AWS Lambda Deployment using CodePipeline and CodeBuild
Streamline your serverless deployment with AWS CodePipeline and CodeBuild. This blog will walk you through creating a fully automated pipeline that builds, tests, and deploys your Lambda functions with ease. Say goodbye to manual deployment headaches and embrace the power of continuous integration and delivery.
Published Sep 3, 2024
Setting up a robust Continuous Integration and Continuous Deployment (CI/CD) pipeline is essential for automating code deployments, ensuring consistent delivery, and minimizing manual intervention. This blog outlines the process of setting up a CI/CD pipeline using AWS CodePipeline and AWS CodeBuild to deploy code from a Bitbucket repository to an AWS Lambda function.
Before setting up the CI/CD pipeline, ensure that the following prerequisites are met:
- AWS Account: Ensure you have access to an AWS account with the necessary permissions to create and manage AWS CodePipeline, CodeBuild, and Lambda functions.
- Bitbucket Repository: Your application's source code should be stored in a Bitbucket repository.
- Service Account: A service account with Bitbucket Administrator Access is required for connecting to the Bitbucket repository and enabling webhook functionality.
Before creating a CodePipeline project, confirm that the AWS account has the following user roles and permissions:
AWS User Role Permissions:
AWSCodeBuildAdminAccessAWSCodeDeployFullAccessAWSCodeStarFullAccessIAMReadOnlyAccessSystemAdministrator
- Open the AWS Management Console and navigate to AWS CodePipeline.
- Click "Create pipeline" and follow the setup wizard.
- Choose a pipeline name and select Bitbucket as the source provider.
- Connect your Bitbucket repository.
- Select the branch you want the pipeline to monitor for changes.
- Ensure the service account connected to Bitbucket has administrative rights to allow webhook configuration.
- In the pipeline settings, add a build stage.
- Configure the build project by setting up the environment to build and deploy the application onto AWS Lambda using the
buildspec.ymlfile in your repository.
During the build stage setup, AWS CodeBuild will generate a default service role. The following policy must be attached to this role, specifying the Lambda function ARN in the
Resource block:CodeBuild Default Service Role Policy:
• Create a CodeBuild project that specifies the build environment.
The above Environment specifies the code build agent configuration, selecting the operating system to build the application and deploy it onto the AWS Lambda using buildspec.yml file available inside the application repository.
The build process is defined in the
buildspec.yml file. Below is an example configuration:For additional security, configure the AWS build agent to be isolated within the same VPC as the Lambda function.
Once the pipeline is set up, it will automatically trigger whenever changes are pushed or merged into the specified Bitbucket branch. The pipeline will execute the following steps:
- Source Stage: Detects changes in the Bitbucket repository.
- Build Stage (CodeBuild): Executes the build process defined in the
buildspec.ymlfile, including installing dependencies, packaging the Lambda function code, and uploading it to AWS Lambda.
- Monitor pipeline executions through the AWS CodePipeline console.
- Check build logs in the AWS CodeBuild console for troubleshooting issues.
- Ensure that IAM permissions are properly configured for the roles used by AWS Lambda, CodeBuild, and CodePipeline.
Apply branching restrictions to the repository and set up a designated approver or group to validate and merge pull requests.
- Select any repository where we need to apply branching restrictions.
Bitbucket Repository - Go to “Repository settings”
Repository Settings - Click on “Branch Restrictions” and then “Add a branch restriction”.
Branch Restrictions - Add the name of “Approver” who should have the access. The approver user or group will validate the PR and merge it.
Approver name
Following this blog, you can efficiently set up a CI/CD pipeline that automates the deployment of your Bitbucket-hosted code to an AWS Lambda function using AWS CodePipeline and CodeBuild.