Last time I tried to playing around CICD using AWS DevTools (AWS codePipeline + codeBuild + Terraform through GitHub). It run as I expected and I’m loving it. However the thing is, when we are implementing the CICD we hope to be as agile as possible, yet in some manners (specifically in critical application or platform) we want a piece of control / management. Thus the idea of introducing the manual approval from codePipeline become my theme right now.
AWS have this great documentation about manual approval which we may try ourselves, and I have several keys requirements in this approach:
- I want to use existing pipeline that I already created
- I want in between stages (either build or deploy or other stages ) I want some measure of control which I think approval will be a good thing
- I want if the pipeline reach that approval stages, the one who may do approval may receive any methods of notification ( right now I am thinking of email)
- For simplification I will not touch any RBAC or user segementation.
So with that in mind I will have this following high level approach:
The summary to create such usage will require:
- Creation of pipeline, you may see the overview from my previous story.
- Prepare the user to approve, which you need to give permission to do approval. May use this documentation about approval roles from AWS. Make sure that we have the email address for this particular user to receive notification.
- Prepare the codePipeline roles to actually access AWS SNS by following the documentation about SNS publish.
To add new stages, I need to go to my pipeline and add stages in between source & build.
And when the user follow that link and actually approve, then the pipeline will go to the next stage which in this case the terraform will build as the buildspec provided.
This manual approval from code pipeline enable user to actually stages in between actual build / deploy and also adding a control process for some important / critical application so that the appropriate person may review and actually approve (or reject) the changes. The other potential is that we may add custom stages such as testing stage which will be one of the most important stage in CICD. I think I will visit this testing stage later on.
To join our community Slack 🗣️ and read our weekly Faun topics 🗞️, click here⬇