AWS CodePipeline
Core concept: CodePipeline orchestrates your entire release process โ source โ build โ test โ deploy โ end-to-end.
Pipeline Anatomyโ
Stage 1: Source Stage 2: Build Stage 3: Deploy
โโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโ
Action: CodeCommit โ Action: CodeBuild โ Action: CodeDeploy
(output: source.zip) (output: build.zip) (to staging)
โ
Stage 4: Approve Stage 5: Deploy
โโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโ
Action: Manual โ Action: CloudFormation
Approval (to production)
Action Typesโ
| Category | Providers |
|---|---|
| Source | CodeCommit, S3, GitHub, ECR |
| Build | CodeBuild, Jenkins |
| Test | CodeBuild, Device Farm, third-party |
| Deploy | CodeDeploy, Beanstalk, ECS, CloudFormation, S3 |
| Approval | Manual approval |
| Invoke | Lambda, Step Functions |
Artifact Storeโ
Every stage passes artifacts via S3:
CodeCommit source โ S3 artifact (source.zip)
โ
CodeBuild reads โ builds โ outputs build.zip
โ
CodeDeploy reads build.zip
S3 artifacts are encrypted with KMS for cross-account pipelines.
Manual Approvalโ
# CloudFormation
ApprovalStage:
Type: StageDeclaration
Name: ManualApproval
Actions:
- Name: ApproveProduction
ActionTypeId:
Category: Approval
Owner: AWS
Provider: Manual
Version: "1"
Configuration:
NotificationArn: !Ref ApprovalSNSTopic
CustomData: "Review test results at: https://dashboard.example.com"
ExternalEntityLink: "https://jira.example.com/RELEASE-123"
EventBridge Integrationโ
React to pipeline state changes:
// EventBridge rule: alert on pipeline failure
{
"source": ["aws.codepipeline"],
"detail-type": ["CodePipeline Pipeline Execution State Change"],
"detail": {
"state": ["FAILED"],
"pipeline": ["my-prod-pipeline"]
}
}
๐งช Practice Questionsโ
Q1. A pipeline needs to deploy to staging automatically, then wait for a human to approve before deploying to production. Which CodePipeline action provides this?
A) A CodeBuild step with approval logic
B) Lambda function that checks a DynamoDB approval flag
C) Manual Approval action between staging and prod stages
D) EventBridge rule that pauses the pipeline
โ Answer & Explanation
C โ CodePipeline's built-in Manual Approval action pauses execution and sends an SNS notification. The pipeline resumes only when an authorized user approves via console, CLI, or API.
Q2. Between stages in a CodePipeline, how are artifacts (build outputs) passed?
A) Directly via Lambda invocation
B) Via an SQS message
C) Via S3 โ each stage reads/writes to the pipeline's artifact store bucket
D) In-memory within the pipeline
โ Answer & Explanation
C โ CodePipeline uses an S3 bucket as the artifact store. Each stage's output is uploaded to S3, and the next stage downloads it. For cross-account pipelines, the S3 bucket and KMS key must allow cross-account access.