🎉 DevOps Interview Prep Bundle is live — 1000+ Q&A across 20 topicsGet it →
All Articles

AWS DevOps Tools — CodePipeline to EKS Complete Overview

A complete guide to AWS DevOps services — CI/CD pipelines, container orchestration, infrastructure as code, monitoring, and security best practices.

DevOpsBoys4 min read
Share:Tweet

The AWS DevOps Ecosystem

AWS provides a complete, integrated suite of DevOps services — from source control to deployment, monitoring, and security. This guide walks you through the essential services and how they work together.

CI/CD Pipeline

AWS CodePipeline

CodePipeline orchestrates your entire release process — from source code to production — automatically.

Source (CodeCommit / GitHub)
    → Build (CodeBuild)
    → Test (CodeBuild)
    → Deploy (CodeDeploy / ECS / EKS)

buildspec.yml — CodeBuild Configuration

CodeBuild uses a buildspec.yml file to define build phases. Here's a production-ready example for building and pushing a Docker image to ECR:

yaml
version: 0.2
 
phases:
  pre_build:
    commands:
      - echo Logging in to Amazon ECR...
      - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $ECR_REGISTRY
 
  build:
    commands:
      - echo Build started on `date`
      - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
      - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $ECR_REGISTRY/$IMAGE_REPO_NAME:$IMAGE_TAG
 
  post_build:
    commands:
      - docker push $ECR_REGISTRY/$IMAGE_REPO_NAME:$IMAGE_TAG
      - echo Writing image definitions file...
      - printf '[{"name":"app","imageUri":"%s"}]' $ECR_REGISTRY/$IMAGE_REPO_NAME:$IMAGE_TAG > imagedefinitions.json
 
artifacts:
  files: imagedefinitions.json

Container Services

AWS offers multiple container services depending on your needs:

ServiceUse Case
ECSSimpler container orchestration, AWS-native
EKSManaged Kubernetes for complex workloads
ECRFully managed container image registry
FargateServerless containers — no EC2 to manage

ECS Task Definition

A Task Definition describes how your container should run on ECS:

json
{
  "family": "my-app",
  "networkMode": "awsvpc",
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "256",
  "memory": "512",
  "containerDefinitions": [
    {
      "name": "app",
      "image": "123456789.dkr.ecr.us-east-1.amazonaws.com/my-app:latest",
      "portMappings": [
        {
          "containerPort": 3000,
          "protocol": "tcp"
        }
      ],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "/ecs/my-app",
          "awslogs-region": "us-east-1",
          "awslogs-stream-prefix": "ecs"
        }
      }
    }
  ]
}

Infrastructure as Code

Terraform on AWS

Terraform is the industry standard for defining AWS infrastructure as code. Here's how to provision a VPC and an EKS cluster:

hcl
# Create the VPC
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
 
  tags = {
    Name = "devopsboys-vpc"
  }
}
 
# EKS Cluster using the official module
module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "~> 20.0"
 
  cluster_name    = "devopsboys-cluster"
  cluster_version = "1.29"
 
  vpc_id     = aws_vpc.main.id
  subnet_ids = aws_subnet.private[*].id
 
  eks_managed_node_groups = {
    general = {
      instance_types = ["t3.medium"]
      min_size       = 1
      max_size       = 3
      desired_size   = 2
    }
  }
}
bash
# Initialize, plan, and apply infrastructure
terraform init
terraform plan
terraform apply

Monitoring & Observability

CloudWatch Alarms

Set up automated alerts for critical metrics:

bash
# Create a CPU utilization alarm that triggers when > 80%
aws cloudwatch put-metric-alarm \
  --alarm-name "HighCPU" \
  --alarm-description "Alert when CPU exceeds 80%" \
  --metric-name CPUUtilization \
  --namespace AWS/EC2 \
  --threshold 80 \
  --comparison-operator GreaterThanThreshold \
  --evaluation-periods 2 \
  --period 300 \
  --statistic Average \
  --alarm-actions arn:aws:sns:us-east-1:123456789:alert-topic

Cost Optimization Strategies

Reducing AWS spend is a core DevOps skill. Here are the most impactful strategies:

  1. Spot Instances — Up to 90% cheaper for fault-tolerant, stateless workloads
  2. Reserved Instances — 40–60% savings with 1-3 year commitments
  3. S3 Lifecycle Policies — Automatically move old data to cheaper storage tiers
  4. Auto Scaling — Scale in during off-peak hours to eliminate waste

Security Best Practices

Security on AWS follows the principle of least privilege — every service should have only the minimum permissions it needs.

bash
# Create an IAM role with least-privilege access
aws iam create-role \
  --role-name devopsboys-app-role \
  --assume-role-policy-document file://trust-policy.json
 
# Store secrets in Secrets Manager — never hardcode credentials
aws secretsmanager create-secret \
  --name prod/myapp/database \
  --secret-string '{"username":"admin","password":"super-secret"}'
 
# Retrieve secrets at runtime in your application
aws secretsmanager get-secret-value \
  --secret-id prod/myapp/database \
  --query SecretString \
  --output text

Essential AWS CLI Quick Reference

bash
# Connect kubectl to your EKS cluster
aws eks update-kubeconfig --region us-east-1 --name devopsboys-cluster
 
# Authenticate Docker with ECR
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com
 
# Force a new ECS deployment (rolling update)
aws ecs update-service --cluster my-cluster --service my-service --force-new-deployment
 
# List all running ECS tasks in a cluster
aws ecs list-tasks --cluster my-cluster
 
# View recent CloudWatch logs
aws logs tail /ecs/my-app --follow

What to Learn Next

  1. EKS Deep Dive — Cluster autoscaler, IRSA, and Karpenter for node provisioning
  2. AWS CDK — Define infrastructure using TypeScript or Python instead of HCL
  3. AWS Config + GuardDuty — Continuous compliance and threat detection
  4. Service Mesh with App Mesh / Istio on EKS — Advanced traffic management
  5. Cost Explorer + Budgets — Automated cost tracking and alerting

AWS has a service for everything — the key is knowing which tool fits which problem. Master the fundamentals here and the rest becomes much easier to learn.

🔧

Today I Fixed

Short real fixes from production — posted daily

Browse fixes
Newsletter

Stay ahead of the curve

Get the latest DevOps, Kubernetes, AWS, and AI/ML guides delivered straight to your inbox. No spam — just practical engineering content.

Related Articles

Comments