Agent-plugins aws-serverless-deployment

AWS SAM and AWS CDK deployment for serverless applications. Triggers on phrases like: use SAM, SAM template, SAM init, SAM deploy, CDK serverless, CDK Lambda construct, NodejsFunction, PythonFunction, SAM and CDK together, serverless CI/CD pipeline. For general app deployment with service selection, use deploy-on-aws plugin instead.

install

source · Clone the upstream repo

git clone https://github.com/awslabs/agent-plugins

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/awslabs/agent-plugins "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/aws-serverless/skills/aws-serverless-deployment" ~/.claude/skills/awslabs-agent-plugins-aws-serverless-deployment && rm -rf "$T"

manifest: plugins/aws-serverless/skills/aws-serverless-deployment/SKILL.md

source content

AWS Serverless Deployment

Deploy serverless applications to AWS using SAM or CDK. This skill covers project scaffolding, IaC templates, CDK constructs and patterns, deployment workflows, CI/CD pipelines, and SAM/CDK coexistence.

For Lambda runtime behavior, event sources, orchestration, observability, and optimization, see the aws-lambda skill.

When to Load Reference Files

Load the appropriate reference file based on what the user is working on:

SAM project setup, templates, deployment workflow, local testing, or container images -> see references/sam-project-setup.md
CDK project setup, constructs, CDK testing, or CDK pipelines -> see references/cdk-project-setup.md
CDK Lambda constructs, NodejsFunction, PythonFunction, or CDK Function -> see references/cdk-lambda-constructs.md
CDK serverless patterns, API Gateway CDK, Function URL CDK, EventBridge CDK, DynamoDB CDK, or SQS CDK -> see references/cdk-serverless-patterns.md
SAM and CDK coexistence, migrating from SAM to CDK, or using sam build with CDK -> see references/sam-cdk-coexistence.md

Best Practices

SAM

Do: Use
```
sam_init
```
with an appropriate template for your use case
Do: Set global defaults for timeout, memory, runtime, and tracing in the
```
Globals
```
section
Do: Use
```
samconfig.toml
```
environment-specific sections for multi-environment deployments
Do: Use
```
sam build --use-container
```
when native dependencies are involved
Don't: Copy-paste templates from the internet without understanding the resource configuration
Don't: Hardcode resource ARNs or account IDs in templates — use
```
!Ref
```
,
```
!GetAtt
```
, and
```
!Sub
```

CDK

Do: Use TypeScript — type checking catches errors at synthesis time, before any AWS API calls
Do: Prefer L2 constructs and
```
grant*
```
methods over L1 and raw IAM statements
Do: Separate stateful and stateless resources into different stacks; enable termination protection on stateful stacks
Do: Commit
```
cdk.context.json
```
to version control — it caches VPC/AZ lookups for deterministic synthesis
Do: Write unit tests with
```
aws-cdk-lib/assertions
```
; assert logical IDs of stateful resources to detect accidental replacements
Do: Use
```
cdk diff
```
in CI before every deployment to review changes
Don't: Hardcode account IDs or region strings — use
```
this.account
```
and
```
this.region
```
Don't: Use
```
cdk deploy
```
directly in production without a pipeline
Don't: Skip
```
cdk bootstrap
```
— deployments will fail without the CDK toolkit stack

Configuration

AWS CLI Setup

This skill requires that AWS credentials are configured on the host machine:

Verify access: Run

aws sts get-caller-identity

to confirm credentials are valid

SAM CLI Setup

Verify: Run

sam --version

Container Runtime Setup

Install a Docker compatible container runtime: Required for
```
sam_local_invoke
```
and container-based builds
Verify: Use an appropriate command such as
```
docker --version
```
or
```
finch --version
```

AWS Serverless MCP Server

Write access is enabled by default. The plugin ships with

--allow-write

.mcp.json

, so the MCP server can create projects, generate IaC, and deploy on behalf of the user.

Access to sensitive data (like Lambda and API Gateway logs) is not enabled by default. To grant it, add

--allow-sensitive-data-access

.mcp.json

SAM Template Validation Hook

This plugin includes a

PostToolUse

hook that runs

sam validate

automatically after any edit to

template.yaml

template.yml

. If validation fails, the error is returned as a system message so you can fix it immediately. The hook requires SAM CLI and

jq

to be installed; if either is missing, validation is skipped with a system message. Users can disable it via

/hooks

Verify: Run

jq --version

IaC framework selection

Default: CDK

Override syntax:

"use CloudFormation" → Generate YAML templates
"use SAM" → Generate YAML templates

When not specified, ALWAYS use CDK

Language selection for CDK

Default: TypeScript