How to Set Up Continuous Integration with AWS CodeBuild and GitHub Using the AWS Connector App.

Continuous Integration (CI) is a cornerstone of modern software development, automating the building and testing of code changes. By integrating AWS CodeBuild and GitHub, you can streamline your CI workflow and significantly enhance your development process.

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. You don’t need to provision, manage, and scale your own build servers.

GitHub is a platform for hosting code that allows for version control and collaboration.

Traditionally, connecting these two services; AWS CodeBuild and GitHub has relied on Personal Access Tokens (PATs). However, this method can pose security risks. A more secure and efficient approach is to leverage the GitHub App Authentication(AWS Connector APP).

Why Choose GitHub Apps Over Personal Access Tokens?

GitHub Apps provide a more secure and flexible integration with GitHub than Personal Access Tokens (PATs). Here’s why:

• Fine-Grained Permissions: GitHub Apps allow precise control over repository access and actions.
• Enhanced Security: They use short-lived tokens, reducing exposure risks.
• Broader Yet Controlled Access: Ideal for services requiring comprehensive but carefully managed permissions.

While PATs are simpler and work well for personal tasks and basic automation, GitHub Apps are better suited for professional and organizational use, offering superior control and security.

In this article, we will use the AWS Connector App for GitHub, a GitHub App from Amazon Web Services (AWS) that makes it easy to integrate AWS services like CodeBuild, CodePipeline, and CodeDeploy with GitHub. I will guide you through setting up Continuous Integration (CI) with AWS CodeBuild and GitHub, all without needing personal access tokens.

Prerequisites

Before getting started, ensure you have the following:

1. An AWS account with permission to use CodeBuild.
2. Administrator access to your GitHub repository.
3. A basic understanding of AWS CodeBuild and GitHub workflows.

STEP 1 — Install the AWS Connector for GitHub

1. Go to the GitHub Marketplace.
2. Search for AWS Connector for GitHub and install it.
3. Grant the Connector App access to the specific repositories you want to integrate. For demonstration purposes, I will grant access to all repositories.

STEP 2— Create a Private ECR Repository

• Navigate to the Amazon ECR Console.
• Click on Create repository. Select Private repository and enter the repository name, e.g., application/bookshelf.
• Leave other settings as default unless specific requirements are needed.
• Save the Repository and Note down the repository URI

STEP 3— Create an AWS CodeBuild Project

1. Navigate to AWS CodeBuild:

• In the AWS Management Console, go to CodeBuild.
• Click Create Build Project.

2. Set Up Project Configuration:

• Project Name: Enter a descriptive name for the project.
• Source Provider: Select GitHub.
• Credential: Select Custom Source Credential.
• Credential Type: Select GitHub App.
• Connection: click Create a new GitHub connection using an AWS-managed GitHub App. Enter a name for the connection and click Connect. You will then be redirected to log in to your GitHub account. As shown below;

• Once you successfully sign in to your GitHub account, you should see the AWS Connector for GitHub ID displayed. Then, click Connect to save the connection.

• Repository: Choose the repository and source branch you want to integrate.
• Click on ‘’Rebuild every time a code change is pushed to this repository’’ to set up webhook.

3. Environment Setup:

• Provisioning Model: Choose between an on-demand model or reserved capacity. For this project, we will use the on-demand model.
• Environment Image: Select either a managed image or a custom Docker image. For this project, we will use a Managed Image.
• Compute: Based on your requirements, choose an appropriate compute type. For this project, we will use an EC2.
• Operating System: Configure the various settings to suit your needs.
• Build Specifications: Select either to insert build commands manually or use a buildspec file. For this project, we will use a build spec file.
• Save: Leave all other configurations as default or modify them to suit your needs. Then click Save.

STEP 4— Edit the CodeBuild Service Role to Grant Amazon ECR Access

• Open the IAM Console and locate the CodeBuild service role.
• Attach a Policy: For limited access, attach AmazonEC2ContainerRegistryPowerUser or create a custom policy
• Save changes

STEP 5— Add your buildspec.yml file to your repository

• Create a buildspec.yml file on the root directory.

Version: 0.2

phases:
  build:
    commands:
       - "aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin accountid.dkr.ecr.region.amazonaws.com  && docker build -t applicaion/bookshel ./bookcatalog-management-service/  && docker tag applicaion/bookshel:latest accountID.dkr.ecr.region.amazonaws.com/applicaion/bookshel:latest && docker push 370416136397.dkr.ecr.us-east-1.amazonaws.com/applicaion/bookshel:latest"

• Commit and push changes to your GitHub repository.
• Navigate to the CodeBuild project in the AWS Console and Verify the integration.

Success build

image uploaded to AWS ECR

Link to source code; GitHub

Conclusion

Setting up CI with AWS CodeBuild and GitHub using the AWS Connector App is straightforward and incredibly effective for streamlining your development workflow. By following the steps outlined above, you can automate builds, ensure code quality, and accelerate feature delivery.

Have you implemented a CI/CD pipeline with AWS CodeBuild? Share your experience in the comments!