AWS CodeBuild

Hands-On

Demo

In this demo, we will:

  1. Create an Amazon ECR repository to store Docker images
  2. Create a GitHub repository with a sample application
  3. Create an IAM role for CodeBuild with necessary permissions
  4. Create and configure a CodeBuild project
  5. Connect CodeBuild to GitHub
  6. Trigger and monitor a build
  7. Test the setup by verifying the built image
  8. Clean up resources 

Agenda

Visual Representation

demo-webapp

Create GitHub Repo

aws-codebuild-demo
Demo application for AWS CodeBuild
mkdir aws-codebuild-demo
cd aws-codebuild-demo
git init
code .
git branch -M main
git add .
git commit -m "Initial commit - AWS CodeBuild demo application"
git branch -M main
git remote add origin https://github.com/learnpde/aws-codebuild-demo.git

Generate Personal Access Token

CodeBuild Demo
git push https://learnpde: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@github.com/learnpde/aws-codebuild-demo.git main

Create CodeBuild IAM Role 

Create CodeBuild IAM Policy  

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "arn:aws:logs:*:*:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:BatchCheckLayerAvailability",
                "ecr:CompleteLayerUpload",
                "ecr:GetAuthorizationToken",
                "ecr:InitiateLayerUpload",
                "ecr:PutImage",
                "ecr:UploadLayerPart",
                "ecr:BatchGetImage",
                "ecr:GetDownloadUrlForLayer"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": "arn:aws:s3:::codepipeline-*/*"
        }
    ]
}
CodeBuildDemoPolicy

Review and create

Create CodeBuild IAM Role 

Add permissions

CodeBuildDemoPolicy
CodeBuildServiceRole-Demo

Name, review, and create

Step 1: Select trusted entities

Step 2: Add permissions

demo-webapp-build
Build project for containerized web application

Create GitHub App connection

GitHub-Connection-For-CodeBuild
GitHub-Connection-For-CodeBuild

Manage default source credential

https://github.com/learnpde/aws-codebuild-demo
buildspec.yml
/aws/codebuild/demo-webapp-build
AWS_DEFAULT_REGION
AWS_ACCOUNT_ID
us-east-1

Build started

Build logs

Phase details

Verify ECR Repo

Test

Create AWS Access Keys

Test

export AWS_ACCOUNT_ID="651623850282"
export AWS_REGION="us-east-1"
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com

docker pull $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/demo-webapp:latest

docker run -p 8080:80 $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/demo-webapp:latest

http://localhost:8080
http://localhost:8080/health

Clean Up

Delete ECR Repo 

Delete CodeBuild Project 

Delete build project

Delete CloudWatch Log Group

Delete IAM Policy  

CodeBuildDemoPolicy
CodeBuildDemoPolicy

Delete CodeBuildDemoPolicy?

Delete CodeBuild Role

CodeBuildServiceRole-Demo
CodeBuildServiceRole-Demo

Delete CodeBuildServiceRole-Demo?

Delete GitHub Repo

Delete this repository

Deactivate and Delete Access Keys

🙏

Thanks

for

Watching