The latest articles on DEV Community by Vikas Chauhan (@vikkas_chauhan). https://dev.to/vikkas_chauhan https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3355759%2F5e48c5fb-05bf-463f-b18e-54e8588a7cc6.png https://dev.to/vikkas_chauhan en Vikas Chauhan Tue, 15 Jul 2025 05:28:42 +0000 https://dev.to/vikkas_chauhan/part-1-how-i-moved-from-bitbucket-pipeline-to-aws-codebuild-a-business-driven-cicd-migration-1enf https://dev.to/vikkas_chauhan/part-1-how-i-moved-from-bitbucket-pipeline-to-aws-codebuild-a-business-driven-cicd-migration-1enf <p><strong>Introduction</strong><br> When our organization decided to migrate its infrastructure to AWS, one thing became clear:</p> <p>“We want everything inside AWS — no more managing a patchwork of tools.”</p> <p>At the time, our CI/CD pipeline was built using Bitbucket Pipelines, with scattered usage of:</p> <p>Bitbucket Secrets<br> Custom shell scripts<br> DockerHub for container images<br> It worked — but it was fragile, fragmented, and difficult to scale securely.</p> <p>As part of the broader AWS-first strategy, I was tasked with moving our entire build, test, and deploy lifecycle into the AWS ecosystem.</p> <p>This article walks through:</p> <p>What we built using AWS CodeBuild<br> SonarQube integration for static analysis<br> JUnit test reporting for visibility<br> buildspec.yml explained section-by-section<br> IAM roles needed<br> Challenges we overcame<br> Key outcomes we achieved<br> Why We Moved to AWS CodeBuild</p> <p>Prime reasons for the migration<br> This wasn’t just about replacing Bitbucket — it was about building a resilient, secure, and scalable pipeline inside AWS.</p> <p><strong>Our AWS-Native CI/CD Architecture</strong></p> <p>CodeBuild Project Architecture<br> SonarQube Integration — Continuous Code Quality<br> One of our most important additions was integrating SonarQube scanning into every build.</p> <p>Why it matters:</p> <p>Detects bugs, vulnerabilities, and code smells early<br> Enforces coding standards and quality gates<br> Helps developers write better, cleaner code every day<br> How I did it:</p> <p>Installed the scanner tool dynamically<br> Pulled tokens securely from AWS Secrets Manager<br> Triggered scans before and after builds<br> Integrated dashboards for team visibility<br> This made code quality a daily practice, not an afterthought.</p> <p>JUnit Test Reporting — Real-Time Feedback<br> Another win from this migration was getting test feedback directly in the AWS CodeBuild console through JUnit reports.</p> <p>What Changed:<br> Configured test runners (like dotnet test) to emit JUnit-compatible .trx reports<br> Declared test reports in the buildspec.yml<br> These reports now show pass/fail metrics directly in the AWS UI, and can be passed to CodePipeline stages or Slack alerts.<br> Why It Matters:</p> <p>🧩 <strong>Breaking Down the buildspec.yml — Phase by Phase</strong><br> The buildspec.yml is the backbone of AWS CodeBuild. Here’s a breakdown of each section we implemented — what it does, and why it matters.</p> <p>🔧 <strong>Version Declaration</strong></p> <p>Specifies the buildspec syntax version. 0.2 enables advanced features like reports, runtime versions, and more structured phase control.</p> <p>🔍 <strong>Install Phase</strong></p> <p>🧠 Purpose:</p> <p>Install essential tools like jq for parsing secrets and dotnet-sonarscanner for code analysis<br> Add the tools to the PATH so they’re available in all phases.</p> <p>⚙️ <strong>Pre-Build Phase</strong></p> <p>🧠 Purpose:</p> <p>Clean any residual build files<br> Ensure submodules are available for use<br> Login to Amazon ECR<br> Securely fetch credentials and secrets dynamically.</p> <p>🏗️ <strong>Build Phase</strong></p> <p>🧠 Purpose:</p> <p>Run code quality checks (SonarQube).<br> Build and test the application.<br> Output test results in JUnit-compatible format.<br> Build Docker image and tag it.</p> <p>📦 <strong>Post-Build Phase</strong></p> <p>🧠 Purpose:</p> <p>Push Docker image to ECR.<br> Clean up local image cache to reduce space usage.</p> <p>📊 <strong>Artifacts and Test Reports</strong></p> <p>🧠 Purpose:</p> <p>Preserve test artifacts and reports.<br> Allow AWS CodeBuild to display test results graphically in the AWS console.<br> Enable integration with other tools like AWS CodePipeline or notifications.</p> <p>🔐 <strong>IAM Roles and Policies</strong><br> To make this work securely, CodeBuild role was granted permission to:</p> <p>Retrieve secrets from AWS Secrets Manager.<br> Authenticate and push to Amazon ECR.<br> Stream logs to CloudWatch.<br> Generate and publish test reports.<br> IAM trust was granted to codebuild.amazonaws.com, and we scoped all policies with the least-privilege principle.</p> <p>✅ <strong>Objectives Achieved</strong><br> This wasn’t just a migration — it was a transformation. Here’s what we unlocked:</p> <p>✅ <strong>Final Thoughts</strong><br> This migration wasn’t just about tools — it was about standardizing quality, scaling securely, and moving fast without breaking things.</p> <p>With CodeBuild, SonarQube, Secrets Manager, and JUnit reporting, we now have:</p> <p>Cleaner builds.<br> Higher quality code.<br> Secure pipelines.<br> Unified AWS-native DevOps.<br> This is what modern CI/CD looks like — and we’re just getting started.</p> <p>👋 Let’s Connect<br> 📢 Follow me for part 2: Migrating from AWS CodeBuild to AWS CodePipeline<br> 🛠️ Reach out if you’re migrating to AWS and need a working model</p>