AWS DevOps Tools — CodePipeline to EKS Complete Overview
A complete guide to AWS DevOps services — CI/CD pipelines, container orchestration, infrastructure as code, monitoring, and security best practices.
The AWS DevOps Ecosystem
AWS provides a complete, integrated suite of DevOps services — from source control to deployment, monitoring, and security. This guide walks you through the essential services and how they work together.
CI/CD Pipeline
AWS CodePipeline
CodePipeline orchestrates your entire release process — from source code to production — automatically.
Source (CodeCommit / GitHub)
→ Build (CodeBuild)
→ Test (CodeBuild)
→ Deploy (CodeDeploy / ECS / EKS)
buildspec.yml — CodeBuild Configuration
CodeBuild uses a buildspec.yml file to define build phases. Here's a production-ready example for building and pushing a Docker image to ECR:
version: 0.2
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $ECR_REGISTRY
build:
commands:
- echo Build started on `date`
- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $ECR_REGISTRY/$IMAGE_REPO_NAME:$IMAGE_TAG
post_build:
commands:
- docker push $ECR_REGISTRY/$IMAGE_REPO_NAME:$IMAGE_TAG
- echo Writing image definitions file...
- printf '[{"name":"app","imageUri":"%s"}]' $ECR_REGISTRY/$IMAGE_REPO_NAME:$IMAGE_TAG > imagedefinitions.json
artifacts:
files: imagedefinitions.jsonContainer Services
AWS offers multiple container services depending on your needs:
| Service | Use Case |
|---|---|
| ECS | Simpler container orchestration, AWS-native |
| EKS | Managed Kubernetes for complex workloads |
| ECR | Fully managed container image registry |
| Fargate | Serverless containers — no EC2 to manage |
ECS Task Definition
A Task Definition describes how your container should run on ECS:
{
"family": "my-app",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512",
"containerDefinitions": [
{
"name": "app",
"image": "123456789.dkr.ecr.us-east-1.amazonaws.com/my-app:latest",
"portMappings": [
{
"containerPort": 3000,
"protocol": "tcp"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/my-app",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
]
}Infrastructure as Code
Terraform on AWS
Terraform is the industry standard for defining AWS infrastructure as code. Here's how to provision a VPC and an EKS cluster:
# Create the VPC
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "devopsboys-vpc"
}
}
# EKS Cluster using the official module
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 20.0"
cluster_name = "devopsboys-cluster"
cluster_version = "1.29"
vpc_id = aws_vpc.main.id
subnet_ids = aws_subnet.private[*].id
eks_managed_node_groups = {
general = {
instance_types = ["t3.medium"]
min_size = 1
max_size = 3
desired_size = 2
}
}
}# Initialize, plan, and apply infrastructure
terraform init
terraform plan
terraform applyMonitoring & Observability
CloudWatch Alarms
Set up automated alerts for critical metrics:
# Create a CPU utilization alarm that triggers when > 80%
aws cloudwatch put-metric-alarm \
--alarm-name "HighCPU" \
--alarm-description "Alert when CPU exceeds 80%" \
--metric-name CPUUtilization \
--namespace AWS/EC2 \
--threshold 80 \
--comparison-operator GreaterThanThreshold \
--evaluation-periods 2 \
--period 300 \
--statistic Average \
--alarm-actions arn:aws:sns:us-east-1:123456789:alert-topicCost Optimization Strategies
Reducing AWS spend is a core DevOps skill. Here are the most impactful strategies:
- Spot Instances — Up to 90% cheaper for fault-tolerant, stateless workloads
- Reserved Instances — 40–60% savings with 1-3 year commitments
- S3 Lifecycle Policies — Automatically move old data to cheaper storage tiers
- Auto Scaling — Scale in during off-peak hours to eliminate waste
Security Best Practices
Security on AWS follows the principle of least privilege — every service should have only the minimum permissions it needs.
# Create an IAM role with least-privilege access
aws iam create-role \
--role-name devopsboys-app-role \
--assume-role-policy-document file://trust-policy.json
# Store secrets in Secrets Manager — never hardcode credentials
aws secretsmanager create-secret \
--name prod/myapp/database \
--secret-string '{"username":"admin","password":"super-secret"}'
# Retrieve secrets at runtime in your application
aws secretsmanager get-secret-value \
--secret-id prod/myapp/database \
--query SecretString \
--output textEssential AWS CLI Quick Reference
# Connect kubectl to your EKS cluster
aws eks update-kubeconfig --region us-east-1 --name devopsboys-cluster
# Authenticate Docker with ECR
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com
# Force a new ECS deployment (rolling update)
aws ecs update-service --cluster my-cluster --service my-service --force-new-deployment
# List all running ECS tasks in a cluster
aws ecs list-tasks --cluster my-cluster
# View recent CloudWatch logs
aws logs tail /ecs/my-app --followWhat to Learn Next
- EKS Deep Dive — Cluster autoscaler, IRSA, and Karpenter for node provisioning
- AWS CDK — Define infrastructure using TypeScript or Python instead of HCL
- AWS Config + GuardDuty — Continuous compliance and threat detection
- Service Mesh with App Mesh / Istio on EKS — Advanced traffic management
- Cost Explorer + Budgets — Automated cost tracking and alerting
AWS has a service for everything — the key is knowing which tool fits which problem. Master the fundamentals here and the rest becomes much easier to learn.
Today I Fixed
Short real fixes from production — posted daily
Stay ahead of the curve
Get the latest DevOps, Kubernetes, AWS, and AI/ML guides delivered straight to your inbox. No spam — just practical engineering content.
Related Articles
AWS EKS vs Google GKE vs Azure AKS — Which Managed Kubernetes to Use in 2026?
Honest comparison of EKS, GKE, and AKS in 2026: pricing, developer experience, networking, autoscaling, and which one to pick for your use case.
Build a Complete AWS Infrastructure with Terraform from Scratch (2026)
Full project walkthrough: provision a production-grade AWS VPC, EKS cluster, RDS, S3, and IAM with Terraform. Real code, real architecture, ready to use.
Build a Complete CI/CD Pipeline with GitHub Actions + ArgoCD + EKS (2026)
A full project walkthrough — from a simple app to a production-grade GitOps pipeline with automated builds, image scanning, and deployments to AWS EKS using ArgoCD.