AWS CI/CD : Continuous Integration with CodePipeline and codebuild

Hello techies!!
I’m back with the practical part of AWS CI/CD. In this post, we’ll implement Continuous Integration (CI) using CodePipeline to invoke a CodeBuild process.

So why wait? Let’s dive in!

Prerequisites

Source code: Fork this repo 👉 GitHub – aws-cicd
AWS Account with Console access

Step 1: Create a CodeBuild Project

Log in to the AWS Console.
Navigate to CodeBuild → Create project.
Follow the steps as specified in the picture:

Connect GitHub account (for source).

Enable the editor and paste the buildspec.yaml code from the GitHub repo.

For Service Role, choose New service role.

AWS will create a default role for you.

Click Create Project.

tep 2: Secure Credentials with Parameter Store

Hardcoding credentials inside buildspec.yaml is a bad practice—anyone with repo access can see them.
Instead, use AWS Systems Manager Parameter Store.

Go to Parameter Store → Create parameter.
Choose SecureString type.
Create parameters (names must match env variables in buildspec.yaml):
- /myapp/docker-credentials/username
- /myapp/docker-credentials/password
- /myapp/docker-registry/url
Save each parameter.

👉 This way, CodeBuild fetches secrets securely at runtime.

Step 3: Attach IAM Policy

Go to the IAM Role created for CodeBuild.
Attach AmazonSSMFullAccess policy.
This gives CodeBuild permission to fetch parameters from the store.
(Note: For practice, full access is okay, but in production use least-privilege.)

Step 4: Create CodePipeline

Go to CodePipeline → Create pipeline.
Select Custom project.

Now specify details as mentioned in below:

Click Create.

you will see:

CI process is successful:

Output

Once you commit changes in GitHub, CodePipeline will trigger CodeBuild automatically.
You’ll see the build logs and confirm the Docker image being pushed to the registry.