Learning Objectives
By the end of this chapter, you will be able to:
- Implement CI/CD pipelines on AWS using CodePipeline, CodeBuild, CodeDeploy, and supporting services, with the correct test and deployment-model selection for the workload.
- Choose between trunk-based, GitFlow, and feature-branch workflows and map each to AWS CodePipeline trigger configurations, environment promotion, and CodeDeploy rollback semantics on Amazon EC2.
- Integrate unit, integration, load, and syntactic-analysis tests into a pipeline using AWS CodeBuild and AWS Lambda actions, with explicit gating, code-coverage policy, and container-target deployment via Amazon ECS, Amazon EKS, and AWS Fargate.
- Select build and deployment strategies (in-place, blue/green, canary, rolling, immutable) for Amazon EC2, container, and serverless workloads, and pair them with artifact management for AMIs, container images, and ZIP packages.
- Embed Amazon Inspector, Amazon CodeGuru Reviewer, and AWS Config rules into the pipeline, manage artifact repositories in AWS CodeArtifact, Amazon ECR, and Amazon S3, and configure alarm-based and automated rollback in AWS CodeDeploy.
- Define a version control strategy with branching and tagging conventions for application code and infrastructure as code, and pair it with build artifacts (AMIs, containers, ZIP files) under a managed artifact lifecycle.
- Decide when to run unit, integration, acceptance, and load tests across pipeline stages and select the optimal artifact storage strategy with lifecycle policies and cross-Region replication.
- Apply the right deployment model and rollback automation for instance, container, and serverless workloads, including Lambda traffic shifting, ECS blue/green, and EKS rolling deployments.
Executive Summary
- AWS-native CI/CD is a small set of building blocks: CodePipeline orchestrates, CodeBuild compiles and tests, CodeDeploy ships to compute, and CodeArtifact / Amazon ECR / Amazon S3 store the artifacts. Every senior decision is about which block holds which responsibility and how failures bounce between them.
- Deployment-model selection is constrained by the compute target: Lambda supports All-at-once, Canary, and Linear via alias traffic shifting; Amazon ECS supports rolling (native) and blue/green (CodeDeploy); Amazon EC2 supports in-place, blue/green, and immutable.
- Rollback is a design property, not a runtime accident. Configure CloudWatch alarms attached to CodeDeploy deployment groups, automatic rollback on deployment failure, and treat deployment configurations as the contract for blast radius.
- Artifact discipline (immutable identifiers, S3 lifecycle, ECR image scanning, CodeArtifact upstream repositories, KMS encryption) is what separates a pipeline that survives an incident from one that becomes the incident.
Assumptions
- The reader has Associate-tier familiarity with AWS Identity and Access Management, Amazon Virtual Private Cloud, Amazon EC2, AWS Lambda, and Amazon S3.
- Terminology follows AWS documentation conventions: "CodePipeline" is AWS CodePipeline, "CodeBuild" is AWS CodeBuild, "CodeDeploy" is AWS CodeDeploy, "Amazon ECR" is Amazon Elastic Container Registry, and "Amazon ECS" is Amazon Elastic Container Service.
- Region examples use
us-east-1for the primary Region andus-west-2for the disaster-recovery Region, except where noted. - Pipelines described follow the AWS recommendation of distinct accounts for development, staging, and production with cross-account roles for deployment actions.
