnHqa8KsUJl7rPLJcaRN722NSxvYVMIOA9ffVXV7cfEyZi5
MbYF2Gc9LNbKaknImIva7EKeeh2/wI6YCqC5yytyfWU5dL6oHXsgTnFL9mhziMxv
WhyzawyJG6EJZsJ3WLlbIKApN6XZSXyCxOvlBrebYZjD5v0nA+TJaQ7is8atjtOI
DGe0AViw7kO8ChTpjA7YG/Uu7n/Fy7qLF/3Nz0b6cBNjemjBazQ3A3KNCpi5hqFM
Uo1WpoVLr5CXQnc0B3fBUnTIoxi0Sk5MKjH9AbYxfgqEX0ZJB9hAlc6LIEy0Yru6
MMBrIHE86IMl1NfE/DeLnCdPG23+1PttwyOt3+9z5QwmPe3VPpEfCySPcdxHKZSP
rLile8qDznEvlPDvQ0qkBxdMtVa2yct5VJkdqy6UrN2xa0dpspHjRUjHh/EY/xMt
fwMUjOKohaZ/1pjotCcksAsZWUxCNcFvLYxuxeytVk4F09Es1hj4ihhLUI+43/ic
3DHSEiext7Q8/UccNArkhSCT7UOvvL7QTuP+pjYTyiC8Vx6g/Y5Ht5+qywARAQAB
tDBBV1MgU0FNIENMSSBUZWFtIDxhd3Mtc2FtLWNsaS1zaWduZXJAYW1hem9uLmNv
bT6JAj8EEwEJACkFAmgrxIgCGy8FCQPCZwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
AQIXgAAKCRBAlKuxvt/atJo6EAC/5C8uJs76W5f5V5XNAMzwBFiZuYpop3DRReCo
P68ZZylokAC9ShRZnIOujpDJtlNS7T/G00BzmcpspkYYE531ALaXcHWmb9XV0Ajg
J8iboAVBLY0C7mhL/cbJ3v9QlpXXjyTuhexkJCV8rdHVX/0H8WqTZplEaRuZ7p8q
PMxddg4ClwstYuH3O/dmNdlGqfb4Fqy8MnV1yGSXRs5Jf+sDlN2UO4mbpyk/mr1c
f/jFxmx86IkCWJVvdXWCVTe2AFy3NHCdLtdnEvFhokCOQd9wibUWX0j9vq4cVRZT
qamnpAQaOlH3lXOwrjqo8b1AIPoRWSfMtCYvh6kA8MAJv4cAznzXILSLtOE0mzaU
qp5qoy37wNIjeztX6c/q4wss05qTlJhnNu4s3nh5VHultooaYpmDxp+ala5TWeuM
KZDI4KdAGF4z0Raif+N53ndOYIiXkY0goUbsPCnVrCwoK9PjjyoJncq7c14wNl5O
IQUZEjyYAQDGZqs5XSfY4zW2cCXatrfozKF7R1kSU14DfJwPUyksoNAQEQezfXyq
kr0gfIWK1r2nMdqS7WgSx/ypS5kdyrHuPZdaYfEVtuezpoT2lQQxOSZqqlp5hI4R
nqmPte53WXJhbC0tgTIJWn+Uy/d5Q/aSIfD6o8gNLS1BDs1j1ku0XKu1sFCHUcZG
aerdsIkCHAQQAQkABgUCaCvFeAAKCRBC/V96c62IWt3/D/9gOLzWtz62lqJRCsri
wcA/yz88ayKb/GUv3FCT5Nd9JZt8y1tW+AE3SPTdcpfZmt5UN2sRzljO61mpKJzp
eBvYQ9og/34ZrRQqeg8bz02u34LKYl1gD0xY0bWtB7TGIxIZZYqZECoPR0Dp6ZzB
abzkRSsJkEk0vbZzJhfWFYs98qfp/G0suFSBE79O8Am33DB2jQ/Sollh1VmNE6Sv
EOgR6+2yEkS2D0+msJMa/V82v9gBTPnxSlNV1d8Dduvt9rbM3LoxiNXUgx/s52yY
U6H3bwUcQ3UY6uRe1UWo5QnMFcDwfg43+q5rmjB4xQyX/BaQyF5K0hZyG+42/pH1
EMwl8qN617FTxo3hvQUi/cBahlhQ8EVYsGnHDVxLCisbq5iZvp7+XtmMy1Q417gT
EQRo8feJh31elGWlccVR2pZgIm1PQ69dzzseHnnKkGhifik0bDGo5/IH2EgI1KFn
SG399RMU/qRzOPLVP3i+zSJmhMqG8cnZaUwE5V4P21vQSclhhd2Hv/C4SVKNqA2i
+oZbHj2vAkuzTTL075AoANebEjPGqwsKZi5mWUE5Pa931JeiXxWZlEB7rkgQ1PAB
fsDBhYLt4MxCWAhifLMA6uQ4BhXu2RuXOqNfSbqa8jVF6DB6cD8eAHGpPKfJOl30
LtZnq+n4SfeNbZjD2FQWZR4CrA==
=lHfs
-----END PGP PUBLIC KEY BLOCK-----
```
1. Import the signer public key to your keyring.
```
$ gpg --import signer-public-key.txt
gpg: key 4094ABB1BEDFDAB4: public key "AWS SAM CLI Team " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
```
Take note of the key value from the output. For example, *`4094ABB1BEDFDAB4`*.
1. Use the key value to obtain and verify the signer public key fingerprint.
```
$ gpg --fingerprint 4094ABB1BEDFDAB4
pub rsa4096 2025-05-19 [SCEA] [expires: 2027-05-19]
EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4
uid [ unknown] AWS SAM CLI Team
```
The fingerprint should match the following:
```
EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4
```
If the fingerprint string doesn’t match, do not use the AWS SAM CLI installer. Escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository*.
1. Verify the signatures of the signer public key:
```
$ gpg --check-sigs 4094ABB1BEDFDAB4
pub rsa4096 2025-05-19 [SCEA] [expires: 2027-05-19]
EF463E86CA31933BB688CC1A4094ABB1BEDFDAB4
uid [ unknown] AWS SAM CLI Team
sig!3 4094ABB1BEDFDAB4 2025-05-19 [self-signature]
sig! 42FD5F7A73AD885A 2025-05-19 AWS SAM CLI Primary
```
If you see `1 signature not checked due to a missing key`, repeat the previous steps to import the primary and signer public keys to your keyring.
You should see the key values for both the primary public key and signer public key listed.
Now that you have verified the integrity of the signer public key, you can use the signer public key to verify the AWS SAM CLI package installer.
**To verify the integrity of the AWS SAM CLI package installer**
1. **Obtain the AWS SAM CLI package signature file** – Download the signature file for the AWS SAM CLI package installer by using the following command:
```
$ wget https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip.sig
```
1. **Verify the signature file** – Pass both the downloaded `.sig` and `.zip` files as parameters to the `gpg` command. The following is an example:
```
$ gpg --verify aws-sam-cli-linux-arm64.zip.sig aws-sam-cli-linux-arm64.zip
```
The output should look similar to the following:
```
gpg: Signature made Mon 19 May 2025 01:21:57 AM UTC using RSA key ID 4094ABB1BEDFDAB4
gpg: Good signature from "AWS SAM CLI Team "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4
```
+ The `WARNING: This key is not certified with a trusted signature!` message can be ignored. It occurs because there isn’t a chain of trust between your personal PGP key (if you have one) and the AWS SAM CLI PGP key. For more information, see [ Web of trust](https://en.wikipedia.org/wiki/Web_of_trust).
+ If the output contains the phrase `BAD signature`, check that you performed the procedure correctly. If you continue to get this response, escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository* and avoid using the downloaded file.
The `Good signature from "AWS SAM CLI Team "` message means that the signature is verified and you can move forward with installation.
#### x86\$164 - command line installer
AWS SAM uses [GnuPG](https://www.gnupg.org/) to sign the AWS SAM CLI .zip installer. Verification is performed in the following steps:
1. Use the primary public key to verify the signer public key.
1. Use the signer public key to verify the AWS SAM CLI package installer.
**To verify the integrity of the signer public key**
1. Copy the primary public key and save it to your local machine as a `.txt` file. For example, *`primary-public-key.txt`*.
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQINBGRuSzMBEADsqiwOy78w7F4+sshaMFRIwRGNRm94p5Qey2KMZBxekFtoryVD
D9jEOnvupx4tvhfBHz5EcUHCEOdl4MTqdBy6vVAshozgxVb9RE8JpECn5lw7XC69
4Y7Gy1TKKQMEWtDXElkGxIFdUWvWjSnPlzfnoXwQYGeE93CUS3h5dImP22Yk1Ct6
eGGhlcbg1X4L8EpFMj7GvcsU8f7ziVI/PyC1Xwy39Q8/I67ip5eU5ddxO/xHqrbL
YC7+8pJPbRMej2twT2LrcpWWYAbprMtRoa6WfE0/thoo3xhHpIMHdPfAA86ZNGIN
kRLjGUg7jnPTRW4Oin3pCc8nT4Tfc1QERkHm641gTC/jUvpmQsM6h/FUVP2i5iE/
JHpJcMuL2Mg6zDo3x+3gTCf+Wqz3rZzxB+wQT3yryZs6efcQy7nROiRxYBxCSXX0
2cNYzsYLb/bYaW8yqWIHD5IqKhw269gp2E5Khs60zgS3CorMb5/xHgXjUCVgcu8a
a8ncdf9fjl3WS5p0ohetPbO2ZjWv+MaqrZOmUIgKbA4RpWZ/fU97P5BW9ylwmIDB
sWy0cMxg8MlvSdLytPieogaM0qMg3u5qXRGBr6Wmevkty0qgnmpGGc5zPiUbtOE8
CnFFqyxBpj5IOnG0KZGVihvn+iRxrv6GO7WWO92+Dc6m94U0EEiBR7QiOwARAQAB
tDRBV1MgU0FNIENMSSBQcmltYXJ5IDxhd3Mtc2FtLWNsaS1wcmltYXJ5QGFtYXpv
bi5jb20+iQI/BBMBCQApBQJkbkszAhsvBQkHhM4ABwsJCAcDAgEGFQgCCQoLBBYC
AwECHgECF4AACgkQQv1fenOtiFqTuhAAzi5+ju5UVOWqHKevOJSO08T4QB8HcqAE
SVO3mY6/j29knkcL8ubZP/DbpV7QpHPI2PB5qSXsiDTP3IYPbeY78zHSDjljaIK3
njJLMScFeGPyfPpwMsuY4nzrRIgAtXShPA8N/k4ZJcafnpNqKj7QnPxiC1KaIQWm
pOtvb8msUF3/s0UTa5Ys/lNRhVC0eGg32ogXGdojZA2kHZWdm9udLo4CDrDcrQT7
NtDcJASapXSQL63XfAS3snEc4e1941YxcjfYZ33rel8K9juyDZfi1slWR/L3AviI
QFIaqSHzyOtP1oinUkoVwL8ThevKD3Ag9CZflZLzNCV7yqlF8RlhEZ4zcE/3s9El
WzCFsozb5HfE1AZonmrDh3SyOEIBMcS6vG5dWnvJrAuSYv2rX38++K5Pr/MIAfOX
DOI1rtA+XDsHNv9lSwSy0lt+iClawZANO9IXCiN1rOYcVQlwzDFwCNWDgkwdOqS0
gOA2f8NF9lE5nBbeEuYquoOl1Vy8+ICbgOFs9LoWZlnVh7/RyY6ssowiU9vGUnHI
L8f9jqRspIz/Fm3JD86ntZxLVGkeZUz62FqErdohYfkFIVcv7GONTEyrz5HLlnpv
FJ0MR0HjrMrZrnOVZnwBKhpbLocTsH+3t5It4ReYEX0f1DIOL/KRwPvjMvBVkXY5
hblRVDQoOWc=
=d9oG
-----END PGP PUBLIC KEY BLOCK-----
```
1. Import the primary public key to your keyring.
```
$ gpg --import primary-public-key.txt
gpg: directory `/home/.../.gnupg' created
gpg: new configuration file `/home/.../.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/.../.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/.../.gnupg/secring.gpg' created
gpg: keyring `/home/.../.gnupg/pubring.gpg' created
gpg: /home/.../.gnupg/trustdb.gpg: trustdb created
gpg: key 73AD885A: public key "AWS SAM CLI Primary " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
```
1. Copy the signer public key and save it to your local machine as a `.txt` file. For example, *`signer-public-key.txt`*.
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQINBGgrxIgBEADGCTudveeeVbWpZDGX9Ni57mBRMVSJwQJ6F/PC34jw0DozxTtd
H+ZPsXLvLwerN/DVXbK8E1qNZ5RGptak8j7MPz+MC3n4txibEJpB61vpjJJM+9cC
7whaMLDT/SbykHYXdrnHqa8KsUJl7rPLJcaRN722NSxvYVMIOA9ffVXV7cfEyZi5
MbYF2Gc9LNbKaknImIva7EKeeh2/wI6YCqC5yytyfWU5dL6oHXsgTnFL9mhziMxv
WhyzawyJG6EJZsJ3WLlbIKApN6XZSXyCxOvlBrebYZjD5v0nA+TJaQ7is8atjtOI
DGe0AViw7kO8ChTpjA7YG/Uu7n/Fy7qLF/3Nz0b6cBNjemjBazQ3A3KNCpi5hqFM
Uo1WpoVLr5CXQnc0B3fBUnTIoxi0Sk5MKjH9AbYxfgqEX0ZJB9hAlc6LIEy0Yru6
MMBrIHE86IMl1NfE/DeLnCdPG23+1PttwyOt3+9z5QwmPe3VPpEfCySPcdxHKZSP
rLile8qDznEvlPDvQ0qkBxdMtVa2yct5VJkdqy6UrN2xa0dpspHjRUjHh/EY/xMt
fwMUjOKohaZ/1pjotCcksAsZWUxCNcFvLYxuxeytVk4F09Es1hj4ihhLUI+43/ic
3DHSEiext7Q8/UccNArkhSCT7UOvvL7QTuP+pjYTyiC8Vx6g/Y5Ht5+qywARAQAB
tDBBV1MgU0FNIENMSSBUZWFtIDxhd3Mtc2FtLWNsaS1zaWduZXJAYW1hem9uLmNv
bT6JAj8EEwEJACkFAmgrxIgCGy8FCQPCZwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
AQIXgAAKCRBAlKuxvt/atJo6EAC/5C8uJs76W5f5V5XNAMzwBFiZuYpop3DRReCo
P68ZZylokAC9ShRZnIOujpDJtlNS7T/G00BzmcpspkYYE531ALaXcHWmb9XV0Ajg
J8iboAVBLY0C7mhL/cbJ3v9QlpXXjyTuhexkJCV8rdHVX/0H8WqTZplEaRuZ7p8q
PMxddg4ClwstYuH3O/dmNdlGqfb4Fqy8MnV1yGSXRs5Jf+sDlN2UO4mbpyk/mr1c
f/jFxmx86IkCWJVvdXWCVTe2AFy3NHCdLtdnEvFhokCOQd9wibUWX0j9vq4cVRZT
qamnpAQaOlH3lXOwrjqo8b1AIPoRWSfMtCYvh6kA8MAJv4cAznzXILSLtOE0mzaU
qp5qoy37wNIjeztX6c/q4wss05qTlJhnNu4s3nh5VHultooaYpmDxp+ala5TWeuM
KZDI4KdAGF4z0Raif+N53ndOYIiXkY0goUbsPCnVrCwoK9PjjyoJncq7c14wNl5O
IQUZEjyYAQDGZqs5XSfY4zW2cCXatrfozKF7R1kSU14DfJwPUyksoNAQEQezfXyq
kr0gfIWK1r2nMdqS7WgSx/ypS5kdyrHuPZdaYfEVtuezpoT2lQQxOSZqqlp5hI4R
nqmPte53WXJhbC0tgTIJWn+Uy/d5Q/aSIfD6o8gNLS1BDs1j1ku0XKu1sFCHUcZG
aerdsIkCHAQQAQkABgUCaCvFeAAKCRBC/V96c62IWt3/D/9gOLzWtz62lqJRCsri
wcA/yz88ayKb/GUv3FCT5Nd9JZt8y1tW+AE3SPTdcpfZmt5UN2sRzljO61mpKJzp
eBvYQ9og/34ZrRQqeg8bz02u34LKYl1gD0xY0bWtB7TGIxIZZYqZECoPR0Dp6ZzB
abzkRSsJkEk0vbZzJhfWFYs98qfp/G0suFSBE79O8Am33DB2jQ/Sollh1VmNE6Sv
EOgR6+2yEkS2D0+msJMa/V82v9gBTPnxSlNV1d8Dduvt9rbM3LoxiNXUgx/s52yY
U6H3bwUcQ3UY6uRe1UWo5QnMFcDwfg43+q5rmjB4xQyX/BaQyF5K0hZyG+42/pH1
EMwl8qN617FTxo3hvQUi/cBahlhQ8EVYsGnHDVxLCisbq5iZvp7+XtmMy1Q417gT
EQRo8feJh31elGWlccVR2pZgIm1PQ69dzzseHnnKkGhifik0bDGo5/IH2EgI1KFn
SG399RMU/qRzOPLVP3i+zSJmhMqG8cnZaUwE5V4P21vQSclhhd2Hv/C4SVKNqA2i
+oZbHj2vAkuzTTL075AoANebEjPGqwsKZi5mWUE5Pa931JeiXxWZlEB7rkgQ1PAB
fsDBhYLt4MxCWAhifLMA6uQ4BhXu2RuXOqNfSbqa8jVF6DB6cD8eAHGpPKfJOl30
LtZnq+n4SfeNbZjD2FQWZR4CrA==
=lHfs
-----END PGP PUBLIC KEY BLOCK-----
```
1. Import the signer public key to your keyring.
```
$ gpg --import signer-public-key.txt
gpg: key 4094ABB1BEDFDAB4: public key "AWS SAM CLI Team " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
```
Take note of the key value from the output. For example, *`4094ABB1BEDFDAB4`*.
1. Use the key value to obtain and verify the signer public key fingerprint.
```
$ gpg --fingerprint 4094ABB1BEDFDAB4
pub rsa4096 2025-05-19 [SCEA] [expires: 2027-05-19]
EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4
uid [ unknown] AWS SAM CLI Team
```
The fingerprint should match the following:
```
EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4
```
If the fingerprint string doesn’t match, do not use the AWS SAM CLI installer. Escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository*.
1. Verify the signatures of the signer public key:
```
$ gpg --check-sigs 4094ABB1BEDFDAB4
pub rsa4096 2025-05-19 [SCEA] [expires: 2027-05-19]
EF463E86CA31933BB688CC1A4094ABB1BEDFDAB4
uid [ unknown] AWS SAM CLI Team
sig!3 4094ABB1BEDFDAB4 2025-05-19 [self-signature]
sig! 42FD5F7A73AD885A 2025-05-19 AWS SAM CLI Primary
```
If you see `1 signature not checked due to a missing key`, repeat the previous steps to import the primary and signer public keys to your keyring.
You should see the key values for both the primary public key and signer public key listed.
Now that you have verified the integrity of the signer public key, you can use the signer public key to verify the AWS SAM CLI package installer.
**To verify the integrity of the AWS SAM CLI package installer**
1. **Obtain the AWS SAM CLI package signature file** – Download the signature file for the AWS SAM CLI package installer by using the following command:
```
$ wget https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip.sig
```
1. **Verify the signature file** – Pass both the downloaded `.sig` and `.zip` files as parameters to the `gpg` command. The following is an example:
```
$ gpg --verify aws-sam-cli-linux-x86_64.zip.sig aws-sam-cli-linux-x86_64.zip
```
The output should look similar to the following:
```
gpg: Signature made Mon 19 May 2025 01:21:57 AM UTC using RSA key ID 4094ABB1BEDFDAB4
gpg: Good signature from "AWS SAM CLI Team "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4
```
+ The `WARNING: This key is not certified with a trusted signature!` message can be ignored. It occurs because there isn’t a chain of trust between your personal PGP key (if you have one) and the AWS SAM CLI PGP key. For more information, see [ Web of trust](https://en.wikipedia.org/wiki/Web_of_trust).
+ If the output contains the phrase `BAD signature`, check that you performed the procedure correctly. If you continue to get this response, escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository* and avoid using the downloaded file.
The `Good signature from "AWS SAM CLI Team "` message means that the signature is verified and you can move forward with installation.
### macOS
#### GUI and command line installer
You can verify the integrity of the AWS SAM CLI package installer signature file by using the `pkgutil` tool or manually.
**To verify using pkgutil**
1. Run the following command, providing the path to the downloaded installer on your local machine:
```
$ pkgutil --check-signature /path/to/aws-sam-cli-installer.pkg
```
The following is an example:
```
$ pkgutil --check-signature /Users/user/Downloads/aws-sam-cli-macos-arm64.pkg
```
1. From the output, locate the **SHA256 fingerprint** for **Developer ID Installer: AMZN Mobile LLC**. The following is an example:
```
Package "aws-sam-cli-macos-arm64.pkg":
Status: signed by a developer certificate issued by Apple for distribution
Notarization: trusted by the Apple notary service
Signed with a trusted timestamp on: 2026-01-28 07:39:16 +0000
Certificate Chain:
1. Developer ID Installer: AMZN Mobile LLC (94KV3E626L)
Expires: 2030-09-26 00:18:06 +0000
SHA256 Fingerprint:
5C 45 BE 63 FD 52 10 07 2D 66 56 77 5C A9 FF 25 91 6D 3F 01 F7 0E
9A 8A 05 F6 2D 62 B2 88 8D A9
------------------------------------------------------------------------
2. Developer ID Certification Authority
Expires: 2031-09-17 00:00:00 +0000
SHA256 Fingerprint:
F1 6C D3 C5 4C 7F 83 CE A4 BF 1A 3E 6A 08 19 C8 AA A8 E4 A1 52 8F
D1 44 71 5F 35 06 43 D2 DF 3A
------------------------------------------------------------------------
3. Apple Root CA
Expires: 2035-02-09 21:40:36 +0000
SHA256 Fingerprint:
B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
68 C5 BE 91 B5 A1 10 01 F0 24
```
1. The **Developer ID Installer: AMZN Mobile LLC SHA256 fingerprint** should match the following value:
```
5C 45 BE 63 FD 52 10 07 2D 66 56 77 5C A9 FF 25 91 6D 3F 01 F7 0E 9A 8A 05 F6 2D 62 B2 88 8D A9
```
If the fingerprint string doesn’t match, do not use the AWS SAM CLI installer. Escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository*. If the fingerprint string does match, you can move forward with using the package installer.
**To verify the package installer manually**
+ See [How to verify the authenticity of manually downloaded Apple software updates](https://support.apple.com/en-us/HT202369) at the *Apple support website*.
### Windows
The AWS SAM CLI installer is packaged as MSI files for the Windows operating system.
**To verify the integrity of the installer**
1. Right-click on the installer and open the **Properties** window.
1. Choose the **Digital Signatures** tab.
1. From the **Signature List**, choose **Amazon Web Services, Inc.**, and then choose **Details**.
1. Choose the **General** tab, if not already selected, and then choose **View Certificate**.
1. Choose the **Details** tab, and then choose **All** in the **Show** dropdown list, if not already selected.
1. Scroll down until you see the **Thumbprint** field and then choose **Thumbprint**. This displays the entire thumbprint value in the lower window.
1. Match the thumbprint value to the following value. If the value matches, move forward with installation. If not, escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository*.
```
cd62479397f09d72a04c7399a254b0a91da53d6c
```
## Verify the hash value
### Linux
#### x86\$164 - command line installer
Verify the integrity and authenticity of the downloaded installer files by generating a hash value using the following command:
```
$ sha256sum aws-sam-cli-linux-x86_64.zip
```
The output should look like the following example:
```
<64-character SHA256 hash value> aws-sam-cli-linux-x86_64.zip
```
Compare the 64-character SHA-256 hash value with the one for your desired AWS SAM CLI version in the [AWS SAM CLI release notes](https://github.com/aws/aws-sam-cli/releases/latest) on GitHub.
### macOS
#### GUI and command line installer
Verify the integrity and authenticity of the downloaded installer by generating a hash value using the following command:
```
$ shasum -a 256 path-to-pkg-installer/name-of-pkg-installer
# Examples
$ shasum -a 256 ~/Downloads/aws-sam-cli-macos-arm64.pkg
$ shasum -a 256 ~/Downloads/aws-sam-cli-macos-x86_64.pkg
```
Compare your 64-character SHA-256 hash value with the corresponding value in the [AWS SAM CLI release notes](https://github.com/aws/aws-sam-cli/releases/latest) GitHub repository.
# Tutorial: Deploy a Hello World application with AWS SAM
In this tutorial, you use the AWS Serverless Application Model Command Line Interface (AWS SAM CLI) to complete the following:
+ Initialize, build, and deploy a sample **Hello World** application.
+ Make local changes and sync to AWS CloudFormation.
+ Perform local testing on your development host.
+ Delete the sample application from the AWS Cloud.
The sample **Hello World** application implements a basic API backend. It consists of the following resources:
+ **Amazon API Gateway** – API endpoint that you will use to invoke your function.
+ **AWS Lambda** – Function that processes the HTTP API GET request and returns a `hello world` message.
+ **AWS Identity and Access Management (IAM) role** – Provisions permissions for the services to securely interact.
The following diagram shows the components of this application:
![\[A diagram of a Lambda function that's invoked when you send a GET request to the API Gateway endpoint.\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/images/gs-01.png)
**Topics**
+ [
## Prerequisites
](#serverless-getting-started-hello-world-prerequisites)
+ [
## Step 1: Initialize the sample Hello World application
](#serverless-getting-started-hello-world-init)
+ [
## Step 2: Build your application
](#serverless-getting-started-hello-world-build)
+ [
## Step 3: Deploy your application to the AWS Cloud
](#serverless-getting-started-hello-world-deploy)
+ [
## Step 4: Run your application
](#serverless-getting-started-hello-world-run)
+ [
## Step 5: Interact with your function in the AWS Cloud
](#serverless-getting-started-hello-world-remote-invoke)
+ [
## Step 6: Modify and sync your application to the AWS Cloud
](#serverless-getting-started-hello-world-sync)
+ [
## Step 7: (Optional) Test your application locally
](#serverless-getting-started-hello-world-test)
+ [
## Step 8: Delete your application from the AWS Cloud
](#serverless-getting-started-hello-world-delete)
+ [
## Troubleshooting
](#serverless-getting-started-hello-world-troubleshoot)
+ [
## Learn more
](#serverless-getting-started-hello-world-learn)
## Prerequisites
Verify that you have completed the following:
+ [AWS SAM prerequisites](prerequisites.md)
+ [Install the AWS SAM CLI](install-sam-cli.md)
**Note**
If you prefer using Visual Studio Code for serverless development, see [Creating serverless applications](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/sam-get-started.html#serverless-apps-create) in the AWS Toolkit for VS Code User Guide for step-by-step instructions using the VS Code interface.
## Step 1: Initialize the sample Hello World application
In this step, you will use the AWS SAM CLI to create a sample **Hello World** application project on your local machine.
**To initialize the sample Hello World application**
1. In your command line, run the following from a starting directory of your choice:
```
$ sam init
```
**Note**
This command initializes your serverless application and creates a project directory. The directory contains several files and folders, including the `template.yaml` file, which is your AWS SAM template.
The installed Python version must match the `Runtime` property specified in `template.yaml`. For production workloads, we recommend using Python 3.12 or earlier versions that are fully supported in AWS environments. If the Python versions don't match, you'll encounter build errors.
To resolve version compatibility issues:
Specify a compatible [runtime](sam-cli-command-reference-sam-init.md#sam-cli-command-reference-sam-init-options-runtime) during initialization: `sam init --runtime python3.9`
Modify the `Runtime` property in `template.yaml` after initialization
1. The AWS SAM CLI will guide you through initializing a new application. Configure the following:
1. Select **AWS Quick Start Templates** to choose a starting template.
1. Choose the **Hello World Example** template and download it.
1. Use the Python runtime and `zip` package type.
1. For this tutorial, opt out of AWS X-Ray tracing. To learn more, see [What is AWS X-Ray?](https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html) in the *AWS X-Ray Developer Guide*.
1. For this tutorial, opt out of monitoring with Amazon CloudWatch Application Insights. To learn more, see [ Amazon CloudWatch Application Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-application-insights.html) in the *Amazon CloudWatch User Guide*.
1. For this tutorial, opt out of setting Structured Logging in JSON format on your Lambda functions.
1. Name your application as **sam-app**.
To use the AWS SAM CLI interactive flow:
+ Brackets (`[ ]`) indicate default values. Leave your answer blank to select the default value.
+ Enter **`y`** for **yes**, and **`n`** for **no**.
The following is an example of the `sam init` interactive flow:
```
$ sam init
...
Which template source would you like to use?
1 - AWS Quick Start Templates
2 - Custom Template Location
Choice: 1
Choose an AWS Quick Start application template
1 - Hello World Example
2 - Data processing
3 - Hello World Example with Powertools for AWS Lambda
4 - Multi-step workflow
5 - Scheduled task
6 - Standalone function
7 - Serverless API
8 - Infrastructure event management
9 - Lambda Response Streaming
10 - GraphQLApi Hello World Example
11 - Full Stack
12 - Lambda EFS example
13 - Serverless Connector Hello World Example
14 - Multi-step workflow with Connectors
15 - DynamoDB Example
16 - Machine Learning
Template: 1
Use the most popular runtime and package type? (Python and zip) [y/N]: y
Would you like to enable X-Ray tracing on the function(s) in your application? [y/N]: ENTER
Would you like to enable monitoring using CloudWatch Application Insights?
For more info, please view https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-application-insights.html [y/N]: ENTER
Would you like to set Structured Logging in JSON format on your Lambda functions? [y/N]: ENTER
Project name [sam-app]: ENTER
```
1. The AWS SAM CLI downloads your starting template and creates the application project directory structure on your local machine. The following is an example of the AWS SAM CLI output:
```
Cloning from https://github.com/aws/aws-sam-cli-app-templates (process may take a moment)
-----------------------
Generating application:
-----------------------
Name: sam-app
Runtime: python3.9
Architectures: x86_64
Dependency Manager: pip
Application Template: hello-world
Output Directory: .
Configuration file: sam-app/samconfig.toml
Next steps can be found in the README file at sam-app/README.md
Commands you can use next
=========================
[*] Create pipeline: cd sam-app && sam pipeline init --bootstrap
[*] Validate SAM template: cd sam-app && sam validate
[*] Test Function in the Cloud: cd sam-app && sam sync --stack-name {stack-name} --watch
```
1. From your command line, move to the newly created `sam-app` directory. The following is an example of what the AWS SAM CLI has created:
**Note**
If `tree` command is not auto installed run this command: `brew install tree`
```
$ cd sam-app
$ tree
├── README.md
├── __init__.py
├── events
│ └── event.json
├── hello_world
│ ├── __init__.py
│ ├── app.py
│ └── requirements.txt
├── samconfig.toml
├── template.yaml
└── tests
├── __init__.py
├── integration
│ ├── __init__.py
│ └── test_api_gateway.py
├── requirements.txt
└── unit
├── __init__.py
└── test_handler.py
6 directories, 14 files
```
Some important files to highlight:
+ `hello_world/app.py` – Contains your Lambda function code.
+ `hello_world/requirements.txt` – Contains any Python dependencies that your Lambda function requires.
+ `samconfig.toml` – Configuration file for your application that stores default parameters used by the AWS SAM CLI.
+ `template.yaml` – The AWS SAM template that contains your application infrastructure code.
You now have a completely authored serverless application on your local machine\$1
## Step 2: Build your application
In this step, you use the AWS SAM CLI to build your application and prepare for deployment. When you build, the AWS SAM CLI creates a `.aws-sam` directory and organizes your function dependencies, project code, and project files there.
**To build your application**
+ In your command line, from the `sam-app` project directory, run the following:
```
$ sam build
```
**Note**
If you don't have Python on your local machine, use the **sam build --use-container ** command instead. The AWS SAM CLI will create a Docker container that includes your function's runtime and dependencies. This command requires Docker on your local machine. To install Docker, see [Installing Docker](install-docker.md).
The following is an example of the AWS SAM CLI output:
```
$ sam build
Starting Build use cache
Manifest file is changed (new hash: 3298f1304...d4d421) or dependency folder (.aws-sam/deps/4d3dfad6-a267-47a6-a6cd-e07d6fae318c) is missing for (HelloWorldFunction), downloading dependencies and copying/building source
Building codeuri: /Users/.../Demo/sam-tutorial1/sam-app/hello_world runtime: python3.9 metadata: {} architecture: x86_64 functions: HelloWorldFunction
Running PythonPipBuilder:CleanUp
Running PythonPipBuilder:ResolveDependencies
Running PythonPipBuilder:CopySource
Running PythonPipBuilder:CopySource
Build Succeeded
Built Artifacts : .aws-sam/build
Built Template : .aws-sam/build/template.yaml
Commands you can use next
=========================
[*] Validate SAM template: sam validate
[*] Invoke Function: sam local invoke
[*] Test Function in the Cloud: sam sync --stack-name {{stack-name}} --watch
[*] Deploy: sam deploy --guided
```
The following is a shortened example of the `.aws-sam` directory created by the AWS SAM CLI:
```
.aws-sam
├── build
│ ├── HelloWorldFunction
│ │ ├── __init__.py
│ │ ├── app.py
│ │ └── requirements.txt
│ └── template.yaml
└── build.toml
```
Some important files to highlight:
+ `build/HelloWorldFunction` – Contains your Lambda function code and dependencies. The AWS SAM CLI creates a directory for each function in your application.
+ `build/template.yaml` – Contains a copy of your AWS SAM template that is referenced by CloudFormation at deployment.
+ `build.toml` – Configuration file that stores default parameter values referenced by the AWS SAM CLI when building and deploying your application.
You are now ready to deploy your application to the AWS Cloud.
## Step 3: Deploy your application to the AWS Cloud
**Note**
This step requires AWS credentials configuration. For more information, see [Step 5: Use the AWS CLI to configure AWS credentials](prerequisites.md#prerequisites-configure-credentials) in [AWS SAM prerequisites](prerequisites.md).
In this step, you use the AWS SAM CLI to deploy your application to the AWS Cloud. The AWS SAM CLI will do the following:
+ Guide you through configuring your application settings for deployment.
+ Upload your application files to Amazon Simple Storage Service (Amazon S3).
+ Transform your AWS SAM template into an CloudFormation template. It then uploads your template to the CloudFormation service to provision your AWS resources.
**To deploy your application**
1. In your command line, from the `sam-app` project directory, run the following:
```
$ sam deploy --guided
```
1. Follow the AWS SAM CLI interactive flow to configure your application settings. Configure the following:
1. The **CloudFormation stack name** – A stack is a collection of AWS resources that you can manage as a single unit. To learn more, see [Working with stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide*.
1. The **AWS Region** to deploy your CloudFormation stack to. For more information, see [CloudFormation endpoints](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-endpoints.html) in the *AWS CloudFormation User Guide*.
1. For this tutorial, opt out of **confirming changes before deploy**.
1. Allow **IAM role creation** – This lets AWS SAM create the IAM role necessary for your API Gateway resource and Lambda function resource to interact.
1. For this tutorial, opt out of **disabling rollback**.
1. Allow **HelloWorldFunction without authorization defined** – This message displays because your API Gateway endpoint is configured to be publicly accessible, without authorization. Since this is the intended configuration for your Hello World application, allow the AWS SAM CLI to continue. For more information about configuring authorization, see [Control API access with your AWS SAM template](serverless-controlling-access-to-apis.md).
1. **Save arguments to configuration file** – This will update your application’s `samconfig.toml` file with your deployment preferences.
1. Select the default **configuration file name**.
1. Select the default **configuration environment**.
The following is an example output of the `sam deploy --guided` interactive flow:
```
$ sam deploy --guided
Configuring SAM deploy
======================
Looking for config file [samconfig.toml] : Found
Reading default arguments : Success
Setting default arguments for 'sam deploy'
=========================================
Stack Name [sam-app]: ENTER
AWS Region [us-west-2]: ENTER
#Shows you resources changes to be deployed and require a 'Y' to initiate deploy
Confirm changes before deploy [Y/n]: n
#SAM needs permission to be able to create roles to connect to the resources in your template
Allow SAM CLI IAM role creation [Y/n]: ENTER
#Preserves the state of previously provisioned resources when an operation fails
Disable rollback [y/N]: ENTER
HelloWorldFunction may not have authorization defined, Is this okay? [y/N]: y
Save arguments to configuration file [Y/n]: ENTER
SAM configuration file [samconfig.toml]: ENTER
SAM configuration environment [default]: ENTER
```
1. The AWS SAM CLI deploys your application by doing the following:
+ The AWS SAM CLI creates an Amazon S3 bucket and uploads your `.aws-sam` directory.
+ The AWS SAM CLI transforms your AWS SAM template into CloudFormation and uploads it to the CloudFormation service.
+ CloudFormation provisions your resources.
During deployment, the AWS SAM CLI displays your progress. The following is an example output:
```
Looking for resources needed for deployment:
Managed S3 bucket: aws-sam-cli-managed-default-samclisam-s3-demo-bucket-1a4x26zbcdkqr
A different default S3 bucket can be set in samconfig.toml
Parameter "stack_name=sam-app" in [default.deploy.parameters] is defined as a global parameter [default.global.parameters].
This parameter will be only saved under [default.global.parameters] in /Users/.../Demo/sam-tutorial1/sam-app/samconfig.toml.
Saved arguments to config file
Running 'sam deploy' for future deployments will use the parameters saved above.
The above parameters can be changed by modifying samconfig.toml
Learn more about samconfig.toml syntax at
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-config.html
File with same data already exists at sam-app/da3c598813f1c2151579b73ad788cac8, skipping upload
Deploying with following values
===============================
Stack name : sam-app
Region : us-west-2
Confirm changeset : False
Disable rollback : False
Deployment s3 bucket : aws-sam-cli-managed-default-samclisam-s3-demo-bucket-1a4x26zbcdkqr
Capabilities : ["CAPABILITY_IAM"]
Parameter overrides : {}
Signing Profiles : {}
Initiating deployment
=====================
File with same data already exists at sam-app/2bebf67c79f6a743cc5312f6dfc1efee.template, skipping upload
Waiting for changeset to be created..
CloudFormation stack changeset
---------------------------------------------------------------------------------------------------------------------------------------------
Operation LogicalResourceId ResourceType Replacement
---------------------------------------------------------------------------------------------------------------------------------------------
* Modify HelloWorldFunction AWS::Lambda::Function False
* Modify ServerlessRestApi AWS::ApiGateway::RestApi False
- Delete AwsSamAutoDependencyLayerNestedSt AWS::CloudFormation::Stack N/A
ack
---------------------------------------------------------------------------------------------------------------------------------------------
Changeset created successfully. arn:aws:cloudformation:us-west-2:012345678910:changeSet/samcli-deploy1678917603/22e05525-08f9-4c52-a2c4-f7f1fd055072
2023-03-15 12:00:16 - Waiting for stack create/update to complete
CloudFormation events from stack operations (refresh every 0.5 seconds)
---------------------------------------------------------------------------------------------------------------------------------------------
ResourceStatus ResourceType LogicalResourceId ResourceStatusReason
---------------------------------------------------------------------------------------------------------------------------------------------
UPDATE_IN_PROGRESS AWS::Lambda::Function HelloWorldFunction -
UPDATE_COMPLETE AWS::Lambda::Function HelloWorldFunction -
UPDATE_COMPLETE_CLEANUP_IN_PROGRE AWS::CloudFormation::Stack sam-app -
SS
DELETE_IN_PROGRESS AWS::CloudFormation::Stack AwsSamAutoDependencyLayerNestedSt -
ack
DELETE_COMPLETE AWS::CloudFormation::Stack AwsSamAutoDependencyLayerNestedSt -
ack
UPDATE_COMPLETE AWS::CloudFormation::Stack sam-app -
---------------------------------------------------------------------------------------------------------------------------------------------
CloudFormation outputs from deployed stack
----------------------------------------------------------------------------------------------------------------------------------------------
Outputs
----------------------------------------------------------------------------------------------------------------------------------------------
Key HelloWorldFunctionIamRole
Description Implicit IAM Role created for Hello World function
Value arn:aws:iam::012345678910:role/sam-app-HelloWorldFunctionRole-15GLOUR9LMT1W
Key HelloWorldApi
Description API Gateway endpoint URL for Prod stage for Hello World function
Value https://.execute-api.us-west-2.amazonaws.com/Prod/hello/
Key HelloWorldFunction
Description Hello World Lambda Function ARN
Value arn:aws:lambda:us-west-2:012345678910:function:sam-app-HelloWorldFunction-yQDNe17r9maD
----------------------------------------------------------------------------------------------------------------------------------------------
Successfully created/updated stack - sam-app in us-west-2
```
Your application is now deployed and running in the AWS Cloud\$1
## Step 4: Run your application
In this step, you will send a GET request to your API endpoint and see your Lambda function output.
**To get your API endpoint value**
1. From the information displayed by the AWS SAM CLI in the previous step, locate the `Outputs` section. In this section, locate your `HelloWorldApi` resource to find your HTTP endpoint value. The following is an example output:
```
----------------------------------------------------------------------------------------------------------------------------------------------
Outputs
----------------------------------------------------------------------------------------------------------------------------------------------
...
Key HelloWorldApi
Description API Gateway endpoint URL for Prod stage for Hello World function
Value https://ets1gv8lxi.execute-api.us-west-2.amazonaws.com/Prod/hello/
...
----------------------------------------------------------------------------------------------------------------------------------------------
```
1. Alternatively, you can use the **sam list endpoints --output json** command to get this information. The following is an example output:
```
$ sam list endpoints --output json
2023-03-15 12:39:19 Loading policies from IAM...
2023-03-15 12:39:25 Finished loading policies from IAM.
[
{
"LogicalResourceId": "HelloWorldFunction",
"PhysicalResourceId": "sam-app-HelloWorldFunction-yQDNe17r9maD",
"CloudEndpoint": "-",
"Methods": "-"
},
{
"LogicalResourceId": "ServerlessRestApi",
"PhysicalResourceId": "ets1gv8lxi",
"CloudEndpoint": [
"https://ets1gv8lxi.execute-api.us-west-2.amazonaws.com/Prod",
"https://ets1gv8lxi.execute-api.us-west-2.amazonaws.com/Stage"
],
"Methods": [
"/hello['get']"
]
}
]
```
**To invoke your function**
+ Using your browser or the command line, send a GET request to your API endpoint. The following is an example using the curl command:
```
$ curl https://ets1gv8lxi.execute-api.us-west-2.amazonaws.com/Prod/hello/
{"message": "hello world"}
```
## Step 5: Interact with your function in the AWS Cloud
In this step, you use the AWS SAM CLI to invoke your Lambda function in the AWS Cloud.
**To invoke your Lambda function in the cloud**
1. Take note of your function’s `LogicalResourceId` from the previous step. It should be `HelloWorldFunction`.
1. In your command line, from the `sam-app` project directory, run the following:
```
$ sam remote invoke HelloWorldFunction --stack-name sam-app
```
1. The AWS SAM CLI invokes your function in the cloud and returns a response. The following is an example output:
```
$ sam remote invoke HelloWorldFunction --stack-name sam-app
Invoking Lambda Function HelloWorldFunction
START RequestId: d5ef494b-5f45-4086-86fd-d7322fa1a1f9 Version: $LATEST
END RequestId: d5ef494b-5f45-4086-86fd-d7322fa1a1f9
REPORT RequestId: d5ef494b-5f45-4086-86fd-d7322fa1a1f9 Duration: 6.62 ms Billed Duration: 7 ms Memory Size: 128 MB Max Memory Used: 67 MB Init Duration: 164.06 ms
{"statusCode":200,"body":"{\"message\":\"hello world\"}"}%
```
## Step 6: Modify and sync your application to the AWS Cloud
In this step, you use the AWS SAM CLI **sam sync --watch** command to sync local changes to the AWS Cloud.
**To use sam sync**
1. In your command line, from the `sam-app` project directory, run the following:
```
$ sam sync --watch
```
1. The AWS SAM CLI prompts you to confirm that you are syncing a development stack. Since the **sam sync --watch** command automatically deploys local changes to the AWS Cloud in real time, we recommend it for development environments only.
The AWS SAM CLI performs an initial deployment before it begins monitoring for local changes. The following is an example output:
```
$ sam sync --watch
The SAM CLI will use the AWS Lambda, Amazon API Gateway, and AWS StepFunctions APIs to upload your code without
performing a CloudFormation deployment. This will cause drift in your CloudFormation stack.
**The sync command should only be used against a development stack**.
Confirm that you are synchronizing a development stack.
Enter Y to proceed with the command, or enter N to cancel:
[Y/n]: y
Queued infra sync. Waiting for in progress code syncs to complete...
Starting infra sync.
Manifest is not changed for (HelloWorldFunction), running incremental build
Building codeuri: /Users/.../Demo/sam-tutorial1/sam-app/hello_world runtime: python3.9 metadata: {} architecture: x86_64 functions: HelloWorldFunction
Running PythonPipBuilder:CopySource
Build Succeeded
Successfully packaged artifacts and wrote output template to file /var/folders/45/5ct135bx3fn2551_ptl5g6_80000gr/T/tmpq3x9vh63.
Execute the following command to deploy the packaged template
sam deploy --template-file /var/folders/45/5ct135bx3fn2551_ptl5g6_80000gr/T/tmpq3x9vh63 --stack-name
Deploying with following values
===============================
Stack name : sam-app
Region : us-west-2
Disable rollback : False
Deployment s3 bucket : aws-sam-cli-managed-default-samclisam-s3-demo-bucket-1a4x26zbcdkqr
Capabilities : ["CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"]
Parameter overrides : {}
Signing Profiles : null
Initiating deployment
=====================
2023-03-15 13:10:05 - Waiting for stack create/update to complete
CloudFormation events from stack operations (refresh every 0.5 seconds)
---------------------------------------------------------------------------------------------------------------------------------------------
ResourceStatus ResourceType LogicalResourceId ResourceStatusReason
---------------------------------------------------------------------------------------------------------------------------------------------
UPDATE_IN_PROGRESS AWS::CloudFormation::Stack sam-app Transformation succeeded
CREATE_IN_PROGRESS AWS::CloudFormation::Stack AwsSamAutoDependencyLayerNestedSt -
ack
CREATE_IN_PROGRESS AWS::CloudFormation::Stack AwsSamAutoDependencyLayerNestedSt Resource creation Initiated
ack
CREATE_COMPLETE AWS::CloudFormation::Stack AwsSamAutoDependencyLayerNestedSt -
ack
UPDATE_IN_PROGRESS AWS::Lambda::Function HelloWorldFunction -
UPDATE_COMPLETE AWS::Lambda::Function HelloWorldFunction -
UPDATE_COMPLETE_CLEANUP_IN_PROGRE AWS::CloudFormation::Stack sam-app -
SS
UPDATE_COMPLETE AWS::CloudFormation::Stack sam-app -
---------------------------------------------------------------------------------------------------------------------------------------------
CloudFormation outputs from deployed stack
----------------------------------------------------------------------------------------------------------------------------------------------
Outputs
----------------------------------------------------------------------------------------------------------------------------------------------
Key HelloWorldFunctionIamRole
Description Implicit IAM Role created for Hello World function
Value arn:aws:iam::012345678910:role/sam-app-HelloWorldFunctionRole-15GLOUR9LMT1W
Key HelloWorldApi
Description API Gateway endpoint URL for Prod stage for Hello World function
Value https://ets1gv8lxi.execute-api.us-west-2.amazonaws.com/Prod/hello/
Key HelloWorldFunction
Description Hello World Lambda Function ARN
Value arn:aws:lambda:us-west-2:012345678910:function:sam-app-HelloWorldFunction-yQDNe17r9maD
----------------------------------------------------------------------------------------------------------------------------------------------
Stack update succeeded. Sync infra completed.
Infra sync completed.
CodeTrigger not created as CodeUri or DefinitionUri is missing for ServerlessRestApi.
```
Next, you will modify your Lambda function code. The AWS SAM CLI will automatically detect this change and sync your application to the AWS Cloud.
**To modify and sync your application**
1. In your IDE of choice, open the `sam-app/hello_world/app.py` file.
1. Change the `message` and save your file. The following is an example:
```
import json
...
def lambda_handler(event, context):
...
return {
"statusCode": 200,
"body": json.dumps({
"message": "hello everyone!",
...
}),
}
```
1. The AWS SAM CLI detects your change and syncs your application to the AWS Cloud. The following is an example output:
```
Syncing Lambda Function HelloWorldFunction...
Manifest is not changed for (HelloWorldFunction), running incremental build
Building codeuri: /Users/.../Demo/sam-tutorial1/sam-app/hello_world runtime: python3.9 metadata: {} architecture: x86_64 functions: HelloWorldFunction
Running PythonPipBuilder:CopySource
Finished syncing Lambda Function HelloWorldFunction.
```
1. To verify your change, send a GET request to your API endpoint again.
```
$ curl https://ets1gv8lxi.execute-api.us-west-2.amazonaws.com/Prod/hello/
{"message": "hello everyone!"}
```
## Step 7: (Optional) Test your application locally
**Note**
This step is optional.
**Important**
This step requires Docker on your local machine. You must have Docker installed and configured to use the AWS SAM CLI for local testing. For more information, see [Installing Docker](install-docker.md).
In this step, you use the AWS SAM CLI **sam local** command to test your application locally. To accomplish this, the AWS SAM CLI creates a local environment using Docker. This local environment emulates the cloud-based execution environment of your Lambda function.
You will do the following:
1. Create a local environment for your Lambda function and invoke it.
1. Host your HTTP API endpoint locally and use it to invoke your Lambda function.
**To invoke your Lambda function locally**
1. In your command line, from the `sam-app` project directory, run the following:
```
$ sam local invoke
```
1. The AWS SAM CLI creates a local Docker container and invokes your function. The following is an example output:
```
$ sam local invoke
Invoking app.lambda_handler (python3.9)
Local image was not found.
Removing rapid images for repo public.ecr.aws/sam/emulation-python3.9
Building image.....................
Using local image: public.ecr.aws/lambda/python:3.9-rapid-x86_64.
Mounting /Users/.../Demo/sam-tutorial1/sam-app/.aws-sam/build/HelloWorldFunction as /var/task:ro,delegated inside runtime container
START RequestId: b046db01-2a00-415d-af97-35f3a02e9eb6 Version: $LATEST
END RequestId: b046db01-2a00-415d-af97-35f3a02e9eb6
REPORT RequestId: b046db01-2a00-415d-af97-35f3a02e9eb6 Init Duration: 1.01 ms Duration: 633.45 ms Billed Duration: 634 ms Memory Size: 128 MB Max Memory Used: 128 MB
{"statusCode": 200, "body": "{\"message\": \"hello world\"}"}
```
**To host your API locally**
1. In your command line, from the `sam-app` project directory, run the following:
```
$ sam local start-api
```
1. The AWS SAM CLI creates a local Docker container for your Lambda function and creates a local HTTP server to simulate your API endpoint. The following is an example output:
```
$ sam local start-api
Initializing the lambda functions containers.
Local image is up-to-date
Using local image: public.ecr.aws/lambda/python:3.9-rapid-x86_64.
Mounting /Users/.../Demo/sam-tutorial1/sam-app/.aws-sam/build/HelloWorldFunction as /var/task:ro,delegated inside runtime container
Containers Initialization is done.
Mounting HelloWorldFunction at http://127.0.0.1:3000/hello [GET]
You can now browse to the above endpoints to invoke your functions. You do not need to restart/reload SAM CLI while working on your functions, changes will be reflected instantly/automatically. If you used sam build before running local commands, you will need to re-run sam build for the changes to be picked up. You only need to restart AWS SAM CLI if you update your AWS SAM template
2023-03-15 14:25:21 WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on http://127.0.0.1:3000
2023-03-15 14:25:21 Press CTRL+C to quit
```
1. Using your browser or the command line, send a GET request to your local API endpoint. The following is an example using the curl command:
```
$ curl http://127.0.0.1:3000/hello
{"message": "hello world"}
```
## Step 8: Delete your application from the AWS Cloud
In this step, you use the AWS SAM CLI **sam delete** command to delete your application from the AWS Cloud.
**To delete your application from the AWS Cloud**
1. In your command line, from the `sam-app` project directory, run the following:
```
$ sam delete
```
1. The AWS SAM CLI will ask you to confirm. Then, it will delete your application’s Amazon S3 bucket and CloudFormation stack. The following is an example output:
```
$ sam delete
Are you sure you want to delete the stack sam-app in the region us-west-2 ? [y/N]: y
Are you sure you want to delete the folder sam-app in S3 which contains the artifacts? [y/N]: y
- Deleting S3 object with key c6ce8fa8b5a97dd022ecd006536eb5a4
- Deleting S3 object with key 5d513a459d062d644f3b7dd0c8b56a2a.template
- Deleting S3 object with key sam-app/2bebf67c79f6a743cc5312f6dfc1efee.template
- Deleting S3 object with key sam-app/6b208d0e42ad15d1cee77d967834784b.template
- Deleting S3 object with key sam-app/da3c598813f1c2151579b73ad788cac8
- Deleting S3 object with key sam-app/f798cdd93cee188a71d120f14a035b11
- Deleting Cloudformation stack sam-app
Deleted successfully
```
## Troubleshooting
To troubleshoot the AWS SAM CLI, see [AWS SAM CLI troubleshooting](sam-cli-troubleshooting.md).
## Learn more
To continue learning about AWS SAM, see the following resources:
+ **[The Complete AWS SAM Workshop](https://s12d.com/sam-ws-en-intro)** – A workshop designed to teach you many of the major features that AWS SAM provides.
+ **[ Sessions with SAM](https://www.youtube.com/playlist?list=PLJo-rJlep0ED198FJnTzhIB5Aut_1vDAd)** – Video series created by our AWS Serverless Developer Advocate team on using AWS SAM.
+ **[Serverless Land](https://serverlessland.com/)** – Site that brings together the latest information, blogs, videos, code, and learning resources for AWS serverless.
# Converting Lambda Functions to AWS SAM Applications
If you have a function in the Lambda console that you want to manage in VS Code as infrastructure as code (IaC), you can transfer it to VS Code and then convert it to an AWS SAM template. With your function converted to an AWS SAM template, you can control the versioning of your infrastructure, automate deployments, remotely debug functions, and maintain consistent environments across your development lifecycle. With local and remote debugging capabilities, you can also troubleshoot issues more effectively by stepping through your code, inspecting variables, and setting breakpoints both locally and in the AWS cloud.
For instructions on moving your functions from the console and setting up local development, see [Developing Lambda functions locally with VS Code](https://docs.aws.amazon.com/lambda/latest/dg/foundation-iac-local-development.html) in the *AWS Lambda Developer Guide*. Follow these instructions to move a Lambda function from the console to VS Code and then convert it to an AWS SAM template. After doing this, you can:
+ **Remotely debug your function in the AWS cloud.** For details, see [Remotely debug Lambda functions with VS Code](https://docs.aws.amazon.com/lambda/latest/dg/debugging.html) in the *AWS Lambda Developer Guide*.
+ **Manage associated resources and permissions as infrastructure as code.** For details, see [Using Lambda with infrastructure as code (IaC)](https://docs.aws.amazon.com/lambda/latest/dg/foundation-iac.html) in the *AWS Lambda Developer Guide*
+ **Deploy and update your application using the AWS SAM CLI.** For details, see [AWS SAM CLI](using-sam-cli.md).
+ **Visually design your serverless architecture using Infrastructure Composer.** For details, refer to [the Infrastructure Composer Developer Guide](https://docs.aws.amazon.com/application-composer/latest/dg/what-is-composer.html).
## Learn more
To continue learning about AWS SAM, see the following resources:
+ **[The Complete AWS SAM Workshop](https://s12d.com/sam-ws-en-intro)** – A workshop designed to teach you many of the major features that AWS SAM provides.
+ **[ Sessions with SAM](https://www.youtube.com/playlist?list=PLJo-rJlep0ED198FJnTzhIB5Aut_1vDAd)** – Video series created by our AWS Serverless Developer Advocate team on using AWS SAM.
+ **[Serverless Land](https://serverlessland.com/)** – Site that brings together the latest information, blogs, videos, code, and learning resources for AWS serverless.