CICD

Question 1

What is the basic flow of CI?

Answer 1

• Devs push code to repo often
• A testing / build server checks the code as soon as it’s pushed (CodeBuild, Jenkins CI …)
• Dev gets feedback about the tests and checks that have passed / failed

Question 2

What is the basic flow of CD?

Answer 2

• Devs push code and CI flow takes place
• Deployment server deploys every passed build
  Automated deployment (e.g., CodeDeploy, Jenkins CD…)

Question 3

What are the benefits of using CodeCommit?

Answer 3

Git repositories can be expensive - with CodeCommit:
- Private Git repos within your VPC
- No size limit on repos
- Fully managed, highly available
- Code is only in the AWS Cloud (increased security and compliance)
- Integrated with CI tools such as Jenkins, CodeBuild

Question 4

What security does CodeCommit wrt. Authentication?

Answer 4

• Configure SSH keys in IAM Console
• HTTPS with AWS CLI Credential helper or Git Credentials for IAM user

Question 5

What security does CodeCommit wrt. Authorization?

Answer 5

IAM policies manage users/roles permissions to repos

Question 6

What security does CodeCommit wrt. Encryption?

Answer 6

Repos are automatically encrypted at rest using AWS KMS

Question 7

How would you provide cross-account access to a CodeCommit repo?

Answer 7

Use an IAM Role in your AWS account and use AWS STS (AssumeRole API)

Question 8

What are CodePipeline Artifacts?

Answer 8

Each stage of the pipeline can create artifacts
- These artifacts are stored in an S3 bucket and passed on to the next stage

Question 9

How would you configure a pipeline to require a manual check and then deploy to production after the dev. deployment has succeeded?

Answer 9

Add a stage to the Pipeline, and within that stage and an Action Group for Manual Approval, followed by an Action Group for deploying to production env.

Question 10

What is the name of the file that contains the build instructions for CodeBuild?

Answer 10

buildspec.yml - should be at root of code

Question 11

Where is CodeBuild normally launched in relation to your VPC, and what a the result of this?

Answer 11

Outside the VPC - CodeBuild cannot access resources in the VPC (AWS resources)

Question 12

How can you allow CodeBuild to access AWS resources? What is a use case of this?

Answer 12

Launch CodeBuild within the VPC by specifying the configuration (VPC ID, Subnet IDs, Security Group IDs)
- Used for integration tests, data querying, access internal load balancers etc.

Question 13

How do you enable CodeDeploy on your EC2 instance/on-premises server?

Answer 13

Any server that wants to run CodeDeploy must be running the CodeDeploy Agent

Question 14

What file do you use to instruct CodeDeploy?

Answer 14

appspec.yml

Question 15

Where should the source code and appspec.yml file be stored?

Answer 15

S3 or GitHub

Question 16

What is the Application Revision?

Answer 16

The combination of the application code and the appspec.yml file.

Question 17

What is CodeArtifact, and why would you use it?

Answer 17

Cloud based dependency management system - allows you to store your dependencies (artifacts) within your VPC (to be accessed later)
- Can store public and private artifacts in the VPC, preventing them from being lost.
- Allows CodeBuild to access artifacts from the VPC.

Question 18

What are the two functionalities of CodeGuru?

Answer 18

Reviewer - automated code reviews for static code analysis
Profiler - visibility/recommendations about application performance during runtime

Question 19

You’re using CodeBuild to build your application as part of the CICD process. The build process takes a long time, so you investigated this and found that 15 minutes at each build is spent on pulling dependencies from remote repositories. What should you do to drastically speed up the build process?

Answer 19

Modify the buildspec.yml to enable Dependencies Caching in S3

Question 20

Which Lifecycle Event hook should be used in the appspec.yml file to ensure the application is properly running after being deployed?

Answer 20

ValidateService