 AWS CodeCommit, CodePipeline, CodeBuild & CodeDeploy
AWS CodeCommit, CodePipeline, CodeBuild & CodeDeploy
Overview
In this chapter, you will learn how to automate your deployment workflow—from Git commit to a live, serverless application endpoint—using AWS's native CI/CD tools: CodeCommit, CodeBuild, CodeDeploy, and CodePipeline. We will walk through creating a repository, building and packaging a Lambda function, exposing it via API Gateway, and managing permissions and deployment stages.
Why CI/CD Matters
Continuous Integration and Continuous Deployment (CI/CD) are essential practices in modern software development. They allow teams to:
- Ship code quickly and reliably;
- Catch bugs early by automating builds and tests;
- Shorten the feedback loop between development and production;
- Increase confidence in every release through repeatable, automated workflows.
Manual deployments are error-prone and slow. Automating the process improves speed, safety, and scalability.
Core AWS Services
Here's a quick overview of the AWS tools used in this pipeline:
- CodeCommit: a fully managed Git-based repository hosted in AWS. It integrates with IAM for granular access control and does not require third-party hosting platforms such as GitHub or Bitbucket;
- CodeBuild: a build service that compiles source code, runs tests, and produces deployable artifacts in a secure, containerized environment. You define the build process in a buildspec.yamlfile;
- CodeDeploy: manages deployments to compute services like EC2, Lambda, and ECS. It supports blue-green and rolling deployments and can automatically roll back if failures are detected;
- CodePipeline: acts as the CI/CD orchestrator. It links together all the above services and automates the entire workflow from source to production.
What You'll Build
In this demo, you will:
- Create an IAM role for a Lambda function;
- Upload a Lambda function that serves a static HTML response;
- Expose the function through an API Gateway endpoint;
- Automate the build and deployment using CodeBuild and CodePipeline;
- Verify the deployment through a test call to the endpoint;
- Clean up all resources to avoid unnecessary charges.
Step-by-Step Implementation
1. IAM Role for Lambda
Begin by creating an IAM role that allows Lambda to execute with basic permissions:
- Define a trust policy that grants the lambda.amazonaws.comservice permission to assume the role;
- Attach the AWSLambdaBasicExecutionRole managed policy, which provides logging access to Amazon CloudWatch.
This step ensures that the Lambda function has the required execution context and logging permissions.
2. CodeCommit Repository
Next, create a new CodeCommit repository:
- Repository name: LambdaHTMLRepo4;
- Clone the repository to your local machine.
Initially, the repository will be empty. You will populate it with the contents of your Lambda project folder.
3. Prepare Lambda Function
Copy your Lambda function files and buildspec.yaml into the local repository. The function in this demo is a simple HTML response function similar to what was covered in previous lessons.
- Archive the function as a .zipfile;
- Stage the changes using git add .;
- Commit the changes and push them to CodeCommit.
4. IAM Role for CodeBuild
Create a new IAM role for CodeBuild with a trust relationship that allows the codebuild.amazonaws.com service to assume the role. Then, attach the following managed policies:
- AmazonS3FullAccess;
- CloudWatchLogsFullAccess;
- AWSCodeBuildAdminAccess.
These policies allow CodeBuild to access the required resources for logging, storage, and project execution.
5. Create CodeBuild Project
Use the AWS CLI to create a CodeBuild project:
- Name: LambdaHTMLBuild;
- Source: CodeCommit repository;
- Buildspec: buildspec.yaml;
- No artifacts;
- Environment: linux container;
- Service role: use the ARN from the IAM role created in the previous step.
This project will compile, test, and package the Lambda function for deployment.
6. Create Lambda Function
Using the previously created .zip package, use aws lambda create-function to deploy the Lambda function. Make sure to specify the correct handler, runtime, and execution role.
7. Configure API Gateway
Step 1: Export Variables
Set the following environment variables:
- $rest_api_id: the ID of your newly created REST API;
- $root_id: the resource ID of the root path.
Step 2: Define the Method
Use the following command to define the HTTP method for the resource:
aws apigateway put-method \
  --rest-api-id $rest_api_id \
  --resource-id $root_id \
  --http-method GET \
  --authorization-type NONE
This enables the GET method on the root resource without requiring authentication.
Step 3: Set Up Integration
Next, link the GET method to your Lambda function using a proxy integration:
aws apigateway put-integration \
  --rest-api-id $rest_api_id \
  --resource-id $root_id \
  --http-method GET \
  --type AWS_PROXY \
  --integration-http-method POST \
  --uri arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:822033172740:function:ServeHTMLFunction/invocations
This setup tells API Gateway to invoke the Lambda function when a GET request is made to the endpoint.
8. Grant API Gateway Permission to Invoke Lambda
You must explicitly allow API Gateway to invoke the Lambda function. Use this command:
aws lambda add-permission \
  --function-name ServeHTMLFunction \
  --statement-id apigateway-access \
  --action lambda:InvokeFunction \
  --principal apigateway.amazonaws.com \
  --source-arn "arn:aws:execute-api:us-east-2:822033172740:$rest_api_id/*/GET/"
Without this permission, the Lambda invocation will fail with a 403 Forbidden error.
9. Deploy the API
Deploy the API to a new stage called prod using this command:
aws apigateway create-deployment \
  --rest-api-id $rest_api_id \
  --stage-name prod
Once deployed, your API Gateway endpoint will be accessible at:
https://<rest_api_id>.execute-api.us-east-2.amazonaws.com/prod/
Visiting the endpoint will return the response: “Hello from Lambda.”
Final Thoughts
You've now successfully used AWS's native DevOps tools to:
- Manage code with CodeCommit;
- Automate builds with CodeBuild;
- Deploy Lambda functions and expose them via API Gateway;
- Handle permissions and deployment stages securely and efficiently.
This module covers a large surface area, so it's recommended to experiment with each service individually and try creating your own end-to-end pipeline. Hands-on practice is the best way to solidify your understanding.
1. Which AWS service provides a fully managed Git repository that integrates directly with IAM
for access control?
2. In an AWS CodeBuild project, what file defines the build instructions?
3. Which AWS service is responsible for orchestrating the flow of source, build, and deployment
stages?
4. You created a new Lambda function and connected it to API Gateway via AWS_PROXY
integration. However, calling the endpoint results in a 403 Forbidden error. What is the most likely reason?
5. When setting up an API Gateway REST API to invoke a Lambda function, which sequence of
steps is correct?
6. Which of the following policies must be attached to an IAM role for CodeBuild to
successfully run a build and log output?
7. What is the purpose of the following command?
8. Which AWS CLI command is used to define how an API Gateway method integrates with a
backend, such as Lambda?
9. In AWS Lambda, what does the following command accomplish?
10. When defining a method on an API Gateway resource using put-method, what does the `--
authorization-type NONE` flag do?
Grazie per i tuoi commenti!
Chieda ad AI
Chieda ad AI
Chieda pure quello che desidera o provi una delle domande suggerite per iniziare la nostra conversazione
Can you explain more about how CodePipeline orchestrates the workflow?
What are the main differences between CodeCommit and GitHub?
How do I clean up all AWS resources after the demo to avoid charges?
Awesome!
Completion rate improved to 6.25 AWS CodeCommit, CodePipeline, CodeBuild & CodeDeploy
AWS CodeCommit, CodePipeline, CodeBuild & CodeDeploy
Scorri per mostrare il menu
Overview
In this chapter, you will learn how to automate your deployment workflow—from Git commit to a live, serverless application endpoint—using AWS's native CI/CD tools: CodeCommit, CodeBuild, CodeDeploy, and CodePipeline. We will walk through creating a repository, building and packaging a Lambda function, exposing it via API Gateway, and managing permissions and deployment stages.
Why CI/CD Matters
Continuous Integration and Continuous Deployment (CI/CD) are essential practices in modern software development. They allow teams to:
- Ship code quickly and reliably;
- Catch bugs early by automating builds and tests;
- Shorten the feedback loop between development and production;
- Increase confidence in every release through repeatable, automated workflows.
Manual deployments are error-prone and slow. Automating the process improves speed, safety, and scalability.
Core AWS Services
Here's a quick overview of the AWS tools used in this pipeline:
- CodeCommit: a fully managed Git-based repository hosted in AWS. It integrates with IAM for granular access control and does not require third-party hosting platforms such as GitHub or Bitbucket;
- CodeBuild: a build service that compiles source code, runs tests, and produces deployable artifacts in a secure, containerized environment. You define the build process in a buildspec.yamlfile;
- CodeDeploy: manages deployments to compute services like EC2, Lambda, and ECS. It supports blue-green and rolling deployments and can automatically roll back if failures are detected;
- CodePipeline: acts as the CI/CD orchestrator. It links together all the above services and automates the entire workflow from source to production.
What You'll Build
In this demo, you will:
- Create an IAM role for a Lambda function;
- Upload a Lambda function that serves a static HTML response;
- Expose the function through an API Gateway endpoint;
- Automate the build and deployment using CodeBuild and CodePipeline;
- Verify the deployment through a test call to the endpoint;
- Clean up all resources to avoid unnecessary charges.
Step-by-Step Implementation
1. IAM Role for Lambda
Begin by creating an IAM role that allows Lambda to execute with basic permissions:
- Define a trust policy that grants the lambda.amazonaws.comservice permission to assume the role;
- Attach the AWSLambdaBasicExecutionRole managed policy, which provides logging access to Amazon CloudWatch.
This step ensures that the Lambda function has the required execution context and logging permissions.
2. CodeCommit Repository
Next, create a new CodeCommit repository:
- Repository name: LambdaHTMLRepo4;
- Clone the repository to your local machine.
Initially, the repository will be empty. You will populate it with the contents of your Lambda project folder.
3. Prepare Lambda Function
Copy your Lambda function files and buildspec.yaml into the local repository. The function in this demo is a simple HTML response function similar to what was covered in previous lessons.
- Archive the function as a .zipfile;
- Stage the changes using git add .;
- Commit the changes and push them to CodeCommit.
4. IAM Role for CodeBuild
Create a new IAM role for CodeBuild with a trust relationship that allows the codebuild.amazonaws.com service to assume the role. Then, attach the following managed policies:
- AmazonS3FullAccess;
- CloudWatchLogsFullAccess;
- AWSCodeBuildAdminAccess.
These policies allow CodeBuild to access the required resources for logging, storage, and project execution.
5. Create CodeBuild Project
Use the AWS CLI to create a CodeBuild project:
- Name: LambdaHTMLBuild;
- Source: CodeCommit repository;
- Buildspec: buildspec.yaml;
- No artifacts;
- Environment: linux container;
- Service role: use the ARN from the IAM role created in the previous step.
This project will compile, test, and package the Lambda function for deployment.
6. Create Lambda Function
Using the previously created .zip package, use aws lambda create-function to deploy the Lambda function. Make sure to specify the correct handler, runtime, and execution role.
7. Configure API Gateway
Step 1: Export Variables
Set the following environment variables:
- $rest_api_id: the ID of your newly created REST API;
- $root_id: the resource ID of the root path.
Step 2: Define the Method
Use the following command to define the HTTP method for the resource:
aws apigateway put-method \
  --rest-api-id $rest_api_id \
  --resource-id $root_id \
  --http-method GET \
  --authorization-type NONE
This enables the GET method on the root resource without requiring authentication.
Step 3: Set Up Integration
Next, link the GET method to your Lambda function using a proxy integration:
aws apigateway put-integration \
  --rest-api-id $rest_api_id \
  --resource-id $root_id \
  --http-method GET \
  --type AWS_PROXY \
  --integration-http-method POST \
  --uri arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:822033172740:function:ServeHTMLFunction/invocations
This setup tells API Gateway to invoke the Lambda function when a GET request is made to the endpoint.
8. Grant API Gateway Permission to Invoke Lambda
You must explicitly allow API Gateway to invoke the Lambda function. Use this command:
aws lambda add-permission \
  --function-name ServeHTMLFunction \
  --statement-id apigateway-access \
  --action lambda:InvokeFunction \
  --principal apigateway.amazonaws.com \
  --source-arn "arn:aws:execute-api:us-east-2:822033172740:$rest_api_id/*/GET/"
Without this permission, the Lambda invocation will fail with a 403 Forbidden error.
9. Deploy the API
Deploy the API to a new stage called prod using this command:
aws apigateway create-deployment \
  --rest-api-id $rest_api_id \
  --stage-name prod
Once deployed, your API Gateway endpoint will be accessible at:
https://<rest_api_id>.execute-api.us-east-2.amazonaws.com/prod/
Visiting the endpoint will return the response: “Hello from Lambda.”
Final Thoughts
You've now successfully used AWS's native DevOps tools to:
- Manage code with CodeCommit;
- Automate builds with CodeBuild;
- Deploy Lambda functions and expose them via API Gateway;
- Handle permissions and deployment stages securely and efficiently.
This module covers a large surface area, so it's recommended to experiment with each service individually and try creating your own end-to-end pipeline. Hands-on practice is the best way to solidify your understanding.
1. Which AWS service provides a fully managed Git repository that integrates directly with IAM
for access control?
2. In an AWS CodeBuild project, what file defines the build instructions?
3. Which AWS service is responsible for orchestrating the flow of source, build, and deployment
stages?
4. You created a new Lambda function and connected it to API Gateway via AWS_PROXY
integration. However, calling the endpoint results in a 403 Forbidden error. What is the most likely reason?
5. When setting up an API Gateway REST API to invoke a Lambda function, which sequence of
steps is correct?
6. Which of the following policies must be attached to an IAM role for CodeBuild to
successfully run a build and log output?
7. What is the purpose of the following command?
8. Which AWS CLI command is used to define how an API Gateway method integrates with a
backend, such as Lambda?
9. In AWS Lambda, what does the following command accomplish?
10. When defining a method on an API Gateway resource using put-method, what does the `--
authorization-type NONE` flag do?
Grazie per i tuoi commenti!