AWS Serverless Application Model (SAM) templates to build and deploy a serverless application that includes multiple Lambda functions, an Amazon DynamoDB table, and an API Gateway. Hilariously, SAM has a squirrel for it's mascot... because the inventor likes squirrels... Ok!
Creating your SAM templates
History Lesson!
AWS SAM is an extension of AWS CloudFormation and uses the same template format. To create a SAM template, you need to define the AWS resources needed for your serverless application, including Lambda functions, DynamoDB tables, and API Gateway.
Example Template/Code
Here's an example SAM template that defines a Lambda function to fetch and store data, another Lambda function to retrieve data and make it accessible through an API Gateway, an DynamoDB table, and an API Gateway endpoint:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
DataFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: data_function
Handler: data_function.lambda_handler
Runtime: python3.8
Events:
Timer:
Type: Schedule
Properties:
Schedule: rate(1 hour)
API:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
RetrieveFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: retrieve_function
Handler: retrieve_function.lambda_handler
Runtime: python3.8
Events:
GetResource:
Type: Api
Properties:
Path: /items
Method: get
RestApiId: !Ref API
DataTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: myTable
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
Package and deploy your application
Once you have created your SAM template, you can use the AWS SAM CLI to package and deploy your application to the AWS Cloud.
sam package --template-file template.yaml --output-template-file packaged.yaml --s3-bucket my-bucket
sam deploy --template-file packaged.yaml --stack-name my-stack --capabilities CAPABILITY_IAM
The sam package command creates a new template file (packaged.yaml) that includes the location of your function code artefacts in an S3 bucket.
The sam deploy command deploys your application using the CloudFormation stack defined in the template. This process provisions all the necessary resources defined in the template and sets up the required permissions and triggers.
Test your application
You can use the AWS Management Console, the AWS CLI, or the AWS SDKs to test your application, for example by invoking the Lambda functions, making GET requests to the API Gateway endpoint, or querying the DynamoDB table.
Another way we can sneakily test our lambda functions is by using the in-built test feature for AWS SAM.
sam local start-api
Which will deploy the lambdas inside docker containers and allow us to interact with them with the sam cli as well as with the port we are hosting the containers on.
Adding an Authorizer
In order to test the Lambda authorizer created in the previous blog post we will have to update the SAM template accordingly. Specifically, we'll need to create another AWS::Serverless::Function resource for the authorizer, and another AWS::Serverless::Api resource for the custom authorizer. The following example shows how to create a Lambda authorizer function and how to link it to an API Gateway using SAM template.
Resources:
Authorizer:
Type: AWS::Serverless::Function
Properties:
CodeUri: authorizer_function
Handler: authorizer_function.lambda_handler
Runtime: python3.8
AuthorizerAPI:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
DefinitionUri: authorizer_swagger.yaml
RetrieveFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: retrieve_function
Handler: retrieve_function.lambda_handler
Runtime: python3.8
Events:
GetResource:
Type: Api
Properties:
Path: /items
Method: get
RestApiId: !Ref AuthorizerAPI
AuthorizerId: !Ref Authorizer
This example creates a new Lambda function resource for the authorizer and another for the RetrieveFunction. Additionally, it creates an new API resource which references the Authorizer and swagger definition file authorizer_swagger.yaml.
Deploy your application with the authorizer function
Once you have updated your SAM template, you can use the AWS SAM CLI to package and deploy your application, including the authorizer function, to the AWS Cloud in the same way as before.
sam package --template-file template.yaml --output-template-file packaged.yaml --s3-bucket my-bucket
sam deploy --template-file packaged.yaml --stack-name my-stack --capabilities CAPABILITY_IAM
Verify the Deployment
To verify that everything is set up correctly, you can test the API Gateway endpoint using a tool like Postman or curl and check the logs of all Lambda functions and the DynamoDB table to ensure that the data is being fetched and stored correctly and that the authorizer is properly handling token validation.
Wrap Up!
That was fun, using AWS SAM templates you can define your serverless application resources and their configuration in a simple YAML or JSON file, and use the SAM CLI commands to package, deploy and even run and test the application, as well as test it, which can be more convenient than using Terraform. Additionally, you can include an authorizer function, created as described in the previous blog post, in the stack, with a simple addition of the necessary resources in the template and referencing them accordingly in the rest of the resources.