Taking Continuous Delivery to the Next Level: GitLab CI/CD + AWS

Introducing GitLab with AWS: how to build your Continuous Delivery from scratch.

A system that, for every project on GitLab, sets up automatically a continuous delivery pipeline for you.

Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics.

Why “stage”? Well, since we need custom subdomains, we have to map a wildcard domain name to our CloudFront distribution; it’s better to circumscribe this behavior, and leave free the first level subdomain.

Creating the S3 Bucket
"Version": "2012-10-17",
"Statement": [
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::stage.yourdomain.com/*"


AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

GitLab CI/CD

GitLab offers a continuous integration service. If you add a .gitlab-ci.yml file to the root directory of your repository, and configure your GitLab project to use a Runner, then each commit or push triggers your CI pipeline.

In order to avoid configuring every future project, you can put the keys in a group, so that all projects inside it can have access to them.

S3_BUCKET: "stage.yourdomain.com"
BUILD_COMMAND: "npm run build"
DIST_DIR: "./dist"
- build
- deploy
stage: build
image: debian:latest
stage: deploy
image: python:latest
aws s3 sync ${DIST_DIR} s3://${S3_BUCKET}/${CI_PROJECT_NAME}/${CI_COMMIT_REF_NAME} --delete

Route 53

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service.

Certificate Manager

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.


Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment

A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a “*” as the leftmost label (part) of a domain name, e.g. *.example.com.


Lambda@Edge runs your code in response to events generated by the Amazon CloudFront content delivery network (CDN). Just upload your code to AWS Lambda, which takes care of everything required to run and scale your code with high availability at an AWS location closest to your end user.

GitLab Environments

GitLab CI/CD is capable of not only testing or building your projects, but also deploying them in your infrastructure, with the added benefit of giving you a way to track your deployments. In other words, you can always know what is currently being deployed or has been deployed on your servers.

With Environments you have full control of your project delivery.

<<: *deploy
- master
<<: *deploy
- branches
- tags
- master
url: https://${CI_PROJECT_NAME}.${S3_BUCKET}
on_stop: clean
aws s3 rm s3://${S3_BUCKET}/${CI_PROJECT_NAME}/${CI_COMMIT_REF_NAME} --recursive
aws cloudfront create-invalidation --distribution-id ${DISTRIBUTION_ID} --paths "/*"




Creative Technologist

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store