Overview

In this chapter, you will learn how to automate your deployment workflow—from Git commit to a live, serverless application endpoint—using AWS's native CI/CD tools: CodeCommit, CodeBuild, CodeDeploy, and CodePipeline. We will walk through creating a repository, building and packaging a Lambda function, exposing it via API Gateway, and managing permissions and deployment stages.

Why CI/CD Matters

Continuous Integration and Continuous Deployment (CI/CD) are essential practices in modern software development. They allow teams to:

• Ship code quickly and reliably;
• Catch bugs early by automating builds and tests;
• Shorten the feedback loop between development and production;
• Increase confidence in every release through repeatable, automated workflows.

Manual deployments are error-prone and slow. Automating the process improves speed, safety, and scalability.

Core AWS Services

Here's a quick overview of the AWS tools used in this pipeline:

• CodeCommit: a fully managed Git-based repository hosted in AWS. It integrates with IAM for granular access control and does not require third-party hosting platforms such as GitHub or Bitbucket;
• CodeBuild: a build service that compiles source code, runs tests, and produces deployable artifacts in a secure, containerized environment. You define the build process in a buildspec.yaml file;
• CodeDeploy: manages deployments to compute services like EC2, Lambda, and ECS. It supports blue-green and rolling deployments and can automatically roll back if failures are detected;
• CodePipeline: acts as the CI/CD orchestrator. It links together all the above services and automates the entire workflow from source to production.

What You'll Build

In this demo, you will:

• Create an IAM role for a Lambda function;
• Upload a Lambda function that serves a static HTML response;
• Expose the function through an API Gateway endpoint;
• Automate the build and deployment using CodeBuild and CodePipeline;
• Verify the deployment through a test call to the endpoint;
• Clean up all resources to avoid unnecessary charges.

Step-by-Step Implementation

1. IAM Role for Lambda

Begin by creating an IAM role that allows Lambda to execute with basic permissions:

• Define a trust policy that grants the lambda.amazonaws.com service permission to assume the role;
• Attach the AWSLambdaBasicExecutionRole managed policy, which provides logging access to Amazon CloudWatch.

This step ensures that the Lambda function has the required execution context and logging permissions.

2. CodeCommit Repository

Next, create a new CodeCommit repository:

• Repository name: LambdaHTMLRepo4;
• Clone the repository to your local machine.

Initially, the repository will be empty. You will populate it with the contents of your Lambda project folder.

3. Prepare Lambda Function

Copy your Lambda function files and buildspec.yaml into the local repository. The function in this demo is a simple HTML response function similar to what was covered in previous lessons.

• Archive the function as a .zip file;
• Stage the changes using git add .;
• Commit the changes and push them to CodeCommit.

4. IAM Role for CodeBuild

Create a new IAM role for CodeBuild with a trust relationship that allows the codebuild.amazonaws.com service to assume the role. Then, attach the following managed policies:

• AmazonS3FullAccess;
• CloudWatchLogsFullAccess;
• AWSCodeBuildAdminAccess.

These policies allow CodeBuild to access the required resources for logging, storage, and project execution.

5. Create CodeBuild Project

Use the AWS CLI to create a CodeBuild project:

• Name: LambdaHTMLBuild;
• Source: CodeCommit repository;
• Buildspec: buildspec.yaml;
• No artifacts;
• Environment: linux container;
• Service role: use the ARN from the IAM role created in the previous step.

This project will compile, test, and package the Lambda function for deployment.

6. Create Lambda Function

Using the previously created .zip package, use aws lambda create-function to deploy the Lambda function. Make sure to specify the correct handler, runtime, and execution role.

7. Configure API Gateway

Step 1: Export Variables

Set the following environment variables:

• $rest_api_id: the ID of your newly created REST API;
• $root_id: the resource ID of the root path.

Step 2: Define the Method

Use the following command to define the HTTP method for the resource:

aws apigateway put-method \
  --rest-api-id $rest_api_id \
  --resource-id $root_id \
  --http-method GET \
  --authorization-type NONE

This enables the GET method on the root resource without requiring authentication.

Step 3: Set Up Integration

Next, link the GET method to your Lambda function using a proxy integration:

aws apigateway put-integration \
  --rest-api-id $rest_api_id \
  --resource-id $root_id \
  --http-method GET \
  --type AWS_PROXY \
  --integration-http-method POST \
  --uri arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:822033172740:function:ServeHTMLFunction/invocations

This setup tells API Gateway to invoke the Lambda function when a GET request is made to the endpoint.

8. Grant API Gateway Permission to Invoke Lambda

You must explicitly allow API Gateway to invoke the Lambda function. Use this command:

aws lambda add-permission \
  --function-name ServeHTMLFunction \
  --statement-id apigateway-access \
  --action lambda:InvokeFunction \
  --principal apigateway.amazonaws.com \
  --source-arn "arn:aws:execute-api:us-east-2:822033172740:$rest_api_id/*/GET/"

Without this permission, the Lambda invocation will fail with a 403 Forbidden error.

9. Deploy the API

Deploy the API to a new stage called prod using this command:

aws apigateway create-deployment \
  --rest-api-id $rest_api_id \
  --stage-name prod

Once deployed, your API Gateway endpoint will be accessible at:

https://<rest_api_id>.execute-api.us-east-2.amazonaws.com/prod/

Visiting the endpoint will return the response: “Hello from Lambda.”

Final Thoughts

You've now successfully used AWS's native DevOps tools to:

• Manage code with CodeCommit;
• Automate builds with CodeBuild;
• Deploy Lambda functions and expose them via API Gateway;
• Handle permissions and deployment stages securely and efficiently.

This module covers a large surface area, so it's recommended to experiment with each service individually and try creating your own end-to-end pipeline. Hands-on practice is the best way to solidify your understanding.