In DevOps, continuous integration and continuous delivery (CI/CD) pipelines streamline and automate software development processes, but some deployments require human intervention for approval. This blog post provides a detailed guide on implementing manual approvals in AWS CodePipeline, allowing organizations to balance automation with necessary control.

Topics Covered

  • Introduction to AWS CodePipeline and Manual Approvals
  • Prerequisites for Setting Up a Pipeline with Manual Approval
  • Step 1: Creating an IAM Role for CloudFormation
  • Step 2: Setting Up the AWS CodeCommit Repository
  • Step 3: Creating an SNS Topic for Notifications
  • Step 4: Configuring AWS CodePipeline
  • Step 5: Adding a Manual Approval Stage
  • Step 6: Reviewing and Approving Changes
  • Final Thoughts: Embracing DevOps Practices

Introduction to AWS CodePipeline and Manual Approvals

AWS CodePipeline is a managed CI/CD service that helps automate software release processes, allowing developers to build, test, and deploy code rapidly. However, for deployments requiring compliance or security reviews, manual approval stages ensure changes meet organizational standards before going live.

Prerequisites for Setting Up a Pipeline with Manual Approval

Before implementing manual approvals, ensure you have the following:

  • An AWS account with CodePipeline, CodeCommit, SNS, and IAM permissions.
  • Basic understanding of AWS CodePipeline and AWS CLI.
  • Permission to create and manage resources within your AWS environment.

Step 1: Creating an IAM Role for CloudFormation

To provision resources securely, you need an IAM role with specific permissions.

  1. Navigate to the IAM Console: Go to the IAM console.
  2. Create a New Role: Select “Create role” and choose “AWS service” as the trusted entity. Choose “CodePipeline” and attach the necessary policies.
  3. Attach Policies: Add permissions for CloudFormation, S3, and CodeCommit to ensure the pipeline can manage resources securely.
  4. Save the Role: Name the role, review and create policies.

Step 2: Setting Up the AWS CodeCommit Repository

AWS CodeCommit serves as a secure repository for your code.

  1. Create Repository: Open CodeCommit from the AWS console, select “Create repository,” and name it.
  2. Push Code: Initialize the repository with a sample codebase and commit changes.

Step 3: Creating an SNS Topic for Notifications

SNS notifications are essential for alerting stakeholders during the manual approval process.

  1. Navigate to SNS Console: Open SNS and select “Create topic.”
  2. Configure Topic Details: Name the topic (e.g., “CodePipelineManualApproval”) and choose the notification display name.
  3. Subscribe Users: Add email addresses or other endpoints for individuals who will review changes.
  4. Save Configuration: Confirm email subscriptions from each endpoint after creating the topic.

Step 4: Configuring AWS CodePipeline

Create a new CodePipeline with CodeCommit as the source and specify your deployment actions.

  1. Start Pipeline Creation: Open the CodePipeline console, select “Create pipeline,” and name your pipeline.
  2. Choose Service Role: Select the IAM role created in Step 1.
  3. Add Source Stage: Set CodeCommit as the source, selecting the repository and branch.
  4. Add Deployment Stage: Specify build and deployment stages based on your infrastructure (e.g., CodeBuild or CodeDeploy).

Step 5: Adding a Manual Approval Stage

Now, integrate manual approval to pause the pipeline for review.

  1. Insert Manual Approval: Select “+ Add stage” and name it “Manual Approval.”
  2. Add Action: In the new stage, add an action named “Approve Deployment” and select the “Manual approval” action provider.
  3. Configure SNS Notifications: Choose the SNS topic created in Step 3. This triggers a notification to reviewers when the pipeline reaches this stage.
  4. Save Changes: Complete the pipeline creation, saving all stages and settings.

Step 6: Reviewing and Approving Changes

Upon reaching the manual approval stage, CodePipeline pauses and awaits input from an authorized user.

  1. Check Notification: Reviewers receive an SNS notification when approval is required.
  2. Log into CodePipeline Console: Access the pipeline and review changes.
  3. Approve or Reject: Select the manual approval stage, review details, and approve or reject the change.
  4. Continue Deployment: Once approved, CodePipeline resumes, completing the remaining stages.

Final Thoughts: Embracing DevOps Practices

Incorporating manual approval into AWS CodePipeline combines the efficiency of automated workflows with the control of human oversight. By strategically placing approval checkpoints, teams can ensure deployments meet compliance and security standards without sacrificing speed. Manual approvals enhance the DevOps process and foster accountability and reliability.

References

Add a manual approval action to a pipeline in CodePipeline

Add a manual approval action to a stage