AWS CodeDeploy
A service that automates application deployments to EC2, Lambda, and ECS, enabling safe releases through rolling updates and blue/green deployments
Overview
AWS CodeDeploy is a fully managed service that automates application deployments to EC2 instances, on-premises servers, Lambda functions, and ECS services. The AppSpec file defines hook scripts for each deployment phase (BeforeInstall, AfterInstall, ApplicationStart, etc.), providing fine-grained control over the deployment process. It supports multiple deployment strategies including rolling updates, blue/green deployments, and canary deployments, with automatic rollback capabilities for rapid recovery during failures.
Deployment Control with AppSpec Files and Lifecycle Hooks
CodeDeploy's deployment process is declaratively defined in an AppSpec file (appspec.yml). For EC2/on-premises deployments, you specify file copy destinations (files section) and hook scripts for each lifecycle event (hooks section). Lifecycle events execute in order: BeforeInstall, Install, AfterInstall, ApplicationStart, and ValidateService, with shell scripts or PowerShell scripts executable at each phase. Common patterns include deregistering from the load balancer in BeforeInstall, environment variable substitution in configuration files during AfterInstall, and calling a health check API in ValidateService. For Lambda deployments, the AppSpec structure differs, defining traffic shifting methods (AllAtOnce, Linear, Canary) and BeforeAllowTraffic/AfterAllowTraffic hooks as Lambda functions. For ECS deployments, task definition updates and target group switching are managed through AppSpec. Azure DevOps release pipelines offer similar deployment automation, but CodeDeploy's strength lies in its native integration with AWS compute services.
Blue/Green Deployments and Canary Releases in Practice
CodeDeploy's blue/green deployment launches a new version (green) instance fleet, switches load balancer traffic after health checks pass. For EC2, Auto Scaling groups automatically provision new instances, and after the switchover completes, old instances (blue) are retained for a period before termination. During this retention period, if rollback is needed, traffic can be immediately restored to blue. For Lambda and ECS deployments, canary releases are particularly effective. For example, Canary10Percent5Minutes routes only 10% of traffic to the new version for the first 5 minutes, then switches the remaining 90% if no issues arise. Related books on deployment strategies (Amazon) cover blue/green and canary usage with real-world examples. Configuring automatic rollback linked to CloudWatch alarms enables automatic deployment reversal upon detecting error rate or latency threshold breaches.
CodePipeline Integration and CI/CD Pipeline Positioning
While CodeDeploy can be used standalone, combining it with CodePipeline builds end-to-end CI/CD pipelines from code commit through build, test, and deployment. A typical configuration triggers CodeBuild for building and testing on pushes to CodeCommit or GitHub, deploys successful artifacts to a staging environment via CodeDeploy, then deploys to production after manual approval. The deployment group concept manages multiple environments (dev, staging, production) for the same application, with different deployment strategies and alarm settings per environment. For EC2 instance deployments, the CodeDeploy agent must be installed on each instance. Systems Manager's State Manager can automate agent installation and updates. Deployment history and logs are recorded in CloudTrail and CloudWatch Logs for failure investigation. CodeDeploy itself is free for EC2/on-premises deployments, with usage-based charges only for Lambda and ECS deployments.