Cicd
Chapter 31: AWS CodeCommit, CodeBuild & CodeDeploy
Section titled “Chapter 31: AWS CodeCommit, CodeBuild & CodeDeploy”CI/CD Services Overview
Section titled “CI/CD Services Overview”31.1 Overview
Section titled “31.1 Overview”AWS provides a suite of native CI/CD services that enable you to build, test, and deploy applications automatically.
AWS CI/CD Services Overview+------------------------------------------------------------------+| || +------------------------+ || | AWS CI/CD Suite | || +------------------------+ || | || +---------------------+---------------------+ || | | | || v v v || +----------+ +----------+ +----------+ || | CodeCommit| | CodeBuild| | CodeDeploy| || | | | | | | || | - Source | | - Build | | - Deploy | || | Control| | - Test | | - Release| || | - Repos | | - Package| | - Rollback || +----------+ +----------+ +----------+ || |+------------------------------------------------------------------+Service Comparison
Section titled “Service Comparison”| Feature | CodeCommit | CodeBuild | CodeDeploy |
|---|---|---|---|
| Primary Use | Source control | Build & test | Deployment |
| Analogy | GitHub/GitLab | Jenkins | Spinnaker |
| Pricing | Free tier + storage | Per build minute | Per deployment |
| Integration | Git-based | Docker-based | Agent-based |
31.2 AWS CodeCommit
Section titled “31.2 AWS CodeCommit”CodeCommit Architecture
Section titled “CodeCommit Architecture” AWS CodeCommit Architecture+------------------------------------------------------------------+| || +------------------------+ || | AWS CodeCommit | || +------------------------+ || | || +---------------------+---------------------+ || | | | || v v v || +----------+ +----------+ +----------+ || | Git | | Repositories| | Branches | || | Protocols| | | | | || | | | | | | || | - HTTPS | | - Create | | - Create | || | - SSH | | - Clone | | - Merge | || | - GRC | | - Push | | - Delete | || +----------+ +----------+ +----------+ || |+------------------------------------------------------------------+Repository Features
Section titled “Repository Features” CodeCommit Repository Features+------------------------------------------------------------------+| || Core Features || +------------------------------------------------------------+ || | - Git-based version control | || | - Unlimited private repositories | || | - Branching and merging | || | - Pull requests | || | - Code reviews | || | - Notifications | || +------------------------------------------------------------+ || || Security Features || +------------------------------------------------------------+ || | - Encryption at rest (KMS) | || | - Encryption in transit (TLS) | || | - IAM-based access control | || | - Cross-account access | || | - Git credential helper | || +------------------------------------------------------------+ || || Integration Features || +------------------------------------------------------------+ || | - AWS CodePipeline integration | || | - AWS Lambda triggers | || | - Amazon SNS notifications | || | - AWS CodeGuru Reviewer | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+CodeCommit CLI Commands
Section titled “CodeCommit CLI Commands”# Create repositoryaws codecommit create-repository \ --repository-name my-repo \ --repository-description "My application repository"
# List repositoriesaws codecommit list-repositories
# Get repositoryaws codecommit get-repository \ --repository-name my-repo
# Clone repository (HTTPS)git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-repo
# Clone repository (SSH)git clone ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-repo
# Create branchaws codecommit create-branch \ --repository-name my-repo \ --branch-name feature-branch \ --commit-id abc123
# List branchesaws codecommit list-branches \ --repository-name my-repo
# Create pull requestaws codecommit create-pull-request \ --title "Feature implementation" \ --description "Adding new feature" \ --targets repositoryName=my-repo,sourceReference=feature-branch,destinationReference=main
# Merge pull requestaws codecommit merge-pull-request-by-fast-forward \ --pull-request-id 1 \ --repository-name my-repo
# Get fileaws codecommit get-file \ --repository-name my-repo \ --file-path src/app.js
# Put fileaws codecommit put-file \ --repository-name my-repo \ --branch-name main \ --file-path src/new-file.js \ --file-content fileb://new-file.js \ --commit-message "Add new file"
# Delete repositoryaws codecommit delete-repository \ --repository-name my-repo31.3 AWS CodeBuild
Section titled “31.3 AWS CodeBuild”CodeBuild Architecture
Section titled “CodeBuild Architecture” AWS CodeBuild Architecture+------------------------------------------------------------------+| || +------------------------+ || | AWS CodeBuild | || +------------------------+ || | || +---------------------+---------------------+ || | | | || v v v || +----------+ +----------+ +----------+ || | Build | | Build | | Build | || | Projects | | Process | | Artifacts| || | | | | | | || | - Config | | - Source | | - Output | || | - Env | | - Build | | - Logs | || | - IAM | | - Post | | - Cache | || +----------+ +----------+ +----------+ || |+------------------------------------------------------------------+Build Project Configuration
Section titled “Build Project Configuration” CodeBuild Project Configuration+------------------------------------------------------------------+| || Source Configuration || +------------------------------------------------------------+ || | | || | Supported Sources: | || | +------------------------------------------------------+ | || | | - AWS CodeCommit | | || | | - GitHub / GitHub Enterprise | | || | | - Bitbucket | | || | | - Amazon S3 | | || | | - AWS CodePipeline | | || | +------------------------------------------------------+ | || | | || +------------------------------------------------------------+ || || Environment Configuration || +------------------------------------------------------------+ || | | || | Compute Types: | || | +------------------------------------------------------+ | || | | - BUILD_GENERAL1_SMALL (3 GB, 2 vCPU) | | || | | - BUILD_GENERAL1_MEDIUM (7 GB, 4 vCPU) | | || | | - BUILD_GENERAL1_LARGE (15 GB, 8 vCPU) | | || | | - BUILD_GENERAL1_2XLARGE (145 GB, 72 vCPU) | | || | +------------------------------------------------------+ | || | | || | Environment Types: | || | +------------------------------------------------------+ | || | | - Managed images (AWS provided) | | || | | - Custom images (ECR) | | || | | - Windows images | | || | | - Linux images | | || | +------------------------------------------------------+ | || | | || +------------------------------------------------------------+ || || Build Specification (buildspec.yml) || +------------------------------------------------------------+ || | | || | version: 0.2 | || | | || | phases: | || | install: | || | runtime-versions: | || | nodejs: 18 | || | commands: | || | - npm install | || | pre_build: | || | commands: | || | - npm test | || | build: | || | commands: | || | - npm run build | || | post_build: | || | commands: | || | - echo Build completed | || | | || | artifacts: | || | files: | || | - dist/**/* | || | base-directory: dist | || | | || | cache: | || | paths: | || | - node_modules/**/* | || | | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+Build Phases
Section titled “Build Phases” CodeBuild Phases+------------------------------------------------------------------+| || Phase Flow || +------------------------------------------------------------+ || | | || | +----------+ +----------+ +----------+ | || | | INSTALL | --> | PRE_BUILD| --> | BUILD | | || | +----------+ +----------+ +----------+ | || | | | || | v | || | +----------+ | || | |POST_BUILD| | || | +----------+ | || | | | || | v | || | +----------+ | || | |ARTIFACTS | | || | +----------+ | || | | || +------------------------------------------------------------+ || || Phase Descriptions || +------------------------------------------------------------+ || | | || | INSTALL: Install dependencies and tools | || | PRE_BUILD: Pre-build tasks (tests, linting) | || | BUILD: Main build commands | || | POST_BUILD: Cleanup, notifications, packaging | || | | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+CodeBuild CLI Commands
Section titled “CodeBuild CLI Commands”# Create build projectaws codebuild create-project \ --name my-build-project \ --source type=CODECOMMIT,location=arn:aws:codecommit:us-east-1:123456789012:my-repo \ --artifacts type=S3,location=my-bucket,name=artifacts \ --environment type=LINUX_CONTAINER,image=aws/codebuild/standard:7.0,computeType=BUILD_GENERAL1_SMALL \ --service-role arn:aws:iam::123456789012:role/CodeBuildServiceRole
# List build projectsaws codebuild list-projects
# Get project detailsaws codebuild batch-get-projects \ --names my-build-project
# Start buildaws codebuild start-build \ --project-name my-build-project
# Start build with overrideaws codebuild start-build \ --project-name my-build-project \ --environment-variables-override name=ENV,value=production
# List buildsaws codebuild list-builds \ --sort-order DESCENDING
# Get build detailsaws codebuild batch-get-builds \ --ids build-id-1 build-id-2
# Delete projectaws codebuild delete-project \ --name my-build-project
# Create webhook (for automatic builds)aws codebuild create-webhook \ --project-name my-build-project \ --branch-filter main31.4 AWS CodeDeploy
Section titled “31.4 AWS CodeDeploy”CodeDeploy Architecture
Section titled “CodeDeploy Architecture” AWS CodeDeploy Architecture+------------------------------------------------------------------+| || +------------------------+ || | AWS CodeDeploy | || +------------------------+ || | || +---------------------+---------------------+ || | | | || v v v || +----------+ +----------+ +----------+ || | App | | Deploy | | Compute | || | Name | | Config | | Platforms| || | | | | | | || | - Groups | | - In-Place| | - EC2 | || | - Revisions| | - Blue/Green| | - Lambda | || | | | | | - ECS | || +----------+ +----------+ +----------+ || |+------------------------------------------------------------------+Deployment Types
Section titled “Deployment Types” CodeDeploy Deployment Types+------------------------------------------------------------------+| || In-Place Deployment || +------------------------------------------------------------+ || | | || | Before: After: | || | +--------+ +--------+ | || | | App v1 | Deploy | App v2 | | || | | | -----> | | | || | +--------+ +--------+ | || | | || | - Updates instances in place | || | - Rolling update (one instance at a time) | || | - Suitable for EC2/On-premises | || | - Downtime possible during deployment | || | | || +------------------------------------------------------------+ || || Blue/Green Deployment || +------------------------------------------------------------+ || | | || | Before: After: | || | +--------+ +--------+ | || | | Blue | | Green | | || | | App v1 | Deploy | App v2 | | || | +--------+ -----> +--------+ | || | | | | || | v v | || | +--------+ +--------+ | || | | LB --> | | LB --> | | || | +--------+ +--------+ | || | | || | - Creates new environment | || | - Traffic shift to new environment | || | - Zero downtime | || | - Easy rollback (switch back to blue) | || | | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+AppSpec File Structure
Section titled “AppSpec File Structure” CodeDeploy AppSpec File+------------------------------------------------------------------+| || For EC2/On-Premises (appspec.yml) || +------------------------------------------------------------+ || | | || | version: 0.0 | || | os: linux | || | | || | files: | || | - source: / | || | destination: /var/www/html | || | | || | hooks: | || | ApplicationStop: | || | - location: scripts/stop_server.sh | || | timeout: 300 | || | BeforeInstall: | || | - location: scripts/install_dependencies.sh | || | timeout: 300 | || | AfterInstall: | || | - location: scripts/change_permissions.sh | || | timeout: 300 | || | ApplicationStart: | || | - location: scripts/start_server.sh | || | timeout: 300 | || | ValidateService: | || | - location: scripts/validate_service.sh | || | timeout: 300 | || | | || +------------------------------------------------------------+ || || For Lambda (appspec.yml) || +------------------------------------------------------------+ || | | || | version: 0.0 | || | | || | hooks: | || | BeforeAllowTraffic: | || | - location: scripts/pre_traffic.sh | || | AfterAllowTraffic: | || | - location: scripts/post_traffic.sh | || | | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+Deployment Lifecycle Hooks
Section titled “Deployment Lifecycle Hooks” CodeDeploy Lifecycle Hooks+------------------------------------------------------------------+| || EC2/On-Premises Deployment Order || +------------------------------------------------------------+ || | | || | 1. ApplicationStop | || | - Stop application gracefully | || | | || | 2. DownloadBundle | || | - Download revision from S3 | || | | || | 3. BeforeInstall | || | - Pre-installation tasks | || | | || | 4. Install | || | - Copy files to destination | || | | || | 5. AfterInstall | || | - Post-installation tasks | || | | || | 6. ApplicationStart | || | - Start application | || | | || | 7. ValidateService | || | - Verify application is running | || | | || +------------------------------------------------------------+ || || Lambda Deployment Order || +------------------------------------------------------------+ || | | || | 1. BeforeAllowTraffic | || | - Pre-traffic validation | || | | || | 2. AllowTraffic | || | - Shift traffic to new version | || | | || | 3. AfterAllowTraffic | || | - Post-traffic validation | || | | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+CodeDeploy CLI Commands
Section titled “CodeDeploy CLI Commands”# Create applicationaws deploy create-application \ --application-name my-app \ --compute-platform Server
# List applicationsaws deploy list-applications
# Create deployment groupaws deploy create-deployment-group \ --application-name my-app \ --deployment-group-name my-deployment-group \ --deployment-config-name CodeDeployDefault.AllAtOnce \ --ec2-tag-filters Key=Name,Value=WebServer,Type=KEY_AND_VALUE \ --service-role-arn arn:aws:iam::123456789012:role/CodeDeployServiceRole
# List deployment groupsaws deploy list-deployment-groups \ --application-name my-app
# Create deploymentaws deploy create-deployment \ --application-name my-app \ --deployment-group-name my-deployment-group \ --revision revisionType=S3,s3Location='{bucket=my-bucket,key=app.zip,bundleType=zip}' \ --description "Production deployment"
# Get deploymentaws deploy get-deployment \ --deployment-id d-ABCDEF123
# List deploymentsaws deploy list-deployments \ --application-name my-app \ --deployment-group-name my-deployment-group
# Stop deploymentaws deploy stop-deployment \ --deployment-id d-ABCDEF123
# Create deployment configaws deploy create-deployment-config \ --deployment-config-name my-config \ --minimum-healthy-hosts type=FLEET_PERCENT,value=75
# Get deployment targetaws deploy get-deployment-target \ --deployment-id d-ABCDEF123 \ --target-id i-1234567890abcdef031.5 Integration Architecture
Section titled “31.5 Integration Architecture”CI/CD Pipeline Flow
Section titled “CI/CD Pipeline Flow” Complete CI/CD Pipeline+------------------------------------------------------------------+| || Developer || | || v || +----------+ || | Local | || | Dev | || +----------+ || | || | git push || v || +----------+ +----------+ +----------+ +----------+ || | CodeCommit| --> | CodeBuild| --> | CodeDeploy| --> | Production| || | | | | | | | | || | - Source | | - Build | | - Deploy | | - Running| || | - Review | | - Test | | - Release| | App | || +----------+ +----------+ +----------+ +----------+ || | | | || v v v || +----------+ +----------+ +----------+ || | PR Review| | Artifacts| | Rollback | || +----------+ +----------+ +----------+ || |+------------------------------------------------------------------+31.6 Best Practices
Section titled “31.6 Best Practices”CodeCommit Best Practices
Section titled “CodeCommit Best Practices” CodeCommit Best Practices+------------------------------------------------------------------+| || 1. Use branch protection rules || +------------------------------------------------------------+ || | - Require pull request reviews | || | - Require approved reviews before merge | || +------------------------------------------------------------+ || || 2. Implement approval rules || +------------------------------------------------------------+ || | - Require specific approvers | || | - Set minimum number of approvals | || +------------------------------------------------------------+ || || 3. Use cross-account access || +------------------------------------------------------------+ || | - Centralize repositories in shared account | || | - Grant access via IAM roles | || +------------------------------------------------------------+ || || 4. Enable notifications || +------------------------------------------------------------+ || | - Notify on pull requests | || | - Notify on branch changes | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+CodeBuild Best Practices
Section titled “CodeBuild Best Practices” CodeBuild Best Practices+------------------------------------------------------------------+| || 1. Use buildspec.yml in repository || +------------------------------------------------------------+ || | - Version control build configuration | || | - Enable per-branch build customization | || +------------------------------------------------------------+ || || 2. Enable caching || +------------------------------------------------------------+ || | - Cache dependencies (node_modules, Maven, etc.) | || | - Use S3 or local cache | || +------------------------------------------------------------+ || || 3. Use environment variables || +------------------------------------------------------------+ || | - Store secrets in Parameter Store/Secrets Manager | || | - Use environment variables for configuration | || +------------------------------------------------------------+ || || 4. Optimize build time || +------------------------------------------------------------+ || | - Use appropriate compute type | || | - Parallelize tests | || | - Use custom images with pre-installed tools | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+CodeDeploy Best Practices
Section titled “CodeDeploy Best Practices” CodeDeploy Best Practices+------------------------------------------------------------------+| || 1. Use Blue/Green deployments for production || +------------------------------------------------------------+ || | - Zero downtime deployments | || | - Easy rollback | || +------------------------------------------------------------+ || || 2. Configure health checks || +------------------------------------------------------------+ || | - ValidateService hook for verification | || | - ELB health checks | || +------------------------------------------------------------+ || || 3. Use deployment configurations || +------------------------------------------------------------+ || | - AllAtOnce: Fast, risky | || | - HalfAtATime: Balanced | || | - OneAtATime: Slow, safe | || +------------------------------------------------------------+ || || 4. Configure rollback || +------------------------------------------------------------+ || | - Automatic rollback on failure | || | - Rollback on alarm threshold | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+31.7 Troubleshooting
Section titled “31.7 Troubleshooting”Common Issues
Section titled “Common Issues” Common CI/CD Issues+------------------------------------------------------------------+| || Issue 1: CodeCommit authentication failed || +------------------------------------------------------------+ || | Cause: Missing IAM permissions or credentials | || | Solution: Configure git credential helper or SSH keys | || +------------------------------------------------------------+ || || Issue 2: CodeBuild timeout || +------------------------------------------------------------+ || | Cause: Build taking longer than default timeout | || | Solution: Increase timeout or optimize build process | || +------------------------------------------------------------+ || || Issue 3: CodeDeploy agent not running || +------------------------------------------------------------+ || | Cause: CodeDeploy agent stopped or not installed | || | Solution: Install/start codedeploy-agent service | || +------------------------------------------------------------+ || || Issue 4: Deployment failed with no error message || +------------------------------------------------------------+ || | Cause: Script errors or missing files | || | Solution: Check /opt/codedeploy-agent/deployment-root | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+31.8 Exam Tips
Section titled “31.8 Exam Tips”
Key Exam Points+------------------------------------------------------------------+| || 1. CodeCommit = Git-based source control (like GitHub) || || 2. CodeBuild = Managed build service (no servers to manage) || || 3. CodeDeploy = Automated deployments to EC2, Lambda, ECS || || 4. CodeBuild uses buildspec.yml for configuration || || 5. CodeDeploy uses appspec.yml for deployment hooks || || 6. Blue/Green deployment = zero downtime, easy rollback || || 7. In-Place deployment = updates existing instances || || 8. CodeDeploy agent required on EC2 instances || || 9. CodeBuild supports Docker, Lambda, custom images || || 10. CodeCommit supports HTTPS, SSH, GRC protocols || |+------------------------------------------------------------------+31.9 Summary
Section titled “31.9 Summary” Chapter 31 Summary+------------------------------------------------------------------+| || AWS CodeCommit || +------------------------------------------------------------+ || | - Git-based source control | || | - Private repositories | || | - Pull requests and code reviews | || | - IAM-based access control | || +------------------------------------------------------------+ || || AWS CodeBuild || +------------------------------------------------------------+ || | - Fully managed build service | || | - buildspec.yml configuration | || | - Multiple environment types | || | - Pay per build minute | || +------------------------------------------------------------+ || || AWS CodeDeploy || +------------------------------------------------------------+ || | - Automated deployments | || | - In-Place and Blue/Green deployments | || | - appspec.yml configuration | || | - Lifecycle hooks for custom scripts | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+Next Chapter: Chapter 32: AWS CodePipeline & CI/CD Best Practices