CodePipeline
User Guide (API Version 2015-07-09)

CodePipeline Best Practices and Use Cases

CodePipeline is integrated with a number of products and services. The following sections describe best practices and use cases for CodePipeline and these related products and services.

A simple business use case for CodePipeline can help you understand ways you might implement the service and control user access. The use cases are described in general terms. They do not prescribe the APIs to use to achieve the results you want.

Best Practices

Use the best practices outlined in these sections when using CodePipeline.

Security Best Practices for CodePipeline Resources

You use encryption and authentication for the source repositories that connect to your pipelines. These are the CodePipeline best practices for security:

Monitoring and Logging Best Practices for CodePipeline Resources

You can use logging features in AWS to determine the actions users have taken in your account and the resources that were used. The log files show:

  • The time and date of actions.

  • The source IP address for an action.

  • Which actions failed due to inadequate permissions.

Logging features are available in the following AWS services:

Best Practices for the Jenkins PlugIn

Use the best practices provided in this section for pipelines with a Jenkins action provider.

Configure a Separate Amazon EC2 Instance and IAM Role for Your Jenkins Build Server

As a best practice, when you use a Jenkins build provider for your pipeline’s build or test action, install Jenkins on an Amazon EC2 instance and configure a separate EC2 instance profile. Make sure the instance profile grants Jenkins only the AWS permissions required to perform tasks for your project, such as retrieving files from Amazon S3.

The instance profile provides applications running on an Amazon EC2 instance with the credentials to access other AWS services. As a result, you do not need to configure AWS credentials (AWS access key and secret key).

To learn how to create the role for your Jenkins instance profile, see the steps in Create an IAM Role to Use for Jenkins Integration.

Use Cases for CodePipeline

You can create pipelines that integrate with other AWS services. These can be AWS services, such as Amazon S3, or third-party products, such as GitHub. This section provides examples for using CodePipeline to automate your code releases using different product integrations. For a full list of integrations with CodePipeline organized by action type, see CodePipeline Pipeline Structure Reference.

Use CodePipeline with Amazon S3, AWS CodeCommit, and AWS CodeDeploy

When you create a pipeline, CodePipeline integrates with AWS products and services that act as action providers in each stage of your pipeline. When you choose stages in the wizard, you must choose a source stage and at least a build or deploy stage. The wizard creates the stages for you with default names that cannot be changed. These are the stage names created when you set up a full three-stage pipeline in the wizard:

  • A source action stage with a default name of “Source.”

  • A build action stage with a default name of “Build.”

  • A deploy action stage with a default name of “Staging.”

You can use the tutorials in this guide to create pipelines and specify stages:

  • The steps in Tutorial: Create a Simple Pipeline (Amazon S3 Bucket) help you use the wizard to create a pipeline with two default stages: “Source” and “Staging”, where your Amazon S3 repository is the source provider. This tutorial creates a pipeline that uses AWS CodeDeploy to deploy a sample application from an Amazon S3 bucket to Amazon EC2 instances running Amazon Linux.

  • The steps in Tutorial: Create a Simple Pipeline (CodeCommit Repository) help you use the wizard to create a pipeline with a “Source” stage that uses your AWS CodeCommit repository as the source provider. This tutorial creates a pipeline that uses AWS CodeDeploy to deploy a sample application from an AWS CodeCommit repository to an Amazon EC2 instance running Amazon Linux.

Use CodePipeline with Third-party Action Providers (GitHub and Jenkins)

You can create pipelines that integrate with third-party products such as GitHub and Jenkins. The steps in Tutorial: Create a Four-Stage Pipeline show you how to create a pipeline that:

  • Gets source code from a GitHub repository,

  • Uses Jenkins to build and test the source code,

  • Uses AWS CodeDeploy to deploy the built and tested source code to Amazon EC2 instances running Amazon Linux or Microsoft Windows Server.

Use CodePipeline with AWS CodeStar to Build a Pipeline in a Code Project

AWS CodeStar is a cloud-based service that provides a unified user interface for managing software development projects on AWS. AWS CodeStar works with CodePipeline to combine AWS resources into a project development toolchain. You can use your AWS CodeStar dashboard to automatically create the pipeline, repositories, source code, build spec files, deployment method, and hosting instances or serverless instances required for a complete code project.

To create your AWS CodeStar project, you choose your coding language and the type of application you want to deploy. You can create the following project types: a web application, a web service, or an Alexa skill.

At any time, you can integrate your preferred IDE into your AWS CodeStar dashboard. You can also add and remove team members and manage permissions for team members on your project. For a tutorial that shows you how to use AWS CodeStar to create a sample pipeline for a serverless application, see Tutorial: Creating and Managing a Serverless Project in AWS CodeStar.

Use CodePipeline to Compile, Build, and Test Code with CodeBuild

CodeBuild is a managed build service in the cloud that lets you build and test your code without a server or system. Use CodePipeline with CodeBuild to automate running revisions through the pipeline for continuous delivery of software builds whenever there is a change to the source code. For more information, see Use AWS CodePipeline with CodeBuild to Test Code and Run Builds.

Use CodePipeline with Amazon ECS for Continuous Delivery of Container-Based Applications to the Cloud

Amazon ECS is a container management service that lets you deploy container-based applications to Amazon ECS instances in the cloud. Use CodePipeline with Amazon ECS to automate running revisions through the pipeline for continuous deployment of container-based applications whenever there is a change to the source image repository. For more information, see Tutorial: Continuous Deployment with CodePipeline.

Use CodePipeline with Elastic Beanstalk for Continuous Delivery of Web Applications to the Cloud

Elastic Beanstalk is a compute service that lets you deploy web applications and services to web servers. Use CodePipeline with Elastic Beanstalk for continuous deployment of web applications to your application environment. You can also use AWS CodeStar to create a pipeline with an Elastic Beanstalk deploy action.

Use CodePipeline with AWS Lambda for Continuous Delivery of Lambda-Based and Serverless Applications

You can use AWS Lambda with CodePipeline for invoking an AWS Lambda function, as described in Automating Deployment of Lambda-based Applications. You can also use AWS Lambda and AWS CodeStar to create a pipeline for deploying serverless applications.

Use CodePipeline with AWS CloudFormation Templates for Continuous Delivery to the Cloud

You can use AWS CloudFormation with CodePipeline for continuous delivery and automation. For more information, see Continuous Delivery with CodePipeline. AWS CloudFormation is also used to create the templates for pipelines created in AWS CodeStar.