Creating different environment for Lambda functions without API Gateway

Please bear with me as I have just stared working on serverless and I have many gaps in my understanding.

I want to create 3 different environment, DEV, QA and PROD.

1st Tech Stack: Xamarin based mobile APP(.NET) which uses COGNITO, LAMBDA, DYNAMODB, SNS etc.

I want to create DEV, QA and PROD stacks and will keep updating that stacks for eventual CI/CD pipeline(which I have no idea where to start from). I am playing with .NET SDK for AWS and created AWS lambda project templates (AWS Lambda Project and AWS Serverless Applicatin with Tests). I am also able to deploy it using Publish to AWS Lambda wizard.

Actualy I want to know how I can achieve following:

  1. Create CloudFormation stacks for each DEV, QA and PROD environment. I want to create seperate stacks rather than one single stack. This should create all COGNITO pools, roles, DynamoDB tables, Lambda functions in that environment. However I don’t have any need to use API Gateway for these Lambda functions. I am planning to pass environment variables as input parameter like “DEV”, “STAGING” so that related resource names are created using that input.
  2. I don’t understand how exactly I can automate this process. We are using Git and I want to trigger DEV stack create/update when we do check-in. How can I create zip package from .NET Lambda project that contains all lambda functions and put it in S3? Also should I create different S3 buckets for each DEV, QA and PROD?

If only I can get steps and a sample yaml, I think i will be good. I also fail to understand how I can automate this process? I am not aware of CodePipeLine or any other tool like that.

2nd Tech Stack: I also have a small web application (Node.js) based which uses LAMBDA API Gateway which contains

  1. how can I maintain similar DEV, QA and PROD environment for this tech stack?

I am not able to find any examples that match my criteria. Any guidance/samples would be highly appreciated.

Easiest to work from three different directories so that they each make a unique hidden .serverless directory. These directories can all be checked out from the same GIT. Then set a local variable for DEV, QA, PROD in each directory.

Now when you sls deploy each copy of the serverless.yml file can read the local variable and customize itself.

Thank You for reply.
If I understand correctly, I need to create 3 different s3 buckets, each having DEV, QA and PROD deployment packages having lambda handlers. And each different stacks pointing to different s3 bucket environment.
And git will have 3 different working directories? so how do i map git working directories to s3 buckets? And how exactly do I promote code from DEV to QA to PROD?

Again, Thank you very much for your time.

You don’t have to mess the S3 buckets. Simply check your project out three times and set local variables for DEV QA PROD. When you sls deploy from each of the three directories it will automatically create the S3 buckets for the cloud formation script.

It is also recommended that you run DEV QA and PROD under three different AWS accounts. That way you can be sure that a mistake in your DEV environment won’t delete the production database.

When you run “sls deploy” it creates the S3 buckets and uploads the lambda code.

Ok. However, creating different AWS Accounts is not possible for us. So to maintain different environment under same account, do u think creating different s3 buckets with different deployment packages is a good idea? Just to maintain different versions.
Also, I am planning to have different Cognito cloudformation template and 2 SAM templates, one for Lambda and one for DynamoDB. I want to make sure that only authorized user of User Pool that is created in Cognito cloudformation template gets access to related Lambda and DynamoDB resources mentioned in 2 SAM templates.
I need to write a policy to restrict DEV lambda functions execution according to authenticated users of a particular environment.
For example, DEV identity pool authenticated users can execute only DEV lambda functions. QA identity pool authenticated users can only execute QA lambda functions. PROD identity pool authenticated users can only execute PROD lambda functions.
I am already exporting userpool and identitypool arn as Outpout in cloudformation template. but not sure how I can make it as input parameter to SAM templates?

Thanks again for all the help.