CICD Flashcards
What is Continuous Integration?
- Developers to push the code to a repository
- A testing/build server checks the code as soon as it’s pushed
- The developer gets feedback about the tests and checks that have passed/failed
What is Continuous Delivery?
- Ensure that the software can be released reliably whenever needed.
- Ensures deployments are automated, happen often and are quick
How many repositories are you allowed to have in CodeCommit?
No size limit on repositories (scale seamlessly)
How can you authenticate in CodeCommit?
o SSH Keys: AWS Users can use SSH public keys in their IAM Console.
o HTTPS: Done through the AWS CLI Authentication helper or Generating HTTPS credentials (user name and password)
How can you add extra safety to CodeCommit?
Enabling MFA
How works authorization in CodeCommit?
IAM Policies manage user / roles rights to repositories
How is Encryption in CodeCommit?
o Repositories are automatically encrypted at rest using KMS
o Encrypted in transit (can only use HTTPS or SSH – both secure)
How can you grant Cross Account access in CodeCommit?
o Do not share your SSH keys
o Do not share your AWS credentials
o Use IAM Role in your AWS Account and use AWS STS (with AssumeRole API)
What can you use to trigger notifications in CodeCommit?
• You can trigger notifications in CodeCommit using
o SNS
o Lambda
o CloudWatch Event Rules
What are the use cases for SNS / Lambda notifications in CodeCommit?
• Use cases for SNS / AWS Lambda notifications:
o Deletion of branches
o Trigger for pushes that happens in master branch
o Notify external Build System
o Trigger AWS Lambda function to perform codebase analysis (maybe credentials got committed in the code?)
What are the use cases for CloudWatch Event Rules in CodeCommit?
• Use cases for CloudWatch Event Rules notifications:
o Trigger for pull request updates (created / updated / deleted / commented)
o Commit comment events
o CloudWatch Event Rules goes into an SNS topic
How many files can you upload directly from the console to your CodeCommit repository?
You can’t upload more than 1 file directly from the AWS console to your repository.
What is made of CodePipeline?
Made of stages
What is compossed of a CodePipeline stage?
Each stage might have multiple action groups
What are the CodePipeline stages?
There are some pre-defined stages like: Source / Build / Deploy. You can create your own stages
How are CodePipeline stages action groups?
Action groups are sequential and contain actions
What does contain a CodePipeline stage action?
name of the action and the action provider
What are the CodePipeline stage action providers?
o Source action integrations o Build action integrations o Test action integrations o Deploy action integrations o A manual approval o Invoke a Lambda function
What can a pipeline stage create?
Each pipeline stage can create ”artifacts”
How does CodePipeline manage the stage artifacts?
Artifacts are stored in Amazon S3 before they are passed on to the next stage
What can you do to troubleshooting failed pipelines?
create CloudWatch Events, which can in return create SNS notifications
If pipeline can’t perform an action, what you should do?
If Pipeline can’t perform an action, make sure the “IAM Service Role” attached does have enough permissions (IAM Policy)
What is AWS alternative to Jenkins?
CodeBuild
What you pay for in CodeBuild?
Pay for usage: the time it takes to complete the builds
What leverages CodeBuild?
Leverages Docker under the hood for reproducible builds