█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/DevOps and Infrastructure/Cloud Platforms — AWS/AWS-Native CI/CD: CodePipeline, CodeBuild, CodeDeploy
40 minIntermediate

AWS-Native CI/CD: CodePipeline, CodeBuild, CodeDeploy

After this lesson, you will be able to: Build an AWS-native CI/CD pipeline with CodePipeline, CodeBuild, and CodeDeploy, and know when to reach for it instead of GitHub Actions.

You already know GitHub Actions. AWS also ships its own CI/CD suite, and you will meet it in AWS-heavy shops and on the Developer Associate exam. This lesson covers the three core services, how they wire together, and the honest tradeoff against GitHub Actions.

Prerequisites:AWS CLI and Infrastructure as Code

The three services and how they fit together

CodePipeline is the orchestrator: it defines the stages (Source, Build, Deploy) and moves an artifact through them. CodeBuild is the build engine: it runs your build/test commands in a managed container and produces artifacts (think the AWS equivalent of a CI job runner). CodeDeploy handles the release: it pushes a new version to EC2, ECS, or Lambda with rolling, blue/green, or canary strategies and automatic rollback on alarm. Together: CodePipeline calls CodeBuild to build/test, then calls CodeDeploy to release.

A CodeBuild buildspec

buildspec.yml is to CodeBuild what a workflow file is to GitHub Actions: the phases it runs.

tsx
# buildspec.yml (read by CodeBuild)
version: 0.2
phases:
install:
runtime-versions: { nodejs: 20 }
commands: [ npm ci ]
pre_build:
commands:
- npm run lint
- npm test
build:
commands:
- npm run build
- docker build -t $REPO_URI:$CODEBUILD_RESOLVED_SOURCE_VERSION .
post_build:
commands:
- aws ecr get-login-password | docker login --username AWS --password-stdin $REPO_URI
- docker push $REPO_URI:$CODEBUILD_RESOLVED_SOURCE_VERSION
artifacts:
files: [ imagedefinitions.json ] # handed to CodeDeploy / ECS

The pipeline stages

A typical CodePipeline for a containerized app.

  1. 1

    Source: triggered by a commit to CodeCommit or a connected GitHub repo; outputs the source artifact.

  2. 2

    Build: CodeBuild runs buildspec.yml (lint, test, build, push image), outputs imagedefinitions.json.

  3. 3

    Deploy: CodeDeploy (or an ECS deploy action) rolls the new image out with your chosen strategy.

  4. 4

    Approval (optional): a manual-approval stage gates production until someone clicks approve.

  5. 5

    Rollback: CodeDeploy auto-rolls-back if a CloudWatch alarm fires during the deploy.

💡 CodePipeline vs GitHub Actions: the honest tradeoff

Reach for the AWS suite when you are all-in on AWS and want deploys, IAM roles, and CloudWatch alarms living natively in the account (no third-party credentials, tight IAM integration, required by some compliance setups). Prefer GitHub Actions when your code already lives in GitHub and you want a larger marketplace, simpler YAML, and multi-cloud portability. Many teams do both: GitHub Actions to build/test, then hand off to CodeDeploy for the AWS release. There is no universally right answer; match the tool to where the code and the org already are.

Quick Check

In the AWS CI/CD suite, which service handles the actual release to EC2/ECS/Lambda with rollback on alarm?

Pick the right service.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←AWS CLI and Infrastructure as Code
Back to Cloud Platforms — AWS
AWS Certification Path→