CI/CD

Question 1

What is continuous integration?

Answer 1

• Developer pushes code to an online repository
• A testing / build server checks the code as soon as its pushed
• The developer gets feedback about tests / build (pass/fail)

Question 2

What are the benefits of continuous integration?

Answer 2

• Find and fix bugs early
• Deliver faster Deploy often
• Happier developers

Question 3

What is continuous delivery?

Answer 3

• Ensures that the software can be released reliably whenever needed
• Ensures deployments happen often and are quick
• Usually means auto deployment (CodeDeploy / Jenkins)

Question 4

At a high level, what are the 5 steps for CICD on AWS?

Answer 4

1. Write and Push Code (CodeCommit)
2. Build Code (AWS Code build)
3. Test Code (AWS Code Build)
4. Deploy Code (AWS CodeDeploy)
5. Provision

Question 5

What is AWS CodeCommit?

Answer 5

Version control system (think Git)

Question 6

What are the benefits of a version control system (AWS CodeCommit, Github)?

Answer 6

• Easily collaborate with other developers
• Provides code backup
• code is viewable and auditable

Question 7

What are the characteristics of AWS CodeCommit?

Answer 7

• private Git repos
• No size limits on repositories
• Fully managed
• Highly available
• Code only in AWS Cloud = increased security and compliance
• Secure
• Can be integrated in with other CI tools like CodeBuild or Jenkins

Question 8

What are the 2 ways to authenticate using CodeCommit?

Answer 8

• SSH Keys
• HTTPS
• MFA (Multi Factor Authentication) can be enables for extra safety

Question 9

How should authorization be handled with CodeCommit?

Answer 9

IAM Policies should be used to manage user / roles rights to repos

Question 10

How is encryption implemented on AWS Code Commit?

Answer 10

• Repos are automatically encrypted at rest using KMS
• Encrypted in transit (can only use HTTPs or SSH - both secure)

Question 11

How are CodeCommit and Github different?

Answer 11

• Security: CodeCommit uses AWS IAM users and roles
• Hosted: managed and hosted by AWS
• UI: CodeCommit UI is minimal copared to Github where UI is fully featured

Question 12

What AWS services can be used to provide notifications for CodeCommit?

Answer 12

• Lambda functions
• AWS SNS
• AWS CloudWatch Event Rules

Question 13

Describe use cases for using AWS SNS / AWS Lambda notifications for AWS CodeCommit.

Answer 13

• Deletion of branches
• Trigger for pushes that happens in the master branch
• Notify external build system
• Trigger AWS Lambda function to perform codebase analysis (i.e make sure creds did not get commited to code).

Question 14

Descibe use case(s) to use CloudWatch Event Rules for CodeCommit notifications.

Answer 14

• Trigger for pull request updates
• Commit COMMENT events
• CloudWatch Event Rules goes into a SNS topic

Question 15

What is AWS CodePipeline?

Answer 15

• AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.
• Automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define.

Question 16

What are AWS CodePipeline Artifacts?

Answer 16

Each stage in the pipeline can create “artifacts” that are stored into and retieved from an S3 bucket

Question 17

Where do CodePipeline state changes happen?

Answer 17

• In AWS CloudWatch events.
• These events can create SNS notifications (i.e if pipeline fails)

Question 18

What happens if codePipeline fails? Where can you see information about the job?

Answer 18

If CodePipeline fails, the pipeline will stop and you can get information in the console.

Question 19

If CodePipeline can not perform an action, what should you check?

Answer 19

Check to make sure that the IAM Service Role attached has the correct permissions (IAM Policy)

Question 20

What service can be used to audit AWS API calls?

Answer 20

AWS CloudTrail

Question 21

What is AWS CodeBuild?

Answer 21

• AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
• AWS alternative to Jenkins
• Provides continous scaling (no need to provision or manage servers)

Question 22

In AWS CodeBuild, in what file are build instructions defined and where should this file be located?

Answer 22

Build instructions are defined in the buildspec.yml file which should be located in the root of the project.

Question 23

What is the end product of the CodeBuild Process?

Answer 23

Artifacts - get uploaded to S3 and are encryted with KMS.

Question 24

What are the four phases (specific commands to run) for AWS CodeBuild?

Answer 24

1. Install: Install the dependencies needed for the build
2. Pre-Build: Final commands to execute before the build
3. Build: actual build commands
4. Post-Build: finishing touches (i.e. zip folder to deploy)

Question 25

If using the AWS codePipeline, where would you secure secrets?

Answer 25

Secrets can be secured and referenced in the buildspec.yml file which is used in the CodeBuild stage.

Question 26

What is caching in AWS CodeBuild?

Answer 26

• Helps save time for project builds
• Stores reusable pieces of your build environment and uses them across multiple builds.
• Your build project can use one of two types of caching:
  
  • Amazon S3 or local.
• If you use a local cache, you must choose one or more of three cache modes:
  
  • source cache,
  • Docker layer cache, and
  • custom cache.

Question 27

Why would you choose to run CodeBuild on a local machine, and what does it require to do that?

Answer 27

• Running CodeBuild locally provides opportunity for deeper troubleshooting.
• Must have docker installed
• Leverages the CodeBuild Agent.

Question 28

Can CodeBuild access resources that are inside a VPC?

Answer 28

• Not by default.
• By default CodeBuild containers are launched outside of your VPC, but you can specify a VPC configuration that would allow your build to access resources inside the VPC

Question 29

Why would you want CodeBuild to access resources that are inside a VPC?

Answer 29

• integration tests
• data query
• internal load balancers

Question 30

What AWS Service is required to be running on host machines (i.e EC2 instances) in order for CodeBuild to work?

Answer 30

• CodeDeploy Agent
• This agent is continuosly polling AWS CodeDeploy for work to do
• CodeDeploy sends an appspec.yml file with instructions on how to deploy code

Question 31

Will CodeDeploy provision resources needed for deployment?

Answer 31

No. Assumes that the EC2 instances already exist

Question 32

What are the AWS CodeDeploy primary components (9)?

Answer 32

• Application
• Compute Platform
• Deployment Configuration
• Deployment Group
• Deployment Type
• IAM Instance Profile
• Application Revision
• Service Role
• Target Revision

Question 33

What are the 2 main sections of an appspec.yml file?

Answer 33

File section: how to source and copy from S3 / Github to filesystem

Hooks: set of instruction to deploy the new version

Question 34

What is the order of hooks in the appspec.yml file?

Answer 34

1. ApplicationStop
2. DownloadBundle
3. BeforeInstall
4. AfterInstall
5. ApplicationStart
6. ValidateService - how do we make sure the app is working - similar to a health check
7. BeforeAllowTraffic
8. AllowTraffic
9. AfterAllowTraffic

Question 35

For CodeBuild, what are the deployment targets?

Answer 35

• Set of EC2 instances with tags or
• Directly to an Auto Scaling Group (ASG)

Question 36

What are rollbacks in CodeDeploy?

Answer 36

• When you want/need to revert back to a previous version after a newer version has been deployed. This is usually because the new deployment version failed.
• Can be automated
• If a rollback happens, CodeDeploy redeploys the last known good revision as a new deployment.

Question 37

What is CodeStar?

Answer 37

• Helps quickly create a CICD rast project for EC2, Lambda, Beanstalk
• Like a one-stopshop for all CodePipleine abilities/stages plus the pipeline itself
• One dashboard to view all components
• Free service - pay for underlying services

Question 38

What is the appspec.yml file?

Answer 38

The application specification file (AppSpec file) is a YAML-formatted or JSON-formatted file used by CodeDeploy to manage a deployment.

Question 39

Are there size limits to CodeCommit repositories?

Answer 39

No

Question 40

In CodeBuild, what are the 3 modes of local cache, and how many do you need if caching localy?

Answer 40

You need one or more of the following:

1. Source cache
2. Docker layer cache
3. Custom cache

Question 41

What is the difference between buildspec.yml and appspec.yml?

Answer 41

• buildspect.yml controls the build process
• appspec.yml controls/directs the deployment