The discipline of building, packaging, testing, and deploying software reliably and repeatably at scale.

Understand the boundaries and overlaps between these three closely related disciplines.

Source → Build → Test → Package → Release → Deploy → Operate end-to-end flow.

Deployment frequency, lead time for changes, change failure rate, and MTTR as delivery KPIs.

Gitflow, trunk-based development, and ship/show/ask choosing the right strategy.

MAJOR.MINOR.PATCH versioning, pre-release tags, and automated version bumping.

Annotated tags, GitHub/GitLab releases, and automating release notes from commit history.

Trade-offs between monorepo (Turborepo, Nx) and polyrepo strategies for large codebases.

Compiled binaries, Docker images, ZIP packages, Helm charts anything produced by a build.

Push, pull, and lifecycle-manage container images in AWS Elastic Container Registry.

Host and proxy npm, PyPI, Maven, and NuGet packages privately inside AWS.

Build once, promote across environments never rebuild an artifact between dev and prod.

Sign container images with AWS Signer or Cosign to verify supply chain integrity.

The pipeline stages: source, build, test, lint, package, deploy, verify, and release.

Define pipelines declaratively in YAML version-controlled, reviewable, and reproducible.

Cache dependencies and parallelise test stages to keep pipeline feedback loops under 10 minutes.

Track pipeline duration, failure rate, and flakiness treat pipelines as production systems.

on triggers, jobs, steps, uses, run, needs, and matrix strategy full workflow anatomy.

Share pipeline logic across repositories with reusable workflows and custom actions.

Gate deployments with required reviewers, wait timers, and environment-specific secrets.

Assume IAM roles from GitHub Actions using OIDC no long-lived AWS credentials stored as secrets.

Run GitHub Actions jobs on EC2 or ECS for private VPC access, custom tooling, or cost savings.

Stages, actions, transitions, manual approvals, and cross-account pipeline patterns.

Buildspec.yml, environment variables, build reports, caching, and VPC integration.

In-place, blue/green, and canary deployments for EC2, Lambda, and ECS with automatic rollback.

Managed Git repositories on AWS triggers, approval rule templates, and cross-region replication.

Gradually replace old instances with new ones simple but requires backward compatibility.

Run two identical environments and switch traffic instantly fast rollback with zero downtime.

Route a small percentage of traffic to the new version and expand gradually based on metrics.

Decouple deployment from release using AWS AppConfig or LaunchDarkly to control feature exposure.

Mirror production traffic to a new version without serving responses validate behaviour safely.

Unit → integration → contract → E2E fast feedback at the bottom, confidence at the top.

Validate API contracts between services using Pact to catch breaking changes before deployment.

Run k6 or Gatling load tests as a pipeline stage to catch performance regressions early.

Automated smoke tests and synthetic checks that run immediately after every deployment.

Scan source code for vulnerabilities with Semgrep, SonarQube, or Bandit in CI.

Detect vulnerable third-party packages with Dependabot, Snyk, or OWASP Dependency-Check.

Scan Docker images for CVEs with Amazon Inspector or Trivy as a pipeline gate.

Block credentials from entering Git with gitleaks, detect-secrets, or GitHub secret scanning.

Run OWASP ZAP or Burp Suite in CI to test running applications for security vulnerabilities.

Providers, resources, data sources, variables, locals, and outputs the IaC building blocks.

init, validate, fmt, plan, apply, destroy and reading plan output safely.

Local vs remote state, S3 + DynamoDB backend, state locking, and state file security.

Write reusable modules, use the Terraform Registry, and version module references.

Use workspaces or directory-based isolation to manage dev/staging/prod environments.

Automate plan/apply in GitHub Actions or AWS CodePipeline with approval gates.

DRY Terraform configurations across multiple environments with Terragrunt wrappers.

Enforce compliance rules on Terraform plans using HashiCorp Sentinel or Open Policy Agent.

Unit and integration test Terraform modules with terraform test, Terratest, or tftest.

Detect and reconcile infrastructure drift with terraform plan in CI and AWS Config rules.

Stacks, templates (YAML/JSON), parameters, outputs, mappings, and conditions.

Preview changes with change sets, detect drift, and use stack policies to prevent overwrites.

Compose complex architectures with nested stacks and deploy across accounts with StackSets.

Define infrastructure with TypeScript or Python using CDK constructs, stacks, and pipelines.

Self-mutating pipelines with CDK Pipelines that deploy infrastructure and application changes together.

Inventories, playbooks, tasks, handlers, variables, and the Ansible execution model.

Structure playbooks with roles and reuse community-maintained roles from Ansible Galaxy.

Provision EC2, S3, RDS, and VPC resources using the amazon.aws Ansible collection.

Write tasks that are safe to re-run; use block/rescue/always for graceful error handling.

Layer ordering, .dockerignore, non-root users, COPY vs ADD, and CMD vs ENTRYPOINT.

Separate build and runtime stages to produce minimal, secure production images.

Concurrent builds, cache mounts, secret mounts, and multi-platform image builds.

Automatically expire untagged or old images to control storage costs and registry hygiene.

Chart.yaml, values.yaml, templates, _helpers.tpl, and the chart dependency model.

Go template syntax, named templates, conditionals, loops, and values overrides.

Run pre/post-install jobs and validate releases with helm test commands.

Push and pull Helm charts as OCI artefacts to Amazon ECR.

Declaratively manage multiple Helm releases across environments with Helmfile.

Declarative, versioned, pulled automatically, and continuously reconciled the four OpenGitOps principles.

CI pushes to clusters vs GitOps agents pull from Git security and scalability implications.

App-of-apps, environment folders, and monorepo vs per-env repo strategies for GitOps.

Never store plaintext secrets in Git use Sealed Secrets, External Secrets Operator, or SOPS.

Application, AppProject, repo server, application controller, and the sync loop.

Dynamically generate ArgoCD Applications for multiple clusters or environments with ApplicationSets.

Automated sync, self-heal, prune, and resource ordering with sync waves and phases.

Integrate with AWS IAM Identity Center or OIDC providers for SSO and fine-grained RBAC.

Automatically update container image tags in Git when a new image is pushed to ECR.

Source, Kustomize, Helm, and Notification controllers the Flux GitOps toolkit components.

Manage Helm releases declaratively with HelmRelease and HelmRepository CRDs.

Scan ECR for new image tags and open automated Git PRs with Flux image automation controllers.

Manual approval gates, automated promotion on green tests, and rollback-on-failure policies.

Integrate deployment pipelines with Jira, ServiceNow, or AWS Service Catalog for change tracking.

Scheduled, predictable release cadences that batch changes for coordinated deployment.

Chain CodePipeline stages across accounts and regions with cross-account IAM roles.

Trigger Lambda functions from ECR pushes, CloudTrail events, S3 uploads, or CodePipeline stages.

Automate EC2 start/stop, AMI rotation, certificate checks, and compliance remediation with Lambda.

Orchestrate multi-step release workflows canary validation, approval gates, and rollback logic.

Build SSM Automation runbooks for patch management, instance remediation, and AMI baking.

Annotate Grafana and CloudWatch dashboards with deployment events to correlate changes with metrics.

Configure CodeDeploy or ArgoCD to automatically rollback when error rate or latency SLOs breach.

Run synthetic tests post-deployment to validate that new releases serve real user traffic correctly.

Track deployment frequency, lead time, and change failure rate with DORA dashboards.

Separate tooling, staging, and production accounts cross-account role assumption in pipelines.

Replicate artefacts to target regions via ECR replication and S3 CRR before deploying.

Provision new AWS accounts with pre-configured pipelines using Account Factory for Terraform (AFT).

Register multiple EKS clusters in ArgoCD and manage fleet deployments with ApplicationSets.

Every API call in CodePipeline, CodeBuild, and CodeDeploy is logged in CloudTrail for compliance.

Run Config conformance packs as a pipeline stage to block non-compliant infrastructure changes.

Generate SBOMs with Syft or Amazon Inspector and attach them to every container release.

Integrate automated change records into ITSM tools for regulated industry compliance.

Right-size build environments, use Lambda compute for small jobs, and cache aggressively.

Run GitHub Actions self-hosted runners or Jenkins agents on EC2 Spot for up to 70% savings.

Track and reduce average pipeline duration, queue time, and wasted build minutes per month.

Implement lifecycle policies to expire old images and reduce ECR storage costs automatically.

Build standardised, opinionated pipeline templates that product teams adopt as golden paths.

Enable teams to onboard new services via scaffolding tools (Cookiecutter, Backstage Software Templates).

Treat internal CI/CD platforms as products with SLOs, feedback loops, and an internal roadmap.

Enforce deployment freezes during peak periods with automated pipeline gates and calendar integrations.

Canary and blue/green rollouts with automated analysis using Argo Rollouts and Prometheus metrics.

Isolate teams with ArgoCD Projects, AppProject RBAC, and namespace-scoped Applications.

Enforce image registry allowlists, label requirements, and security policies at admission time.

Provision AWS resources (RDS, S3, IAM) from Kubernetes manifests using Crossplane XRDs.