Set up CodePipeline
This SOP creates a CI/CD pipeline using AWS CodePipeline. The pipeline automatically builds, tests, and deploys your application when changes are pushed to a source repository branch.
For prerequisites and security information, see AWS Deployment SOPs.
Requirements
Your application must already be configured as a CDK application with existing infrastructure code. This SOP works best after deploying with Frontend applications or Supabase applications.
Important
This SOP requires you to manually approve an AWS CodeConnections resource in your web browser. You need permissions to install and configure the connection in your repository or organization.
Example prompt
To set up a pipeline, prompt your coding agent with the following: Set up a pipeline for my application.
Steps your coding agent takes
Your coding agent commits changes after each significant step to the deploy-to-aws branch.
Scans the project to detect existing CDK infrastructure, stacks, and application configuration
Identifies available quality checks (linting, unit tests) and verifies they pass locally
Presents a detection summary and asks you to confirm the configuration
Creates an AWS CodeConnections resource to connect AWS to your source repository
Creates production secrets in AWS Secrets Manager, if your application uses Lambda functions
Generates CDK infrastructure code for the pipeline
Deploys the pipeline stack through AWS CloudFormation
Prompts you to authorize the connection in the AWS console
Verifies the pipeline triggers and runs successfully
Records pipeline configuration and deployment details in your repository
Manual steps
During Step 8, you must complete authorization in the AWS console:
Open the AWS CodeConnections console
Find the pending connection for your application
Choose Update pending connection
Authorize and install the connector for your repository
How it works
Your coding agent verifies your application has existing CDK infrastructure code. The agent then generates a pipeline stack using the CDK Pipelines module (aws-cdk-lib/pipelines). The pipeline is self-mutating. When you push changes to pipeline infrastructure code, the pipeline automatically updates itself.
The pipeline uses AWS CodeConnections to authenticate with your source repository. When changes are pushed to the configured branch, the pipeline executes the following stages:
Source — Pulls source code from your repository through the CodeConnections resource
Build (Synth) — Installs dependencies, runs quality checks, builds the application, and synthesizes CloudFormation templates using CDK
Update pipeline — Self-mutation stage that updates the pipeline if its own infrastructure code changed
Assets — Publishes file and Docker image assets required by the stacks
Deploy — Deploys your application stacks to a production environment
The pipeline initially triggers on the deploy-to-aws branch. You can reconfigure the pipeline to trigger on main or another branch. To reconfigure, update the branchName context variable in the CDK configuration.
Quality checks are included only if they pass locally during setup. End-to-end tests are not included in the pipeline. The pipeline uses Secretlint to scan for exposed secrets in your codebase during each build. As part of the AWS Shared Responsibility Model, you should rotate exposed secrets immediately.
If your application includes Lambda functions, the SOP creates a separate production secret in AWS Secrets Manager ({AppName}/prod/secrets) and deploys both Lambda and frontend stacks through the pipeline.
The SOP prompts your coding agent to apply security best practices. Always review the generated pipeline configuration before deploying.
Troubleshooting
For troubleshooting issues, you can contact AWS Support
