Skip to content
Learn Netverks

Lesson

Step 32/36 89% through track

cicd-aws-preview

CI/CD on AWS preview

Last reviewed May 28, 2026 Content v20260528
Track mode
none
Means
Read / quiz
Reading
~2 min
Level
intermediate

This lesson

This lesson teaches CI/CD on AWS preview: AWS concepts, console/CLI practice patterns, and how the service fits in a typical cloud architecture.

Teams apply CI/CD on AWS preview in every serious AWS rollout—skipping it leaves blind spots in reviews and incidents.

You will apply CI/CD on AWS preview in contexts like: Production hosting, data pipelines, and corporate cloud landing zones.

Read the lesson, reproduce steps in your AWS Free Tier or sandbox (console and optional AWS CLI), diagram the architecture in notes, and complete MCQs—no in-browser cloud lab.

Toward the end—consolidate before Cybersecurity depth and certification-style review.

AWS offers CodePipeline, CodeBuild, and CodeDeploy for native CI/CD. Many teams also use GitHub Actions or GitLab CI with OIDC roles—no long-lived AWS keys in CI secrets.

Pipeline stages

  1. Source — CodeCommit, GitHub, S3 zip
  2. Build — CodeBuild runs tests, docker build, artifacts
  3. Deploy — CodeDeploy, Elastic Beanstalk, ECS, CloudFormation
  4. Approval — manual gate before production (optional)

OIDC federation (modern pattern)

GitHub Actions assumes an IAM role via OIDC trust—temporary credentials per workflow run. Eliminates static AWS_ACCESS_KEY_ID in repository secrets.

List pipelines

aws codepipeline list-pipelines \
  --query 'pipelines[].name' \
  --output table

Practice: Run SDK examples locally with sandbox credentials via AWS_PROFILE=sandbox. Never commit real keys—use IAM roles in deployed environments.

Infrastructure as Code

CloudFormation and CDK (TypeScript/Python) define stacks declaratively—review infrastructure diffs in PRs like application code.

Important interview questions and answers

  1. Q: Why OIDC for CI?
    A: Short-lived tokens per job—compromised repo secret does not leak permanent admin keys.
  2. Q: CodeBuild role?
    A: IAM role CodeBuild assumes to pull source, write logs, push ECR images.

Self-check

  1. Name three CodePipeline stage types.
  2. Why prefer OIDC over access keys in GitHub Actions?

Tip: Prefer GitHub OIDC role over long-lived AWS_ACCESS_KEY_ID in repository secrets.

Interview prep

OIDC benefit?

Temporary federated credentials per CI job—no permanent access keys in secrets.

CodePipeline stages?

Source, build (CodeBuild), deploy, optional manual approval.

Interview tip Lesson completion confidence

Can you explain this lesson in 30 seconds without reading notes?

Not saved yet.

Check yourself

Multiple choice — immediate feedback.

Discussion

Past discussion is visible to everyone. Only logged-in users can post comments and replies.

Starter discussion topics

  • CodePipeline stages?
  • GitHub OIDC?

Sign up or log in to post comments and sync lesson progress across devices.

No discussion yet. Be the first to ask a question.

Jump

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36