Integrating IaC into CI/CD pipelines

Automating Deployments on AWS

Dunieski Otano

Amazon Web Services Solutions Architect

Code first, infrastructure later

code-first

  • Code deploys via CodePipeline; infrastructure updates by hand
  • Devs scale Lambda; ops resize the SQS queue
  • Drift between code and infra causes outages
  • Wire CloudFormation into the same pipeline
Automating Deployments on AWS

CloudFormation as a pipeline action

pipeline-action

  • CodePipeline supports a CloudFormation deploy action
  • The pipeline passes a template artifact to the action
  • Modes: CREATE_UPDATE, DELETE_ONLY, REPLACE_ON_FAILURE, CHANGE_SET_REPLACE / EXECUTE
  • Run alongside source, build, and app-deploy actions
Automating Deployments on AWS

A typical end-to-end pipeline

typical

  • Source: Git push triggers the pipeline
  • Build: produce a template + app artifact
  • Deploy infra: CloudFormation creates or updates the stack
  • Deploy app: CodeDeploy ships the new version
Automating Deployments on AWS

Automatic rollback on stack failure

  • Failed updates automatically roll back to the last good state
  • The pipeline stage fails, halting later stages
  • Failure-alert wiring from Chapter 1 fires automatically

automatic

Automating Deployments on AWS

Nested stacks for modular templates

  • A nested stack is declared as type AWS::CloudFormation::Stack
  • Break a 2,000-line template into reusable modules
  • Parent stack passes parameters and reads outputs
  • Each module deploys independently inside the parent

nested

Automating Deployments on AWS

StackSets for multi-account, multi-region

  • A StackSet deploys one template across many accounts and regions
  • Useful for security baselines, guardrails, shared infra
  • Add or remove stack instances without rewriting the template
  • Centrally managed, locally deployed

stackset

Automating Deployments on AWS

Picking the right shape

right-shape

  • Single stack: small app, one environment
  • Nested stacks: large template, modular components
  • StackSets: same template, many accounts and regions
  • All three play well with CodePipeline
Automating Deployments on AWS

Let's practice!

Automating Deployments on AWS

Preparing Video For Download...