AWS DevOps — CodePipeline, CodeBuild, CodeDeploy
AWS DevOps — CI/CD on AWS
Section titled “AWS DevOps — CI/CD on AWS”AWS provides a native set of DevOps tools that together form a complete CI/CD pipeline. They can also be combined with GitHub Actions, Jenkins, or any third-party tool.
In Azure terms: AWS DevOps tools ≈ Azure DevOps Pipelines (all-in-one)
The AWS DevOps Toolchain
Section titled “The AWS DevOps Toolchain”| Service | Role | Azure Equivalent |
|---|---|---|
| CodeCommit | Git repository hosting | Azure Repos |
| CodeBuild | Managed build service | Azure Pipelines (build stage) |
| CodeDeploy | Automated deployment to EC2, ECS, Lambda | Azure Pipelines (release stage) |
| CodePipeline | Orchestrates the full CI/CD workflow | Azure Pipelines (full pipeline) |
| CodeArtifact | Package repository (npm, Maven, NuGet, PyPI) | Azure Artifacts |
| CodeGuru | AI-powered code review and profiling | GitHub Copilot / Azure DevOps reviews |
| AWS CDK | Define infrastructure in code (TypeScript, Python…) | Bicep / ARM Templates |
| CloudFormation | Deploy infrastructure via YAML/JSON templates | ARM Templates |
CodePipeline
Section titled “CodePipeline”CodePipeline is the pipeline orchestrator — it connects your source, build, test, and deploy stages:
Source (GitHub/CodeCommit) ↓Build (CodeBuild) ↓Test (CodeBuild or Lambda test runner) ↓Deploy Staging (CodeDeploy / ECS) ↓ Manual ApprovalDeploy Production (CodeDeploy / ECS)Pipeline Stages and Actions
Section titled “Pipeline Stages and Actions”| Stage | Example Actions |
|---|---|
| Source | CodeCommit, GitHub, Bitbucket, S3 |
| Build | CodeBuild, Jenkins |
| Test | CodeBuild, AWS Device Farm |
| Deploy | CodeDeploy, ECS, Elastic Beanstalk, CloudFormation, S3 |
| Invoke | Lambda function |
| Approval | Manual approval gate |
CodeBuild
Section titled “CodeBuild”CodeBuild is a fully managed build service — no Jenkins servers to maintain. It compiles code, runs tests, and produces build artifacts.
buildspec.yml
Section titled “buildspec.yml”Every CodeBuild project uses a buildspec.yml at the repo root:
version: 0.2
phases: install: runtime-versions: nodejs: 20 commands: - npm install
pre_build: commands: - echo "Running tests..." - npm test
build: commands: - echo "Building application..." - npm run build - docker build -t my-app . - docker tag my-app:latest $ECR_URI:$CODEBUILD_RESOLVED_SOURCE_VERSION
post_build: commands: - aws ecr get-login-password | docker login --username AWS --password-stdin $ECR_URI - docker push $ECR_URI:$CODEBUILD_RESOLVED_SOURCE_VERSION
artifacts: files: - imagedefinitions.jsonPre-built Environments
Section titled “Pre-built Environments”| Runtime | Versions |
|---|---|
| Node.js | 18, 20 |
| Python | 3.11, 3.12 |
| Java | 11, 17, 21 |
| .NET | 6, 8 |
| Go | 1.21 |
| Ruby | 3.2 |
| Docker | Available in all environments |
CodeDeploy
Section titled “CodeDeploy”CodeDeploy automates application deployments to EC2, on-premises servers, Lambda, and ECS.
Deployment Strategies
Section titled “Deployment Strategies”| Strategy | Description | Downtime |
|---|---|---|
| In-place | Update existing instances (stop, deploy, start) | Brief |
| Rolling | Update instances in batches | Minimal |
| Blue/Green | Shift traffic from old (blue) to new (green) | Zero |
| Canary | Route 10% traffic to new, then 100% | Zero |
| Linear | Gradually shift traffic over time | Zero |
appspec.yml (for EC2)
Section titled “appspec.yml (for EC2)”version: 0.0os: linuxfiles: - source: / destination: /var/www/htmlhooks: BeforeInstall: - location: scripts/stop-server.sh AfterInstall: - location: scripts/start-server.sh ValidateService: - location: scripts/health-check.shGitHub Actions on AWS
Section titled “GitHub Actions on AWS”Many teams use GitHub Actions as the CI/CD engine instead of AWS native tools. This is fully supported:
name: Deploy to AWS
on: push: branches: [main]
jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write # for OIDC contents: read
steps: - uses: actions/checkout@v4
- name: Configure AWS credentials (OIDC — no stored secrets) uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::123456789012:role/github-deploy-role aws-region: us-east-1
- name: Login to ECR uses: aws-actions/amazon-ecr-login@v2
- name: Build and push Docker image run: | docker build -t $ECR_REGISTRY/my-app:$GITHUB_SHA . docker push $ECR_REGISTRY/my-app:$GITHUB_SHA
- name: Deploy to ECS uses: aws-actions/amazon-ecs-deploy-task-definition@v1 with: task-definition: task-def.json service: my-service cluster: my-clusterAWS DevOps vs Azure DevOps
Section titled “AWS DevOps vs Azure DevOps”| Feature | AWS | Azure |
|---|---|---|
| Git repo | CodeCommit (or GitHub) | Azure Repos (or GitHub) |
| CI build | CodeBuild | Azure Pipelines build |
| CD deploy | CodeDeploy | Azure Pipelines release |
| Pipeline | CodePipeline | Azure Pipelines |
| Artifacts | CodeArtifact | Azure Artifacts |
| IaC | CloudFormation / CDK | ARM / Bicep / Terraform |
| Container registry | ECR | ACR |
| Secrets | Secrets Manager / SSM | Azure Key Vault |