This pattern shows you how to deploy a continuous integration and continuous delivery (CI/CD) pipeline for your application code workloads in separate Amazon Web Services (AWS) accounts for DevOps, developer, staging, and production workflows.
You can use a multiple AWS account strategy to provide a high level of resource or security isolation, optimize costs, and separate out your production workflow.
Your application's code remains identical in all these separate AWS accounts and is maintained on a central AWS CodeCommit repository hosted by your DevOps account. Your developer, staging, and production accounts have separate Git branches in this CodeCommit repository.
For example, when code is committed to the developer Git branch in your central CodeCommit repository, Amazon EventBridge in your DevOps account notifies EventBridge in your developer account of the repository changes. In your developer account, AWS CodePipeline and the source stage go into InProgress status. The source stage is configured from the developer Git branch in the central CodeCommit repository and CodePipeline assumes a service role for the DevOps account.
The contents of the CodeCommit repository in the developer branch are uploaded to an artifact store in an Amazon Simple Storage Service (Amazon S3) bucket and encrypted with an AWS Key Management Service (AWS KMS) key. After the source stage's status changes to Succeeded in CodePipeline, the code will be transitioned to the next stage of the pipeline execution.
