Integrating AWS SAM With GitHub Actions For CICD

By /






AWS SAM + GitHub Actions CI/CD Guide | Serverless










Integrating AWS SAM with GitHub Actions for CI/CD: Complete Guide

Published on | 14 min read

Automating deployments through CI/CD integration of AWS SAM with GitHub Actions dramatically improves reliability and velocity for serverless applications. This comprehensive guide walks through setting up a production-grade pipeline with testing, security scanning, and deployment workflows.

CI/CD pipeline diagram showing AWS SAM and GitHub Actions integration
Fig 1. End-to-end CI/CD workflow for AWS SAM with GitHub Actions

Why GitHub Actions for AWS SAM?

Key benefits of this integration:

  • Native GitHub integration without third-party services
  • Minute-based pricing (free for public repositories)
  • Preconfigured AWS and SAM actions in Marketplace
  • Unified workflow for code and infrastructure changes
  • Easy rollback through GitHub’s version control

Teams using this approach report 60% faster deployment cycles. Learn more about CI/CD for serverless in our foundational guide.

Step-by-Step Pipeline Setup

1. Configure AWS Credentials

Store credentials as GitHub Secrets:

# GitHub Secrets required:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION

Use IAM roles with least privilege permissions.

2. Create Workflow File

Add .github/workflows/deploy.yml:

name: SAM Deploy

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
      
    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v2
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ secrets.AWS_REGION }}

3. Add SAM Build & Test

    - name: Install SAM CLI
      run: pip install aws-sam-cli

    - name: Build SAM Application
      run: sam build

    - name: Run Unit Tests
      run: npm test # or pytest, etc.

4. Implement Deployment

    - name: Deploy to Staging
      if: github.ref == 'refs/heads/main'
      run: sam deploy --no-confirm-changeset --stack-name myapp-staging

Add approval step for production deployments.

Advanced Pipeline Features

Environment-Specific Deployments

jobs:
  deploy-staging:
    environment: staging
    steps: [ ... ]

  deploy-prod:
    needs: deploy-staging
    environment: production
    steps:
      - name: Manual Approval
        uses: trstringer/manual-approval@v1
        with:
          secret: ${{ secrets.DEPLOY_APPROVAL }}

Infrastructure Testing

- name: Run SAM Validate
  run: sam validate

- name: Run CFN Linter
  run: cfn-lint template.yaml

- name: Security Scan
  uses: shiftleftio/scan-action@master
  with:
    output: reports

Automated Rollbacks

- name: Deploy with Auto-Rollback
  run: |
    sam deploy --no-fail-on-empty-changeset 
      --stack-name myapp-prod 
      --on-failure DELETE

Best Practices

PracticeImplementationBenefit
Ephemeral EnvironmentsCreate per-PR environmentsIsolated testing
Pipeline ParallelizationRun tests concurrentlyFaster feedback
Secrets ManagementGitHub Secrets + Parameter StoreSecure configuration
Infrastructure Scanningcfn-nag, CheckovSecurity compliance

For security patterns, see our serverless security guide.

Sample Production Pipeline

name: Production Deployment

on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Environment'
        required: true
        default: 'staging'
      confirm:
        description: 'Type "deploy" to confirm'
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: ${{ github.event.inputs.environment }}
    steps:
    - uses: actions/checkout@v3
    - uses: aws-actions/configure-aws-credentials@v2
      with:
        role-to-assume: arn:aws:iam::123456789012:role/GitHubActionsRole
        aws-region: us-east-1
        
    - name: Build SAM App
      run: sam build
      
    - name: Run Integration Tests
      run: npm run test:integration
      
    - name: Deploy Stack
      run: sam deploy -t template.yaml 
        --stack-name ${{ github.event.inputs.environment }} 
        --capabilities CAPABILITY_IAM 
        --no-fail-on-empty-changeset

Troubleshooting Common Issues

Permission Errors

Solution: Ensure IAM role has:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudformation:*",
        "s3:*",
        "iam:*",
        "lambda:*",
        "apigateway:*"
      ],
      "Resource": "*"
    }
  ]
}

Build Timeouts

Solution: Optimize dependencies:

  • Use Lambda layers for common dependencies
  • Enable dependency caching in workflow
  • Reduce package size with .npmignore

Conclusion

Integrating AWS SAM with GitHub Actions creates a powerful, automated deployment pipeline for serverless applications. By implementing the patterns and best practices outlined in this guide, teams can achieve faster release cycles, improved reliability, and consistent infrastructure management.

Download the complete guide including workflow templates:

Download Full HTML Guide



Related Posts

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top