My experience with AWS CodeBuild
Use Cases and Deployment Scope
Our organization implemented AWS CodeBuild to deploy as a central component of my organization's database deployment automation pipeline, particularly for Liquibase schema and data change management across multiple AWS environments.
AWS CodeBuild was integrated into a broader CI/CD ecosystem that included GitHub Enterprise as a source, AWS Secrets Manager for credential management and S3 for artifact storage and logging.
Pros
- AWS CodeBuild allowed seamless integration across AWS Services - allowed us to pull binaries directly from s3, fetching secrets etc.
- Wrote detailed logs creating immutable audit trails that helped from a technical and compliance perspective
- Automated a repeatable build and deployment process. We ran updates automatically based on environment allowing pipelines to reuse the same build template with different environment parameters.
Cons
- It was difficult to create a branching strategy with GitHub. We had everything running from main, but in a true devops environment, we would like to incorporate a true branching strategy.
- I would like to share build projects with each AWS account we utilize versus creating a build project in each account. It will allow us consistent deployments across the board.
- The error logs are natively in AWS, but when developers do not have access, there is no way for them to view error logs for maintenance other than an admin who has access to share the error logs.
Return on Investment
- AWS CodeBuild was introduces as a core enabler for automating database deployments and enforcing a standardization across six environments. The standardization and quality control was well received.
- Security was baked in reducing audit findings.
- Deployments took minutes to update all environments compared to hours. It helped us a lot to reduce drift and deploy consistently.
Usability
Alternatives Considered
GitHub
Other Software Used
GitHub, AWS Secrets Manager
