AWS CI/CD Flashcards
1
Q
AWS CodeCommit
A
- code repository
- automatically encrypted with KMS
- IAM roles for access
- STS (assume role api) to share
2
Q
AWS CodePipeline
A
- orchestrates all of the ci/cd pipeline
- visual workflow tool to define source, build, test, deploy in stages
- artifacts stored in s3 buckets to be passed onto next stage to be shared
- requires a service (IAM) role to talk to S3 and other services
- use cloudwatch to trigger pipeline events
- stages comprised of action groups
- action - name, provider, etc.
- i.e. set manual approval rule
- action - name, provider, etc.
3
Q
AWS CodeBuild
A
- CI server for build and test
- buildspec.yml at root of source contains build instructions
- env vars - plaintext, SSM parameter store, AWS secrets manager
- phases - install, pre_build, build, post_build
- artifacts - auto encrypted with KMS
- cache - which files to cach in s3
- build projects can be defined within codepipeline or codebuild
- can cache in S3 files used between builds
- store logs in s3 & cloudwatch
- by default codebuild containers run outside your VPC but you can change that
-alternative to jenkins
- buildspec.yml at root of source contains build instructions
- can be used to run any of your own custom commands (like copy files to s3)
4
Q
AWS CodeDeploy
A
- deploys to EC2, ECS, etc
- can use beanstalk as alternative to codedeploy
- these instances are NOT managed by beanstalk
- on prem servers MUST be running the code deploy agent
- app + appspec.yml is pulled from github or s3 then ec2 instances will run instructions in appspec
- one at a time, half at a time, all at once (deploy configs)
- deployment groups are specified using tags
- use hooks to verify the deployment after each deployment phase
- rollbacks
- automatic when cloudwatch alarm threshold met or manual
- if rollback happens, codedeploy redeploys the last known good revision as a NEW DEPLOYMENT (not restored version)
