aws-serverless-deployment

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

AWS Serverless Deployment

AWS 无服务器应用部署

Deploy serverless applications to AWS using SAM or CDK. This skill covers project scaffolding, IaC templates, CDK constructs and patterns, deployment workflows, CI/CD pipelines, and SAM/CDK coexistence.

For Lambda runtime behavior, event sources, orchestration, observability, and optimization, see the aws-lambda skill.

使用SAM或CDK将无服务器应用部署至AWS。本Skill涵盖项目脚手架搭建、IaC模板、CDK构造与模式、部署工作流、CI/CD流水线以及SAM与CDK的共存方案。

若需了解Lambda运行时行为、事件源、编排、可观测性与优化内容，请查看 aws-lambda skill。

When to Load Reference Files

何时加载参考文件

Load the appropriate reference file based on what the user is working on:

SAM project setup, templates, deployment workflow, local testing, or container images -> see references/sam-project-setup.md
CDK project setup, constructs, CDK testing, or CDK pipelines -> see references/cdk-project-setup.md
CDK Lambda constructs, NodejsFunction, PythonFunction, or CDK Function -> see references/cdk-lambda-constructs.md
CDK serverless patterns, API Gateway CDK, Function URL CDK, EventBridge CDK, DynamoDB CDK, or SQS CDK -> see references/cdk-serverless-patterns.md
SAM and CDK coexistence, migrating from SAM to CDK, or using sam build with CDK -> see references/sam-cdk-coexistence.md

根据用户当前的工作内容加载对应的参考文件：

SAM项目搭建、模板、部署工作流、本地测试或容器镜像 → 查看 references/sam-project-setup.md
CDK项目搭建、构造、CDK测试或CDK流水线 → 查看 references/cdk-project-setup.md
CDK Lambda构造、NodejsFunction、PythonFunction或CDK Function → 查看 references/cdk-lambda-constructs.md
CDK无服务器模式、API Gateway CDK、Function URL CDK、EventBridge CDK、DynamoDB CDK或SQS CDK → 查看 references/cdk-serverless-patterns.md
SAM与CDK共存、从SAM迁移至CDK或结合使用sam build与CDK → 查看 references/sam-cdk-coexistence.md

Best Practices

最佳实践

SAM

Do: Use
```
sam_init
```
with an appropriate template for your use case
Do: Set global defaults for timeout, memory, runtime, and tracing in the
```
Globals
```
section
Do: Use
```
samconfig.toml
```
environment-specific sections for multi-environment deployments
Do: Use
```
sam build --use-container
```
when native dependencies are involved
Don't: Copy-paste templates from the internet without understanding the resource configuration
Don't: Hardcode resource ARNs or account IDs in templates — use
```
!Ref
```
,
```
!GetAtt
```
, and
```
!Sub
```

建议：根据你的使用场景，配合合适的模板使用
```
sam init
```
建议：在
```
Globals
```
部分设置超时时间、内存、运行时与追踪的全局默认值
建议：使用
```
samconfig.toml
```
的环境专属配置段实现多环境部署
建议：当涉及原生依赖时，使用
```
sam build --use-container
```
禁止：直接复制粘贴网络上的模板而不理解其资源配置
禁止：在模板中硬编码资源ARN或账户ID，请使用
```
!Ref
```
、
```
!GetAtt
```
和
```
!Sub
```

CDK

Do: Use TypeScript — type checking catches errors at synthesis time, before any AWS API calls
Do: Prefer L2 constructs and
```
grant*
```
methods over L1 and raw IAM statements
Do: Separate stateful and stateless resources into different stacks; enable termination protection on stateful stacks
Do: Commit
```
cdk.context.json
```
to version control — it caches VPC/AZ lookups for deterministic synthesis
Do: Write unit tests with
```
aws-cdk-lib/assertions
```
; assert logical IDs of stateful resources to detect accidental replacements
Do: Use
```
cdk diff
```
in CI before every deployment to review changes
Don't: Hardcode account IDs or region strings — use
```
this.account
```
and
```
this.region
```
Don't: Use
```
cdk deploy
```
directly in production without a pipeline
Don't: Skip
```
cdk bootstrap
```
— deployments will fail without the CDK toolkit stack

建议：使用TypeScript——类型检查可在合成阶段（调用AWS API之前）捕获错误
建议：优先使用L2构造与
```
grant*
```
方法，而非L1构造与原始IAM语句
建议：将有状态与无状态资源拆分至不同栈，并为有状态栈启用终止保护
建议：将
```
cdk.context.json
```
提交至版本控制——它会缓存VPC/AZ查询结果，确保合成的确定性
建议：使用
```
aws-cdk-lib/assertions
```
编写单元测试；断言有状态资源的逻辑ID，以检测意外的资源替换
建议：在CI中每次部署前使用
```
cdk diff
```
查看变更
禁止：硬编码账户ID或区域字符串，请使用
```
this.account
```
与
```
this.region
```
禁止：在生产环境中直接使用
```
cdk deploy
```
而不通过流水线
禁止：跳过
```
cdk bootstrap
```
——若没有CDK工具栈，部署将失败

Configuration

配置

AWS CLI Setup

AWS CLI 配置

This skill requires that AWS credentials are configured on the host machine:

Verify access: Run

aws sts get-caller-identity

to confirm credentials are valid

本Skill要求主机上已配置AWS凭证：

验证访问权限：运行

aws sts get-caller-identity

确认凭证有效

SAM CLI Setup

SAM CLI 配置

Verify: Run

sam --version

验证：运行

sam --version

Container Runtime Setup

容器运行时配置

Install a Docker compatible container runtime: Required for
```
sam_local_invoke
```
and container-based builds
Verify: Use an appropriate command such as
```
docker --version
```
or
```
finch --version
```

安装兼容Docker的容器运行时：
```
sam local invoke
```
与基于容器的构建需要依赖该运行时
验证：使用相应命令验证，如
```
docker --version
```
或
```
finch --version
```

AWS Serverless MCP Server

Write access is enabled by default. The plugin ships with

--allow-write

.mcp.json

, so the MCP server can create projects, generate IaC, and deploy on behalf of the user.

Access to sensitive data (like Lambda and API Gateway logs) is not enabled by default. To grant it, add

--allow-sensitive-data-access

.mcp.json

默认启用写入权限。该插件在

.mcp.json

中内置了

--allow-write

配置，因此MCP Server可代表用户创建项目、生成IaC并执行部署。

默认不启用对敏感数据（如Lambda与API Gateway日志）的访问权限。若需开启，请在

.mcp.json

中添加

--allow-sensitive-data-access

。

SAM Template Validation Hook

SAM 模板验证钩子

This plugin includes a

PostToolUse

hook that runs

sam validate

automatically after any edit to

template.yaml

template.yml

. If validation fails, the error is returned as a system message so you can fix it immediately. The hook requires SAM CLI and

jq

to be installed; if either is missing, validation is skipped with a system message. Users can disable it via

/hooks

Verify: Run

jq --version

本插件包含一个

PostToolUse

钩子，在每次编辑

template.yaml

或

template.yml

后会自动运行

sam validate

。若验证失败，错误信息将作为系统消息返回，以便你立即修复。该钩子需要安装SAM CLI与

jq

；若其中任意一项缺失，验证将被跳过并返回系统消息。用户可通过

/hooks

命令禁用该钩子。

验证：运行

jq --version

IaC framework selection

IaC框架选择

Default: CDK

Override syntax:

"use CloudFormation" → Generate YAML templates
"use SAM" → Generate YAML templates

When not specified, ALWAYS use CDK

默认：CDK

覆盖语法：

"use CloudFormation" → 生成YAML模板
"use SAM" → 生成YAML模板

若未指定，默认使用CDK

Language selection for CDK

CDK语言选择

Default: TypeScript

Override syntax:

"use Python" → Generate Python code
"use JavaScript" → Generate JavaScript code

When not specified, ALWAYS use TypeScript

默认：TypeScript

覆盖语法：

"use Python" → 生成Python代码
"use JavaScript" → 生成JavaScript代码

若未指定，默认使用TypeScript

Error Scenarios

错误场景

Serverless MCP Server Unavailable

Serverless MCP Server 不可用

Inform user: "AWS Serverless MCP not responding"
Ask: "Proceed without MCP support?"
DO NOT continue without user confirmation

告知用户："AWS Serverless MCP 无响应"
询问用户："是否在无MCP支持的情况下继续？"
未获得用户确认前，禁止继续操作

aws-serverless-deployment

Original

Translation

AWS Serverless Deployment

AWS 无服务器应用部署

When to Load Reference Files

何时加载参考文件

Best Practices

最佳实践

SAM

SAM

CDK

CDK

Configuration

配置

AWS CLI Setup

AWS CLI 配置

SAM CLI Setup

SAM CLI 配置

Container Runtime Setup

容器运行时配置

AWS Serverless MCP Server

AWS Serverless MCP Server

SAM Template Validation Hook

SAM 模板验证钩子

IaC framework selection

IaC框架选择

Language selection for CDK

CDK语言选择

Error Scenarios

错误场景

Serverless MCP Server Unavailable

Serverless MCP Server 不可用

Resources

资源