2.3.4. AWS CodePipeline for CI/CD Orchestration

First Principle: AWS CodePipeline orchestrates the entire application delivery workflow, creating automated, end-to-end CI/CD pipelines that ensure rapid, reliable, and repeatable releases.

CodePipeline connects your source repo, build service, and deployment target into an automated workflow. Push code, and it flows through stages without manual intervention.

A typical pipeline has four stages: Source (CodeCommit or GitHub detects changes), Build (CodeBuild compiles and runs unit tests), Test (integration tests against a staging environment), and Deploy (CodeDeploy or CloudFormation pushes to production). Stages execute in sequence, but actions within a stage can run in parallel — the exam tests this with questions about running security scans and tests simultaneously.

Manual approval actions can gate any stage transition. The common pattern is adding approval between the Test and Deploy stages so a human reviews results before production deployment. Artifacts flow between stages automatically — CodeBuild outputs go to S3, and CodeDeploy picks them up.

CodePipeline orchestrates but doesn't do the work — it delegates to CodeBuild for builds, CodeDeploy for deployments, Lambda for custom actions, and CloudFormation for infrastructure changes.

Scenario: You need to automate the entire application release process, from code changes in CodeCommit through automated build and test, to final deployment to production, with a manual approval step before production rollout.

⚠️ Exam Trap: CodePipeline stages run in sequence, but actions within a stage can run in parallel. If a question asks about running tests and security scans simultaneously, put them as parallel actions in the same stage.