🚀AWS & DevOps Project : 🚀 Building a Serverless CI/CD Pipeline with AWS Lambda, CodePipeline, and GitHub

🚀 Building a Serverless CI/CD Pipeline with AWS Lambda, CodePipeline, and GitHub

Author: Ritesh

---

Introduction

In this blog, I’ll walk you through how I built a fully serverless CI/CD pipeline using AWS services — no EC2, no Jenkins, no manual intervention.

This project automatically deploys my application to Amazon S3 + CloudFront whenever I push code to GitHub, leveraging Lambda, API Gateway, CodePipeline, and CodeBuild.

Along the way, I’ll also share the difficulties I faced (like API Gateway setup and IAM permissions) and how I solved them.

---

Project Goal

“Automate code deployment from GitHub → AWS → CloudFront using only serverless services.”

---

Architecture Overview

---

Service used

Service	Role
GitHub	Code repository & webhook trigger
API Gateway	Receives webhook requests
AWS Lambda	Starts CodePipeline
AWS CodePipeline	Automates build and deploy stages
AWS CodeBuild	Builds and tests the application
Amazon S3	Hosts static website
Amazon CloudFront	Delivers the website globally
Amazon CloudWatch	Logs & monitors activity
AWS IAM	Manages permissions securely

---

Step-by-Step Implementation

Step 1: Create and Push Code to GitHub

1. Create a new repository — e.g. serverless-ci-cd-pipeline.

2. Add your frontend or simple app files (HTML/CSS/JS).

3. Push your code to GitHub:
   

git add .
git commit -m "initial commit"
git push origin main

---

Step 2: Create an AWS CodePipeline

1. Go to AWS CodePipeline → Create pipeline

---

1. Source stage:

• Provider: GitHub

Connect your repo and branch

1. Build stage:

• Provider: AWS CodeBuild

Create a new CodeBuild project

1. Deploy stage:

• Provider: Amazon S3

• Select your target S3 bucket

Now your pipeline can build and deploy manually — next we’ll automate it using webhooks.

---

Step 3: Create an API Gateway Endpoint

1. Open Amazon API Gateway → Create API

1. Choose HTTP API → Click Build

2. Under “Integrations,” choose Lambda function (we’ll create it in the next step).

3. Click Create

1. Copy the Invoke URL (you’ll use this in your GitHub webhook).

---

Step 4: Create AWS Lambda Function

1. Go to Lambda → Create function

2. Runtime: Python 3.9

3. Function name: trigger-codepipeline

1. Paste this code:

import boto3
import json

def lambda_handler(event, context):
    pipeline_name = "your-pipeline-name"
    codepipeline = boto3.client('codepipeline')

    response = codepipeline.start_pipeline_execution(name=pipeline_name)

    return {
        'statusCode': 200,
        'body': json.dumps('Pipeline triggered successfully!')
    }

1. Go to Configuration → Permissions → Execution Role

• Attach policy: AWSCodePipelineFullAccess

• Attach policy: CloudWatchLogsFullAccess

1. Deploy your Lambda function.

✅ Now Lambda can trigger your CodePipeline programmatically.

Step 5: Connect Lambda to API Gateway

In API Gateway → Integrations, select your Lambda function.

Deploy the API.

Test it by sending a POST request using:

curl -X POST https://<your-api-id>.execute-api.us-east-1.amazonaws.com

---

Step 6: Add GitHub Webhook

1. Go to your GitHub Repo → Settings → Webhooks → Add Webhook

1. Payload URL = your API Gateway Invoke URL

2. Content type = application/json

1. Select event: Just the push event

6 .Click Add Webhook

Now, every time you push code to GitHub, it automatically triggers the pipeline!

---

Testing the Pipeline

1. Make a small code change and push it:

git add .
git commit -m "update UI"
git push

1. Go to AWS CodePipeline, and you’ll see the pipeline running automatically.

2. After a few minutes, your updated code will be deployed to S3 and available via CloudFront URL.

---

Common Issues I Faced (and Solved)

Issue	Cause	Solution
❌ AccessDenied in S3	Missing IAM permissions	Attached AmazonS3FullAccess to CodePipeline role
❌ Lambda failed to trigger pipeline	No permission to start pipeline	Added AWSCodePipelineFullAccess policy to Lambda role
❌ Webhook not triggering	API Gateway method not deployed	Re-deployed the API after integration
❌ Internal server error (500)	JSON format mismatch	Validated payload from GitHub with test event

---

Security Best Practices

• Use IAM least privilege roles (don’t overgrant permissions).

• Always use HTTPS for API Gateway.

• If using GitHub tokens, rotate them regularly.

• Log all actions with CloudTrail (optional).

Final Outcome

• Fully automated, serverless CI/CD pipeline
• No EC2 or Jenkins — pay only for what you use
• Deployment happens instantly on every GitHub push

---

Architecture Summary:

GitHub → API Gateway → Lambda → CodePipeline → CodeBuild → S3 → CloudFront

Key Learnings

• How to integrate GitHub Webhooks with AWS Lambda

• Event-driven DevOps design

• Secure IAM role management

  • Real-world CI/CD automation using AWS native tools

Conclusion

This project helped me understand the power of Serverless DevOps — simple, scalable, and cost-efficient.

It’s a perfect real-world example of how CI/CD can be built entirely with AWS services — a valuable step in my DevOps learning journey.

If you’re getting started in DevOps or AWS, try building this — you’ll learn Lambda, API Gateway, and CodePipeline in action.

---

Project Links

GitHub: https://github.com/ritesh355/serverless-ci-cd-demo/settings/hooks

---

📢 Connect With Me

• 💼 LinkedIn
• 📝 Hashnode Blog
• 💻 GitHub