AWS Serverless Application Model: The Basics and a Quick Tutorial

In today's post, our guest blogger, Gilad David Maayan introduces the basics of an AWS SAM model along with a quick tutorial

Written by Gilad David Maayan • Last Updated: • Cloud •

Man with headphones leaning over table.

What is the AWS Serverless Application Model (SAM)?

AWS SAM is an open source framework that enables you to create serverless applications. These applications combine Lambda functions, AWS or external resources, and event sources to perform workflows. Applications also typically include event source mappings, databases, and APIs.

Within SAM there are two main components:

  • AWS SAM template specification — used to define your application functions, permissions, configurations, APIs, and events in simple syntax. The SAM template serves as a deployable application image.
  • AWS SAM command line interface (CLI) — used to perform management and operations tasks. For example, deploying templates, invoking Lambda functions, debugging functions, and packaging applications.

In this article, you will learn:

  • AWS SAM Features
  • How to Install the SAM CLI on Windows
    1. Define Your IAM User and Permissions
    2. Install Docker
    3. Install the SAM CLI
  • Building Serverless Applications with AWS SAM
    • Applications
    • Layers
    • Custom Runtimes
  • AWS Serverless Application Model Best Practices
    • Use Nested Applications to Reuse Common Patterns
    • Use Autopublishalias and Deploymentpreference for Updating Deployments
    • Use Policy Templates to Enable Security
  • AWS Serverless Application Model with Pandora FMS

AWS SAM Features

You can integrate SAM with a variety of native AWS serverless services, including CodePipeline, CodeDeploy, CodeBuild, and Cloud9 integrated development environment (IDE). These tools also work with CloudFormation, AWS’s infrastructure as code tool, making it easier to orchestrate your deployments.

During development, you can build and test your Lambda functions locally to avoid the delays that code changes can create in AWS. This works through SAM Local, which simulates an API Gateway and runs a Docker container locally. Once you’re ready to deploy applications in AWS, you can share configurations as a single, versioned entity between resources.

How to Install the SAM CLI on Windows

The following walkthrough explains how to install and configure the SAM CLI on a Windows-based host. It assumes that you already have an active AWS account to work with. If you don’t, you can create a trial account to demo SAM.

1. Define Your IAM User and Permissions

You need to create or identify an IAM user with admin privileges and set credentials that will enable the CLI to make service calls. If you do not have a user available, you can create one and assign it to your Administrators group. You can find instructions here if you need help creating a user. Once your user is created, you can assign credentials to that user with the following command:

$ aws configure
AWS Access Key ID [None]: <your_access_key_id>
AWS Secret Access Key [None]: <your_secret_access_key>
Default region name [None]:
Default output format [None]:

2. Install Docker

You can install Docker Desktop with the installer, available from Docker Hub. A wizard is included to walk you through the installation. Once installed, you need to configure your shared drives. If you are operating in Windows Supported Linux (WSL) 2 or Windows container mode, your files are shared automatically.

3. Install the SAM CLI

The CLI is intended for use on 64-bit systems but is also available for 32-bit. You can find the 64-bit installation file here. Once installed you should verify that it is working as expected. To invoke the SAM CLI from PowerShell or the CLI, use the following command:

sam --version

This command should return the version of SAM you installed; ideally the latest version.

Building Serverless Applications with AWS SAM

When building applications with SAM, you combine application code, your template file, and any language-specific dependencies or files you have. Once your pieces are ready, you can finish your applications with the procedures outlined below.


SAM includes the build command to create your applications. This command gathers your application artifacts and formats them for deployment. Before you use the build command you need to specify any dependencies your application has in your template file. Alternatively, you can define dependencies through the Layers property of your function resource.


If you declare layers in your template, you need to define a section for your Metadata resource attributes that contains an entry for BuildMethod. This entry contains identifiers for your Lambda runtime or makefile. A makefile includes the build commands needed for your layer, performs any necessary compilation, and exposes the artifacts for your workflow.

Custom Runtimes

The build command also enables you to create custom runtimes which you can specify with the Runtime: provided value. When creating a runtime, you need to declare a resource attribute with Metadata and a BuildMethod: makefile entry. Then, you can include your custom makefile and build commands.

AWS Serverless Application Model Best Practices

When creating serverless applications with SAM, the following practices can help ensure that your applications are efficient and secure.

Use Nested Applications to Reuse Common Patterns

When developing multiple serverless applications, you can use nested applications to account for common patterns. Nested applications mimic the format of nested stacks that are used in CloudFormation. These tools enable you to combine modular application components into a stack that is your final product. You can store and share these components from the AWS Serverless Application Repository (SAR).

Use AutoPublishAlias and DeploymentPreference for Updating Deployments

As you make changes to your application, you can perform incremental deployments using SAM’s Versioning and Alias feature and the AutoPublishAlias property. This feature enables you to publish new versions which are then exposed to end users through an alias. This prevents you from needing to update your endpoints manually.

Another useful property is DeploymentPreference, which enables you to perform Lambda canary deployments that can be rolled back if something goes wrong. In combination, these properties enable you to easily rollout updates and recall them as needed.

Use Policy Templates to Enable Security

When creating your Lambda functions, you need to define who can invoke the function and what execution it can perform. When creating SAM applications, you can define these aspects in Policy Templates. These templates enable you to define IAM policies that the function must follow. Defining policies through the template rather than externally enables you to condense security and makes sharing components simpler.


AWS SAM is an open-source framework that allows you to build serverless applications on AWS. learning how to install it, helps you enjoy its many benefits, such as reducing the technical debt and simplifying the way you orchestrate your deployments.

Did you like this content? Show your support by buying me a coffee.

Buy me a coffee  Buy me a coffee
Picture of Gilad David Maayan

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

comments powered by Disqus