Login
March 21, 2024|
Voiced by Amazon Polly |
Overview
In modern software development workflows, continuous integration and delivery (CI/CD) pipelines are crucial in automating the build, test, and deployment processes. AWS CodeBuild is a managed service that enables developers to build, test, and package their code efficiently. On the other hand, Amazon Simple Email Service (SES) is a powerful tool for reliably sending transactional and marketing emails.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
AWS CodeBuild and Amazon SES
AWS CodeBuild simplifies the process of building and testing code in various programming languages and environments.
Prerequisites for Email Notifications
Several prerequisites must be addressed before implementing custom email notifications in AWS CodeBuild using Amazon SES. Firstly, the AWS IAM role assigned to AWS CodeBuild must have the necessary permissions to interact with Amazon SES. This includes permissions to send emails (ses:SendEmail) and send raw emails (ses:SendRawEmail). Additionally, if Amazon SES is in sandbox mode, the sender and recipient email addresses must be verified. However, only the sender’s email address must be verified in production mode.
To ensure proper configuration, developers should create an AWS IAM policy granting the required permissions and verify email addresses as per Amazon SES requirements. Below is a sample AWS IAM policy snippet granting Amazon SES permissions:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:SendEmail", "ses:SendRawEmail" ], "Resource": "*" } ] } |
Integration with BuildSpec File
The provided BuildSpec file showcases how to integrate Amazon SES CLI commands to send custom email notifications at different stages of the AWS CodeBuild process. For instance, upon encountering a build failure, an email notification is triggered using the aws ses send-email command. This command includes essential details such as the sender, recipient, subject, and body of the email.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
version: 0.2 env: secrets-manager: SECRET_VALUE: $SONARQUBE_CRED_ARN SECRET_VALUE_1: $PRISMA_CLOUD_CRED_ARN phases: install: runtime-versions: java: corretto17 pre_build: commands: - echo Logging in to Amazon ECR..... - aws ecr get-login-password --region ap-south-1 | docker login --username AWS --password-stdin <ACCOUNT_ID>.dkr.ecr.ap-south-1.amazonaws.com - REPOSITORY_URI=<ACCOUNT_ID>.dkr.ecr.ap-south-1.amazonaws.com/<ECR_REPO_NAME> build: commands: - mvn clean install -U -s settings.xml verify sonar:sonar -Dsonar.projectKey=SERVICE_NAME -Dsonar.projectName=SERVICE_NAME -Dsonar.host.url=https://test-sonarqube.com -Dsonar.login=<SONARQUBE_TOKEN? - sleep 6 - curl -u "SONARQUBE_USERNAME":"SONARQUBE_PASSWORD" https://test-sonarqube.com/api/qualitygates/project_status?projectKey=SERVICE_NAME >result.json - ls -l - cat result.json - BODY="Build failed with Sonarqube Scan. For more details refer the following link. https://iocl-app-security-reports-bucket.s3.ap-south-1.amazonaws.com/sonarqube_reports/dev/<SERVICE_NAME>-sq-report-$CODEBUILD_BUILD_NUMBER.json" - | if [ "$(jq -r '.projectStatus.status' result.json)" = "ERROR" ]; then echo "Both project status and build status indicate errors." cp result.json /tmp/<SERVICE_NAME>-sq-report-$CODEBUILD_BUILD_NUMBER.json aws s3 cp /tmp/<SERVICE_NAME>-sq-report-$CODEBUILD_BUILD_NUMBER.json s3://iocl-app-security-reports-bucket/sonarqube_reports/dev/ aws ses send-email --from "devops-notification.in" --destination "ToAddresses=notification-cicd.com" --message "Subject={Data='<SERVICE_NAME>-Pipeline has FAILED',Charset=utf8},Body={Text={Data='$BODY',Charset=utf8}}" exit 1 else echo "Build passed the Sonarqube scan" fi - echo Build started on `date` - echo building the Jar file - echo Building the Docker image........!!! - docker build -t REPOSITORY_URI:IMAGE_TAG . post_build: commands: - echo Pushing the Docker images... - docker push REPOSITORY_URI:IMAGE_TAG - aws sts assume-role --role-arn <ROLE_ARN> --role-session-name assumeRoleSession --output json > assumed-role-output.json #to get into EKS cluster - export AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' assumed-role-output.json) - export AWS_SECRET_ACCESS_KEY=$(jq -r '.Credentials.SecretAccessKey' assumed-role-output.json) - export AWS_SESSION_TOKEN=$(jq -r '.Credentials.SessionToken' assumed-role-output.json) - aws eks update-kubeconfig --region ap-south-1 --name <CLUSTER_NAME> - sleep 150 - export NEW_SERVICE_NAME=$(echo "SERVICE_NAME" | tr '[:upper:]' '[:lower:]') - | if [ "$FLAG_CONTENT" = "cycle-A" ]; then export NAMESPACE=$(kubectl get deploy -A | awk '$2 == "'"$NEW_SERVICE_NAME"'-a"' | awk '{print $1}') else export NAMESPACE=$(kubectl get deploy -A | awk '$2 == "'"$NEW_SERVICE_NAME"'-b"' | awk '{print $1}') fi - | if [ "$FLAG_CONTENT" = "cycle-A" ]; then export DEPLOYED_COMMITHASH=$(kubectl -n $NAMESPACE get deployment $NEW_SERVICE_NAME-a -o jsonpath="{..image}"|cut -d'/' -f2|cut -d':' -f2|cut -d'-' -f3) else export DEPLOYED_COMMITHASH=$(kubectl -n $NAMESPACE get deployment $NEW_SERVICE_NAME-b -o jsonpath="{..image}"|cut -d'/' -f2|cut -d':' -f2|cut -d'-' -f3) fi - | if [ "$DEPLOYED_COMMITHASH" = "$COMMIT_HASH" ] || [ "$DEPLOYED_COMMITHASH" = "$SHA_DIGEST_ID" ]; then echo "Built image is been synced with deployment" else echo "Built image is not synced with deployment" aws ses send-email --from "devops-notification.in" --destination "ToAddresses=notification-cicd.com" --message "Subject={Data='SERVICE_NAME-Pipeline has FAILED',Charset=utf8},Body={Text={Data='Built image is not synced with deployment',Charset=utf8}}" exit 1 fi - sleep 30 - | if [ "$FLAG_CONTENT" = "cycle-A" ]; then timeout 5m kubectl -n $NAMESPACE rollout status deployment $NEW_SERVICE_NAME-a || echo "Rollout status check took more than 5 minutes." else timeout 5m kubectl -n $NAMESPACE rollout status deployment $NEW_SERVICE_NAME-b || echo "Rollout status check took more than 5 minutes." fi - if [ $? -eq 0 ]; then echo "Application is deployed."; else echo "Application is not deployed."; fi - sleep 30 - | if [ "$FLAG_CONTENT" = "cycle-A" ]; then kubectl get po -n $NAMESPACE | grep $NEW_SERVICE_NAME-a-* | awk '{print $3}' > pod_status.txt else kubectl get po -n $NAMESPACE | grep $NEW_SERVICE_NAME-b-* | awk '{print $3}' > pod_status.txt fi - ls -l | grep pod_status.txt - cat pod_status.txt - | if [ ! -s "pod_status.txt" ]; then echo "Pods are not deployed, halting the build." aws ses send-email --from "ToAddresses=notification-cicd.com" --destination "ToAddresses=notification-cicd.com" --message "Subject={Data='<SERVICE_NAME>-Pipeline has FAILED',Charset=utf8},Body={Text={Data='Pods are not deployed',Charset=utf8}}" exit 1 fi - | if grep -q -v "Running" pod_status.txt; then echo "Pod is not in Running state, halting the build." aws ses send-email --from "ToAddresses=notification-cicd.com" --destination "ToAddresses=notification-cicd.com" --message "Subject={Data='<SERVICE_NAME>-Pipeline has FAILED',Charset=utf8},Body={Text={Data='Pods are not in Running state',Charset=utf8}}" exit 1 else echo "Pods are in Running state" fi |
Explanation of Amazon SES Command: The aws ses send-email command allows developers to programmatically send emails through Amazon SES. Here’s a detailed explanation of its components:
- –from: Specifies the sender’s email address.
- –destination: Specifies the recipient’s email address.
- –message: Specifies the email subject and body. This includes specifying the subject with Subject={Data=’SubjectText’,Charset=utf8} and the body with Body={Text={Data=’BodyText’,Charset=utf8}}.
Conclusion
By leveraging Amazon SES for custom email notifications in AWS CodeBuild, developers can enhance visibility and communication within their CI/CD pipelines. Whether it’s notifying stakeholders about build successes, failures, or other critical events, Amazon SES provides a reliable and scalable solution. With proper configuration and integration, teams can ensure timely responses to build events, fostering collaboration and efficiency in software development workflows.
Drop a query if you have any questions regarding Amazon SES and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, and many more.
To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.
FAQs
1. Why should I use Amazon SES for email notifications in AWS CodeBuild?
ANS: – Amazon SES provides a reliable and scalable email infrastructure, ensuring important notifications reach stakeholders promptly and reliably.
2. What are the key benefits of using custom email notifications in AWS CodeBuild?
ANS: – Custom email notifications allow tailored communication, enabling teams to receive relevant information about building successes, failures, and other critical events. This enhances visibility and facilitates timely responses to build events.
3. How can I ensure proper configuration for sending emails through Amazon SES in AWS CodeBuild?
ANS: – To ensure proper configuration, developers should ensure that the AWS IAM role assigned to AWS CodeBuild has the necessary permissions to interact with Amazon SES. Additionally, they should verify email addresses if operating in Amazon SES sandbox mode and securely manage sensitive information to prevent unauthorized access.
WRITTEN BY Deepak S
Deepak S works as a Research Intern at CloudThat. His expertise lies in AWS's services. Deepak is good at haunting new technologies and automobile enthusiasts.
PREV
Comments