AWS SAM & CloudFormation
Difficulty: hard
Overview
AWS SAM: Open-source framework extending CloudFormation for serverless.
Transform: AWS::Serverless-2016-10-31
SAM Resource Types:
- AWS::Serverless::Function → Lambda + IAM role + event source mappings
- AWS::Serverless::Api → API Gateway REST API
- AWS::Serverless::SimpleTable → DynamoDB table
SAM CLI:
| Command | Purpose |
|---|---|
| sam init | Create project |
| sam build | Build artifacts |
| sam local invoke | Test Lambda locally |
| sam local start-api | Run API Gateway locally |
| sam deploy --guided | Deploy interactively |
| sam sync | Sync code changes instantly (dev) |
CloudFormation:
Key Intrinsic Functions: !Ref, !GetAtt, !Sub, !ImportValue, !FindInMap, !If.
Change Sets: Preview stack changes before execution.
DeletionPolicy: Retain, Snapshot, Delete (default).
Stack Policies: Prevent accidental updates to specific resources.
StackSets: Deploy across multiple accounts and regions.
cfn-signal: EC2 instance signals CloudFormation when bootstrap is complete. CreationPolicy with ResourceSignal.
Practice Linked Questions
Q1. A developer writes an AWS SAM template with an `AWS::Serverless::Function` resource. After running `sam deploy`, a reviewer inspects the CloudFormation stack and sees additional resources not in the SAM template. Why?
Select one answer before revealing.
Q2. A developer uses a CloudFormation template with hardcoded AMI IDs. The team deploys to multiple regions, but AMI IDs differ per region. How should the developer handle region-specific values without duplicating templates?
Select one answer before revealing.
Q3. A developer needs to share an S3 bucket ARN created in a "common-infrastructure" CloudFormation stack with a "web-app" stack. What is the correct CloudFormation mechanism?
Select one answer before revealing.