CICD Flashcards
What 2 ways can you authenticate in Git using CodeCommit?
- SSH keys: AWS users can configure ssh keys in the IAM console
- HTTPS: Done through the AWS CLI Authentication Helper or Generating HTTPS credentials.
How do you Authorize users to interact with your code in Git using CodeCommit?
- IAM Policies manage users/roles rights to repos.
How are CodeCommit repos encrypted?
- Encrypted at REST using KMS
- Encrypted in transit using SSH or HTTPS
How do you provide Cross Account access to your CodeCommit repos?
Use IAM role in your AWS account and use AWS STS with AssumedRole API.
What 3 services does CodeCommit integrate with for notifications?
- SNS
- Lambda
- CloudWatch Event Rules
What type of events would you use SNS/Lambda notification integration for in CodeCommit?
Branch events or action in the master branch
What type of events would you use Cloudwatch Event Rules notification integration for in CodeCommit?
PR or commit comments
What is Code Pipeline?
It is an orchestration tool to visualize your workflow from source, build, test and deployment
What is a CodePipeline Artifact?
It is a file that is passed from one stage in the workflow to the next, stored in S3.
What happens when CodePipeline state changes?
A Cloudwatch Event is triggered, which can create SNS notifications.
What happens if CodePipeline fails a stage?
The pipeline stops and more information is available in the console.
What could be the cause of CodePipeline being unable to perform an action?
The IAM Service Role assigned to the Pipeline does not have the correct permissions.
How do you define build instructions for CodeBuild?
In a file called buildspec.yml at the root of the code
How do you define secret variables in the buildspec.yml file?
Use SSM Parameter Store
What are the 4 phases covered in the buildspec.yml file?
- Install
- PreBuild
- Build
- Post Build
How can you improve CodeBuild buildspec performance?
Cache dependencies in an S3 Cache Bucket
What do you need to run/debug CodeBuild locally?
CodeBuild Agent and Docker
What is CodeDeploy used for?
Its used for deploying code to multiple EC2 instances
What are the 6 steps to make CodeDeploy work?
- Run CodeDeploy Agent on each instance
- The Agent must continuously poll for CodeDeploy work.
- CodeDeploy will send the appspec.yml file to the Agent
- The application is pulled from Github or S3
- EC2 will run the deployment instructions
- Agent will report success/failed deployment on the instance
Can you do Blue/Green deployments in CodeDeploy?
Yes, but only in EC2 instances, not on premise
What are the sections of the appspec.yml file for CodeDeploy?
- File section that describes how to source and copy from Github/S3 to filesystem
- Hooks, which are a set of instructions to follow to deploy the new version.
What is the correct order of the 6 Hooks for CodeDeploy?
- ApplicationStop
- DownloadBundle
- BeforeInstall
- AfterInstall
- ApplicationStart
- ValidateService
What are the 4 possible Deployment Configs for CodeDeploy?
- One at a time
- Half at a time
- All at once
- Custom
What is the behavior of a failed deployment in CodeDeploy?
The failed instance stays in the Failed state, and new deployments will be deployed to the failed instances first.
What are the 4 possible Deployment targets for CodeDeploy?
- EC2 instances with tags
- Directly to Auto Scaling Group
- Mix of ASG/Tags so you can build deployment segments.
- Customization in scripts with DEPLOYMENT_GROUP_NAME env variables.
