CI/CD on AWS – AWS CodeCommit and AWS CodeBuild

A continuous integration / continuous delivery (CI/CD) pipeline lets you submit new code on one end, build it, automatically test it, store artifacts and deploy it to a production environment. Each stage works as a logical unit within the delivery process. They act as a gate that validates a certain aspect of your code and gives your the outcome.

The most common CI/CD tooling in AWS involves:

  • CodeCommit
  • CodeBuild
  • CodeDeploy
  • CodePipeline
  • S3

Since each component has their intricacies, let’s start understanding them one by one, taking an overview.

Understanding CodeCommit

AWS CodeCommit is a secure, highly scalable, fully managed source control service that hosts private Git repositories. It is a version control service hosted by Amazon Web Services that you can use to privately store and manage assets (such as documents, source code, and binary files) in the cloud.

The following figure shows how you use your development machine, the AWS CLI or CodeCommit console, and the CodeCommit service to create and manage repositories:


Setup for AWS CodeCommit

Follow this to setup CodeCommit:

Basically you need to take care of the following things

  1. Setting up user, user permissiona and policies using AWS IAM
  2. Setting up using Git credentials
  3. Setting up your local development
  4. Making your project repository.

Once all setup, you will end with something like this, with your respective project files


Now you will be able to perform Git operations between your local environment and CodeCommit.✌🏼

CodeCommit Tips:

  1. Use Branches: Organize your code into branches for different features or development stages. This helps in maintaining a clean codebase and enables parallel development.
  2. Branch Policies: Implement branch policies to enforce code review and quality checks before merging changes into the main branch (e.g., master or main). This ensures code quality and security.
  3. Commit Messages: Write descriptive commit messages that explain what the changes do. Follow a consistent format, such as the conventional commit style, for better traceability.
  4. Webhooks: Set up webhooks to trigger AWS services like CodeBuild or AWS Lambda functions when code changes are pushed to CodeCommit. This enables automated workflows.
  5. CodeCommit Triggers: Leverage CodeCommit triggers to automate actions when specific events occur, such as pushing code, creating or deleting branches, or pull request actions.
  6. Code Reviews: Encourage code reviews for all changes. Use CodeCommit’s built-in code review feature or integrate with third-party code review tools like AWS CodeGuru Reviewer.
  7. Access Control: Manage access control carefully by using AWS Identity and Access Management (IAM) policies. Grant permissions on a least privilege basis to ensure security.
  8. Encryption: Enable encryption at rest for your CodeCommit repositories to protect your source code data.

Understanding CodeBuild

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces ready-to-deploy software packages. You just specify the location of your source code and choose your build settings, and CodeBuild will run your build scripts for compiling, testing, and packaging your code.


Setup for AWS CodeBuild

Follow this to setup CodeBuild:

You need to take care of the following steps

  • Create the source code
  • Create the buildspec file
  • Create two S3 buckets
  • Upload the source code and the buildspec file
  • Create the build project
  • Run the build

If everything is setup, Codebuild looks like this


What is a buildspec file

A buildspec is a collection of build commands and related settings, in YAML format, that CodeBuild uses to run a build. Without a build spec, CodeBuild cannot successfully convert your build input into build output or locate the build output artifact in the build environment to upload to your output bucket. To use it better, refer AWS Buildspec File

Check out the #90daysof Devops Github Repository:

CodeCommit and CodeBuild are two essential services in AWS for managing your source code and automating the build and deployment process. Here are some useful tips for working with CodeCommit and CodeBuild:

CodeBuild Tips:

  1. Buildspec File: Use a buildspec.yml file in your project’s root directory to define the build and deployment phases. This file specifies the build environment, build commands, and post-build actions.
  2. Custom Docker Images: If your project requires specific dependencies or tools, create custom Docker images and use them as the build environment in CodeBuild. This ensures consistency across builds.
  3. Caching: Implement build artifact caching to speed up subsequent builds. This can significantly reduce build times and costs.
  4. Environment Variables: Use environment variables in your buildspec file to store sensitive information like API keys and credentials securely. Avoid hardcoding such data in your code.
  5. Notifications: Set up notifications for build status changes. You can integrate CodeBuild with services like Amazon SNS or Slack to receive notifications when builds succeed or fail.
  6. Build Logs: Configure your build to upload build logs to Amazon S3. This helps in debugging and auditing build processes.
  7. Parallel Builds: For large projects, consider splitting your build into smaller, parallel jobs to reduce build times. CodeBuild allows you to define multiple build projects in a build pipeline.
  8. Security Scans: Integrate security scanning tools like AWS CodeArtifact, Amazon Inspector, or third-party services to scan your code for vulnerabilities during the build process.
  9. Scaling: Configure CodeBuild to autoscale based on build demand. This helps optimize costs and ensures fast builds during peak times.
  10. Monitoring: Monitor your build projects using Amazon CloudWatch Metrics and Logs. Set up alarms to be notified of unusual build activity or failures.

By following these tips, you can efficiently manage your source code with CodeCommit and automate your build and deployment processes with CodeBuild, improving your development workflow in AWS.

Leave a Comment