AWS DevOps Pro Domain 1: SDLC Automation – CodeDeploy

By | June 1, 2023

This article is the second in a series covering my AWS DevOps Professional certification study process. Part 1 is here.


ok, that’s a really cute icon…

AWS Managed deployment service that automates application deployments to (1) EC2 instances, (2) serverless Lambda functions, (3) AWS ECS services, or (4) on-premises virtual machines.

Ansible, Terraform, Chef, Puppet are similar services.

*CodeDeploy does not provision resources*

Can deploy code from: S3 buckets, CodeCommit/GitHub/Bitbucket repos

CodeDeploy Agent must be running on any EC2 or on-prem VM:

  1. Push code + appspec.yml file to [CodeCommit, S3, Github]
  2. Trigger CodeDeploy deployment
  3. Agent polls CodeDeploy continuously
  4. EC2 instances pick up new deployment
  5. Agent pulls new code & appspec.yml file from [CodeCommit, S3, Github]
    1. (EC2 attached role needs to have access to code source)
  6. EC2 runs the deployment instructions
  7. Agent reports success/failure of deployment on the EC2 instance
CodeDeploy Process

EC2 instances are grouped by deployment groups (dev, test, UAT, prod, etc..) – very flexible

CodeDeploy can be chained into CodePipeline for using artifacts.

Blue/Green deployments cannot be use on-prem VMs and has to be in an autoscale group (ASG)

CodeDeploy groups into:

  • Applications
    • Deployment Groups (grouped by tagged key/values)
      • Create a new Deployment Group for each env (Dev, QA, Stg, Prod, etc…)
      • Flexibility is all based on tags
    • Deployments – the actual action of pushing code to the EC2 instances. Points at a Deployment Group
      • Deployment types are ‘In-place’ or ‘Blue/Green’
      • Deployment Configurations specifies how you are going to take down/upgrade systems
      • Working with deployment configs
      • Custom Deployment Configs can customize how many healthy systems exist in application fleet (either by % or # of healthy systems):

Know how on-premise CodeDeploy instances are handled.

  • Either use IAM user ARN to authenticate requests (easier for a 1 on-prem server) OR
  • Use an IAM role ARN (to call AWS STS) to authenticate requests (more secure & scalable)

AWS CodeDeploy tutorials (do ALL of these):

Build Your First Serverless Web App | Amazon Web Services
Ok… so I have a thing for cute logos…