Back to Details

aws-serverless-deployment

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

AWS Serverless Deployment

AWS 无服务器应用部署

Deploy serverless applications to AWS using SAM or CDK. This skill covers project scaffolding, IaC templates, CDK constructs and patterns, deployment workflows, CI/CD pipelines, and SAM/CDK coexistence.
For Lambda runtime behavior, event sources, orchestration, observability, and optimization, see the aws-lambda skill.
使用SAM或CDK将无服务器应用部署至AWS。本Skill涵盖项目脚手架搭建、IaC模板、CDK构造与模式、部署工作流、CI/CD流水线以及SAM与CDK的共存方案。
若需了解Lambda运行时行为、事件源、编排、可观测性与优化内容,请查看 aws-lambda skill

When to Load Reference Files

何时加载参考文件

Load the appropriate reference file based on what the user is working on:
  • SAM project setup, templates, deployment workflow, local testing, or container images -> see references/sam-project-setup.md
  • CDK project setup, constructs, CDK testing, or CDK pipelines -> see references/cdk-project-setup.md
  • CDK Lambda constructs, NodejsFunction, PythonFunction, or CDK Function -> see references/cdk-lambda-constructs.md
  • CDK serverless patterns, API Gateway CDK, Function URL CDK, EventBridge CDK, DynamoDB CDK, or SQS CDK -> see references/cdk-serverless-patterns.md
  • SAM and CDK coexistence, migrating from SAM to CDK, or using sam build with CDK -> see references/sam-cdk-coexistence.md
根据用户当前的工作内容加载对应的参考文件:
  • SAM项目搭建模板部署工作流本地测试容器镜像 → 查看 references/sam-project-setup.md
  • CDK项目搭建构造CDK测试CDK流水线 → 查看 references/cdk-project-setup.md
  • CDK Lambda构造NodejsFunctionPythonFunctionCDK Function → 查看 references/cdk-lambda-constructs.md
  • CDK无服务器模式API Gateway CDKFunction URL CDKEventBridge CDKDynamoDB CDKSQS CDK → 查看 references/cdk-serverless-patterns.md
  • SAM与CDK共存从SAM迁移至CDK结合使用sam build与CDK → 查看 references/sam-cdk-coexistence.md

Best Practices

最佳实践

SAM

SAM

  • Do: Use 
    sam_init
    with an appropriate template for your use case
  • Do: Set global defaults for timeout, memory, runtime, and tracing in the 
    Globals
    section
  • Do: Use 
    samconfig.toml
    environment-specific sections for multi-environment deployments
  • Do: Use 
    sam build --use-container
    when native dependencies are involved
  • Don't: Copy-paste templates from the internet without understanding the resource configuration
  • Don't: Hardcode resource ARNs or account IDs in templates — use 
    !Ref
    , 
    !GetAtt
    , and 
    !Sub
  • 建议:根据你的使用场景,配合合适的模板使用
    sam init
  • 建议:在
    Globals
    部分设置超时时间、内存、运行时与追踪的全局默认值
  • 建议:使用
    samconfig.toml
    的环境专属配置段实现多环境部署
  • 建议:当涉及原生依赖时,使用
    sam build --use-container
  • 禁止:直接复制粘贴网络上的模板而不理解其资源配置
  • 禁止:在模板中硬编码资源ARN或账户ID,请使用
    !Ref
    !GetAtt
    !Sub

CDK

CDK

  • Do: Use TypeScript — type checking catches errors at synthesis time, before any AWS API calls
  • Do: Prefer L2 constructs and 
    grant*
    methods over L1 and raw IAM statements
  • Do: Separate stateful and stateless resources into different stacks; enable termination protection on stateful stacks
  • Do: Commit 
    cdk.context.json
    to version control — it caches VPC/AZ lookups for deterministic synthesis
  • Do: Write unit tests with 
    aws-cdk-lib/assertions
    ; assert logical IDs of stateful resources to detect accidental replacements
  • Do: Use 
    cdk diff
    in CI before every deployment to review changes
  • Don't: Hardcode account IDs or region strings — use 
    this.account
    and 
    this.region
  • Don't: Use 
    cdk deploy
    directly in production without a pipeline
  • Don't: Skip 
    cdk bootstrap
    — deployments will fail without the CDK toolkit stack
  • 建议:使用TypeScript——类型检查可在合成阶段(调用AWS API之前)捕获错误
  • 建议:优先使用L2构造与
    grant*
    方法,而非L1构造与原始IAM语句
  • 建议:将有状态与无状态资源拆分至不同栈,并为有状态栈启用终止保护
  • 建议:将
    cdk.context.json
    提交至版本控制——它会缓存VPC/AZ查询结果,确保合成的确定性
  • 建议:使用
    aws-cdk-lib/assertions
    编写单元测试;断言有状态资源的逻辑ID,以检测意外的资源替换
  • 建议:在CI中每次部署前使用
    cdk diff
    查看变更
  • 禁止:硬编码账户ID或区域字符串,请使用
    this.account
    this.region
  • 禁止:在生产环境中直接使用
    cdk deploy
    而不通过流水线
  • 禁止:跳过
    cdk bootstrap
    ——若没有CDK工具栈,部署将失败

Configuration

配置

AWS CLI Setup

AWS CLI 配置

This skill requires that AWS credentials are configured on the host machine:
Verify access: Run 
aws sts get-caller-identity
to confirm credentials are valid
本Skill要求主机上已配置AWS凭证:
验证访问权限:运行
aws sts get-caller-identity
确认凭证有效

SAM CLI Setup

SAM CLI 配置

Verify: Run 
sam --version
验证:运行
sam --version

Container Runtime Setup

容器运行时配置

  1. Install a Docker compatible container runtime: Required for 
    sam_local_invoke
    and container-based builds
  2. Verify: Use an appropriate command such as 
    docker --version
    or 
    finch --version
  1. 安装兼容Docker的容器运行时
    sam local invoke
    与基于容器的构建需要依赖该运行时
  2. 验证:使用相应命令验证,如
    docker --version
    finch --version

AWS Serverless MCP Server

AWS Serverless MCP Server

Write access is enabled by default. The plugin ships with 
--allow-write
in 
.mcp.json
, so the MCP server can create projects, generate IaC, and deploy on behalf of the user.
Access to sensitive data (like Lambda and API Gateway logs) is not enabled by default. To grant it, add 
--allow-sensitive-data-access
to 
.mcp.json
.
默认启用写入权限。该插件在
.mcp.json
中内置了
--allow-write
配置,因此MCP Server可代表用户创建项目、生成IaC并执行部署。
默认不启用对敏感数据(如Lambda与API Gateway日志)的访问权限。若需开启,请在
.mcp.json
中添加
--allow-sensitive-data-access

SAM Template Validation Hook

SAM 模板验证钩子

This plugin includes a 
PostToolUse
hook that runs 
sam validate
automatically after any edit to 
template.yaml
or 
template.yml
. If validation fails, the error is returned as a system message so you can fix it immediately. The hook requires SAM CLI and 
jq
to be installed; if either is missing, validation is skipped with a system message. Users can disable it via 
/hooks
.
Verify: Run 
jq --version
本插件包含一个
PostToolUse
钩子,在每次编辑
template.yaml
template.yml
后会自动运行
sam validate
。若验证失败,错误信息将作为系统消息返回,以便你立即修复。该钩子需要安装SAM CLI与
jq
;若其中任意一项缺失,验证将被跳过并返回系统消息。用户可通过
/hooks
命令禁用该钩子。
验证:运行
jq --version

IaC framework selection

IaC框架选择

Default: CDK
Override syntax:
  • "use CloudFormation" → Generate YAML templates
  • "use SAM" → Generate YAML templates
When not specified, ALWAYS use CDK
默认:CDK
覆盖语法:
  • "use CloudFormation" → 生成YAML模板
  • "use SAM" → 生成YAML模板
若未指定,默认使用CDK

Language selection for CDK

CDK语言选择

Default: TypeScript
Override syntax:
  • "use Python" → Generate Python code
  • "use JavaScript" → Generate JavaScript code
When not specified, ALWAYS use TypeScript
默认:TypeScript
覆盖语法:
  • "use Python" → 生成Python代码
  • "use JavaScript" → 生成JavaScript代码
若未指定,默认使用TypeScript

Error Scenarios

错误场景

Serverless MCP Server Unavailable

Serverless MCP Server 不可用

  • Inform user: "AWS Serverless MCP not responding"
  • Ask: "Proceed without MCP support?"
  • DO NOT continue without user confirmation
  • 告知用户:"AWS Serverless MCP 无响应"
  • 询问用户:"是否在无MCP支持的情况下继续?"
  • 未获得用户确认前,禁止继续操作

Resources

资源