AWS Code Pipeline

Some of our clients deploy applications using CodePipeline and CodeBuild.

Open

Common Resources

In the infrastructure repository, create a root module for common CI/CD resources:

In order to deploy CI/CD pipelines on AWS, you will need the following:

• An artifact bucket for your organization's build artifacts. You can provision one using the artifact bucket Terraform module.

• A CodeBuild credential to trigger builds when pull requests are opened. You can set this up using the CodeBuild credential Terraform module.

• A CodeStar connection to trigger pipeline runs when pull requests are merged. You can set this up using the CodeStar connection Terraform module.

These resources should be provisioned in the Operations account.

After adding these modules to your root module, apply the module. Once the module has completed successfully, you will need to sign into the AWS Management Console. Find the pending GitHub connection and follow the instructions in the AWS Developer Tools Console User Guide to complete the connection.

Continuous Integration

For each application repository, create CodeBuild projects to build Docker images and generate manifests. These projects can be triggered when pull requests are opened using webhooks. Build projects and related resources should be provisioned in the Operations account.

In order to build Docker images for an application, you'll need:

• A Dockerfile. This can be kept in the application repository.

• A buildspec for building and pushing Docker images. This can also be kept in the application repository.

• An ECR repository. You can use the ECR repository Terraform module to set this up.

• A CodeBuild project for building Docker images. You can create one using the ECR project Terraform module.

• A manifests repository to store configuration and manifests for your application.

• A buildspec for generating application manifests. This can be stored in the manifests repository and should contain Kustomize or Helm commands for generating Kubernetes manifests. This buildspec must produce YAML files as artifacts that can later be applied to the cluster to deploy the application.

• A CodeBuild project for generating application manifests. You can create one using the manifests project Terraform module.

Once this root module is applied, CodeBuild will start building and storing Docker images for your application whenever developers open pull requests.

Continuous Deployment

For each stage of the software development lifecycle, create a CodePipeline pipeline to deploy the latest images and manifests to the cluster. This pipeline can be triggered when pull requests are merged using webhooks. Pipelines should be provisioned in the Operations account.

• An IAM role for deploying to each cluster. You can create one using the deploy role Terraform module. This role must be provisioned in the same Workload account as the cluster.

• A buildspec for applying manifests to the cluster. You can use kubectl and other commands to apply the manifests generated by your manifests project.

• A CodeBuild project for applying manifests to the cluster. You can set one up using the deploy-project Terraform module.

• A CodePipeline pipeline for deploying the latest Docker images and manifests to the cluster. You can create pipelines using the cicd-pipeline Terraform module.

Once a pipeline is provisioned, the CodeBuild projects for building Docker images and manifests will be triggered whenever a pull request is merged. The artifacts from the manifest project will be provided to the deploy project, which can apply the manifests to the cluster.