AWS SAM and CI/CD with Bitbucket Pipelines: Complete Integration Guide
Building Your CI/CD Foundation with SAM and Bitbucket
Combining AWS SAM with Bitbucket Pipelines creates a powerful serverless CI/CD pipeline that automates testing, building, and deployment of serverless applications. This integration enables:
- Automatic deployments on code commits to specified branches
- Parallel testing of serverless functions
- Infrastructure-as-Code validation with CloudFormation
- Environment-specific deployments (dev/stage/prod)
- Rollback capabilities for failed deployments
The core workflow begins with developers pushing code to Bitbucket, triggering the pipeline which uses the AWS SAM CLI to package and deploy resources through CloudFormation.
Configuring Your Bitbucket Pipeline
Essential bitbucket-pipelines.yml
pipelines:
branches:
main:
- step:
name: Build and Test
image: amazon/aws-sam-cli
script:
- sam build
- sam test
artifacts:
- .aws-sam/**
- step:
name: Deploy to Production
deployment: production
script:
- sam deploy --stack-name prod-stack
--capabilities CAPABILITY_IAM
--s3-bucket $AWS_S3_BUCKETRequired Environment Variables
AWS_ACCESS_KEY_ID: IAM user access keyAWS_SECRET_ACCESS_KEY: IAM user secretAWS_DEFAULT_REGION: Deployment regionAWS_S3_BUCKET: SAM artifact storage
Store these securely in Bitbucket’s repository variables for security.
“Integrating SAM with Bitbucket Pipelines creates the shortest path from code commit to production deployment for serverless applications. Always implement pipeline approvals for production environments and validate CloudFormation changes before deployment.”
Advanced Deployment Patterns
Implement robust deployment methodologies:
Blue/Green Deployments
Use SAM’s traffic shifting to deploy new versions alongside existing ones, with automated canary testing.
Multi-Stage Pipelines
Separate deployment steps for dev, staging, and production with manual approval gates.
Example pipeline stage for canary deployments:
- step:
name: Canary Deployment
script:
- sam deploy --template-file template.yaml
--stack-name myapp-stack
--capabilities CAPABILITY_IAM
--s3-bucket $S3_BUCKET
--parameter-overrides Stage=canary
--no-fail-on-empty-changesetAWS SAM Essentials
CI/CD Best Practices
Security and Compliance Patterns
Critical security considerations for your pipeline:
- IAM Roles: Use minimal permissions with AWS IAM roles instead of long-term credentials
- Secrets Management: Store sensitive data in AWS Parameter Store or Secrets Manager
- Pipeline Permissions: Limit Bitbucket access to specific repositories and branches
- Infrastructure Scanning: Integrate cfn-nag for CloudFormation security checks
Example secure permissions policy for deployment role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:*",
"s3:*",
"lambda:*"
],
"Resource": "*"
}
]
}Performance Optimization Techniques
Caching Dependencies
definitions:
caches:
node_modules: node_modules
python_pkgs: .venvParallel Testing
script:
- sam build
- sam test --parallelKey optimization strategies:
- Use SAM Accelerate for faster iterative development
- Implement pipeline caching for dependencies
- Configure timeout limits for deployment steps
- Use spot instances for compute-intensive tasks
- Monitor pipeline performance with Bitbucket Insights
Troubleshooting Common Issues
Common challenges and solutions:
| Issue | Solution |
|---|---|
| Permission errors | Verify IAM roles and scope permissions |
| Deployment timeouts | Increase timeout limits in SAM template |
| Failed resource creation | Check CloudFormation events in AWS Console |
| Environment variable mismatches | Validate parameter store values |
Enable detailed logging with:
sam deploy --debug --verbose