Chris Munns – Senior Developer Advocate - Serverless
Local Testing and Deployment
Best Practices for Serverless
About me:
Chris Munns -, @chrismunns
• Senior Developer Advocate - Serverless
• New Yorker
• Previously:
• Business Development Manager – DevOps, July ’15 - Feb ‘17
• AWS Solutions Architect Nov, 2011- Dec 2014
• Formerly on operations teams @Etsy and @Meetup
• Little time at a hedge fund, Xerox and a few other startups
• Rochester Institute of Technology: Applied Networking and
Systems Administration ’05
• Internet infrastructure geek
Why are we
here today?
No servers to provision
or manage
Scales with usage
Never pay for idle Availability and fault
tolerance built in
Serverless means…
Serverless application
Changes in
data state
Requests to
Changes in
resource state
Common Lambda use cases
• Static
• Complex web
• Packages for
Flask and
• Real time
• MapReduce
• Batch
• Powering
chatbot logic
• Apps &
• Mobile
• IoT
• Powering
• Alexa Skills
• Policy engines
• Extending
AWS services
• Infrastructure
Amazon S3 Amazon
AWS CloudTrail Amazon
Amazon SNSAmazon
Cron events
Event sources that trigger AWS Lambda
… and more!
API Gateway
AWS Serverless Application Model (SAM)
CloudFormation extension optimized for
New serverless resource types: functions, APIs,
and tables
Supports anything CloudFormation supports
Open specification (Apache 2.0)
AWS Serverless Application Model (SAM)
CloudFormation extension optimized for
New serverless resource types: functions, APIs,
and tables
Supports anything CloudFormation supports
Open specification (Apache 2.0)
Create templates of your infrastructure
CloudFormation provisions AWS resources
based on dependency needs
Version control/replicate/update templates like
Integrates with development, CI/CD,
management tools
JSON and YAML supported
AWS CloudFormation
AWSTemplateFormatVersion: '2010-09-09'
Type: AWS::Lambda::Permission
Action: lambda:invokeFunction
Ref: GetHtmlFunction
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
Type: AWS::ApiGateway::Stage
Ref: ServerlessRestApiDeployment
Ref: ServerlessRestApi
StageName: Prod
Type: AWS::DynamoDB::Table
WriteCapacityUnits: 5
ReadCapacityUnits: 5
- AttributeName: id
AttributeType: S
- KeyType: HASH
AttributeName: id
Type: AWS::Lambda::Function
Handler: index.gethtml
S3Bucket: flourish-demo-bucket
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
Type: AWS::IAM::Role
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Version: '2012-10-17'
- Action:
- sts:AssumeRole
Effect: Allow
Type: AWS::ApiGateway::Deployment
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
Type: AWS::Lambda::Permission
Action: lambda:invokeFunction
Ref: GetHtmlFunction
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
Type: AWS::ApiGateway::RestApi
version: '1.0'
Ref: AWS::StackName
httpMethod: ANY
type: aws_proxy
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
responses: {}
swagger: '2.0'
CloudFormation template
AWSTemplateFormatVersion: '2010-09-09'
Type: AWS::Lambda::Permission
Action: lambda:invokeFunction
Ref: GetHtmlFunction
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
Type: AWS::ApiGateway::Stage
Ref: ServerlessRestApiDeployment
Ref: ServerlessRestApi
StageName: Prod
Type: AWS::DynamoDB::Table
WriteCapacityUnits: 5
ReadCapacityUnits: 5
- AttributeName: id
AttributeType: S
- KeyType: HASH
AttributeName: id
Type: AWS::Lambda::Function
Handler: index.gethtml
S3Bucket: flourish-demo-bucket
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
Type: AWS::IAM::Role
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Version: '2012-10-17'
- Action:
- sts:AssumeRole
Effect: Allow
Type: AWS::ApiGateway::Deployment
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
Type: AWS::Lambda::Permission
Action: lambda:invokeFunction
Ref: GetHtmlFunction
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
Type: AWS::ApiGateway::RestApi
version: '1.0'
Ref: AWS::StackName
httpMethod: ANY
type: aws_proxy
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
responses: {}
swagger: '2.0'
CloudFormation template
SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Type: AWS::Serverless::Function
CodeUri: s3://sam-demo-bucket/
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Type: Api
Path: /{proxy+}
Method: ANY
Type: AWS::Serverless::SimpleTable
SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Type: AWS::Serverless::Function
CodeUri: s3://sam-demo-bucket/
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Type: Api
Path: /{proxy+}
Method: ANY
Type: AWS::Serverless::SimpleTable
Tells CloudFormation this is a SAM
template it needs to “transform”
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined.
Also creates an API Gateway and
takes care of all
mapping/permissions necessary
Creates a DynamoDB table with 5
Read & Write units
SAM template
SAM Template Capabilities
• Can mix in other non-SAM CloudFormation
resources in the same template
• i.e. S3, Kinesis, Step Functions
• Supports use of Parameters, Mappings,
Outputs, etc
• Supports Intrinsic Functions
• Can use ImportValue
(exceptions for RestApiId, Policies, StageName attributes)
SAM commands – Package & Deploy
•Creates a deployment package (.zip file)
•Uploads deployment package to an Amazon S3 Bucket
•Adds a CodeUri property with S3 URI
•Calls CloudFormation ‘CreateChangeSet’ API
•Calls CloudFormation ‘ExecuteChangeSet’ API
Introducing SAM Local
CLI tool for local testing of serverless apps
Works with Lambda functions and “proxy-
style” APIs
Response object and function logs available
on your local machine
Currently supports Java, Node.js and
Introducing SAM Local
Supports live debugging (Java and Node.js)
Uses open source docker-lambda images to
mimic Lambda’s execution environment:
• Emulates timeout, memory limits, runtimes
• Does not emulate CPU limits
• Partial API Gateway emulation (proxy calls)
SAM Local is open source & accepting pull
$ sam --help
sam -
___ _____ ___ _ __ __
/_  / / __| / __| /_ | / |
/ _  // /__  __ / _ | |/| |
/_/ __/_/ |___/ |___/_/ __| |_|
AWS Serverless Application Model (SAM) CLI
The AWS Serverless Application Model extends AWS CloudFormation to provide a simplified way of defining the Amazon API Gateway APIs, AWS Lambda functions,
and Amazon DynamoDB tables needed by your serverless application. You can find more in-depth guide about the SAM specification
sam [global options] command [command options] [arguments...]
local Run your Serverless application locally for quick development & testing
validate Validates an AWS SAM template. If valid, will print a summary of the resources found within the SAM template. If the template is invalid, returns
a non-zero exit code.
package Package an AWS SAM application. This is an alias for 'aws cloudformation package'.
deploy Deploy an AWS SAM application. This is an alias for 'aws cloudformation deploy'.
help, h Shows a list of commands or help for one command
--help, -h show help
--version, -v print the version
$ sam --help
sam -
___ _____ ___ _ __ __
/_  / / __| / __| /_ | / |
/ _  // /__  __ / _ | |/| |
/_/ __/_/ |___/ |___/_/ __| |_|
AWS Serverless Application Model (SAM) CLI
The AWS Serverless Application Model extends AWS CloudFormation to provide a simplified way of defining the Amazon API Gateway APIs, AWS Lambda functions,
and Amazon DynamoDB tables needed by your serverless application. You can find more in-depth guide about the SAM specification
sam [global options] command [command options] [arguments...]
local Run your Serverless application locally for quick development & testing
validate Validates an AWS SAM template. If valid, will print a summary of the resources found within the SAM template. If the template is invalid, returns
a non-zero exit code.
package Package an AWS SAM application. This is an alias for 'aws cloudformation package'.
deploy Deploy an AWS SAM application. This is an alias for 'aws cloudformation deploy'.
help, h Shows a list of commands or help for one command
--help, -h show help
--version, -v print the version
local Run your Serverless application locally for quick development & testing
validate Validates an AWS SAM template. If valid, will print a summary of the resources found
within the SAM template. If the template is invalid, returns a non-zero exit code.
package Package an AWS SAM application. This is an alias for 'aws cloudformation package'.
deploy Deploy an AWS SAM application. This is an alias for 'aws cloudformation deploy'.
help, h Shows a list of commands or help for one command
local Run your Serverless application locally for quick development & testing
validate Validates an AWS SAM template. If valid, will print a summary of the resources found
within the SAM template. If the template is invalid, returns a non-zero exit code.
package Package an AWS SAM application. This is an alias for 'aws cloudformation package'.
deploy Deploy an AWS SAM application. This is an alias for 'aws cloudformation deploy'.
help, h Shows a list of commands or help for one command
Any command with --help at the end will provide more context
on that command. Let’s check out “sam validate”
local Run your Serverless application locally for quick development & testing
validate Validates an AWS SAM template. If valid, will print a summary of the resources found
within the SAM template. If the template is invalid, returns a non-zero exit code.
package Package an AWS SAM application. This is an alias for 'aws cloudformation package'.
deploy Deploy an AWS SAM application. This is an alias for 'aws cloudformation deploy'.
help, h Shows a list of commands or help for one command
$ sam validate --help
sam validate - Validates an AWS SAM template. If valid, will print a summary of the resources found
within the SAM template. If the template is invalid, returns a non-zero exit code.
sam validate [command options] [arguments...]
--template value, -t value AWS SAM template file (default: "template.[yaml|yml]")
$ sam validate --template mysamtemplate.yaml
$ sam validate --template saml.yaml (mess with spacing)
invalid YAML template: yaml: line 25: did not find expected key
local Run your Serverless application locally for quick development & testing
validate Validates an AWS SAM template. If valid, will print a summary of the resources found
within the SAM template. If the template is invalid, returns a non-zero exit code.
package Package an AWS SAM application. This is an alias for 'aws cloudformation package'.
deploy Deploy an AWS SAM application. This is an alias for 'aws cloudformation deploy'.
help, h Shows a list of commands or help for one command
Let’s check out “sam local”
$ sam local --help
sam local command [command options] [arguments...]
start-api Allows you to run your Serverless application locally for quick development & testing. When run
in a directory that contains your Serverless functions and your AWS SAM template, it will create a local HTTP
server hosting all of your functions. When accessed (via browser, cli etc), it will launch a Docker container
locally to invoke the function. It will read the CodeUri property of AWS::Serverless::Function resource to find
the path in your file system containing the Lambda Function code. This could be the project's root directory for
interpreted languages like Node & Python, or a build directory that stores your compiled artifacts or a JAR file.
If you are using a interpreted language, local changes will be available immediately in Docker container on every
invoke. For more compiled languages or projects requiring complex packing support, we recommended you run your
own building solution and point SAM to the directory or file containing build artifacts.
invoke Invokes a local Lambda function once and quits after invocation completes.
Useful for developing serverless functions that handle asynchronous events (such as S3/Kinesis etc), or if you
want to compose a script of test cases. Event body can be passed in either by stdin (default), or by using the --
event parameter. Runtime output (logs etc) will be outputted to stderr, and the Lambda function result will be
outputted to stdout.
generate-event Generates Lambda events (e.g. for S3/Kinesis etc) that can be piped to 'sam local invoke'
$ sam local --help
sam local command [command options] [arguments...]
start-api Allows you to run your Serverless application locally for quick development & testing. When run
in a directory that contains your Serverless functions and your AWS SAM template, it will create a local HTTP
server hosting all of your functions. When accessed (via browser, cli etc), it will launch a Docker container
locally to invoke the function. It will read the CodeUri property of AWS::Serverless::Function resource to find
the path in your file system containing the Lambda Function code. This could be the project's root directory for
interpreted languages like Node & Python, or a build directory that stores your compiled artifacts or a JAR file.
If you are using a interpreted language, local changes will be available immediately in Docker container on every
invoke. For more compiled languages or projects requiring complex packing support, we recommended you run your
own building solution and point SAM to the directory or file containing build artifacts.
invoke Invokes a local Lambda function once and quits after invocation completes.
Useful for developing serverless functions that handle asynchronous events (such as S3/Kinesis etc), or if you
want to compose a script of test cases. Event body can be passed in either by stdin (default), or by using the --
event parameter. Runtime output (logs etc) will be outputted to stderr, and the Lambda function result will be
outputted to stdout.
generate-event Generates Lambda events (e.g. for S3/Kinesis etc) that can be piped to 'sam local invoke'
$ sam local start-api --help
sam local start-api [command options] [arguments...]
--template value, -t value AWS SAM template file (default: "template.[yaml|yml]")
--log-file value, -l value Optional logfile to send runtime logs to
--static-dir value, -s value Any static assets (e.g. CSS/Javascript/HTML) files located in this
directory will be presented at / (default: "public")
--port value, -p value Local port number to listen on (default: "3000")
--host value Local hostname or IP address to bind to (default: "")
--env-vars value, -n value Optional. JSON file containing values for Lambda function's
environment variables.
--debug-port value, -d value Optional. When specified, Lambda function container will start in
debug mode and will expose this port on localhost. [$SAM_DEBUG_PORT]
--docker-volume-basedir value, -v value Optional. Specifies the location basedir where the SAM file exists.
If the Docker is running on a remote machine, you must mount the path where the SAM file exists on the docker
machine and modify this value to match the remote machine. [$SAM_DOCKER_VOLUME_BASEDIR]
$ sam local invoke --help
sam local invoke - Invokes a local Lambda function once and quits after invocation completes.
sam local invoke [command options] <function-identifier>
--template value, -t value AWS SAM template file (default: "template.[yaml|yml]")
--log-file value, -l value Optional. Logfile to send runtime logs to
--env-vars value, -n value Optional. JSON file containing values for Lambda function's
environment variables.
--event value, -e value JSON file containing event data passed to the Lambda function during
--debug-port value, -d value Optional. When specified, Lambda function container will start in
debug mode and will expose this port on localhost. [$SAM_DEBUG_PORT]
--docker-volume-basedir value, -v value Optional. Specifies the location basedir where the SAM file exists.
If the Docker is running on a remote machine, you must mount the path where the SAM file exists on the docker
machine and modify this value to match the remote machine. [$SAM_DOCKER_VOLUME_BASEDIR]
$ sam local generate-event --help
sam local generate-event - Generates Lambda events (e.g. for S3/Kinesis etc) that can be piped to 'sam local
sam local generate-event command [command options] [arguments...]
s3 Generates a sample Amazon S3 event
sns Generates a sample Amazon SNS event
kinesis Generates a sample Amazon Kinesis event
dynamodb Generates a sample Amazon DynamoDB event
api Generates a sample Amazon API Gateway event
schedule Generates a sample scheduled event
local Run your Serverless application locally for quick development & testing
validate Validates an AWS SAM template. If valid, will print a summary of the resources found
within the SAM template. If the template is invalid, returns a non-zero exit code.
package Package an AWS SAM application. This is an alias for 'aws cloudformation package'.
deploy Deploy an AWS SAM application. This is an alias for 'aws cloudformation deploy'.
help, h Shows a list of commands or help for one command
Behave the same exact way as the AWS CLI commands do
SAM Best Practices
• Unless function handlers share code, split them into their
own independent Lambda functions files or binaries
• Another option is to use language specific packages to share
common code between functions
• Unless independent Lambda functions share event
sources, split them into their own code repositories with
their own SAM templates
• Locally validate your YAML or JSON SAM files before
committing them. Then do it again in your CI/CD process
Lambda Environment Variables
• Key-value pairs that you can dynamically pass to
your function
• Available via standard environment variable APIs
such as process.env for Node.js or os.environ for
• Can optionally be encrypted via AWS Key
Management Service (KMS)
• Allows you to specify in IAM what roles have access to
the keys to decrypt the information
• Useful for creating environments per stage (i.e. dev,
testing, production)
API Gateway Stage Variables
• Stage variables act like environment variables
• Use stage variables to store configuration values
• Stage variables are available in the $context object
• Values are accessible from most fields in API Gateway
• Lambda function ARN
• HTTP endpoint
• Custom authorizer function name
• Parameter mappings
Lambda and API Gateway Variables + SAM
Type: String
Default: testing
- testing
- staging
- prod
Description: Environment of this stack of
Type: String
Default: false
- true
- false
Description: Enable new SpecialFeature1
Type: 'AWS::Serverless::Function'
ENVIRONMENT: !Ref: MyEnvironment
Spec_Feature1: !Ref: SpecialFeature1
#API Gateway
Type: AWS::Serverless::Api
ENVIRONMENT: !Ref: MyEnvironment
SPEC_Feature1: !Ref: SpecialFeature1
Create multiple environments from one template:
• Use Parameters and Mappings when possible to
build dynamic templates based on user inputs and
pseudo parameters such as AWS::Region
• Use ExportValue & ImportValue to share resource
information across stacks
• Build out multiple environments, such as for
Development, Test, Production and even DR using
the same template, even across accounts
SAM Template
SAM Best Practices
AWS CodeCommit
Local development should lead to a formal pipeline!
AWS CodeBuild
Deploy Testing
AWS Lambda
Deploy Staging
Manual Approval
Deploy Prod
AWS Lambda
This CodePipeline
• Five Stages
• Builds code artifact w/ CodeBuild
• Three deployed to “Environments”
• Uses SAM/CloudFormation to
deploy artifact and other AWS
• Has Lambda custom actions for
running my own testing functions
• Integrates with a 3rd party
• Has a manual approval before
deploying to production
Start with AWS CodeStar
Additional Resources
Serverless Application Model (SAM) -
AWS SAM Local -
Learn more:
AWS Serverless:
AWS Serverless tools:
AWS Lambda:
Amazon API Gateway:
AWS CloudFormation:
Chris Munns

Local Testing and Deployment Best Practices for Serverless Applications - AWS Online Tech Talks

