AWS Serverless Deployment
Deploy serverless applications to AWS using SAM or CDK. This skill covers project scaffolding, IaC templates, CDK constructs and patterns, deployment workflows, CI/CD pipelines, and SAM/CDK coexistence.
For Lambda runtime behavior, event sources, orchestration, observability, and optimization, see the aws-lambda skill.
When to Load Reference Files
Load the appropriate reference file based on what the user is working on:
- SAM project setup, templates, deployment workflow, local testing, or container images -> see references/sam-project-setup.md
- CDK project setup, constructs, CDK testing, or CDK pipelines -> see references/cdk-project-setup.md
- CDK Lambda constructs, NodejsFunction, PythonFunction, or CDK Function -> see references/cdk-lambda-constructs.md
- CDK serverless patterns, API Gateway CDK, Function URL CDK, EventBridge CDK, DynamoDB CDK, or SQS CDK -> see references/cdk-serverless-patterns.md
- SAM and CDK coexistence, migrating from SAM to CDK, or using sam build with CDK -> see references/sam-cdk-coexistence.md
Best Practices
SAM
- Do: Use with an appropriate template for your use case
- Do: Set global defaults for timeout, memory, runtime, and tracing in the section
- Do: Use environment-specific sections for multi-environment deployments
- Do: Use
sam build --use-container
- Don't: Copy-paste templates from the internet without understanding the resource configuration
- Don't: Hardcode resource ARNs or account IDs in templates — use , , and
CDK
- Do: Use TypeScript — type checking catches errors at synthesis time, before any AWS API calls
- Do: Prefer L2 constructs and methods over L1 and raw IAM statements
- Do: Separate stateful and stateless resources into different stacks; enable termination protection on stateful stacks
- Do: Commit to version control — it caches VPC/AZ lookups for deterministic synthesis
- Do: Write unit tests with ; assert logical IDs of stateful resources to detect accidental replacements
- Do: Use in CI before every deployment to review changes
- Don't: Hardcode account IDs or region strings — use and
- Don't: Use directly in production without a pipeline
- Don't: Skip — deployments will fail without the CDK toolkit stack
Configuration
AWS CLI Setup
This skill requires that AWS credentials are configured on the host machine:
Verify access: Run
aws sts get-caller-identity
to confirm credentials are valid
SAM CLI Setup
Container Runtime Setup
- Install a Docker compatible container runtime: Required for and container-based builds
- Verify: Use an appropriate command such as or
AWS Serverless MCP Server
Write access is enabled by default. The plugin ships with
in
, so the MCP server can create projects, generate IaC, and deploy on behalf of the user.
Access to sensitive data (like Lambda and API Gateway logs) is
not enabled by default. To grant it, add
--allow-sensitive-data-access
to
.
SAM Template Validation Hook
This plugin includes a
hook that runs
automatically after any edit to
or
. If validation fails, the error is returned as a system message so you can fix it immediately. The hook requires SAM CLI and
to be installed; if either is missing, validation is skipped with a system message. Users can disable it via
.
IaC framework selection
Default: CDK
Override syntax:
- "use CloudFormation" → Generate YAML templates
- "use SAM" → Generate YAML templates
When not specified, ALWAYS use CDK
Language selection for CDK
Default: TypeScript
Override syntax:
- "use Python" → Generate Python code
- "use JavaScript" → Generate JavaScript code
When not specified, ALWAYS use TypeScript
Error Scenarios
Serverless MCP Server Unavailable
- Inform user: "AWS Serverless MCP not responding"
- Ask: "Proceed without MCP support?"
- DO NOT continue without user confirmation
Resources