OPS05-BP02 Test and validate changes

Every change deployed must be tested to avoid errors in production. This best practice is focused on testing changes from version control to artifact build. Besides application code changes, testing should include infrastructure, configuration, security controls, and operations procedures. Testing takes many forms, from unit tests to software component analysis (SCA). Move tests further to the left in the software integration and delivery process results in higher certainty of artifact quality.

Your organization must develop testing standards for all software artifacts. Automated tests reduce toil and avoid manual test errors. Manual tests may be necessary in some cases. Developers must have access to automated test results to create feedback loops that improve software quality.

Desired outcome: Your software changes are tested before they are delivered. Developers have access to test results and validations. Your organization has a testing standard that applies to all software changes.

Common anti-patterns:

• You deploy a new software change without any tests. It fails to run in production, which leads to an outage.

• New security groups are deployed with AWS CloudFormation without being tested in a pre-production environment. The security groups make your app unreachable for your customers.

• A method is modified but there are no unit tests. The software fails when it is deployed to production.

Benefits of establishing this best practice: Change fail rate of software deployments are reduced. Software quality is improved. Developers have increased awareness on the viability of their code. Security policies can be rolled out with confidence to support organization's compliance. Infrastructure changes such as automatic scaling policy updates are tested in advance to meet traffic needs.

Level of risk exposed if this best practice is not established: High

Implementation guidance

Testing is done on all changes, from application code to infrastructure, as part of your continuous integration practice. Test results are published so that developers have fast feedback. Your organization has a testing standard that all changes must pass.

Use the power of generative AI with Amazon Q Developer to improve developer productivity and code quality. Amazon Q Developer includes generation of code suggestions (based on large language models), production of unit tests (including boundary conditions), and code security enhancements through detection and remediation of security vulnerabilities.

Customer example

As part of their continuous integration pipeline, AnyCompany Retail conducts several types of tests on all software artifacts. They practice test driven development so all software has unit tests. Once the artifact is built, they run end-to-end tests. After this first round of tests is complete, they run a static application security scan, which looks for known vulnerabilities. Developers receive messages as each testing gate is passed. Once all tests are complete, the software artifact is stored in an artifact repository.

Implementation steps

1. Work with stakeholders in your organization to develop a testing standard for software artifacts. What standard tests should all artifacts pass? Are there compliance or governance requirements that must be included in the test coverage? Do you need to conduct code quality tests? When tests complete, who needs to know?

   1. The AWS Deployment Pipeline Reference Architecture contains an authoritative list of types of tests that can be conducted on software artifacts as part of an integration pipeline.

2. Instrument your application with the necessary tests based on your software testing standard. Each set of tests should complete in under ten minutes. Tests should run as part of an integration pipeline.

   1. Use Amazon Q Developer, a generative AI tool that can help create unit test cases (including boundary conditions), generate functions using code and comments, and implement well-known algorithms.

   2. Use Amazon CodeGuru Reviewer to test your application code for defects.

   3. You can use AWS CodeBuild to conduct tests on software artifacts.

   4. AWS CodePipeline can orchestrate your software tests into a pipeline.

Resources

Related best practices:

• OPS05-BP01 Use version control

• OPS05-BP06 Share design standards

• OPS05-BP07 Implement practices to improve code quality

• OPS05-BP10 Fully automate integration and deployment

Related documents:

• Adopt a test-driven development approach

• Accelerate your Software Development Lifecycle with Amazon Q

• Amazon Q Developer, now generally available, includes previews of new capabilities to reimagine developer experience

• The Ultimate Cheat Sheet for Using Amazon Q Developer in Your IDE

• Shift-Left Workload, leveraging AI for Test Creation

• Amazon Q Developer Center

• 10 ways to build applications faster with Amazon CodeWhisperer

• Looking beyond code coverage with Amazon CodeWhisperer

• Best Practices for Prompt Engineering with Amazon CodeWhisperer

• Automated AWS CloudFormation Testing Pipeline with TaskCat and CodePipeline

• Building end-to-end AWS DevSecOps CI/CD pipeline with open source SCA, SAST, and DAST tools

• Getting started with testing serverless applications

• My CI/CD pipeline is my release captain

• Practicing Continuous Integration and Continuous Delivery on AWS Whitepaper

Related videos:

• Implement an API with Amazon Q Developer Agent for Software Development

• Installing, Configuring, & Using Amazon Q Developer with JetBrains IDEs (How-to)

• Mastering the art of Amazon CodeWhisperer - YouTube playlist

• AWS re:Invent 2020: Testable infrastructure: Integration testing on AWS

• AWS Summit ANZ 2021 - Driving a test-first strategy with CDK and test driven development

• Testing Your Infrastructure as Code with AWS CDK

Related resources:

• Building applications using generative AI with Amazon CodeWhisperer

• Amazon CodeWhisperer Workshop

• AWS Deployment Pipeline Reference Architecture - Application

• AWS Kubernetes DevSecOps Pipeline

• Policy as Code Workshop – Test Driven Development

• Run unit tests for a Node.js application from GitHub by using AWS CodeBuild

• Use Serverspec for test-driven development of infrastructure code

Related services:

• Amazon Q Developer

• Amazon CodeGuru Reviewer

• AWS CodeBuild

• AWS CodePipeline