DEV Community


Posted on

AWS CDK Pipelines - CI/CD for your Infrastructure

AWS CDK pipelines enable you to have CI/CD for your infrastructure. Not just your code (e.g. running npm test and npm build), but your infrastructure (e.g. cdk deploy and then deploying updated app code).

Note: This is not a discussion/exploration of deploying standard CodePipelines via the CDK. Others have written much better tutorials on that than I could.

What is a CDK pipeline?

A CDK pipeline is a CodePipeline configured to run cdk deploy on it's own repo. You can then add application stages that act as your usual CI/CD stages. These stages are similar to CDK stacks (and are declared similarly). Then, when the source action is triggered (e.g. A push to a GitHub branch), the change is immediately sent through the pipeline, running your tests and deploying where appropriate.

So why is this interesting?

Well in my opinion the usual code CI/CD process is already really cool, and it gets even better when such processes are defined by code. But having those processes defined by code and automatically deploying themselves upon a change sounds awesome to me.

And that self-updating is where it is interesting! From the AWS blog article on this (see end of post for link):

The pipeline created by CDK pipelines is self-mutating. This means you only need to run cdk deploy one time to get the pipeline started. After that, the pipeline automatically updates itself if you add new CDK applications or stages in the source code.

This seems... dangerous.

After my initial "this is awesome", that was my first thought. Can the pipeline updates be rolled back? Can the application stages be rolled back? What happens if we discover an issue in production and a rollback is needed?

But, it also seems that CodePipeline is struggling to keep up with this. From the same AWS blog:

You may notice that the UpdatePipeline stage shows as failed when it updates itself. This is expected, and nothing to worry about. The pipeline automatically restarts itself and proceeds to deploy to the new stages.

We should expect a failed pipeline stage!? I'm not yet an expert in CodePipeline at all (I've only done basic work with it via the CDK), but this seems flawed to me, and something to be fixed. Maybe this (along with the lack of context queries such as Vpc.fromLookup) is why the feature is still in developer preview.


So while this feature is certainly interesting, it doesn't seem quite production-ready, or at least requires some further exploration. I'd love to hear any experiences you've had with this or opinions on it, along with any feedback on my writing.

For more information and detail (including a tutorial) on this feature, check out this AWS blog article on the topic from when it was first released in dev preview:

Discussion (0)