Best practices for CI/CD pipelines

The following are best practices for fully CI/CD pipelines:

Secure the production environment – Because it's possible to accomplish virtually everything necessary for account and environment maintenance by using IaC, it's important to make every effort to secure the production environment by limiting console and programmatic access. We recommend limiting access to only a few, or even zero, users. When you deploy IaC through AWS CloudFormation, the user needs limited permissions. Most permissions are assigned to the CloudFormation service through a service role. For more information, see Service role in the CloudFormation documentation and Implementing policies for least-privilege permissions for AWS CloudFormation.
Create separate accounts for each environment – By dedicating a separate account to each environment, you can simplify the deployment process and create fine-grained access controls at the account level. When multiple environments share resources, it reduces the integrity of the environment as an isolated unit. It's best to keep environments synchronized and distinct. This is even more important for the production environment because everything in that account should be treated as a production resource.
Restrict personally identifiable information (PII) to the production environment – Both for security and protection from liability risks, secure PII as much as possible. When possible in lower environments, use anonymized or sample data instead of copying potentially sensitive data from the production environment.
Review code in repositories – A fully CI/CD process reduces the entry points for a pipeline to a single point, and that single point should be secured. For this reason, it's recommended that you require multiple code reviews before merging feature branches into the main branch. These code reviews can be conducted by any qualified team member, but at least one senior member should review. The code should be tested rigorously by the reviewer. After all, the best way to fix issues in a pipeline is to avoid introducing them into it. Also, it's important to resolve all comments made by any reviewer before merging. This resolution could simply be an explanation of why no changes are needed, but addressing all comments is an important extra check to help prevent the introduction of issues into the pipeline.
Make small and frequent merges – In order to take full advantage of continuous integration, it's a good idea to push local changes into the pipeline continuously as well. After all, it's much more beneficial for the development environments to stay in sync if the local environments keep up with them too.

For more best practices for CI/CD pipelines, see Summary of best practices in Practicing Continuous Integration and Continuous Delivery on AWS.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Litmus test for CI/CD pipelines

FAQ