# Install the AWS SAM CLI Install the latest release of the AWS Serverless Application Model Command Line Interface (AWS SAM CLI) on supported operating systems by following instructions in [Step 4: Install the AWS CLI](prerequisites.md#prerequisites-install-cli). For information on managing a currently installed version of the AWS SAM CLI, including how to upgrade, uninstall, or manage nightly builds, see [Managing AWS SAM CLI versions](manage-sam-cli-versions.md). **Is this your first time installing the AWS SAM CLI?** Complete all [prerequisites](prerequisites.md) in the previous section before moving forward. This includes: Signing up for an AWS account. Setting up secure access to AWS. Creating an access key ID and secret access key. Installing the AWS CLI. Configuring AWS credentials. **Topics** + [ ## Installing the AWS SAM CLI ](#install-sam-cli-instructions) + [ ## Troubleshooting installation errors ](#sam-cli-troubleshoot-install) + [ ## Next steps ](#install-sam-cli-next-steps) + [ # Optional: Verify the integrity of the AWS SAM CLI installer ](reference-sam-cli-install-verify.md) ## Installing the AWS SAM CLI **Note** Starting September 2023, AWS will no longer maintain the AWS managed Homebrew installer for the AWS SAM CLI (`aws/tap/aws-sam-cli`). If you use Homebrew to install and manage the AWS SAM CLI, see the following options: To continue using Homebrew, you can use the community managed installer. For more information, see [Managing the AWS SAM CLI with Homebrew](manage-sam-cli-versions.md#manage-sam-cli-versions-homebrew). We recommend using one of the first party installation methods that are documented on this page. Before using one of these methods, see [Switch from Homebrew](manage-sam-cli-versions.md#manage-sam-cli-versions-switch). For additional details, refer to [Release version: 1.121.0](https://github.com/aws/aws-sam-cli/releases). To install the AWS SAM CLI, follow the instructions for your operating system. ### Linux ------ #### [ x86\$164 - command line installer ] 1. Download the [AWS SAM CLI .zip file](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip) to a directory of your choice. 1. **(Optional)** You can verify the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md). 1. Unzip the installation files into a directory of your choice. The following is an example, using the `sam-installation` subdirectory. **Note** If your operating system doesn't have the built-in **unzip** command, use an equivalent. ``` $ unzip aws-sam-cli-linux-x86_64.zip -d sam-installation ``` 1. Install the AWS SAM CLI by running the `install` executable. This executable is located in the directory used in the previous step. The following is an example, using the `sam-installation` subdirectory: ``` $ sudo ./sam-installation/install ``` 1. Verify the installation. ``` $ sam --version ``` To confirm a successful installation, you should see an output that replaces the following bracketed text with the latest available version: ``` SAM CLI, ``` ------ #### [ arm64 - command line installer ] 1. Download the [AWS SAM CLI .zip file](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip) to a directory of your choice. 1. **(Optional)** You can verify the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md). 1. Unzip the installation files into a directory of your choice. The following is an example, using the `sam-installation` subdirectory. **Note** If your operating system doesn't have the built-in **unzip** command, use an equivalent. ``` $ unzip aws-sam-cli-linux-arm64.zip -d sam-installation ``` 1. Install the AWS SAM CLI by running the `install` executable. This executable is located in the directory used in the previous step. The following is an example, using the `sam-installation` subdirectory: ``` $ sudo ./sam-installation/install ``` 1. Verify the installation. ``` $ sam --version ``` To confirm a successful installation, you should see an output like the following but that replaces the bracketed text with the latest SAM CLI version: ``` SAM CLI, ``` ------ ### macOS #### Installation steps Use the package installer to install the AWS SAM CLI. Additionally, the package installer has two installation methods that you can choose from: **GUI** and **Command line**. You can install for **all users** or just your **current user**. To install for all users, superuser authorization is required. **Note** AWS SAM CLI doesn't support MacOS versions older than MacOS 13.x. Upgrade to a supported version of MacOS or install AWS SAM CLI with Homebrew. ------ #### [ GUI - All users ] **To download the package installer and install the AWS SAM CLI** **Note** If you previously installed the AWS SAM CLI through Homebrew or pip, you need to uninstall it first. For instructions, see [Uninstalling the AWS SAM CLI](manage-sam-cli-versions.md#manage-sam-cli-versions-uninstall). 1. Download the macOS `pkg` to a directory of your choice: + **For Macs running Intel processors, choose x86\$164** – [ aws-sam-cli-macos-x86\$164.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-x86_64.pkg) + **For Macs running Apple silicon, choose arm64** – [ aws-sam-cli-macos-arm64.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-arm64.pkg) **Note** You have the option of verifying the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md). 1. Run your downloaded file and follow the on-screen instructions to continue through the **Introduction**, **Read Me**, and **License** steps. 1. For **Destination Select**, select **Install for all users of this computer**. 1. For **Installation Type**, choose where the AWS SAM CLI will be installed and press **Install**. The recommended default location is `/usr/local/aws-sam-cli`. **Note** To invoke the AWS SAM CLI with the **sam** command, the installer automatically creates a symlink between `/usr/local/bin/sam` and either `/usr/local/aws-sam-cli/sam` or the installation folder you chose. 1. The AWS SAM CLI will install and **The installation was successful** message will display. Press **Close**. **To verify a successful installation** + Verify that the AWS SAM CLI has properly installed and that your symlink is configured by running: ``` $ which sam /usr/local/bin/sam $ sam --version SAM CLI, ``` ------ #### [ GUI - Current user ] **To download and install the AWS SAM CLI** **Note** If you previously installed the AWS SAM CLI through Homebrew or pip, you need to uninstall it first. For instructions, see [Uninstalling the AWS SAM CLI](manage-sam-cli-versions.md#manage-sam-cli-versions-uninstall). 1. Download the macOS `pkg` to a directory of your choice: + **For Macs running Intel processors, choose x86\$164** – [ aws-sam-cli-macos-x86\$164.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-x86_64.pkg) + **For Macs running Apple silicon, choose arm64** – [ aws-sam-cli-macos-arm64.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-arm64.pkg) **Note** You have the option of verifying the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md). 1. Run your downloaded file and follow the on-screen instructions to continue through the **Introduction**, **Read Me**, and **License** steps. 1. For **Destination Select**, select **Install for me only**. If you don't see this option, go to the next step. 1. For **Installation Type**, do the following: 1. Choose where the AWS SAM CLI will be installed. The default location is `/usr/local/aws-sam-cli`. Select a location that you have write permissions for. To change the installation location, select **local** and choose your location. Press **Continue** when done. 1. If you didn't get the option to choose **Install for me only** in the previous step, select **Change Install Location** > **Install for me only** and press **Continue**. 1. Press **Install**. 1. The AWS SAM CLI will install and **The installation was successful** message will display. Press **Close**. **To create a symlink** + To invoke the AWS SAM CLI with the **sam** command, you must manually create a symlink between the AWS SAM CLI program and your `$PATH`. Create your symlink by modifying and running the following command: ``` $ sudo ln -s /path-to/aws-sam-cli/sam /path-to-symlink-directory/sam ``` + *sudo* – If your user has write permissions to `$PATH`, **sudo** is not required. Otherwise, **sudo** is required. + *path-to* – Path to where you installed the AWS SAM CLI program. For example, `/Users/myUser/Desktop`. + *path-to-symlink-directory* – Your `$PATH` environment variable. The default location is `/usr/local/bin`. **To verify a successful installation** + Verify that the AWS SAM CLI has properly installed and that your symlink is configured by running: ``` $ which sam /usr/local/bin/sam $ sam --version SAM CLI, ``` ------ #### [ Command line - All users ] **To download and install the AWS SAM CLI** **Note** If you previously installed the AWS SAM CLI through Homebrew or pip, you need to uninstall it first. For instructions, see [Uninstalling the AWS SAM CLI](manage-sam-cli-versions.md#manage-sam-cli-versions-uninstall). 1. Download the macOS `pkg` to a directory of your choice: + **For Macs running Intel processors, choose x86\$164** – [ aws-sam-cli-macos-x86\$164.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-x86_64.pkg) + **For Macs running Apple silicon, choose arm64** – [ aws-sam-cli-macos-arm64.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-arm64.pkg) **Note** You have the option of verifying the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md). 1. Modify and run the installation script: ``` $ sudo installer -pkg path-to-pkg-installer/name-of-pkg-installer -target / installer: Package name is AWS SAM CLI installer: Upgrading at base path / installer: The upgrade was successful. ``` **Note** To invoke the AWS SAM CLI with the **sam** command, the installer automatically creates a symlink between `/usr/local/bin/sam` and `/usr/local/aws-sam-cli/sam`. **To verify a successful installation** + Verify that the AWS SAM CLI has properly installed and that your symlink is configured by running: ``` $ which sam /usr/local/bin/sam $ sam --version SAM CLI, ``` ------ #### [ Command line - Current user ] **To download and install the AWS SAM CLI** **Note** If you previously installed the AWS SAM CLI through Homebrew or pip, you need to uninstall it first. For instructions, see [Uninstalling the AWS SAM CLI](manage-sam-cli-versions.md#manage-sam-cli-versions-uninstall). 1. Download the macOS `pkg` to a directory of your choice: + **For Macs running Intel processors, choose x86\$164** – [ aws-sam-cli-macos-x86\$164.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-x86_64.pkg) + **For Macs running Apple silicon, choose arm64** – [ aws-sam-cli-macos-arm64.pkg](https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-macos-arm64.pkg) **Note** You have the option of verifying the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md). 1. Determine an installation directory that you have write permissions to. Then, create an `xml` file using the template and modify it to reflect your installation directory. The directory must already exist. For example, if you replace *path-to-my-directory* with `/Users/myUser/Desktop`, the `aws-sam-cli` program folder will be installed there. ``` choiceAttribute customLocation attributeSetting path-to-my-directory choiceIdentifier default ``` 1. Save the `xml` file and verify that its valid by running the following: ``` $ installer -pkg path-to-pkg-installer \ -target CurrentUserHomeDirectory \ -showChoicesAfterApplyingChangesXML path-to-your-xml-file ``` The output should display the preferences that will be applied to the AWS SAM CLI program. 1. Run the following to install the AWS SAM CLI: ``` $ installer -pkg path-to-pkg-installer \ -target CurrentUserHomeDirectory \ -applyChoiceChangesXML path-to-your-xml-file # Example output installer: Package name is AWS SAM CLI installer: choices changes file 'path-to-your-xml-file' applied installer: Upgrading at base path base-path-of-xml-file installer: The upgrade was successful. ``` **To create a symlink** + To invoke the AWS SAM CLI with the **sam** command, you must manually create a symlink between the AWS SAM CLI program and your `$PATH`. Create your symlink by modifying and running the following command: ``` $ sudo ln -s /path-to/aws-sam-cli/sam /path-to-symlink-directory/sam ``` + *sudo* – If your user has write permissions to `$PATH`, **sudo** is not required. Otherwise, **sudo** is required. + *path-to* – Path to where you installed the AWS SAM CLI program. For example, `/Users/myUser/Desktop`. + *path-to-symlink-directory* – Your `$PATH` environment variable. The default location is `/usr/local/bin`. **To verify a successful installation** + Verify that the AWS SAM CLI has properly installed and that your symlink is configured by running: ``` $ which sam /usr/local/bin/sam $ sam --version SAM CLI, ``` ------ ### Windows Windows Installer (MSI) files are the package installer files for the Windows operating system. Follow these steps to install the AWS SAM CLI using the MSI file. 1. Download the AWS SAM CLI [64-bit](https://github.com/aws/aws-sam-cli/releases/latest/download/AWS_SAM_CLI_64_PY3.msi). 1. **(Optional)** You can verify the integrity of the installer before installation. For instructions, see [Optional: Verify the integrity of the AWS SAM CLI installer](reference-sam-cli-install-verify.md). 1. Verify the installation. After completing the installation, verify it by opening a new command prompt or PowerShell prompt. You should be able to invoke `sam` from the command line. ``` sam --version ``` After successful installation of the AWS SAM CLI, you should see output like the following: ``` SAM CLI, ``` 1. Enable long paths (Windows 10 and newer only). **Important** The AWS SAM CLI might interact with filepaths that exceed the Windows max path limitation. This may cause errors when running `sam init` due to Windows 10 **MAX\$1PATH** limitations. To resolve this issue, the new long paths behavior must be configured. To enable long paths, see [Enable Long Paths in Windows 10, Version 1607, and Later](https://learn.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=powershell#enable-long-paths-in-windows-10-version-1607-and-later) in the *Microsoft Windows App Development Documentation*. 1. Install Git. To download sample applications using the `sam init` command, you must also install Git. For instructions, see [Installing Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git). ## Troubleshooting installation errors ### Linux #### Docker error: "Cannot connect to the Docker daemon. Is the docker daemon running on this host?" In some cases, to provide permissions for the `ec2-user` to access the Docker daemon, you might have to reboot your instance. If you receive this error, try rebooting your instance. #### Shell error: "command not found" If you receive this error, your shell can't locate the AWS SAM CLI executable in the path. Verify the location of the directory where you installed the AWS SAM CLI executable, and then verify that the directory is on your path. #### AWS SAM CLI error: "/lib64/libc.so.6: version `GLIBC\$12.14' not found (required by /usr/local/aws-sam-cli/dist/libz.so.1)" If you receive this error, you're using an unsupported version of Linux, and the built-in glibc version is out of date. Try either of the following: + Upgrade your Linux host to the 64-bit version of a recent distribution of CentOS, Fedora, Ubuntu, or Amazon Linux 2. + Follow the instructions for [Install the AWS SAM CLI](#install-sam-cli). ### macOS #### The installation failed ![\[Image of the AWS SAM CLI installer showing an installation failed message\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/images/sam-cli-troubleshoot-install-macos-install-failed.jpg) If you are installing the AWS SAM CLI for your user and selected an installation directory that you don’t have write permissions for, this error could occur. Try either of the following: 1. Select a different installation directory that you have write permissions for. 1. Delete the installer. Then, download and run it again. ## Next steps To learn more about the AWS SAM CLI and to begin building your own serverless applications, see the following: + [Tutorial: Deploy a Hello World application with AWS SAM](serverless-getting-started-hello-world.md) – Step-by-step instructions to download, build, and deploy a basic serverless application. + [The Complete AWS SAM Workshop](https://catalog.workshops.aws/complete-aws-sam/en-US) – A workshop designed to teach you many of the major features that AWS SAM provides. + [AWS SAM example applications and patterns](https://serverlessland.com/patterns?framework=AWS+SAM) – Sample applications and patterns from community authors that you can further experiment with. # Optional: Verify the integrity of the AWS SAM CLI installer Optional: Verify the AWS SAM CLI installer When installing the AWS Serverless Application Model Command Line Interface (AWS SAM CLI) using a package installer, you can verify its integrity before installation. This is an optional, but highly recommended step. The two options of verification available to you are: + Verify the package installer signature file. + Verify the package installer hash value. When available for your platform, we recommend verifying the signature file option. This option offers an extra layer of security since the key values are published here and managed separately from our GitHub repository. **Topics** + [ ## Verify the installer signature file ](#reference-sam-cli-install-verify-signature) + [ ## Verify the hash value ](#reference-sam-cli-install-verify-hash) ## Verify the installer signature file ### Linux #### arm64 - command line installer AWS SAM uses [GnuPG](https://www.gnupg.org/) to sign the AWS SAM CLI .zip installer. Verification is performed in the following steps: 1. Use the primary public key to verify the signer public key. 1. Use the signer public key to verify the AWS SAM CLI package installer. **To verify the integrity of the signer public key** 1. Copy the primary public key and save it to your local machine as a `.txt` file. For example, *`primary-public-key.txt`*. ``` -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQINBGRuSzMBEADsqiwOy78w7F4+sshaMFRIwRGNRm94p5Qey2KMZBxekFtoryVD D9jEOnvupx4tvhfBHz5EcUHCEOdl4MTqdBy6vVAshozgxVb9RE8JpECn5lw7XC69 4Y7Gy1TKKQMEWtDXElkGxIFdUWvWjSnPlzfnoXwQYGeE93CUS3h5dImP22Yk1Ct6 eGGhlcbg1X4L8EpFMj7GvcsU8f7ziVI/PyC1Xwy39Q8/I67ip5eU5ddxO/xHqrbL YC7+8pJPbRMej2twT2LrcpWWYAbprMtRoa6WfE0/thoo3xhHpIMHdPfAA86ZNGIN kRLjGUg7jnPTRW4Oin3pCc8nT4Tfc1QERkHm641gTC/jUvpmQsM6h/FUVP2i5iE/ JHpJcMuL2Mg6zDo3x+3gTCf+Wqz3rZzxB+wQT3yryZs6efcQy7nROiRxYBxCSXX0 2cNYzsYLb/bYaW8yqWIHD5IqKhw269gp2E5Khs60zgS3CorMb5/xHgXjUCVgcu8a a8ncdf9fjl3WS5p0ohetPbO2ZjWv+MaqrZOmUIgKbA4RpWZ/fU97P5BW9ylwmIDB sWy0cMxg8MlvSdLytPieogaM0qMg3u5qXRGBr6Wmevkty0qgnmpGGc5zPiUbtOE8 CnFFqyxBpj5IOnG0KZGVihvn+iRxrv6GO7WWO92+Dc6m94U0EEiBR7QiOwARAQAB tDRBV1MgU0FNIENMSSBQcmltYXJ5IDxhd3Mtc2FtLWNsaS1wcmltYXJ5QGFtYXpv bi5jb20+iQI/BBMBCQApBQJkbkszAhsvBQkHhM4ABwsJCAcDAgEGFQgCCQoLBBYC AwECHgECF4AACgkQQv1fenOtiFqTuhAAzi5+ju5UVOWqHKevOJSO08T4QB8HcqAE SVO3mY6/j29knkcL8ubZP/DbpV7QpHPI2PB5qSXsiDTP3IYPbeY78zHSDjljaIK3 njJLMScFeGPyfPpwMsuY4nzrRIgAtXShPA8N/k4ZJcafnpNqKj7QnPxiC1KaIQWm pOtvb8msUF3/s0UTa5Ys/lNRhVC0eGg32ogXGdojZA2kHZWdm9udLo4CDrDcrQT7 NtDcJASapXSQL63XfAS3snEc4e1941YxcjfYZ33rel8K9juyDZfi1slWR/L3AviI QFIaqSHzyOtP1oinUkoVwL8ThevKD3Ag9CZflZLzNCV7yqlF8RlhEZ4zcE/3s9El WzCFsozb5HfE1AZonmrDh3SyOEIBMcS6vG5dWnvJrAuSYv2rX38++K5Pr/MIAfOX DOI1rtA+XDsHNv9lSwSy0lt+iClawZANO9IXCiN1rOYcVQlwzDFwCNWDgkwdOqS0 gOA2f8NF9lE5nBbeEuYquoOl1Vy8+ICbgOFs9LoWZlnVh7/RyY6ssowiU9vGUnHI L8f9jqRspIz/Fm3JD86ntZxLVGkeZUz62FqErdohYfkFIVcv7GONTEyrz5HLlnpv FJ0MR0HjrMrZrnOVZnwBKhpbLocTsH+3t5It4ReYEX0f1DIOL/KRwPvjMvBVkXY5 hblRVDQoOWc= =d9oG -----END PGP PUBLIC KEY BLOCK----- ``` 1. Import the primary public key to your keyring. ``` $ gpg --import primary-public-key.txt gpg: directory `/home/.../.gnupg' created gpg: new configuration file `/home/.../.gnupg/gpg.conf' created gpg: WARNING: options in `/home/.../.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/.../.gnupg/secring.gpg' created gpg: keyring `/home/.../.gnupg/pubring.gpg' created gpg: /home/.../.gnupg/trustdb.gpg: trustdb created gpg: key 73AD885A: public key "AWS SAM CLI Primary " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) ``` 1. Copy the signer public key and save it to your local machine as a `.txt` file. For example, *`signer-public-key.txt`*. ``` -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQINBGgrxIgBEADGCTudveeeVbWpZDGX9Ni57mBRMVSJwQJ6F/PC34jw0DozxTtd H+ZPsXLvLwerN/DVXbK8E1qNZ5RGptak8j7MPz+MC3n4txibEJpB61vpjJJM+9cC 7whaMLDT/SbykHYXdrnHqa8KsUJl7rPLJcaRN722NSxvYVMIOA9ffVXV7cfEyZi5 MbYF2Gc9LNbKaknImIva7EKeeh2/wI6YCqC5yytyfWU5dL6oHXsgTnFL9mhziMxv WhyzawyJG6EJZsJ3WLlbIKApN6XZSXyCxOvlBrebYZjD5v0nA+TJaQ7is8atjtOI DGe0AViw7kO8ChTpjA7YG/Uu7n/Fy7qLF/3Nz0b6cBNjemjBazQ3A3KNCpi5hqFM Uo1WpoVLr5CXQnc0B3fBUnTIoxi0Sk5MKjH9AbYxfgqEX0ZJB9hAlc6LIEy0Yru6 MMBrIHE86IMl1NfE/DeLnCdPG23+1PttwyOt3+9z5QwmPe3VPpEfCySPcdxHKZSP rLile8qDznEvlPDvQ0qkBxdMtVa2yct5VJkdqy6UrN2xa0dpspHjRUjHh/EY/xMt fwMUjOKohaZ/1pjotCcksAsZWUxCNcFvLYxuxeytVk4F09Es1hj4ihhLUI+43/ic 3DHSEiext7Q8/UccNArkhSCT7UOvvL7QTuP+pjYTyiC8Vx6g/Y5Ht5+qywARAQAB tDBBV1MgU0FNIENMSSBUZWFtIDxhd3Mtc2FtLWNsaS1zaWduZXJAYW1hem9uLmNv bT6JAj8EEwEJACkFAmgrxIgCGy8FCQPCZwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe AQIXgAAKCRBAlKuxvt/atJo6EAC/5C8uJs76W5f5V5XNAMzwBFiZuYpop3DRReCo P68ZZylokAC9ShRZnIOujpDJtlNS7T/G00BzmcpspkYYE531ALaXcHWmb9XV0Ajg J8iboAVBLY0C7mhL/cbJ3v9QlpXXjyTuhexkJCV8rdHVX/0H8WqTZplEaRuZ7p8q PMxddg4ClwstYuH3O/dmNdlGqfb4Fqy8MnV1yGSXRs5Jf+sDlN2UO4mbpyk/mr1c f/jFxmx86IkCWJVvdXWCVTe2AFy3NHCdLtdnEvFhokCOQd9wibUWX0j9vq4cVRZT qamnpAQaOlH3lXOwrjqo8b1AIPoRWSfMtCYvh6kA8MAJv4cAznzXILSLtOE0mzaU qp5qoy37wNIjeztX6c/q4wss05qTlJhnNu4s3nh5VHultooaYpmDxp+ala5TWeuM KZDI4KdAGF4z0Raif+N53ndOYIiXkY0goUbsPCnVrCwoK9PjjyoJncq7c14wNl5O IQUZEjyYAQDGZqs5XSfY4zW2cCXatrfozKF7R1kSU14DfJwPUyksoNAQEQezfXyq kr0gfIWK1r2nMdqS7WgSx/ypS5kdyrHuPZdaYfEVtuezpoT2lQQxOSZqqlp5hI4R nqmPte53WXJhbC0tgTIJWn+Uy/d5Q/aSIfD6o8gNLS1BDs1j1ku0XKu1sFCHUcZG aerdsIkCHAQQAQkABgUCaCvFeAAKCRBC/V96c62IWt3/D/9gOLzWtz62lqJRCsri wcA/yz88ayKb/GUv3FCT5Nd9JZt8y1tW+AE3SPTdcpfZmt5UN2sRzljO61mpKJzp eBvYQ9og/34ZrRQqeg8bz02u34LKYl1gD0xY0bWtB7TGIxIZZYqZECoPR0Dp6ZzB abzkRSsJkEk0vbZzJhfWFYs98qfp/G0suFSBE79O8Am33DB2jQ/Sollh1VmNE6Sv EOgR6+2yEkS2D0+msJMa/V82v9gBTPnxSlNV1d8Dduvt9rbM3LoxiNXUgx/s52yY U6H3bwUcQ3UY6uRe1UWo5QnMFcDwfg43+q5rmjB4xQyX/BaQyF5K0hZyG+42/pH1 EMwl8qN617FTxo3hvQUi/cBahlhQ8EVYsGnHDVxLCisbq5iZvp7+XtmMy1Q417gT EQRo8feJh31elGWlccVR2pZgIm1PQ69dzzseHnnKkGhifik0bDGo5/IH2EgI1KFn SG399RMU/qRzOPLVP3i+zSJmhMqG8cnZaUwE5V4P21vQSclhhd2Hv/C4SVKNqA2i +oZbHj2vAkuzTTL075AoANebEjPGqwsKZi5mWUE5Pa931JeiXxWZlEB7rkgQ1PAB fsDBhYLt4MxCWAhifLMA6uQ4BhXu2RuXOqNfSbqa8jVF6DB6cD8eAHGpPKfJOl30 LtZnq+n4SfeNbZjD2FQWZR4CrA== =lHfs -----END PGP PUBLIC KEY BLOCK----- ``` 1. Import the signer public key to your keyring. ``` $ gpg --import signer-public-key.txt gpg: key 4094ABB1BEDFDAB4: public key "AWS SAM CLI Team " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: no ultimately trusted keys found ``` Take note of the key value from the output. For example, *`4094ABB1BEDFDAB4`*. 1. Use the key value to obtain and verify the signer public key fingerprint. ``` $ gpg --fingerprint 4094ABB1BEDFDAB4 pub rsa4096 2025-05-19 [SCEA] [expires: 2027-05-19] EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4 uid [ unknown] AWS SAM CLI Team ``` The fingerprint should match the following: ``` EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4 ``` If the fingerprint string doesn’t match, do not use the AWS SAM CLI installer. Escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository*. 1. Verify the signatures of the signer public key: ``` $ gpg --check-sigs 4094ABB1BEDFDAB4 pub rsa4096 2025-05-19 [SCEA] [expires: 2027-05-19] EF463E86CA31933BB688CC1A4094ABB1BEDFDAB4 uid [ unknown] AWS SAM CLI Team sig!3 4094ABB1BEDFDAB4 2025-05-19 [self-signature] sig! 42FD5F7A73AD885A 2025-05-19 AWS SAM CLI Primary ``` If you see `1 signature not checked due to a missing key`, repeat the previous steps to import the primary and signer public keys to your keyring. You should see the key values for both the primary public key and signer public key listed. Now that you have verified the integrity of the signer public key, you can use the signer public key to verify the AWS SAM CLI package installer. **To verify the integrity of the AWS SAM CLI package installer** 1. **Obtain the AWS SAM CLI package signature file** – Download the signature file for the AWS SAM CLI package installer by using the following command: ``` $ wget https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip.sig ``` 1. **Verify the signature file** – Pass both the downloaded `.sig` and `.zip` files as parameters to the `gpg` command. The following is an example: ``` $ gpg --verify aws-sam-cli-linux-arm64.zip.sig aws-sam-cli-linux-arm64.zip ``` The output should look similar to the following: ``` gpg: Signature made Mon 19 May 2025 01:21:57 AM UTC using RSA key ID 4094ABB1BEDFDAB4 gpg: Good signature from "AWS SAM CLI Team " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4 ``` + The `WARNING: This key is not certified with a trusted signature!` message can be ignored. It occurs because there isn’t a chain of trust between your personal PGP key (if you have one) and the AWS SAM CLI PGP key. For more information, see [ Web of trust](https://en.wikipedia.org/wiki/Web_of_trust). + If the output contains the phrase `BAD signature`, check that you performed the procedure correctly. If you continue to get this response, escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository* and avoid using the downloaded file. The `Good signature from "AWS SAM CLI Team "` message means that the signature is verified and you can move forward with installation. #### x86\$164 - command line installer AWS SAM uses [GnuPG](https://www.gnupg.org/) to sign the AWS SAM CLI .zip installer. Verification is performed in the following steps: 1. Use the primary public key to verify the signer public key. 1. Use the signer public key to verify the AWS SAM CLI package installer. **To verify the integrity of the signer public key** 1. Copy the primary public key and save it to your local machine as a `.txt` file. For example, *`primary-public-key.txt`*. ``` -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQINBGRuSzMBEADsqiwOy78w7F4+sshaMFRIwRGNRm94p5Qey2KMZBxekFtoryVD D9jEOnvupx4tvhfBHz5EcUHCEOdl4MTqdBy6vVAshozgxVb9RE8JpECn5lw7XC69 4Y7Gy1TKKQMEWtDXElkGxIFdUWvWjSnPlzfnoXwQYGeE93CUS3h5dImP22Yk1Ct6 eGGhlcbg1X4L8EpFMj7GvcsU8f7ziVI/PyC1Xwy39Q8/I67ip5eU5ddxO/xHqrbL YC7+8pJPbRMej2twT2LrcpWWYAbprMtRoa6WfE0/thoo3xhHpIMHdPfAA86ZNGIN kRLjGUg7jnPTRW4Oin3pCc8nT4Tfc1QERkHm641gTC/jUvpmQsM6h/FUVP2i5iE/ JHpJcMuL2Mg6zDo3x+3gTCf+Wqz3rZzxB+wQT3yryZs6efcQy7nROiRxYBxCSXX0 2cNYzsYLb/bYaW8yqWIHD5IqKhw269gp2E5Khs60zgS3CorMb5/xHgXjUCVgcu8a a8ncdf9fjl3WS5p0ohetPbO2ZjWv+MaqrZOmUIgKbA4RpWZ/fU97P5BW9ylwmIDB sWy0cMxg8MlvSdLytPieogaM0qMg3u5qXRGBr6Wmevkty0qgnmpGGc5zPiUbtOE8 CnFFqyxBpj5IOnG0KZGVihvn+iRxrv6GO7WWO92+Dc6m94U0EEiBR7QiOwARAQAB tDRBV1MgU0FNIENMSSBQcmltYXJ5IDxhd3Mtc2FtLWNsaS1wcmltYXJ5QGFtYXpv bi5jb20+iQI/BBMBCQApBQJkbkszAhsvBQkHhM4ABwsJCAcDAgEGFQgCCQoLBBYC AwECHgECF4AACgkQQv1fenOtiFqTuhAAzi5+ju5UVOWqHKevOJSO08T4QB8HcqAE SVO3mY6/j29knkcL8ubZP/DbpV7QpHPI2PB5qSXsiDTP3IYPbeY78zHSDjljaIK3 njJLMScFeGPyfPpwMsuY4nzrRIgAtXShPA8N/k4ZJcafnpNqKj7QnPxiC1KaIQWm pOtvb8msUF3/s0UTa5Ys/lNRhVC0eGg32ogXGdojZA2kHZWdm9udLo4CDrDcrQT7 NtDcJASapXSQL63XfAS3snEc4e1941YxcjfYZ33rel8K9juyDZfi1slWR/L3AviI QFIaqSHzyOtP1oinUkoVwL8ThevKD3Ag9CZflZLzNCV7yqlF8RlhEZ4zcE/3s9El WzCFsozb5HfE1AZonmrDh3SyOEIBMcS6vG5dWnvJrAuSYv2rX38++K5Pr/MIAfOX DOI1rtA+XDsHNv9lSwSy0lt+iClawZANO9IXCiN1rOYcVQlwzDFwCNWDgkwdOqS0 gOA2f8NF9lE5nBbeEuYquoOl1Vy8+ICbgOFs9LoWZlnVh7/RyY6ssowiU9vGUnHI L8f9jqRspIz/Fm3JD86ntZxLVGkeZUz62FqErdohYfkFIVcv7GONTEyrz5HLlnpv FJ0MR0HjrMrZrnOVZnwBKhpbLocTsH+3t5It4ReYEX0f1DIOL/KRwPvjMvBVkXY5 hblRVDQoOWc= =d9oG -----END PGP PUBLIC KEY BLOCK----- ``` 1. Import the primary public key to your keyring. ``` $ gpg --import primary-public-key.txt gpg: directory `/home/.../.gnupg' created gpg: new configuration file `/home/.../.gnupg/gpg.conf' created gpg: WARNING: options in `/home/.../.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/.../.gnupg/secring.gpg' created gpg: keyring `/home/.../.gnupg/pubring.gpg' created gpg: /home/.../.gnupg/trustdb.gpg: trustdb created gpg: key 73AD885A: public key "AWS SAM CLI Primary " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) ``` 1. Copy the signer public key and save it to your local machine as a `.txt` file. For example, *`signer-public-key.txt`*. ``` -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQINBGgrxIgBEADGCTudveeeVbWpZDGX9Ni57mBRMVSJwQJ6F/PC34jw0DozxTtd H+ZPsXLvLwerN/DVXbK8E1qNZ5RGptak8j7MPz+MC3n4txibEJpB61vpjJJM+9cC 7whaMLDT/SbykHYXdrnHqa8KsUJl7rPLJcaRN722NSxvYVMIOA9ffVXV7cfEyZi5 MbYF2Gc9LNbKaknImIva7EKeeh2/wI6YCqC5yytyfWU5dL6oHXsgTnFL9mhziMxv WhyzawyJG6EJZsJ3WLlbIKApN6XZSXyCxOvlBrebYZjD5v0nA+TJaQ7is8atjtOI DGe0AViw7kO8ChTpjA7YG/Uu7n/Fy7qLF/3Nz0b6cBNjemjBazQ3A3KNCpi5hqFM Uo1WpoVLr5CXQnc0B3fBUnTIoxi0Sk5MKjH9AbYxfgqEX0ZJB9hAlc6LIEy0Yru6 MMBrIHE86IMl1NfE/DeLnCdPG23+1PttwyOt3+9z5QwmPe3VPpEfCySPcdxHKZSP rLile8qDznEvlPDvQ0qkBxdMtVa2yct5VJkdqy6UrN2xa0dpspHjRUjHh/EY/xMt fwMUjOKohaZ/1pjotCcksAsZWUxCNcFvLYxuxeytVk4F09Es1hj4ihhLUI+43/ic 3DHSEiext7Q8/UccNArkhSCT7UOvvL7QTuP+pjYTyiC8Vx6g/Y5Ht5+qywARAQAB tDBBV1MgU0FNIENMSSBUZWFtIDxhd3Mtc2FtLWNsaS1zaWduZXJAYW1hem9uLmNv bT6JAj8EEwEJACkFAmgrxIgCGy8FCQPCZwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe AQIXgAAKCRBAlKuxvt/atJo6EAC/5C8uJs76W5f5V5XNAMzwBFiZuYpop3DRReCo P68ZZylokAC9ShRZnIOujpDJtlNS7T/G00BzmcpspkYYE531ALaXcHWmb9XV0Ajg J8iboAVBLY0C7mhL/cbJ3v9QlpXXjyTuhexkJCV8rdHVX/0H8WqTZplEaRuZ7p8q PMxddg4ClwstYuH3O/dmNdlGqfb4Fqy8MnV1yGSXRs5Jf+sDlN2UO4mbpyk/mr1c f/jFxmx86IkCWJVvdXWCVTe2AFy3NHCdLtdnEvFhokCOQd9wibUWX0j9vq4cVRZT qamnpAQaOlH3lXOwrjqo8b1AIPoRWSfMtCYvh6kA8MAJv4cAznzXILSLtOE0mzaU qp5qoy37wNIjeztX6c/q4wss05qTlJhnNu4s3nh5VHultooaYpmDxp+ala5TWeuM KZDI4KdAGF4z0Raif+N53ndOYIiXkY0goUbsPCnVrCwoK9PjjyoJncq7c14wNl5O IQUZEjyYAQDGZqs5XSfY4zW2cCXatrfozKF7R1kSU14DfJwPUyksoNAQEQezfXyq kr0gfIWK1r2nMdqS7WgSx/ypS5kdyrHuPZdaYfEVtuezpoT2lQQxOSZqqlp5hI4R nqmPte53WXJhbC0tgTIJWn+Uy/d5Q/aSIfD6o8gNLS1BDs1j1ku0XKu1sFCHUcZG aerdsIkCHAQQAQkABgUCaCvFeAAKCRBC/V96c62IWt3/D/9gOLzWtz62lqJRCsri wcA/yz88ayKb/GUv3FCT5Nd9JZt8y1tW+AE3SPTdcpfZmt5UN2sRzljO61mpKJzp eBvYQ9og/34ZrRQqeg8bz02u34LKYl1gD0xY0bWtB7TGIxIZZYqZECoPR0Dp6ZzB abzkRSsJkEk0vbZzJhfWFYs98qfp/G0suFSBE79O8Am33DB2jQ/Sollh1VmNE6Sv EOgR6+2yEkS2D0+msJMa/V82v9gBTPnxSlNV1d8Dduvt9rbM3LoxiNXUgx/s52yY U6H3bwUcQ3UY6uRe1UWo5QnMFcDwfg43+q5rmjB4xQyX/BaQyF5K0hZyG+42/pH1 EMwl8qN617FTxo3hvQUi/cBahlhQ8EVYsGnHDVxLCisbq5iZvp7+XtmMy1Q417gT EQRo8feJh31elGWlccVR2pZgIm1PQ69dzzseHnnKkGhifik0bDGo5/IH2EgI1KFn SG399RMU/qRzOPLVP3i+zSJmhMqG8cnZaUwE5V4P21vQSclhhd2Hv/C4SVKNqA2i +oZbHj2vAkuzTTL075AoANebEjPGqwsKZi5mWUE5Pa931JeiXxWZlEB7rkgQ1PAB fsDBhYLt4MxCWAhifLMA6uQ4BhXu2RuXOqNfSbqa8jVF6DB6cD8eAHGpPKfJOl30 LtZnq+n4SfeNbZjD2FQWZR4CrA== =lHfs -----END PGP PUBLIC KEY BLOCK----- ``` 1. Import the signer public key to your keyring. ``` $ gpg --import signer-public-key.txt gpg: key 4094ABB1BEDFDAB4: public key "AWS SAM CLI Team " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: no ultimately trusted keys found ``` Take note of the key value from the output. For example, *`4094ABB1BEDFDAB4`*. 1. Use the key value to obtain and verify the signer public key fingerprint. ``` $ gpg --fingerprint 4094ABB1BEDFDAB4 pub rsa4096 2025-05-19 [SCEA] [expires: 2027-05-19] EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4 uid [ unknown] AWS SAM CLI Team ``` The fingerprint should match the following: ``` EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4 ``` If the fingerprint string doesn’t match, do not use the AWS SAM CLI installer. Escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository*. 1. Verify the signatures of the signer public key: ``` $ gpg --check-sigs 4094ABB1BEDFDAB4 pub rsa4096 2025-05-19 [SCEA] [expires: 2027-05-19] EF463E86CA31933BB688CC1A4094ABB1BEDFDAB4 uid [ unknown] AWS SAM CLI Team sig!3 4094ABB1BEDFDAB4 2025-05-19 [self-signature] sig! 42FD5F7A73AD885A 2025-05-19 AWS SAM CLI Primary ``` If you see `1 signature not checked due to a missing key`, repeat the previous steps to import the primary and signer public keys to your keyring. You should see the key values for both the primary public key and signer public key listed. Now that you have verified the integrity of the signer public key, you can use the signer public key to verify the AWS SAM CLI package installer. **To verify the integrity of the AWS SAM CLI package installer** 1. **Obtain the AWS SAM CLI package signature file** – Download the signature file for the AWS SAM CLI package installer by using the following command: ``` $ wget https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip.sig ``` 1. **Verify the signature file** – Pass both the downloaded `.sig` and `.zip` files as parameters to the `gpg` command. The following is an example: ``` $ gpg --verify aws-sam-cli-linux-x86_64.zip.sig aws-sam-cli-linux-x86_64.zip ``` The output should look similar to the following: ``` gpg: Signature made Mon 19 May 2025 01:21:57 AM UTC using RSA key ID 4094ABB1BEDFDAB4 gpg: Good signature from "AWS SAM CLI Team " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EF46 3E86 CA31 933B B688 CC1A 4094 ABB1 BEDF DAB4 ``` + The `WARNING: This key is not certified with a trusted signature!` message can be ignored. It occurs because there isn’t a chain of trust between your personal PGP key (if you have one) and the AWS SAM CLI PGP key. For more information, see [ Web of trust](https://en.wikipedia.org/wiki/Web_of_trust). + If the output contains the phrase `BAD signature`, check that you performed the procedure correctly. If you continue to get this response, escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository* and avoid using the downloaded file. The `Good signature from "AWS SAM CLI Team "` message means that the signature is verified and you can move forward with installation. ### macOS #### GUI and command line installer You can verify the integrity of the AWS SAM CLI package installer signature file by using the `pkgutil` tool or manually. **To verify using pkgutil** 1. Run the following command, providing the path to the downloaded installer on your local machine: ``` $ pkgutil --check-signature /path/to/aws-sam-cli-installer.pkg ``` The following is an example: ``` $ pkgutil --check-signature /Users/user/Downloads/aws-sam-cli-macos-arm64.pkg ``` 1. From the output, locate the **SHA256 fingerprint** for **Developer ID Installer: AMZN Mobile LLC**. The following is an example: ``` Package "aws-sam-cli-macos-arm64.pkg": Status: signed by a developer certificate issued by Apple for distribution Notarization: trusted by the Apple notary service Signed with a trusted timestamp on: 2026-01-28 07:39:16 +0000 Certificate Chain: 1. Developer ID Installer: AMZN Mobile LLC (94KV3E626L) Expires: 2030-09-26 00:18:06 +0000 SHA256 Fingerprint: 5C 45 BE 63 FD 52 10 07 2D 66 56 77 5C A9 FF 25 91 6D 3F 01 F7 0E 9A 8A 05 F6 2D 62 B2 88 8D A9 ------------------------------------------------------------------------ 2. Developer ID Certification Authority Expires: 2031-09-17 00:00:00 +0000 SHA256 Fingerprint: F1 6C D3 C5 4C 7F 83 CE A4 BF 1A 3E 6A 08 19 C8 AA A8 E4 A1 52 8F D1 44 71 5F 35 06 43 D2 DF 3A ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0 24 ``` 1. The **Developer ID Installer: AMZN Mobile LLC SHA256 fingerprint** should match the following value: ``` 5C 45 BE 63 FD 52 10 07 2D 66 56 77 5C A9 FF 25 91 6D 3F 01 F7 0E 9A 8A 05 F6 2D 62 B2 88 8D A9 ``` If the fingerprint string doesn’t match, do not use the AWS SAM CLI installer. Escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository*. If the fingerprint string does match, you can move forward with using the package installer. **To verify the package installer manually** + See [How to verify the authenticity of manually downloaded Apple software updates](https://support.apple.com/en-us/HT202369) at the *Apple support website*. ### Windows The AWS SAM CLI installer is packaged as MSI files for the Windows operating system. **To verify the integrity of the installer** 1. Right-click on the installer and open the **Properties** window. 1. Choose the **Digital Signatures** tab. 1. From the **Signature List**, choose **Amazon Web Services, Inc.**, and then choose **Details**. 1. Choose the **General** tab, if not already selected, and then choose **View Certificate**. 1. Choose the **Details** tab, and then choose **All** in the **Show** dropdown list, if not already selected. 1. Scroll down until you see the **Thumbprint** field and then choose **Thumbprint**. This displays the entire thumbprint value in the lower window. 1. Match the thumbprint value to the following value. If the value matches, move forward with installation. If not, escalate to the AWS SAM team by [creating an issue](https://github.com/aws/aws-sam-cli/issues/new?assignees=&labels=stage%2Fneeds-triage&projects=&template=Bug_report.md&title=Bug%3A+TITLE) in the *aws-sam-cli GitHub repository*. ``` cd62479397f09d72a04c7399a254b0a91da53d6c ``` ## Verify the hash value ### Linux #### x86\$164 - command line installer Verify the integrity and authenticity of the downloaded installer files by generating a hash value using the following command: ``` $ sha256sum aws-sam-cli-linux-x86_64.zip ``` The output should look like the following example: ``` <64-character SHA256 hash value> aws-sam-cli-linux-x86_64.zip ``` Compare the 64-character SHA-256 hash value with the one for your desired AWS SAM CLI version in the [AWS SAM CLI release notes](https://github.com/aws/aws-sam-cli/releases/latest) on GitHub. ### macOS #### GUI and command line installer Verify the integrity and authenticity of the downloaded installer by generating a hash value using the following command: ``` $ shasum -a 256 path-to-pkg-installer/name-of-pkg-installer # Examples $ shasum -a 256 ~/Downloads/aws-sam-cli-macos-arm64.pkg $ shasum -a 256 ~/Downloads/aws-sam-cli-macos-x86_64.pkg ``` Compare your 64-character SHA-256 hash value with the corresponding value in the [AWS SAM CLI release notes](https://github.com/aws/aws-sam-cli/releases/latest) GitHub repository.