## AWS CLIs and APIs

### Introduction to AWS API Management Console CLI SDK

Four ways we can interact with AWS.

APIs are the entry point of AWS and to interact with them, you a user, you have to make an HTTPS request to that API.

Let's take a look at how you could do that.
Let's say that you wanted to create a new S3 bucket.
So, 
* the first thing you will do is browse the documentation.
* You'll browse the docs at aws.amazon.com.
* Then click on Amazon S3 in the list,
* you will click on the HTML, a link for the API reference.
* Then you will expand S3 reference, expand the actions, expand Amazon Simple Storage Service.
* And then there it is, CreateBucket is right there.

You can find every details for each of the APIs of AWS by following the exact same path that I just went through.

In fact, doing everything over the API is the hardest way you can interact with AWS.
The easiest way is via a graphical user interface that is available over the web that we call the AWS Management Console.
Which really, behind the scenes, it's interacting with the AWS APIs directly.

However, it becomes harder to work with when you want to repeat a task.

For example, let's say you wanted to create a few buckets in different regions.
Now, you will have to change your region, click on 'create bucket' again, fill everything like you did before, and really remember everything that you've done and then not mess up in between all of those tries. That's a lot of work.

The better option here is for you to use the AWS Command Line Interface, or CLI, which is like the AWS Management Console, it uses the API of AWS behind the scenes.

So, to interact with the CLI, you will use the AWS command.
For example, I can type 'aws help'.
What I can now see below is it's using the last tool to show me the documentation in the multi page format.

The structure of the command, it actually starts with the AWS keyword.
Yeah, it's the CLI itself, then the options, then a command, a sub command and then parameters. 

Example:
![image.png](attachment:30e365e2-14c9-49fe-9612-8153fda50601.png)

How to get help on this cmd:
Well, you type aws S3 help. And there it is. Now, what I can find out here is the documentation for the S3 command. But if I continued into scrolling towards the bottom, what I'm going to find are the available commands, the sub commands to S3 itself.
So the one that I'm interested in, if you remember, that is the mb side, right there. So how do I find documentation about that?
aws S3 mb help. And this is where I can find that, 
here's an example, that's how you specify a name of a bucket, aws S3 mb S3://, and then the name of the bucket that is right there.

That's one of the ways that I'm able to go and find this. And another option is to... well, to find the exact same information
is to go through the AWS documentation. So --going to aws.amazon.com on their documentation, I can click on 'view all documentation', somewhere in this space page, I'm going to be able to find the AWS Command Line Interface and clicking on that,
I'm going to click on under the CLI reference on HTML. And if I click on this, what I can see here and is if I continue to scrolling and scrolling, like we did earlier, I'm going to find S3 at some point. Hmm, there are two S3 though, S3 and then  S3api. S3 is the high level CLI while S3api is the low level, almost direct API level access. So clicking on S3, I can scroll again to the available commands, towards the bottom of that page, and in there it is, I can find mb again, that same sub command. And then now I can see that exact same documentation that we were looking at a little bit earlier via the CLI.

We saw earlier that the CLI was interacting directly with the API, It's not really interacting directly with the API. In fact, it goes through the SDK to interact with the API. It uses the Python SDK to go and do that.
Okay. How do I learn more about this SDK? Let me go back to my browser here. If I go to aws.amazon.com/tools, I can find interesting resources for each of the languages that you see at the very top there. We will explore the SDK soon later.

Okay. So you now understand that there are four ways to interact with AWS, 
* going directly to the API, which I don't recommend, because, well, it's too hard.
* The Management Console, for when you start...
* the CLI, for repeatable tasks
* and the SDK for your code to interact with AWS.

All of those uses the API of AWS to reach the services of AWS.

![image.png](attachment:c68b2cfe-8837-40dc-8e03-7c38bed5eae7.png)


<pre>


    
</pre>
### AWS CLI Configuration

Configuration is really just one command, AWS Configure.
Once you submit that command, you get prompted with four things to input. 

The first two prompts you get are asking for your AWS Access Key ID and your AWS Secret Access Key. These keys are associated with an AWS Identity and Access Management, or IAM, user or all that determines what permissions you have and are used anytime you make an API call to AWS. By default, these are stored in the AWS credentials location specific to your operating system. The keys are the only part of the configuration that are stored in this location. 

The other parts, region and output are stored in the AWS config path or folder by default. Speaking of region, it's the third prompt in our configuration group. Default region name refers to the AWS region you want to be used as your default for your calls. Because the AWS CLI needs to know what regional endpoints to send your requests, a region must be specified either through this configuration or explicitly in the commands you later provide.
The final variable in the configuration is the default output format. If this is left blank, output received from calls will be displayed in JSON. Your other options are YAML, text and an ASCII-formatted table.

One further part of the configuration that I'd like to mention is the ability to create profiles. If you append hyphen profile
to your AWS configure command, you're able to name and configure a specific profile with its own keys, default region, and default output format.

Let's consider the example of different accounts.
In this example, you've split your accounts so that you're not managing test and production resources in the same account.
In account A, you have your test environment. You have the ability to create and test AWS Lambda functions that are
being used for your distributed application.
In account B, you have your production environment. Once everything has gotten the green light, you would be able to launch a function into the production environment so that it can start processing as part of your application.

You wouldn't want to launch an untested update to your functions in your production environment and you wouldn't want to
accidentally delete a function still in use from your production environment. If you utilize your named profiles, you could be sure that you were only operating in the intended account, by purposefully acting as a specific profile.
Name the profile with the account A credentials test, and name the account B credential profile probe.
Now, whenever you want to make a call using account A, you would just make the call as the test profile. You can make those calls without having to worry that you're affecting the wrong environment.

<pre>


    
</pre>
### Cloud9, AWS APIs, AWS CLI

#### <ins>AWS APIs</ins>
Everything in AWS is an API call and every AWS Service has its own set of APIs that you interact with. When you send HTTP requests to AWS, you sign the requests so that AWS can identify who sent them. You sign requests with your AWS access key, which consists of an access key ID and secret access key. You need to sign HTTP requests only when you manually create them. When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to send requests to AWS, these tools automatically sign the requests for you with the access key that you specify when you configure the tools. When you use these tools, you don't need to learn how to sign requests yourself.

To read about how requests need to be signed, click here: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html

#### <ins>AWS Command Line Interface</ins>
The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell.

Installation of the AWS Command Line Interface is fairly straightforward, and <b>if you’re using Amazon EC2 instances or AWS Cloud9, the tools are already installed for you.</b>

After configuration, the AWS CLI enables you to start running commands that implement functionality equivalent to that provided by the browser-based AWS Management Console from the command prompt in your favorite terminal program:

* Linux shells – Use common shell programs such as bash, zsh, and tcsh to run commands in Linux or macOS.

* Windows command line – On Windows, run commands at the Windows command prompt or in PowerShell.

* Remotely – Run commands on Amazon Elastic Compute Cloud (Amazon EC2) instances through a remote terminal program such as PuTTY or SSH, or with AWS Systems Manager.

Read information about the AWS CLI at: https://aws.amazon.com/cli/

Read information about installing the AWS CLI at: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html

Read information about configuring the AWS CLI at: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

### <ins>AWS Cloud9</ins>
AWS Cloud9 operates as a cloud-based IDE, and has a wide variety of functionality already built in to help you with the development of and collaboration on your projects. A particular area where Cloud9 can assist is when working with the AWS Command Line Interface. Because the CLI tools are already installed in your environment, all you need to do is configure them to get started.

You access the AWS Cloud9 IDE through a web browser. You can configure the IDE to your preferences. You can switch color themes, bind shortcut keys, enable programming language-specific syntax coloring and code formatting, and more.

Read more about Cloud9 at: https://docs.aws.amazon.com/cloud9/latest/user-guide/welcome.html

AWS Cloud9 managed temporary credentials have permission restrictions on their own which may restrict some API calls you are using. You can find the list of those restrictions at:

https://docs.aws.amazon.com/cloud9/latest/user-guide/auth-and-access-control.html#auth-and-access-control-temporary-managed-credentials-supported

### <ins>AWS Credentials and Programmatic Access</ins>
Read about best practices with AWS Credentials here: https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

<pre>




    
</pre>
### AWS SDK Exploration (Python)

Let us see how to install and use the AWS SDK for Python, otherwise known as boto3.

You can see I'm already logged into this Cloud9 instance.
And before anything, I want to check the version of Python installed on the instance by running Python --version. And that came back with Python 3.6.10.

So now I'm going to use pip to download the AWS SDK. And again, this is called boto3.
So now we're going to go ahead and run pip install boto3.

let's take a few minutes to discuss the two ways you can interact with AWS APIs using boto3.

In boto3 you can use the client or the resource to interact with AWS APIs. The client is a low level interface to AWS, whose methods map close to one to one with the service APIs. And it requires some more granular knowledge of the API. The low level client will return a response to you as a Python dictionary. It is up to you to traverse or otherwise process the response for the data that you need.

The other way to interact with AWS and boto3 is a resource. The resource is a higher level mapping to the AWS API, that is object oriented in nature. It's really a wrapper around the low level API, trying to make your life much easier. Each resource has actions that are more intuitive. However, resources only expose a subset of AWS APIs, and therefore you cannot do everything with a resource. Resources do however, return to you collections of objects and handle pagination, where the client  doesn't.

Code using the resource can be much simpler and easier to read and write, so if you can use it, go ahead and use the resource.
If you need a specific API call that doesn't exist as an action on the resource, you would need to use the client. Nothing prevents you from using both, as the client interface is actually available within the resource interface. Once you have a client or resource, you can then invoke the method on that object which will then call the AWS API for you.

Let's take a look at a simple example of listing all the objects in an S3 bucket using first a client and then a resource.

I have this client.py and resource.py.
So let's take a look at the client first.
If I open this up, you can see the first thing I'm doing is importing boto3. So by putting this import boto3 here that's going to allow me to have access to the AWS SDK throughout my script. Next, I am creating the client object here by calling boto3.client, passing in the name of the service that I want the client for. In this case, that's S3, and then I'm storing that in the client object. Then I'm calling client.list_objects. So list objects is an API from S3, and I'm passing in this bucket name, aws-bma-test. This is just a bucket that I already have in my account. It's just a test bucket and then I'm storing that in a response. Again, that's going to come back as a Python dictionary. So the next I'm actually iterating over all the contents that came back in that response. And I am then calling the get_object method off of the S3 client for each individual object in that bucket, providing the key and the bucket. And then I'm printing out the key name as well as the last modified date for those objects. So this is how I would list all of the objects in that S3 bucket using the client.

![image.png](attachment:9046c9b9-b088-4f4f-b14a-ac6ef8d898f6.png)

Now let's go ahead and look at how we do that for the resource.
So I'll open up resource.py. And again, first thing I'm importing boto3, then I am calling boto3.resource passing in the service name being S3, that's going to give me the resource interface to AWS. Then if I want to get the bucket from S3, I call S3.Bucket. So that gives me back the bucket as an object instead of as a Python dictionary. And then I can say for object in bucket.objects.all so you can see that's a little bit more readable as the resource and it was with the client. And then I'm printing the key and the last modified date for each object in that bucket. And then down here, I just threw in the boto3.resource for S3.meta.client. 

![image.png](attachment:bc77f871-408e-4919-9ebd-1ad3a807e4a6.png)

I just wanted to show you how to get the client interface from the resource interface. So this is how you actually access
the client from the resource. And if I kind of just make these side by side really quick like that, you can see the differences a little bit more clearly.

![image.png](attachment:758f21fe-ed43-4e07-806e-78a213ee1d8a.png)

Another thing to note about boto3 is that there are something called sessions. When you create a client or resource
a default session is created for you. The session contains information like your AWS credentials, and what AWS region you are submitting your API calls to.

When working with large datasets, you might download an entire object from S3 and then go through it line by line searching for relevant data, applying filters to the data probably in your application logic, in your code. This can be expensive and time consuming.
You might be looking for ways to reduce the amount of data you are reading and therefore transferring from your bucket in order to save cost or to save processing time. <b>S3 Select</b> allows you to do just that.

Using S3 Select, you can submit a SQL query and S3 will only return the relevant data. All of the processing and filtering happens on the S3 side. This is cheaper and faster than downloading the entire object when you only need a subset of the data. We will be using this API throughout the course as it needs to query our dragon data using SQL. S3 Select only supports certain formats of data to be queried. And in our situation the data is in JSON format, which is supported by S3 Select.

Another AWS service we will be using in our code is AWS Systems Manager Parameter Store. Parameter Store lets you store and retrieve key value pairs that are user defined. And we're going to use this service to store our S3 bucket name or their dragon data is located as well as the file name. That way if the bucket or file ever changes, we won't need to go back in and change the code. Instead, the parameter can be updated in Parameter Store and the code will always pull the latest information every time it is run. That is always the code is going to be doing for now. 

Alright, so now let's open up the file that contains the code that we will be using throughout the course and go over it. Alright, so I'm going to go ahead and close out of these two. And then let's open up app.py. This is the file that I'm going to be using for the dragon application code for listing the dragons. As you can see, I am again importing boto3 first so that I can use the AWS SDK throughout the script. Then you can see that I am creating the S3 client by creating the resource in this
specific region, us-east-1, and then I'm calling .meta.client, which is allowing me to access the client through the resource.
Then I'm creating the client for Systems Manager or what we're calling SSM here. So SSM being the service name and Parameter Store is a part of the service Systems Manager. Next, we are using Systems Manager on line five and six here to grab the dragon data bucket name and the dragon data file name. And this is grabbing the information from Parameter Store and storing it in the bucket name and file name variables. On line eight, we are defining a method called listDragons. And then we are setting up an expression. This is our SQL query that we're going to be using. Right now, it's just select * from s3object s. Over time, we're going to add to this so that we're actually doing filtering and not just doing select *. But just for ease of getting started,
we're just doing select *. So we want to see all of the data come back from our S3 object, that dragon data being stored in S3.
So then on line 12, we're calling s3.select_object_content. Passing in the bucket name, the file name, the expression type, the expression, the type of the document as well as the type of the output that we want. So we're pulling the bucket name from up top as well as the file name, the expression type being sequel, The sequel expression being that select * from S3 object. And then we're using JSON from both the input and the output. Then if I scroll down, we are looping over all of the events in the result that came back from that API call. And then we are just printing out those records. And then down at the bottom, I'm calling listDragons, which will of course, call this method and actually kick it off when I run this Python file. 

![image.png](attachment:5ea0240a-b625-4897-873c-8a81cb75efcd.png)

So let's go ahead and run ```python app.py```. And you can see here if I make this bigger, you can see here that this is all of our dragon data. 

![image.png](attachment:5a8f136e-2e14-430b-b5ae-6ba93cdb9dde.png)


<ins>some words about the credentials</ins>

While you could pass your credentials into the client, I would not recommend that you do that. Because then anyone who has your code also has your credentials.

The AWS SDK will handle locating the credentials for you. At no point should you ever hard code AWS credentials into your code.

The SDK will check for your credentials in this order.
* First, it will see if you pass the credentials as parameters in the boto client method. Don't do this unless you absolutely have to.
* Then it will check the session to see if you pass the credentials and its parameters. Again, don't do this.
* Next, it will check the environment variables. Then it will check the credentials in the config files that get created when you run the AWS configure command from the command line. This is not that much better than including the credentials in your code.
* And finally, it will check the instance metadata service which exists on Amazon EC2 instances that have an IAM role associated. That is the preferred way to use AWS credentials. The IAM role will allow your code to access temporary credentials, which is more secure than embedding them or hard coding them or using a file.

In this case, we are developing on a Cloud9 instance. So the credentials will be retrieved from the managed credentials that we  talked about in an earlier video. If you were developing locally, you would want to make sure that your configuration and
credentials files were configured with your region, AWS access key ID and AWS secret access key since your local machine doesn't have an instance metadata service. The same thing applies if you were to run this code on a server on premises.


<pre>


    
</pre>
### Using Temporary Credentials in AWS Cloud9

![image.png](attachment:3e80cdd5-73f5-4ed4-8e92-0b88ae9f8b8f.png)


Credentials can be stored in your home directory, under the .aws folder in the file "credentials". Credentials are an access key, a secret key and then a token. Credentials are replaced every five minutes. Every five minutes Cloud9 will automatically rewrite this file with brand new credentials. That's why it says at the top of the file here, not to modify the credentials. The way it works is that Cloud9 automatically generates credentials that have some pretty huge permission in the IAM policy.

As I mentioned, for security purposes, those credentials are currently being rotated every five minutes. So never modify the file I'm showing you right now. If you do, it will get overwritten within five minutes. Those credentials will also get regenerated if you reload the web browser tab of your IDE - or if the timestamp in that file is actually reached as the one you see on the screen right now.

What if you don't want to use these temporary credentials, either because you want to share your environment with someone else,
and you don't want them to have the same access as you, or because you are trying to do certain actions that the managed temporary credentials won't allow you to do, like creating an IAM user. The first thing to do is to go and disable that feature --by clicking on the AWS Cloud9 menu, selecting Preferences, and then a little bit underneath there clicking on AWS settings, and then under Credentials, the toggle for AWS managed temporary credentials is right there.

So first, let me leave it on and try to do list the content of my Building Modern Apps dragon data bucket in my account by sending in my bash terminal the command in this AWS CLI command, ```aws s3 ls```, and then the name of my bucket. And then as you can see here, this command executed and I can see that it returned the content of my bucket which is only one object. 

![image.png](attachment:ed9e84d6-5e49-41f5-92f3-78d39e4fc104.png)

Now, let me turn this AWS managed temporary credential settings off, and then what I'm going to do is re-execute that command again and then we list the bucket.

As you can see, I get an error saying, Unable to locate credentials, which will be right because the file, "credentials" is gone. As you can see here, me listing the ~/.aws directory, it's empty.

![image.png](attachment:70a93bba-fd90-4e83-837f-42899cba4501.png)

From this point, we have two options to fix this. 

<b>The first option is to attach an IAM role to the EC2 instance that was created by launching this Cloud9 instance.</b>

I need to go to the EC2 console to change that role. So to go back to the EC2 console, I will click on the Cloud9 menu, then click on, Go To Your Dashboard, which brings me to the AWS Console. Then under services, I will click under EC2. I'll then navigate to my instances and just click on Instances. Then I will find my AWS Cloud9 instance which starts with aws-cloud9,
then I'll click on Actions, Instance Settings, Attach/Replace IAM Role, and then I am going to select a role that I have already created containing the permissions that I'm looking for. I will click the Apply button and hit Close. 

Okay, back into my Cloud9 terminal now, I can execute the exact same command again for listing my bucket.

And there it is, I can see and then I get the exact same output that I had a little bit earlier, as I expected, because we just gave this Cloud9 instance access via an IAM role.

![image.png](attachment:6d75ed17-4149-4c3a-b740-707b06b70b54.png)

The second option to bring credentials within my Cloud9 environment for my code to run is not to hard code credentials in the code. It's to add an access key and secret key to my credentials file. I have already generated those credentials
for my IAM user. So I can add them via the AWS CLI, aws configure. Then I enter my access key and I enter my secret key, I select my default region, which is ca-central-1 in this case, and then I'll leave the output format to default.  Again, don't bother trying to use these credentials. I already deleted them by the time you're checking this. Okay, this created the credentials file, as you can see here, as I'm listing it, there it is. 

It's the same credentials file that we listed a little bit earlier. You can understand that if I had my managed temporary credentials setting enabled right now, it will override this file within five minutes, so you can't use both.

![image.png](attachment:3547b336-446b-4990-b909-88fa0cc00899.png)

Now, I'll try to list my bucket again. And then, as you can see here, it works. So I get exactly the same response that I expected. Although I only showed you examples with the CLI today, this is exactly how it works with the AWS SDK as well, so no need to hard code credentials in your code anywhere when you're coding in Cloud9.

If you have issues in the future with certain commands that should be allowed via your IAM user, but aren't allowed in Cloud9, you'll know why.

<pre>


    
</pre>
### Serverless Application Model

The AWS Serverless Application Model, or SAM, is an open source framework for building serverless applications.

A serverless application in this case is a combination of AWS Lambda functions, event resources, and other resources that work together to perform your distributed tasks. 
SAM consists of two main components, 
* AWS SAM template specification, and
* AWS SAM Command Line Interface.

The SAM template specification is used to define the serverless application. It provides you with the syntax to describe everything that makes up your serverless application.

<pre>


    
</pre>
### AWS Toolkit for PyCharm

![image.png](attachment:eb4efbf3-7824-4da0-82cb-9d95efc8fad3.png)

![image.png](attachment:77413d21-bf13-4ca2-9be9-e2caa5d3e66c.png)

![image.png](attachment:df44b125-3c87-4b7e-ae44-650c01ed7f45.png)

![image.png](attachment:c0fb0ac9-1475-4e2c-b57f-cb1d7593d576.png)

![image.png](attachment:87cc7092-f959-4df9-8c63-8fc5b19f8379.png)

<pre>


    
</pre>
### Cloud9 Temporary Credentials, AWS SDK, AWS Toolkits, AWS SAM-Python

### <ins>Cloud9 Managed Credentials</ins>

Throughout this course we will be calling AWS APIs from programs or commands running in Cloud9 Instances. It is recommended that you do not hard code your AWS credentials into your code for any reason, and you should rely on <b>IAM Role Based Access</b> as much as possible. To read more about Role Based Access in AWS please click here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

In Cloud9, by default, Roles are not being used for permissions, instead Cloud9 uses managed credentials. To read more about <b>Cloud9 Managed Credentials</b> click here:

https://docs.aws.amazon.com/cloud9/latest/user-guide/how-cloud9-with-iam.html#sec-auth-and-access-control-temporary-managed-credentials

### <ins>AWS SDK for Python </ins>
To install the AWS SDK for Python please read the following instructions: https://aws.amazon.com/sdk-for-python/

<b>What is Boto3?</b>

Boto3 is the AWS SDK for Python. It enables Python developers to create, configure, and manage AWS services, such as EC2 and S3. Boto3 provides an easy to use, object-oriented API through the resource, as well as low-level access to AWS services through the client.

Please ensure you get familiar with the boto3 documentation to get a better idea of how the SDK works, and what API calls can be made using the SDK.

<b>Boto3 Documentation:</b> https://boto3.amazonaws.com/v1/documentation/api/latest/index.html


<b>Client:</b> Clients provide a low-level interface to AWS whose methods map close to 1:1 with service APIs. All service operations are supported by clients. Clients are generated from a JSON service definition file.


<b>Resource:</b> Resources represent an object-oriented interface to AWS. They provide a higher-level abstraction than the raw, low-level calls made by service clients.


<b>Session:</b> A session manages state about a particular configuration. By default, a session is created for you when needed. However, it's possible and recommended that in some scenarios you maintain your own session. Sessions typically store the following:

* Credentials

* AWS Region

* Other configurations related to your profile


<b>Credentials:</b> Boto3 credentials can be configured in multiple ways. Regardless of the source or sources that you choose, you must have both AWS credentials and an AWS Region set in order to make requests.

If you want to learn more about how boto3 got its name and how it came to be, read this blog post: https://aws.amazon.com/blogs/aws/now-available-aws-sdk-for-python-3-boto3/ 

The <b>AWS Systems Manager Parameter Store</b> API will be used throughout the course demos. 

Parameter Store is a service that provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values.

Read more about Parameter Store here: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html

Below you can find information about the two AWS APIs we used in the demo code in the Boto3 Documentation:

* <b>Parameter Store Boto3 Documentation:</b> https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ssm.html

* <b>S3 Select Boto3 Documentation:</b> https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3.html

### <ins>AWS Toolkit and AWS Serverless Application Model </ins>
The AWS Toolkit for PyCharm is an open source plug-in for the PyCharm IDE that makes it easier to create, debug, and deploy Python applications on Amazon Web Services. With the AWS Toolkit for PyCharm, you can get started faster and be more productive when building applications with PyCharm on AWS. The toolkit provides an integrated experience for developing serverless applications, including assistance for getting started, step-through debugging, and deploying from the IDE.

The AWS Toolkit uses the <b>AWS Serverless Application Model</b> (AWS SAM) to create and manage AWS resources like AWS Lambda Functions.

AWS SAM is an open-source framework that you can use to build serverless applications on AWS.

The AWS Serverless Application Model provides a great way to codify your distributed application build, providing many of the benefits you find directly with Amazon CloudFormation.

A serverless application is a combination of Lambda functions, event sources, and other resources that work together to perform tasks. Note that a serverless application is more than just a Lambda function—it can include additional resources such as APIs, databases, and more.

You can use AWS SAM to define your serverless applications in a declarative way. AWS SAM consists of the following components:

* AWS SAM template specification. You use this specification to define your serverless application. It provides you with a simple and clean syntax to describe the functions, APIs, permissions, configurations, and events that make up a serverless application. You use an AWS SAM template file to operate on a single, deployable, versioned entity that's your serverless application.

* AWS SAM command line interface (AWS SAM CLI). You use this tool to build serverless applications that are defined by AWS SAM templates. The CLI provides commands that enable you to verify that AWS SAM template files are written according to the specification, invoke Lambda functions locally, step-through debug Lambda functions, package and deploy serverless applications to the AWS Cloud, and so on.

For more information on AWS SAM read here: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html

For more information on the AWS ToolKit for PyCharm read here: https://docs.aws.amazon.com/toolkit-for-jetbrains/latest/userguide/welcome.html

For information on installing Docker read here: https://docs.docker.com/get-docker/

For information on installing SAM for Windows, Linux, Mac read here: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html

<pre>


    
</pre>
### Introduction to Lab1

In this first lab, you will install and configure the AWS Command Line Interface (AWS CLI) and software development kit (SDK). After you install the lab requirements, you will create an Amazon Simple Storage Service (Amazon S3) bucket and deploy a web application to the bucket. Then, you will set up data in the S3 bucket and configure AWS Systems Manager parameters for the Dragons application. After you create all the resources, you will explore the application.