Back to Blog

AWS CodeBuild

By Noah Zoschke -

A few months ago I wrote AWS Missing Parts: Build Service. At the 2016 re:Invent conference, AWS launched CodeBuild, a service to “build and test code with continuous scaling.”

Werner Vogels re:Invent 2016 Keynote — Code Build AnnouncementWerner Vogels re:Invent 2016 Keynote — Code Build Announcement

I’m very excited that AWS filled in this gap in their platform. CodeBuild enables us to further simplify our systems, letting AWS do all the hard work of securing and operating the build step in our software delivery pipeline.

Why Builds?

Every software delivery pipeline has to take source code from a developer’s laptop and safely ship it to production systems in the cloud.

This is best accomplished by “building an artifact” — a snapshot of the code and everything it needs to run like its dependencies and compiled binaries.

Artifacts could be a .zip file, .deb package, AMI or a Docker image. Where and how to prepare these artifacts is an open-ended architectural decision.

Why a Build Service?

The philosophy of “Services over Software” applies to the build phase of software delivery.

If we use build software like Jenkins or Bamboo, someone on our team is responsible for:

  • Setting up a Jenkins cluster
  • Maintaining the cluster security
  • Upgrading the Jenkins software over time
  • Monitoring and recovering from Jenkins downtime
  • Capacity planning so the cluster can handle all our build volume

If you’re not careful you end up paying engineers to build and maintain a Jenkins cluster, and paying a big bill to keep the cluster scaled up 24/7. When the build cluster has problems, your team isn’t able to ship new code until it’s fixed.

With a managed build service like Heroku, Docker Hub, and now CodeBuild, operations are eliminated and costs are greatly reduced to on-demand usage. Your team is now empowered to just focus on pushing code, and let a service build all the artifacts.

AWS CodeBuild offers additional benefits:

  • GitHub / Docker / Registry integration — Use modern standards
  • Security — Sandbox untrusted builds
  • Cost — Pay only for what you use
  • Consolidation — Keep code, artifacts and billing in AWS

Next Steps: Simplify

Up until now, the Convox platform offered a private build service running inside an existing ECS cluster (architecture diagram). We now get to simplify the platform by delegating builds to CodeBuild:

Simple Build ArchitectureSimple Build Architecture

We expect to see tangible platform improvements from this. Builds will be:

  • Cheaper by paying only for builds on demand
  • Faster by no longer sharing resources inside an ECS cluster
  • More concurrent by delegating capacity planning to CodeBuild
  • More secure by removing privileged operations from the ECS cluster

What do you think? Are you already using a build service? Can you simplify your build system by letting AWS CodeBuild do all the heavy lifting?

Tweet at @goconvox or chat with us in Slack.