AWS CodeDeploy Deep Dive: The Good, The Bad, and The Ugly
AWS CodeDeploy is Amazon’s native deployment automation tool, designed to support EC2, Lambda, and ECS. It promises zero-downtime blue-green deployments, seamless AWS integrations, and hooks for pre- and post-deployment tasks.
But in reality, AWS CodeDeploy suffers from poor Terraform compatibility, unpredictable behavior with target groups, and a tendency to land itself in inconsistent states that can break deployments entirely. If you’ve tried to integrate it into an Infrastructure as Code workflow, you’ve probably run into issues that make you question why you’re using it at all.
The Good: Deep AWS Integration and Lifecycle Hooks
Where AWS CodeDeploy does shine is in its tight AWS integration. If your entire infrastructure is on AWS, it can simplify deployments by leveraging IAM, S3, and EC2 features. Blue-green and rolling deployments work well when paired with AWS Load Balancers, reducing downtime.
One unique advantage of AWS CodeDeploy is its lifecycle hooks, which allow you to execute scripts before, during, and after deployments. If you need to run database migrations before deploying code, AWS CodeDeploy provides a built-in mechanism to ensure they complete successfully before the new application version goes live.
For those using GitHub Actions, an alternative to AWS CodeDeploy lifecycle hooks is running pre-deployment tasks with ECS. The Amazon ECS Run Task Action allows you to execute a one-time task (e.g., a database migration) before deploying your application. With wait-for-finish: true, your pipeline ensures that the task completes before moving forward, just like AWS CodeDeploy.
The Bad: Terraform Struggles and Target Group Chaos
The biggest pain point with AWS CodeDeploy is its incompatibility with Terraform-managed infrastructure. AWS CodeDeploy switches target groups on its own, leading to state conflicts. If you use Terraform, you expect it to enforce infrastructure consistency—but AWS CodeDeploy can override Terraform changes, causing a frustrating battle between your deployment and infrastructure state.
Users have reported situations where Terraform applies a change, only for AWS CodeDeploy to roll it back or modify resources unpredictably. This can result in a deployment pipeline that requires manual intervention, defeating the purpose of automation in the first place.
The Ugly: AWS CodeDeploy Can Break Itself—Permanently
One of the worst issues with AWS CodeDeploy is that it can put itself in a state where it will never deploy again.
A common failure scenario is when AWS CodeDeploy ends up with a broken target group association, leading to the error:
“Primary taskset target group must be behind listener”
At this point, your deployment is dead. You can’t manually fix it through the AWS console, and you can’t just rerun your deployment to recover. The only way to resolve it is to completely redeploy your Terraform code, which is a disaster for teams that rely on continuous deployment.
This makes AWS CodeDeploy a serious liability in production environments. A deployment tool should not lock itself into an unrecoverable state, yet this is something AWS CodeDeploy does frequently enough to be a known issue.
The DevOps Community Is Moving Away from AWS CodeDeploy
AWS CodeDeploy has frustrated many DevOps professionals, as seen in recent discussions. Common complaints include:
- “I find the whole suite awful. I’ve only ever met one engineer that likes it.”
- “Terraform and ECS can do the same thing better.”
- “It’s unnecessarily complex for something that should be simple.”
For many, GitHub Actions, GitLab CI/CD, ArgoCD, or even CloudFormation updates are better alternatives that avoid the inconsistent states and Terraform conflicts of AWS CodeDeploy.
Final Verdict: Is AWS CodeDeploy Worth It?
If you need deep AWS integration, blue-green deployments, and lifecycle hooks for running migrations, AWS CodeDeploy might be a reasonable choice. But if predictability, Terraform support, and ease of use are priorities, there are far better options available.
For teams that aren’t locked into AWS CodePipeline, using GitHub Actions + ECS Run Task provides similar functionality without the headaches. AWS CodeDeploy can work—but only if you’re prepared to deal with its quirks.
