24. CICD Flashcards
Where do you define the CodeBuild build instructions in code?
buildspec.yml file at root of code
Where in the AWS CICD pipeline can builds be defined?
CodePipeline and CodeBuild
True or False: CodeDeploy provisions resources.
False.
CodeDeploy does not provision resources. it assumes EC2 instances are already provisioned.
What are the steps to making CodeDeploy work?
- each EC2 machine (or on-prem machine) must be running the CodeDeploy Agent
- CodeDeploy sends the appspec.yml file
- CodeDeploy Agent will report of success/failure of deployment on instance
What is a CodeDeploy Hook?
Hooks are a set of instructions to deploy the new version (hooks can have timeouts)
What does CodeDeploy do if a rollback happens?
CodeDeploy redeploys the last known good revision as a new deployment. New deployments will first be deployed to “failed state” instances.
What are the ways you can authenticate in Git?
- SSH Keys: can be configured in IAM Console
- HTTPS: done through AWS CLI Authentication
- Git credentials
Helper or generating HTTPS credentials
- MFA can be enabled for extra safety
What is CodeCommit?
A central online repository (AWS version of GitHub)
- private Git repos
- no size limit (scale seamlessly)
- ability to code only in AWS Cloud account = increase security and compliance
What are the ways in which you can trigger CodeCommit notifications?
- AWS SNS
- AWS Lambda
- AWS CloudWatch Event Rules
What are the CodeCommit use cases for notifications in SNS or AWS Lambda?
- deletion of branches
- trigger for pushes that happen in master branch
- notify external build system
- trigger AWS Lambda function to perform codebase analysis (maybe credentials got committed in the code)
What are the CodeCommit use cases for CloudWatch Event Rules?
- trigger for pull request updates (created / updated / deleted / commented)
- commit comment events
- CloudWatch Event Rules goes into SNS topic
What is CodePipeline?
a visual workflow orchestration service for continuous delivery made of stages
- each stage can have sequential actions and/or parallel actions
- stage examples: Build, Test, Deploy, Load Test, etc
- manual approval can be defined at any stage
Where do CodePipeline state changes happen?
AWS CloudWatch Events which can create SNS notifications
- you can create CloudWatch events for failed pipelines or cancelled stages (which can in turn create SNS notifications)
What happens if your CodePipeline fails a stage?
your pipeline stops and you can get information in the console
What should you check first if CodePipeline can’t perform an action?
make sure the “IAM Service Role” attached has enough permissions (IAM Policy)
