DEV Community

Cover image for Mastering DevOps: Build a Bulletproof CI/CD Pipeline for Java Web App from Scratch using AWS Native Solutions! 🚀
Suvrajeet Banerjee
Suvrajeet Banerjee Subscriber

Posted on

Mastering DevOps: Build a Bulletproof CI/CD Pipeline for Java Web App from Scratch using AWS Native Solutions! 🚀

#devops #aws #java #cicd

Hey there, cloud warriors!
👋 Ever dreamed of pushing a tiny code tweak to GitHub and watching your Java web app spring to life in production—built, tested, and deployed automatically? No more late-night manual deploys or "it works on my machine" headaches. That's the DevOps superpower we're unlocking today with pure AWS native tools!

In this ultra-detailed, step-by-step guide, we'll craft a rock-solid CI/CD pipeline that'll make your apps deploy faster than you can say "zero downtime." Whether you're a newbie navigating AWS for the first time or a seasoned pro polishing your skills, this hands-on adventure will hook you with real-world wins. We'll start from ground zero, build a simple Java web app, secure it, automate everything, and end with a live, auto-updating masterpiece.

By the end, you'll have a portfolio-worthy project inspired by battle-tested setups - check out the repo: AWS DevOps Pipeline for the complete project.
Grab your AWS account, fire up the console, and let's turn code into cloud magic! 🔥 Ready? Let's dive in!

Quick Check: All Essential Steps Locked In? 🛡️

Before blasting off, let's confirm our pipeline blueprint covers every must-have step from setup to teardown. We've audited against best practices—think secure access, code gen, dependency locks, builds, deploys, IaC, full orchestration, and yes, cleanup to dodge those sneaky AWS bills! If anything's missing, we've turbo-charged it right here with fresh, crunchy additions. All aboard? 🚀

  • 🗑️ Resource Cleanup (Avoid Bill Shock!):
    • At project end, head to EC2 > Terminate instances, no more compute costs! 💸
    • IAM: Detach policies, delete users/roles if testing (IAM > Users/Roles > Delete). Safety 1st! 🔒
    • S3: Empty buckets (S3 > Buckets > Empty) then delete. No lingering storage fees! 😁
    • Code Services: CodeBuild/CodeDeploy/CodeArtifact > Delete projects/repos/domains > confirm with 'delete'. Clean slate! 🧹
    • CloudFormation: Stacks > Delete stack > wait for completion. Infra vanishes like magic! ✨
    • CodePipeline: Pipelines > Delete. Full reset! 🔄
    • GitHub: Revoke AWS app access if done - GitHub > Settings > Applications. Secure exit! 🚪
    • Pro tip: Use AWS Cost Explorer to verify zero charges—celebrate with coffee! ☕

Now, with cleanup covered (whew, no surprises!), let's rocket through the core steps.🎉

The Big Picture: Your CI/CD Pipeline Flow 📊

Before we roll up our sleeves, visualize the epic journey your code will take. This arrow-guided flow is your treasure map—each step builds on the last, turning raw code into a live app:

Complete Project Architecture

Complete Project Architecture

[Your Local Dev Setup] → 🔑 IAM User & Key Pair Creation → ☁️ EC2 Instance Launch (Your Dev Server) 
                       ↓
[Code Versioning] → 🐙 GitHub Repo Init & Push → 🔗 AWS Integration (CodeConnection for Triggers)
                       ↓
[Dependency Security] → 📦 CodeArtifact Domain/Repo Setup → ⚙️ Maven Config (settings.xml Magic)
                       ↓
[Build Automation] → 🛠️ CodeBuild Project Creation → 📂 buildspec.yml Phases → S3 Artifact Storage
                       ↓
[Deployment Automation] → 🚀 CodeDeploy App & Group → ✍️ appspec.yml Hooks → 🧱 CloudFormation Infra Provisioning
                       ↓
[Pipeline Orchestration] → 🔄 CodePipeline Stages (Source → Build → Deploy) → 🤖 Auto-Triggers on Commits
                       ↓
[Live Glory] → 🌐 Access Your Deployed Web App → 🔄 Test Changes & Rollbacks → 🎉 Production-Ready Pipeline!
Enter fullscreen mode Exit fullscreen mode

This flow ensures seamless automation: Commit code → Pipeline runs → App updates live. No manual fuss! Now, let's break it into major milestones with crunchy, emoticon-packed bullet points for every sub-step. We'll use AWS Management Console for most actions—follow along precisely.

1. Cloud Web App Launch: Spin Up Your Dev Environment ☁️

Kick things off by creating a secure cloud home for your Java web app. This foundation lets you code, test, and prep for automation. We'll use EC2 as your virtual server—think of it as your personal cloud laptop! 🚀

  • 🔒 Create an IAM User for Safe Access:

    • Log into AWS Console as root — best practice!
    • Navigate to IAM > Users > Add users.
    • Name it "devops-admin-user" & check "Access AWS Management Console."
    • Set a custom password you'll remember — secure it!
    • Attach the "AdministratorAccess" policy for full powers.
    • Download the .csv with credentials — log out and relogin as admin user from now on. Why? Root is too risky for daily use! 🛡️

  • 🔑 Generate a Key Pair for SSH Magic:

    • In EC2 > Key Pairs > Create key pair.
    • Name it "devops-keypair" > PEM format.
    • Download the .pem file—store it safely — your instance password!
    • On your local machine, run the command. No key? No access! 🔐 
chmod 400 devops-keypair.pem
Enter fullscreen mode Exit fullscreen mode

  • 🚀 Launch Your EC2 Instance — Dev Server:

    • Head to EC2 > Instances > Launch instances.
    • Name: "devops-web-dev-server".
    • AMI: Amazon Linux 2023 (free tier eligible).
    • Instance type: t2.micro (free and zippy).
    • Key pair: Select your new "devops-keypair.pem".
    • Network: Default VPC, enable public IP.
    • Security group: Allow SSH — port 22 from your IP (check using checkip.amazonaws.com) and HTTP — port 80 from anywhere.
    • Launch! Wait for "Running" status, note the Public DNS (e.g., ec2-xxx.compute.amazonaws.com). Your cloud server is alive! 🎉

  • 🔌 Install VS Code & SSH Connect:

    • Download VS Code locally free (google — vscode download).
    • Install the "Remote - SSH" extension by Microsoft.
    • Open VS Code > Command Palette (Ctrl+Shift+P) > "SSH: Connect to Host" & Enter the command to inside your EC2 via VS Code!💻 
# Example Command - use without $ sign (Only for demonstration purpose to showcase the command)
$ ssh -i "path-to-your-pem-file-in-quotes" ec2-user@ec2-xxx.compute.amazonaws.com

# Format
# ssh -i ~/path/to/devops-keypair.pem ec2-user@<EC2-Public-DNS>
Enter fullscreen mode Exit fullscreen mode

Successful-Connection

  • ☕ Install Java & Maven on EC2:
    • In VS Code terminal — connected to EC2: Type 
$ sudo yum update -y
#update system with latest packages

$ sudo yum install java-1.8.0-amazon-corretto -y
# Install Java Corretto-8 Amazon-Linux Compatible

$ wget https://apache.org/dist/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.tar.gz
# Download Maven

$ tar xzvf apache-maven-*.tar.gz
#Extract the downloaded Package

$ mv apache-maven-* /opt/
# move to /opt

$ $PATH = ~/.bash_profile
# set PATH in ~/.bash_profile.

$ mvn -version
# Verify Java ready setup! ☕
Enter fullscreen mode Exit fullscreen mode
  • ✏️ Generate & Edit Your Web App:
    • In EC2: mvn archetype:generate -DgroupId=com.devops -DartifactId=web-app -DarchetypeArtifactId=maven-archetype-webapp -DinteractiveMode=false.
    • Navigate to web-app/src/main/webapp.
    • Edit index.jsp: Add <h1>Welcome to My AWS DevOps Web App! 🚀</h1>.
    • Save—your app's heart — it's beating! ❤️

2. GitHub x AWS Integration: Version Control Meets Cloud Power 🐙

Time to safeguard your code and wire it to AWS for auto-triggers. GitHub acts as your code vault—push changes, and the magic begins! 🔗

  • 📂 Install Git on EC2:
    • In EC2 terminal: sudo yum install git -y.
    • Set identity: 
$ git config --global user.name "YourDevName"
$ git config --global user.email "dev@email.com"
Enter fullscreen mode Exit fullscreen mode

  • 🐙 Create & Init GitHub Repo:

    • On GitHub.com: New repo > Name "devops-web-project".
    • In EC2: git init in your web-app dir.
    • Add files: git add ..
    • Commit: git commit -m "Initial Java web app commit 🎉".
    • Remote: git remote add origin https://github.com/yourusername/devops-web-project.git.
    • Remote: git push -u origin main. Your code is cloud-stored! ☁️

  • 🔗 Connect GitHub to AWS (CodeConnection):

    • In AWS > CodePipeline > Settings > Connections > Create connection.
    • Provider: GitHub > Install app > Authorize.
    • Name: "devops-github-connection".
    • Test: Push a tiny change to GitHub—AWS sees it! Triggers unlocked. 🏆

Pipeline

Visual: GitHub Connections page with success message highlighted and custom flow arrows.

💡 Tip: Now, every commit sparks potential automation! ⚡

3. Package Security with CodeArtifact: Lock Down Dependencies 🔒

Protect your app's building blocks — Maven packages in a private AWS repo. No more shady public downloads—secure & speedy as well! 📦

  • 🗃️ Create CodeArtifact Domain & Repo:
    • AWS > CodeArtifact > Create domain > Name "devops-domain".
    • Create repository > Name "devops-repo" > Upstream: Add "maven-central-store".
    • Policy: Allow EC2 access via IAM. Your private package pantry! 🛒

Policy

  • ⚙️ Configure Maven for CodeArtifact:

    • In EC2: Get auth token aws codeartifact get-authorization-token --domain devops-domain --query authorizationToken --output text.
    • Edit ~/.m2/settings.xml: Add server with token, mirror to your repo URL — fetch from CodeArtifact > Connection instructions.
    • Secure deps ready! 🔑

  • 📥 Build & Verify Dependencies:

    • In app dir: mvn compile.
    • Check: Packages pull from your repo, not public. Run mvn dependency:tree to see. Safe and sound! 🛡️

4. Automated CI with CodeBuild: Build & Test on Autopilot 🛠️

Automate compiling your code into ready-to-deploy artifacts. CodeBuild handles the heavy lifting—say goodbye to manual builds! 📂

  • 🏗️ Create CodeBuild Project:

    • AWS > CodeBuild > Create build project.
    • Name: "devops-build-project".
    • Source: GitHub > Your repo > Use connection.
    • Environment: Amazon Linux 2, standard runtime.
    • IAM role: Create one with S3, CodeArtifact access. Build engine revved! 🏎️

  • 📂 Add buildspec.yml to Repo:

    • In repo root, create buildspec.yml.
    • Phases: Install (runtime: java corretto8), Pre-build (login to CodeArtifact), Build (mvn clean package), Post-build (zip artifacts).
    • Commit & push. Your build blueprint! 🗺️

Buildspec-file

  • ✅ Run Build & Store in S3:
    • Create S3 bucket "devops-artifacts".
    • Start build in CodeBuild > Watch logs.
    • Success? Artifact ZIP in S3. Verify with aws s3 ls. Built to perfection! ✅ Automation high: Builds fire on demand! 🔥

5. CodeDeploy for Seamless Updates: Deploy Like a Pro 🚀

Push your built app to live servers automatically. CodeDeploy ensures smooth rollouts with rollback safety nets! 🌐

  • 🧱 Provision Infra with CloudFormation:

    • Create YAML template: Define VPC, EC2 (with CodeDeploy agent), security groups.
    • AWS > CloudFormation > Create stack > Upload template.
    • Parameters: Instance type t2.micro.
    • Launch—infra auto-builds! Magic in code. ✨

  • 📤 Create CodeDeploy App & Group:

    • AWS > CodeDeploy > Create application > Name "devops-deploy-app" (EC2 platform).
    • Deployment group: Link to your EC2, in-place type.
    • Agent: Pre-installed on EC2 via user data. Ready to deploy! 📦

  • ✍️ Add appspec.yml & Scripts:

    • In repo: appspec.yml with version, files (from S3), hooks (BeforeInstall: clean, ApplicationStart: restart server).
    • Scripts: Shell files for install/stop/start Tomcat.
    • Push changes. Deployment recipe set! 🍳

Appspec.yml

  • 🌐 Deploy & Go Live:
    • Create deployment > S3 artifact.
    • Monitor: Success? Hit EC2 DNS in browser—app live!
    • Test: Refresh for updates. Victory dance! 🕺

Pipeline Flow Diagram
Deployment thrill: Live in seconds! 🎊

6. Infrastructure as Code: Blueprint Your World 🧱

Codify your setup for easy replication. CloudFormation turns infra into versioned code—no more console clicks! 📜

  • 📝 Craft CloudFormation Template:

    • YAML file: Resources for VPC (CIDR 10.0.0.0/16), Subnet, EC2 (AMI, key pair), IAM roles.
    • Outputs: EC2 DNS for easy access.
    • Validate: Use AWS template validator. Blueprints built! 🖼️

  • 🚀 Launch & Manage Stack:

    • CloudFormation > Create stack > Upload YAML.
    • Name "devops-infra-stack".
    • Create—watch resources spin up.
    • Update: Edit YAML, update stack. Infra evolves! 🔄

  • 🔍 Verify & Scale:

    • Check stack events for success.
    • Scale: Add more EC2 via template params. Repeatable power! ♻️ IaC win: Build once, deploy anywhere! 🌍

7. Full CI/CD Integration: Orchestrate the Symphony 🔄

Unite everything in CodePipeline for end-to-end automation. Commit → Pipeline hums → App updates live. The grand finale! 🎼

  • 🎛️ Create CodePipeline:

    • AWS > CodePipeline > Create pipeline.
    • Name "devops-full-pipeline".
    • Stages: Source (GitHub via connection), Build (your CodeBuild project), Deploy (your CodeDeploy group).
    • IAM role: Auto-created with perms. Pipeline assembled! 🧩

  • 🪝 Set Up Webhooks & Triggers:

    • In pipeline: Enable GitHub webhooks for main branch.
    • Test: Push a commit—pipeline auto-starts!

  • 🧪 Test End-to-End:

    • Edit index.jsp: Add "

      Pipeline Power! 🔄

      ".
    • Commit & push.
    • Monitor pipeline: Source fetches, Build packages, Deploy rolls out.
    • Verify: Refresh app URL—new content live!
    • Rollback: If needed, redeploy previous revision. Flawless flow! ✅

Modified Pipeline Flow

Ultimate high: Your pipeline is a DevOps beast! 🦸

Project Highlights: Recap Your Epic Wins 🌟

  • ☁️ Cloud Web App Launch: Secured and launched your dev server on EC2—foundation nailed! 🏠
  • 🐙 GitHub x AWS Integration: Code versioned and linked for trigger-happy automation. 🔗
  • 🔒 Package Security with CodeArtifact: Dependencies locked down—secure builds forever! 🛡️
  • 🛠️ Automated CI with CodeBuild: Builds and tests on autopilot—efficiency maxed! ⚙️
  • 🚀 CodeDeploy for Seamless Updates: Deployments smooth as silk, with zero downtime. 🌊
  • 🧱 Infrastructure as Code: Infra coded and repeatable—scale like a boss! 📈
  • 🔄 Full CI/CD Integration: Everything automated—commit to live in minutes! 🎉

Deep Dive: Role of Key Files & Components Explained 📚

To wrap up, let's demystify the stars of the show. Each file plays a crucial role in your pipeline—here's the lowdown in one-to-two liners:

  • pom.xml (Maven Project Object Model): Heart of your Java project—defines dependencies, plugins, and build configs like versions and packaging (e.g., WAR file). It's Maven's blueprint for what to build and how! 🗺️

  • settings.xml (Maven Settings): Customizes Maven behavior globally—points to private repos like CodeArtifact, adds auth tokens, and mirrors for secure dependency pulls. Your secret sauce for repo security! 🔑

  • buildspec.yml (CodeBuild Spec): YAML file dictating build phases (install, pre-build, build, post-build)—commands for compiling code, running tests, and zipping artifacts. CodeBuild's instruction manual! 🛠️

  • appspec.yml (CodeDeploy Spec): YAML outlining deployment lifecycle—files to copy, hooks for scripts (e.g., BeforeInstall to clean, ApplicationStart to restart server). Ensures smooth, automated deploys! 🚀

  • index.jsp (Java Server Page): Your web app's main page—mixes HTML with Java code for dynamic content. Edit here for UI changes that pipeline auto-deploys! ✏️

  • Shell Scripts (e.g., install.sh, start.sh): Custom bash files run during deployment hooks—handle tasks like installing Tomcat, stopping/starting services. The glue for server-side automation! 📜

  • CloudFormation Template (YAML/JSON): Defines AWS resources as code—VPC, EC2, roles in one file for provisioning. Update it to scale infra without console chaos! 🧱

These files make your pipeline tick—master them, and you're unstoppable!

Inspired by github repo ⏩ devops-web-project. Now go build, test, and share your wins on dev.to. Questions? Drop 'em below. Happy coding, DevOps legends! 🚀✨

🙏 Acknowledgments

This learning journey was powered & supported by NextWork's structured approach to cloud education, which made breaking down complex concepts into digestable-byte-sized-hands-on practicals accessible through systematic skill building & clear-actionable steps.

This blog is based on - NextWork's - 7 Day DevOps Challenge!

Give it a try: https://learn.nextwork.org/projects/aws-devops-cicd

Top comments (0)