Code Repositories and Deployment Environments

This guide covers the critical integration between source control systems and AWS deployment environments, a core component of the Content Domain 3: Deployment for the AWS Certified Developer - Associate (DVA-C02) exam.

Learning Objectives

After studying this guide, you should be able to:

• Configure AWS CodeCommit as a central source of truth for CI/CD pipelines.
• Implement branching and labeling strategies for release management.
• Automate pipeline triggers using Amazon EventBridge and repository events.
• Distinguish between deployment environments (Dev, Staging, Production) within AWS services.
• Integrate Infrastructure as Code (IaC) templates (SAM/CloudFormation) into repository workflows.

Key Terms & Glossary

• AWS CodeCommit: A managed, Git-based version control service that hosts private repositories.
• Artifact: A deployable bundle (e.g., a ZIP for Lambda or a Docker image) produced during the build phase.
• Branching: Creating a parallel version of the code to allow for independent development or environment-specific testing.
• CI/CD Pipeline: An automated sequence of steps (Source -> Build -> Test -> Deploy) managed by AWS CodePipeline.
• Infrastructure as Code (IaC): The practice of managing and provisioning infrastructure through machine-readable definition files (e.g., YAML/JSON).

The "Big Idea"

In a modern DevOps culture, the Code Repository is the "Heart" of the deployment lifecycle. It is no longer just a place to store text; it is the trigger mechanism for the entire cloud infrastructure. A single git push command initiates a chain reaction where the code is compiled, tested, and automatically pushed through various environments—ensuring that what exists in the repository is exactly what is running in production.

Formula / Concept Box

Hierarchical Outline

1. Source Control Foundations
   • Git Basics: Distributed version control, cloning, committing, and pushing.
   • CodeCommit Security: Integrated with IAM; use SSH keys or HTTPS credentials.
2. Environment Management Strategies
   • Branch-based Environments: Mapping main to Production and develop to Staging.
   • Cross-Account Deployments: Using a central "DevOps" account to push code into separate "Production" accounts for security isolation.
3. The Trigger Mechanism
   • EventBridge Integration: Automated triggers for CodePipeline when code is merged.
   • Lambda Packaging: Choosing between .zip files (S3-based) or Container Images (ECR-based).
4. Deployment Automation
   • AWS SAM: Specializing in serverless infrastructure; use sam package and sam deploy.
   • Rollback Procedures: Automatically returning to a previous stable state if health checks fail during a canary deployment.

Visual Anchors

The CI/CD Trigger Flow

Branching and Environment Mapping

\begin{tikzpicture} \draw[thick, ->] (0,0) -- (8,0) node[right] {Time}; \draw[blue, thick] (0,1) -- (7,1) node[right] {Main (Production)}; \draw[green, thick] (0,-1) -- (6,-1) node[right] {Develop (Staging)}; \draw[dashed] (1, -1) -- (2, 0.5) -- (3, -1); \node at (2, 0.8) {Feature}; \draw[fill=black] (1, -1) circle (2pt); \draw[fill=black] (3, -1) circle (2pt); \draw[fill=red, thick] (5, -1) -- (5, 1); \node at (5, 1.3) {Release v1.1}; \end{tikzpicture}

Definition-Example Pairs

• Staging Variables: Placeholders in API Gateway that change depending on the deployment stage.
  • Example: Using ${stageVariables.lambdaAlias} to route traffic from a "Dev" API stage to a "Dev" Lambda function without changing the code.
• Canary Deployment: A strategy where a small percentage of traffic is shifted to a new version to test stability.
  • Example: Deploying a new Lambda function version and routing only 10% of users to it for the first 15 minutes.
• Labels/Tags: Metadata applied to specific commits or images for version tracking.
  • Example: Tagging a Docker image in ECR with release-2023.10.01 to ensure the production environment pulls that exact version.

Worked Examples

Scenario: Automating a Lambda Update

Goal: Update a Lambda function automatically whenever code is pushed to the main branch of CodeCommit.

1. Source: Configure CodeCommit as the source provider in CodePipeline.
2. Trigger: Ensure EventBridge is enabled to detect ReferenceUpdate events on the main branch.
3. Build: Use buildspec.yml in CodeBuild to run npm install and npm test.
4. Package: Run aws cloudformation package to upload the code to S3 and generate a transformed template.
5. Deploy: Use CodeDeploy to perform a Linear 10% Every 1 Minute deployment to the Lambda function to ensure high availability.

Checkpoint Questions

1. Which AWS service is used to detect a code push to CodeCommit and start a pipeline?
   • Answer: Amazon EventBridge (formerly CloudWatch Events).
2. In API Gateway, how can you point a single API endpoint to different Lambda versions based on the stage (Dev/Prod)?
   • Answer: By using Stage Variables and Lambda Aliases.
3. What is the benefit of a separate "DevOps" account for CI/CD?
   • Answer: Improved security through isolation and centralized management of permissions via IAM cross-account roles.
4. True or False: CodeCommit is a proprietary version control system that does not support Git commands.
   • Answer: False. CodeCommit is fully compatible with standard Git commands and tools.

[!TIP] For the DVA-C02 exam, focus heavily on how CodePipeline interacts with CodeCommit. Remember that CodePipeline "polls" for changes by default, but using EventBridge is the modern, recommended best practice for lower latency.