Code Pipeline

-CD(Continuous Delivery)
-Visual workflow
-Source: GitHub / CodeCommit / S3
-Build: CodeBuild / Jenkins / etc
-Load Testing: 3rd party tools
-Deploy: AWS CodeDeploy / Beanstalk / CloudFormation / ECS ...

-Code Pipeline은 IAM role이 필요하다.

CodeBuild

-Fully managed build service
-alternative to other build tools such as Jenkins
-Continuous scaling(no servers to manage or provision - no build queue)
-pay for usage: the time it takes to complete the builds
-source code from GitHub / CodeCommit / CodePipeline /S3 ....
-Build instructions can be defined in code (buildspec.yml file)
-Output logs to S3 & cloudwatch logs
-Metrics to monitor CodeBuild statistics
-can trigger notification, sns, lambda
-builds can be defined within CodePipeline or CodeBuild itself
-buildspec.yml file must be at the root of our code
-Define environment variables: plaintext variables, Secure secrets: use SSM Parameter store

-Phases(specify commands to run):
1)install : install dependencies you may need for your build
2)Pre build: final commands to execute before build
3)Build: actual build commands
4)Post build: finishing touches (zip output for example)

-Artifacts: what to upload to s3(encrypted with KMS)
-Cache: Files to cache(usually dependencies) to S3 for future build speedup

-In case of need of deep troubleshooting beyond logs
-> run CodeBuild locally on your desktop(after installing Docker)
-for this, leverage the CodeBuild Agent

-Buildspec: Build specification

CodeBuild in VPC

-by default, CodeBuild are launched outside your VPC
-therefore, it cannot access resources in VPC
-you can specify a VPC configuration:
1)VPC ID
2)Subnet ID
3)security Group ID
-Then your build can access resources int your VPC(RDS, Cache, EC2, ELB...)