22

Development Config Rules

Last Update één maand geleden

AWS Config Rule: CodeBuild Project OAuth Check AWS Config Rule: CodeBuild Plaintext Creds. in Env. Variables AWS Config Rule: CodeBuild Project Artifact Encryption AWS Config Rule: CodeBuild Project Environment Privileged Mode Enabled AWS Config Rule: Lambda Function Public Access Prohibited

AWS Config Rule: Codepipeline Deployment Count

CODEPIPELINE_DEPLOYMENT_COUNT_CHECK

Luna Ricci

Last Update 2 maanden geleden

Description: Checks whether the first deployment stage of the AWS Codepipeline performs more than one deployment. Optionally checks if each of the subsequent remaining stages deploy to more than the specified number of deployments (deploymentLimit).


Trigger type: Configuration changes


AWS Region: Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Seoul), Europe (London), Asia Pacific (Tokyo), US West (Oregon), US West (N. California), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central) Region

How to Resolve Manually 

To resolve this manually, you will need to carefully consider the methods on which you are using AWS Codepipeline and to how many additional deployments you are performing on the first, and subsequent later stages. You can set the deploymentLimit manually with this AWS Config Rule if you wish to set your own limits higher.

Below is a High-Level deployment architecture which shows how you can perform more than one deployment from one CodePipeline (in the us-west-2 region)


This includes, but is not limited to, CodeDeploy deployments within different regions which could occur simultaneously.

The image is from an AWS blog article which goes into the intrici's of using AWS CodePipeline to perform multi-region deployments. This will of course count as multiple simultaneous deployments if configured to work this way.


For more information on the above, review the AWS blog article here


One alternative way to avoid breaching the AWS Codepipeline Deployment Count Check is to perform all CodeDeploy actions in a single region, and if you need to branch out to build resources in multiple regions, consider using a CloudFormation StackSet to build resources cross-region within one or more AWS Accounts.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us