Building CI/CD Pipelines with AWS CodePipeline - Automating from Source to Deployment
Automate everything from source change detection to build, test, and deployment. Learn about V2 trigger filters, manual approval actions, and cross-account deployment design.
Overview of CodePipeline
CodePipeline is a CI/CD service that automates everything from source code changes to deployment. The source stage detects changes in GitHub or CodeCommit, the build stage runs tests and builds with CodeBuild, and the deploy stage executes deployments with CodeDeploy or CloudFormation.
Pipeline Design
Pipeline V2 type supports trigger filters that start the pipeline only for changes to specific branches or file paths. Manual approval actions are placed before the deploy stage, sending emails to approvers via SNS notifications. For cross-account deployments, the pipeline's artifact S3 bucket policy and KMS key policy grant access to the production account's role, and the deploy action uses AssumeRole with the production account's role.
Deployment Strategies and Rollback
In the CodePipeline deploy stage, you can achieve blue/green and canary deployments by integrating with CodeDeploy. For ECS blue/green deployments, a new task set is launched and validated with test traffic, then production traffic is switched over if no issues are found. The old task set is retained for a period after the switch, enabling immediate rollback if problems occur. For Lambda canary deployments, 10% of traffic is routed to the new version while CloudWatch Alarms monitor the error rate, triggering automatic rollback if the threshold is exceeded. For CloudFormation deploy actions, the recommended flow separates change set creation and execution, with manual approval to review changes before deployment. For comprehensive learning on CodePipeline pipeline design, refer to technical books (Amazon).
Pipeline Monitoring and Incident Response
Pipeline execution states are emitted as EventBridge events, enabling Slack notifications via SNS on failure or automatic retries via Lambda. CloudWatch metrics visualize pipeline execution time, success rate, and duration of each stage, tracking trends such as increasing build times or changes in deployment frequency. Most failures stem from dependency errors in the build stage or insufficient permissions in the deploy stage, so it is important to regularly review dependency cache settings in buildspec.yml and IAM role permission scopes. Pipeline V2 allows defining pipeline-level variables, parameterizing environment names and deployment target regions to reuse the same pipeline definition across multiple environments.
CodePipeline Pricing
CodePipeline V2 type uses pay-per-use billing based on action execution count, with the first 100 executions per month free and approximately $0.002 per execution thereafter. V1 type charges a fixed rate of approximately $1.00 per pipeline per month. All new pipelines should use V2 type. CodeBuild build charges (approximately $0.005 per minute for build.general1.small) and CodeDeploy charges (free for EC2 deployments) are billed separately. V2 pay-per-use billing is advantageous for low-frequency pipelines, while V1 fixed pricing may be cheaper for pipelines running dozens of times per day.
Summary
CodePipeline is a CI/CD orchestration service that automates everything from source code changes to deployment. V2 type trigger filters provide fine-grained control over execution conditions, CodeDeploy integration enables blue/green and canary deployments, and EventBridge integration automates pipeline monitoring and failure notifications. By combining manual approval actions, you can build deployment flows that balance automation with human judgment.