Development environment - AWS Prescriptive Guidance
AccessBuild stepsDeployment stepsExpectations before moving to the testing environment

Development environment

The development environment is where developers integrate their code together to ensure it all works as one cohesive application. In Gitflow, the development environment contains the latest features included by merge request and are ready for release. In GitHub Flow and Trunk strategies, the development environment is considered to be a testing environment, and the code base might be unstable and unsuitable for deployment to production.

Access

Assign permissions according to the principle of least privilege. Least privilege is the security best practice of granting the minimum permissions required to perform a task. Developers should have less access to the development environment than they have to the sandbox environment.

Build steps

Creating a merge request to the develop branch (Gitflow) or the main branch (Trunk or GitHub Flow) automatically starts the build.

  1. Use git-secrets (GitHub) to scan for sensitive information

  2. Lint the source code

  3. Build and compile the source code, if applicable

  4. Perform unit testing

  5. Perform code coverage analysis

  6. Perform static code analysis

  7. Build IaC

  8. Perform IaC security analysis

  9. Extract open source licenses

Deployment steps

If you're using the Gitflow model, the deployment steps automatically initiate when a develop branch is successfully built in the development environment. If you're using the GitHub Flow model or Trunk model, then the deployment steps automatically initiate when a merge request is created against the main branch. The following are the deployment steps in the development environment:

  1. Download the published artifacts from the build steps

  2. Perform database versioning

  3. Perform IaC deployment

  4. Perform integration tests

Expectations before moving to the testing environment

  • Successful build and deployment of the develop branch (Gitflow) or the main branch (Trunk or GitHub Flow) in the development environment

  • Unit testing passes at 100%

  • Successful IaC build

  • Deployment artifacts were successfully created

  • A developer has performed a manual verification to confirm that the feature is functioning as expected