AWS CodePipeline
User Guide (API Version 2015-07-09)

The procedures in this guide support the new console design. If you choose to use the older version of the console, you will find many of the concepts and basic procedures in this guide still apply. To access help in the new console, choose the information icon.

AWS CodePipeline Best Practices and Use Cases

AWS CodePipeline is integrated with a number of products and services. The following sections describe best practices and use cases for AWS CodePipeline and these related products and services.

A simple business use case for AWS CodePipeline can help you understand ways you might implement the service and control user access. The use cases are described in general terms. They do not prescribe the APIs to use to achieve the results you want.

Best Practices

Use the best practices outlined in these sections when using AWS CodePipeline.

Security Best Practices for AWS CodePipeline Resources

You use encryption and authentication for the source repositories that connect to your pipelines. These are the AWS CodePipeline best practices for security:

Monitoring and Logging Best Practices for AWS CodePipeline Resources

You can use logging features in AWS to determine the actions users have taken in your account and the resources that were used. The log files show:

  • The time and date of actions.

  • The source IP address for an action.

  • Which actions failed due to inadequate permissions.

Logging features are available in the following AWS services:

Best Practices for the Jenkins PlugIn

Use the best practices provided in this section for pipelines with a Jenkins action provider.

Configure a Separate Amazon EC2 Instance and IAM Role for Your Jenkins Build Server

As a best practice, when you use a Jenkins build provider for your pipeline’s build or test action, install Jenkins on an Amazon EC2 instance and configure a separate EC2 instance profile. Make sure the instance profile grants Jenkins only the AWS permissions required to perform tasks for your project, such as retrieving files from Amazon S3.

The instance profile provides applications running on an Amazon EC2 instance with the credentials to access other AWS services. As a result, you do not need to configure AWS credentials (AWS access key and secret key).

To learn how to create the role for your Jenkins instance profile, see the steps in Create an IAM Role to Use for Jenkins Integration.

Use Cases for AWS CodePipeline

You can create pipelines that integrate with other AWS services. These can be AWS services, such as Amazon S3, or third-party products, such as GitHub. This section provides examples for using AWS CodePipeline to automate your code releases using different product integrations. For a full list of integrations with AWS CodePipeline organized by action type, see AWS CodePipeline Pipeline Structure Reference.

Use AWS CodePipeline with Amazon S3, AWS CodeCommit, and AWS CodeDeploy

When you create a pipeline, AWS CodePipeline integrates with AWS products and services that act as action providers in each stage of your pipeline. When you choose stages in the wizard, you must choose a source stage and at least a build or deploy stage. The wizard creates the stages for you with default names that cannot be changed. These are the stage names created when you set up a full three-stage pipeline in the wizard:

  • A source action stage with a default name of “Source.”

  • A build action stage with a default name of “Build.”

  • A deploy action stage with a default name of “Staging.”

You can use the tutorials in this guide to create pipelines and specify stages:

  • The steps in Tutorial: Create a Simple Pipeline (Amazon S3 Bucket) help you use the wizard to create a pipeline with two default stages: “Source” and “Staging”, where your Amazon S3 repository is the source provider. This tutorial creates a pipeline that uses AWS CodeDeploy to deploy a sample application from an Amazon S3 bucket to Amazon EC2 instances running Amazon Linux.

  • The steps in Tutorial: Create a Simple Pipeline (AWS CodeCommit Repository) help you use the wizard to create a pipeline with a “Source” stage that uses your AWS CodeCommit repository as the source provider. This tutorial creates a pipeline that uses AWS CodeDeploy to deploy a sample application from an AWS CodeCommit repository to an Amazon EC2 instance running Amazon Linux.

Use AWS CodePipeline with Third-party Action Providers (GitHub and Jenkins)

You can create pipelines that integrate with third-party products such as GitHub and Jenkins. The steps in Tutorial: Create a Four-Stage Pipeline show you how to create a pipeline that:

  • Gets source code from a GitHub repository,

  • Uses Jenkins to build and test the source code,

  • Uses AWS CodeDeploy to deploy the built and tested source code to Amazon EC2 instances running Amazon Linux or Microsoft Windows Server.

Use AWS CodePipeline with AWS CodeStar to Build a Pipeline in a Code Project

AWS CodeStar is a cloud-based service that provides a unified user interface for managing software development projects on AWS. AWS CodeStar works with AWS CodePipeline to combine AWS resources into a project development toolchain. You can use your AWS CodeStar dashboard to automatically create the pipeline, repositories, source code, build spec files, deployment method, and hosting instances or serverless instances required for a complete code project.

To create your AWS CodeStar project, you choose your coding language and the type of application you want to deploy. You can create the following project types: a web application, a web service, or an Alexa skill.

At any time, you can integrate your preferred IDE into your AWS CodeStar dashboard. You can also add and remove team members and manage permissions for team members on your project. For a tutorial that shows you how to use AWS CodeStar to create a sample pipeline for a serverless application, see Tutorial: Creating and Managing a Serverless Project in AWS CodeStar.

Use AWS CodePipeline to Compile, Build, and Test Code with AWS CodeBuild

AWS CodeBuild is a managed build service in the cloud that lets you build and test your code without a server or system. Use AWS CodePipeline with AWS CodeBuild to automate running revisions through the pipeline for continuous delivery of software builds whenever there is a change to the source code. For more information, see Use AWS CodePipeline with AWS CodeBuild to Test Code and Run Builds.

Use AWS CodePipeline with Amazon ECS for Continuous Delivery of Container-Based Applications to the Cloud

Amazon ECS is a container management service that lets you deploy container-based applications to Amazon ECS instances in the cloud. Use AWS CodePipeline with Amazon ECS to automate running revisions through the pipeline for continuous deployment of container-based applications whenever there is a change to the source image repository. For more information, see Tutorial: Continuous Deployment with AWS CodePipeline.

Use AWS CodePipeline with Elastic Beanstalk for Continuous Delivery of Web Applications to the Cloud

Elastic Beanstalk is a compute service that lets you deploy web applications and services to web servers. Use AWS CodePipeline with Elastic Beanstalk for continuous deployment of web applications to your application environment. You can also use AWS CodeStar to create a pipeline with an Elastic Beanstalk deploy action.

Use AWS CodePipeline with AWS Lambda for Continuous Delivery of Lambda-Based and Serverless Applications

You can use AWS Lambda with AWS CodePipeline for invoking an AWS Lambda function, as described in Automating Deployment of Lambda-based Applications. You can also use AWS Lambda and AWS CodeStar to create a pipeline for deploying serverless applications.

Use AWS CodePipeline with AWS CloudFormation Templates for Continuous Delivery to the Cloud

You can use AWS CloudFormation with AWS CodePipeline for continuous delivery and automation. For more information, see Continuous Delivery with AWS CodePipeline. AWS CloudFormation is also used to create the templates for pipelines created in AWS CodeStar.