CodeDeploy & rollback
Targets, appspec hooks, blue/green, auto-rollback.
CodeDeploy automates releasing your application to compute targets with controlled strategies and automatic rollback. Choosing the deployment strategy for the target is a core DevOps decision that trades speed against safety.
Targets and the appspec
CodeDeploy deploys to EC2/on-prem instances, ECS services, and Lambda functions. An appspec file tells it what to deploy and defines lifecycle hooks (BeforeInstall, AfterInstall, ApplicationStart, ValidateService) where you run validation scripts — so a deployment can verify health before shifting traffic. For EC2 it supports in-place (update the existing fleet) and blue/green (stand up a new fleet, shift traffic, keep the old for rollback); for ECS and Lambda it uses traffic-shifting between versions. The appspec-plus-hooks model lets you bake health checks into the release itself.
# TARGET STRATEGIES# EC2 → in-place (update fleet) | blue/green (new fleet + traffic shift)# ECS → blue/green / canary via traffic shifting between task sets# Lambda → linear / canary (shift % of traffic to the new version)## appspec hooks run validation at each step:hooks:AfterInstall: [{ location: scripts/verify.sh }]ValidateService: [{ location: scripts/smoke-test.sh }] # fail → rollback
Automatic rollback
The safety mechanism that makes frequent deployment viable is automatic rollback: tie the deployment to CloudWatch alarms and health checks, and CodeDeploy reverts to the last known-good version when an alarm fires or validation fails — so a bad release is contained in seconds without a human scrambling. Blue/green and canary strategies limit blast radius further by exposing the new version to a subset of traffic first and watching metrics before full cutover. The combination — progressive delivery plus alarm-triggered rollback plus health-checked hooks — is what lets a DevOps team ship often and safely, which is the essence of the professional-level exam and the job.