AWS CodePipeline and CodeBuild: Pipeline Structure, ECR Integration, ECS/EKS Deployments, and Cross-Account Patterns

Calendar February 22, 2026
Cicd
Intermediate, Advanced
Ci-Pipeline-Design, Aws-Cicd-Authoring, Aws-Deployment-Patterns, Cross-Account-Iam
Aws, Codepipeline, Codebuild, Ecr, Ecs, Eks, Cicd, Cross-Account, Eventbridge, Buildspec
Aws-Codepipeline, Aws-Codebuild, Aws-Ecr, Aws-Ecs, Aws-Eks, Aws-Cli, Docker

AWS CodePipeline and CodeBuild#

AWS CodePipeline orchestrates CI/CD workflows as a series of stages. CodeBuild executes the actual build and test commands. Together they provide a fully managed pipeline that integrates natively with S3, ECR, ECS, EKS, Lambda, and CloudFormation. No servers to manage, no agents to maintain – but the trade-off is less flexibility than self-hosted systems and tighter coupling to the AWS ecosystem.

Pipeline Structure#

A CodePipeline has stages, and each stage has actions. Actions can run in parallel or sequentially within a stage. The most common pattern is Source -> Build -> Deploy:

AWS Fundamentals for Agents

Calendar February 22, 2026
Cloud-Services
Intermediate
Aws-Resource-Management, Aws-Networking, Aws-Identity-Management
Aws, Iam, Vpc, Ec2, S3, Rds, Eks, Route53, Cloudwatch
Aws-Cli, Aws-Iam, Aws-Ec2, Aws-S3, Aws-Rds, Aws-Eks

IAM: Identity and Access Management#

IAM controls who can do what in your AWS account. Everything in AWS is an API call, and IAM decides which API calls are allowed. There are three concepts an agent must understand: users, roles, and policies.

Users are long-lived identities for humans or service accounts. Roles are temporary identities that can be assumed by users, services, or other AWS accounts. Policies are JSON documents that define permissions. Roles are always preferred over users for programmatic access because they issue short-lived credentials through STS (Security Token Service).