Phase 79 modules

DevOps & Infrastructure as Code

Production infrastructure is code. CloudFormation, CDK, SAM, CI/CD pipelines with CodeBuild, CodeDeploy, and CodePipeline.

Why This Phase Exists

Production infrastructure is code. Deployment is automated. Everything is repeatable. If you click-create it in the console, it doesn't exist in production.

That statement is not opinion. It is the operational standard at every organization running workloads at scale on AWS. When a developer creates a VPC through the console, that VPC has no history. Nobody knows what parameters were chosen, what tradeoffs were considered, or how to recreate it when the account gets rebuilt. When the same developer defines that VPC in a CloudFormation template, the template is checked into version control. It goes through code review. It runs through a CI/CD pipeline. It deploys identically across dev, staging, and production. When something breaks in production, you compare the current template to the previous commit and see exactly what changed.

This is the IaC (Infrastructure as Code) principle. Your infrastructure definitions are treated with the same rigor as application code: version-controlled, peer-reviewed, tested, and deployed through automated pipelines. The console is a learning tool and a debugging tool. It is never the source of truth for production infrastructure.

But IaC without automated deployment is only half the equation. You can define perfect CloudFormation templates, but if a human has to remember to run aws cloudformation deploy on Friday afternoon, the system fails. DevOps completes the picture: every commit to your infrastructure code triggers a pipeline that validates, builds, tests, and deploys those changes across environments without human intervention. The developer pushes code. The pipeline does the rest. Humans approve gates at critical boundaries but never execute deployment steps manually.

AWS provides a complete DevOps toolchain because different stages of the delivery lifecycle require different capabilities. CloudFormation and CDK define what infrastructure should exist. CodeCommit stores the source. CodeBuild compiles, tests, and packages. CodeDeploy handles the mechanics of getting new code onto running compute. CodePipeline orchestrates the entire flow from commit to production. SAM simplifies the serverless subset. Together, these services form an end-to-end automated delivery system that eliminates manual processes, reduces deployment risk, and enables teams to ship changes multiple times per day with confidence.

This phase teaches you both halves: how to define infrastructure as code (CloudFormation, CDK, SAM) and how to automate the delivery pipeline (CodeCommit, CodeBuild, CodeDeploy, CodePipeline). By the end, you will architect complete CI/CD pipelines that take a git commit through build, test, and deployment stages, deploying infrastructure and application code together with rollback capabilities and zero-downtime strategies.

What You Will Master

By the end of Phase 7, you will be able to:

  • Author CloudFormation templates with parameters, conditions, mappings, and outputs that deploy identical infrastructure across multiple environments from a single template definition
  • Architect nested stacks and cross-stack references for large-scale multi-team infrastructure where each team owns their stack but shares outputs
  • Deploy infrastructure changes safely using change sets, stack policies, and drift detection to prevent accidental destruction of production resources
  • Define cloud infrastructure using the AWS CDK in TypeScript or Python, leveraging L1, L2, and L3 constructs to build reusable infrastructure libraries
  • Build and deploy serverless applications with SAM, using local testing to validate Lambda functions before pushing to production
  • Implement source control workflows with branching strategies that map to environment promotion (feature branch to dev, main to staging, release tag to production)
  • Configure CodeBuild projects that compile code, run unit tests, perform static analysis, and produce deployment artifacts automatically on every commit
  • Design deployment strategies (rolling, blue/green, canary) using CodeDeploy with automatic rollback on health check failures
  • Orchestrate multi-stage CI/CD pipelines in CodePipeline that promote changes through environments with manual approval gates and automated quality gates

Modules in This Phase

ModuleTitleKey Focus Areas
43CloudFormation FundamentalsTemplate anatomy, resources, parameters, intrinsic functions, outputs, stack operations, change sets, rollback behavior
44CloudFormation AdvancedNested stacks, cross-stack references, StackSets, drift detection, stack policies, custom resources, DeletionPolicy, helper scripts
45AWS Cloud Development Kit (CDK)Constructs (L1/L2/L3), App/Stack architecture, CDK CLI, assets, CDK Pipelines, testing, CDK vs Terraform
46AWS SAMServerless resource types, SAM CLI, local development, SAM Accelerate, SAM Pipelines, SAM Connectors
47Source Control & CodeCommitGit fundamentals, branching strategies, pull requests, CodeCommit configuration, migration to CodeCommit, cross-account access
48AWS CodeBuildBuild projects, buildspec.yml, build phases, caching, environment variables, artifact handling, custom build environments
49AWS CodeDeployDeployment groups, appspec.yml, lifecycle hooks, rolling deployments, blue/green deployments, automatic rollback
50AWS CodePipelinePipeline structure, stages, actions, source/build/deploy integration, manual approvals, cross-region deployment
51Deployment StrategiesRolling, blue/green, canary, linear, all-at-once, feature flags, database migrations, rollback planning

The Progressive Path

This phase follows a deliberate progression: first you learn to define infrastructure, then you learn to deliver it automatically.

Modules 43 and 44 cover CloudFormation, the foundation of all IaC on AWS. Module 43 teaches template anatomy from scratch: how resources are declared, how parameters make templates reusable, how intrinsic functions wire resources together, and how stack operations work. Module 44 builds on that foundation with advanced patterns for production-scale deployments: breaking monolithic templates into nested stacks, sharing outputs across teams via cross-stack references, deploying to multiple accounts with StackSets, and protecting production resources with stack policies.

Module 45 introduces CDK as the modern alternative to writing raw CloudFormation YAML. CDK lets you define infrastructure using real programming languages (TypeScript, Python, Java, Go, C#). This means loops, conditionals, type checking, IDE autocomplete, and unit tests for your infrastructure. CDK synthesizes down to CloudFormation, so everything you learned in Modules 43 and 44 remains relevant. CDK does not replace CloudFormation; it generates it.

Module 46 covers SAM, which is a CloudFormation extension purpose-built for serverless applications. Where a raw CloudFormation template for a Lambda function requires explicit definitions of the function, IAM role, API Gateway, and permissions separately, SAM collapses all of that into a single resource type. SAM also provides local development tooling that lets you test Lambda functions on your laptop before deploying to AWS. You must understand Lambda (from Phase 4) and CloudFormation (from Module 43) before SAM makes sense.

Module 47 introduces source control as the starting point of every pipeline. Without version-controlled source code and infrastructure definitions, there is nothing to automate. This module covers branching strategies that map to AWS environment promotion patterns.

Module 48 teaches CodeBuild for the build and test stage. Every commit triggers a build project that compiles code, runs tests, performs security scanning, and produces artifacts. Module 49 covers CodeDeploy for the deployment stage: getting those artifacts onto running EC2 instances, ECS containers, or Lambda functions with zero-downtime strategies.

Module 50 ties everything together with CodePipeline, the orchestration service that connects source, build, test, and deploy stages into an automated workflow. Module 51 concludes the phase with a deep dive into deployment strategies: the theory and practice of rolling updates, blue/green switchovers, canary deployments, and rollback planning.

Services You Will Command

AWS CloudFormation

CloudFormation is the native IaC service for AWS. You write templates (JSON or YAML) that declare the desired state of your infrastructure. CloudFormation provisions and configures resources in the correct order, handles dependencies automatically, and supports updates with rollback on failure. Every AWS service is supported as a CloudFormation resource type. CloudFormation is the deployment engine behind CDK, SAM, and most AWS service integrations that create resources on your behalf.

AWS Cloud Development Kit (CDK)

CDK is an open-source framework that lets you define cloud infrastructure using familiar programming languages. Instead of writing 200 lines of YAML for a VPC with subnets, route tables, and NAT gateways, you write 5 lines of TypeScript that instantiate a VPC construct with sensible defaults. CDK synthesizes your code into CloudFormation templates, then deploys through CloudFormation. It provides three levels of constructs: L1 (raw CFN resources), L2 (opinionated defaults that cover 80% of use cases), and L3 (complete architectural patterns).

AWS Serverless Application Model (SAM)

SAM extends CloudFormation with simplified syntax for serverless resources. A single AWS::Serverless::Function resource type automatically creates the Lambda function, execution role, event source mapping, and API Gateway integration that would require four or five separate CloudFormation resources. SAM CLI provides local development capabilities: invoke Lambda functions on your machine, simulate API Gateway locally, and deploy with a single command.

AWS CodeCommit

CodeCommit is a managed source control service that hosts Git repositories. It provides unlimited repository storage, integrates with IAM for access control, supports pull requests with approval rules, and triggers notifications to SNS or Lambda on repository events. While many teams use GitHub or GitLab, CodeCommit integrates natively with CodePipeline and keeps source code within the AWS account boundary.

AWS CodeBuild

CodeBuild is a fully managed build service that compiles source code, runs tests, and produces deployment artifacts. You define build instructions in a buildspec.yml file. CodeBuild scales automatically, so you never wait in a build queue. It supports custom Docker build environments, caches dependencies between builds for faster execution, and outputs artifacts to S3 for downstream consumption by CodeDeploy or CloudFormation.

AWS CodeDeploy

CodeDeploy automates code deployments to EC2 instances, on-premises servers, Lambda functions, and ECS services. It supports multiple deployment strategies: in-place (rolling), blue/green (launch new fleet, switch traffic, terminate old fleet), and canary (shift a small percentage of traffic to the new version, monitor, then complete the shift). Automatic rollback reverts deployments when CloudWatch alarms indicate degraded health.

AWS CodePipeline

CodePipeline is a continuous delivery service that orchestrates the stages of your release process. A pipeline defines stages (Source, Build, Test, Deploy) and the actions within each stage. CodePipeline integrates with CodeCommit, GitHub, S3, CodeBuild, CodeDeploy, CloudFormation, ECS, and third-party tools. Manual approval actions allow human gates before production deployment, while automated transitions between stages keep the delivery process flowing.

Terraform (Context)

Terraform by HashiCorp is the primary third-party alternative to CloudFormation for IaC on AWS. It uses HCL (HashiCorp Configuration Language) rather than YAML/JSON, maintains state in a state file rather than using the service-side state that CloudFormation maintains, and supports multi-cloud deployments. Module 45 provides a comparison framework for teams evaluating CDK vs Terraform. This course focuses on native AWS tooling, but understanding Terraform's position in the ecosystem is essential for Solutions Architects.

Architecture Context

Phase 7 operationalizes everything you have built in Phases 1 through 6. Every VPC you configured manually in Phase 2 becomes a CloudFormation template. Every Lambda function from Phase 4 becomes a SAM application. Every EC2 Auto Scaling group from Phase 4 becomes a CDK construct with deployment automation.

The networking foundations from Phase 2 (VPCs, subnets, security groups, NACLs) are the resources you will define in CloudFormation templates during Modules 43 and 44. The IAM roles and policies from Phase 2 become parameters and outputs shared across stacks. The compute resources from Phase 4 (EC2 instances, Lambda functions, ECS services) are the deployment targets for CodeDeploy in Module 49. The integration services from Phase 6 (API Gateway, SQS, SNS) appear in SAM templates as event sources for serverless functions.

Looking ahead, Phase 8 (Monitoring and Operations) assumes that your infrastructure is defined as code and deployed through pipelines. CloudWatch alarms will monitor the stacks you deploy. Cost optimization will evaluate resource configurations defined in templates. The capstone projects will require complete IaC definitions with CI/CD pipelines, not console-created resources.

Phase Exam

After completing all nine modules, you will take the Phase 7 DevOps & Infrastructure as Code exam:

  • 35 multiple-choice questions covering IaC principles, CloudFormation mechanics, CDK constructs, SAM resource types, CI/CD pipeline design, and deployment strategies
  • 55 minutes time limit
  • 70% pass threshold (25/35 correct)
  • Questions emphasize decision-making: when to use CloudFormation vs CDK vs SAM, how to structure stacks for multi-team organizations, which deployment strategy fits a given risk tolerance, and how pipeline stages should be ordered
  • Expect scenario-based questions that present infrastructure requirements and ask you to select the correct IaC approach, template structure, or pipeline configuration
  • CloudFormation intrinsic functions, CDK construct levels, SAM shorthand syntax, CodeDeploy deployment types, and CodePipeline stage design are heavily represented

Modules in This Phase

Module 43

Module 43: CloudFormation Fundamentals

Every AWS resource you have created in this course so far was created through the console. You clicked buttons, filled in forms, and watched resources appear. That approach works for learning. It does not work for production.

Lesson Lab Quiz Resources
Module 44

Module 44: CloudFormation Advanced

Module 43 gave you the ability to define infrastructure in templates and manage it through stacks. That works for a single application with 10-20 resources. It does not scale.

Lesson Lab Quiz Resources
Module 45

Module 45: AWS Cloud Development Kit (CDK)

CloudFormation templates work. You proved that in Modules 43 and 44. You also noticed something: YAML gets verbose fast. A VPC with two public subnets, two private subnets, an internet gateway, NAT gateways, route tables, and route table associations takes 200+ lines of YAML. Every resource must be

Lesson Lab Quiz Resources
Module 46

Module 46: AWS Serverless Application Model (SAM)

You know how to write Lambda functions (Module 17). You know how to define infrastructure in CloudFormation templates (Module 43). Now combine those two facts and look at what it takes to deploy a simple API endpoint with raw CloudFormation:

Lesson Lab Quiz Resources
Module 47

Module 47: Source Control & CodeCommit

Every piece of your cloud infrastructure starts as a file. CloudFormation templates, CDK constructs, Lambda function code, pipeline definitions, Dockerfiles, Kubernetes manifests, configuration parameters. If these files are not under version control, you have no audit trail, no ability to roll back

Lesson Lab Quiz Resources
Module 48

Module 48: AWS CodeBuild

Every CI/CD pipeline needs a build step. Code must be compiled, dependencies must be installed, tests must be run, and artifacts must be packaged for deployment. Traditionally, teams maintained dedicated build servers (Jenkins instances, self-hosted runners) that required patching, scaling, and capa

Lesson Lab Quiz Resources
Module 49

Module 49: AWS CodeDeploy

Building and testing code is only half the story. The other half is getting that code running safely on your production infrastructure. Manual deployments are slow, error-prone, and terrifying. They do not scale, they do not provide consistency, and they offer no automatic recovery when something br

Lesson Lab Quiz Resources
Module 50

Module 50: AWS CodePipeline

You now know how to store code (Module 47), build code (Module 48), and deploy code (Module 49). But without orchestration, these are disconnected manual steps. Someone has to trigger the build after a commit. Someone has to take the build artifact and hand it to CodeDeploy. Someone has to verify th

Lesson Lab Quiz Resources
Module 51

Module 51: Deployment Strategies

Deploying software is inherently risky. Every deployment is a change to a running system, and every change has the potential to introduce defects, performance regressions, or outages. The question is not whether something will eventually go wrong during a deployment. The question is how fast you can

Lesson Lab Quiz Resources

Phase 7 Exam

Test your knowledge of all 9 modules in this phase. 25 questions, 70% required to pass.

60–90 minutes25 questions70% passing
Take the Exam