The following solution demonstrates how AWS tools can be utilized to manage your CI/CD pipeline and incorporate automated additional features. By utilizing AWS CodeCommit, AWS CodePipeline, AWS CodeBuild, and AWS CloudFormation, our team can assist you in streamlining the deployment lifecycle by automating and simplifying pre-deployment compliance checks.
As illustrated in the diagram, when a change in the code is committed and pushed to theCodeCommit repository, CodePipeline automatically triggers a CodeBuild job.
What is AWS CodeBuild?
AWS CodeBuild is a fully managed build service that compiles source code, runs tests, andproduces software packages ready to deploy. Specific build commands and related settings, which are stored in the CodeCommit repositories, are passed in YAML format, allowing CodeBuild to spin up an appropriate compute environment and run the build.
What is AWS CloudFormation?
After defining the build specifications, a CloudFormation template is retrieved, containing all the information related to the stack. CloudFormation Guard is an evaluation tool that allows you to specify and enforce rules against CloudFormation templates. It helps catch errors and enforce best practices before you create or update a stack.
After cloning the code from the repositories, the pipeline automatically executes CloudFormation template validation against the Guard Rule Set, deploying the stack only if the validation is successful. If such validations fail, the build job will be automatically stopped, and a summary will be printed on the build job log.
This simple solution enables your team to define a single source of truth for what constitutes valid infrastructure definitions. The automated check against predefined rule sets guarantees compliance with your company guidelines and faster processing.
Please find here below links to the service page and relative official documentation:
