CICD Flashcards

1
Q

What is Continuous Integration?

A
  1. Developers to push the code to a repository
  2. A testing/build server checks the code as soon as it’s pushed
  3. The developer gets feedback about the tests and checks that have passed/failed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Continuous Delivery?

A
  • Ensure that the software can be released reliably whenever needed.
  • Ensures deployments are automated, happen often and are quick
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How many repositories are you allowed to have in CodeCommit?

A

No size limit on repositories (scale seamlessly)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can you authenticate in CodeCommit?

A

o SSH Keys: AWS Users can use SSH public keys in their IAM Console.
o HTTPS: Done through the AWS CLI Authentication helper or Generating HTTPS credentials (user name and password)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can you add extra safety to CodeCommit?

A

Enabling MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How works authorization in CodeCommit?

A

IAM Policies manage user / roles rights to repositories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How is Encryption in CodeCommit?

A

o Repositories are automatically encrypted at rest using KMS

o Encrypted in transit (can only use HTTPS or SSH – both secure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you grant Cross Account access in CodeCommit?

A

o Do not share your SSH keys
o Do not share your AWS credentials
o Use IAM Role in your AWS Account and use AWS STS (with AssumeRole API)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What can you use to trigger notifications in CodeCommit?

A

• You can trigger notifications in CodeCommit using
o SNS
o Lambda
o CloudWatch Event Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the use cases for SNS / Lambda notifications in CodeCommit?

A

• Use cases for SNS / AWS Lambda notifications:
o Deletion of branches
o Trigger for pushes that happens in master branch
o Notify external Build System
o Trigger AWS Lambda function to perform codebase analysis (maybe credentials got committed in the code?)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the use cases for CloudWatch Event Rules in CodeCommit?

A

• Use cases for CloudWatch Event Rules notifications:
o Trigger for pull request updates (created / updated / deleted / commented)
o Commit comment events
o CloudWatch Event Rules goes into an SNS topic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How many files can you upload directly from the console to your CodeCommit repository?

A

You can’t upload more than 1 file directly from the AWS console to your repository.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is made of CodePipeline?

A

Made of stages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is compossed of a CodePipeline stage?

A

Each stage might have multiple action groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the CodePipeline stages?

A

There are some pre-defined stages like: Source / Build / Deploy. You can create your own stages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How are CodePipeline stages action groups?

A

Action groups are sequential and contain actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does contain a CodePipeline stage action?

A

name of the action and the action provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the CodePipeline stage action providers?

A
o	Source action integrations
o	Build action integrations
o	Test action integrations
o	Deploy action integrations
o	A manual approval
o	Invoke a Lambda function
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What can a pipeline stage create?

A

Each pipeline stage can create ”artifacts”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How does CodePipeline manage the stage artifacts?

A

Artifacts are stored in Amazon S3 before they are passed on to the next stage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What can you do to troubleshooting failed pipelines?

A

create CloudWatch Events, which can in return create SNS notifications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

If pipeline can’t perform an action, what you should do?

A

If Pipeline can’t perform an action, make sure the “IAM Service Role” attached does have enough permissions (IAM Policy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is AWS alternative to Jenkins?

A

CodeBuild

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What you pay for in CodeBuild?

A

Pay for usage: the time it takes to complete the builds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What leverages CodeBuild?

A

Leverages Docker under the hood for reproducible builds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Where are build instructions defined in CodeBuild?

A

Build instructions can be defined in code (buildspec.yml)

27
Q

What ability can you leverage to troubleshoot CodeBuild in case of errors

A

to reproduce CodeBuild locally

28
Q

What can CodeBuild use to increase performance?

A

It can optionally use a S3 bucket to cache some artifacts to increase performance

29
Q

Where can you store CodeBuild logs?

A

S3, CloudWatch

30
Q

What you need to define in your code to use CodeBuild?

A

buildspec.yml file must be at the root of your code

31
Q

What can you define in your buildspec.yml file?

A
  • Environment variables
  • Phases (specify commands to run)
  • Artifacts
  • Cache
32
Q

How can you define the environment variables in your buildspec.yml file?

A

o Plaintext variables

o Secure secrets: use SSM Parameter store

33
Q

What phases can you define in your buildspec.yml file?

A
  1. Install: install dependencies you may need for your build
  2. Pre build: final commands to execute before build
  3. BUILD: actual build commands
  4. Post build: finishing touches (zip output for example)
34
Q

What can you define in the section Artifacts in your buildspec.yml file?

A

What to upload to S3 (encrypted with KMS)

35
Q

What can you define in the section Cache in your buildspec.yml file?

A

Files to cache (usually dependencies) to S3 for future build speedup

36
Q

What you need to install to run CodeBuild locally?

A

Docker

37
Q

What is the range and default Timeout values of CodeBuild?

A

5 min < 1 hours < 8 hours

38
Q

What is the range and default Queued Timeout values of CodeBuild?

A

5 min < 8 hours < 8 hours

39
Q

How can CodeBuild access the resources in the VPC?

A

• By default, your CodeBuild containers are launched outside your VPC
• Therefore, by default it cannot access resources in a VPC
• You can specify a VPC configuration:
o VPC ID
o Subnet IDs
o Security Group IDs
• Then your build can access resources in your VPC (RDS, ElastiCache, EC2, ALB…)
• Use cases: integration tests, data query, internal load balancers

40
Q

What option do you have for not storing secrets as plaintext in environment variables in CodeBuild?

A

environment variables can reference parameter store parameters or secrets manager secrets

41
Q

What is AWS alternative to Ansible, Terraform, Chef, Puppet?

A

CodeDeploy

42
Q

What resources are provisioned by CodeDeploy?

A

CodeDeploy does not provision resources, so you must create by yourself your EC2 instances, IAM roles, etc

43
Q

What must be running the CodeDeploy Agent?

A

Each EC2 Machine (or On-Premise machine) must be running the CodeDeploy Agent

44
Q

What are the tasks of the CodeDeploy Agent?

A
  • The agent is continuously polling AWS CodeDeploy for work to do
  • CodeDeploy Agent will report of success / failure of deployment on the instance
45
Q

What are the CodeDeploy primary components?

A
  • IAM instance profile/role
  • Service role
  • Application: unique name
  • Compute platform
  • Deployment group
  • Deployment type
  • Environment configuration
  • Deployment configuration
  • Application Revision
  • Target revision
46
Q

What you must create before configuring CodeDeploy components?

A

You must create two IAM roles:
• IAM instance profile/role
• Service role

47
Q

What is used for the created IAM instance role by CodeDeploy?

A

need to give EC2 the permissions to pull from S3 / GitHub

48
Q

What is used for the created Service Role by CodeDeploy?

A

Role for CodeDeploy to perform what it needs

49
Q

What are the CodeDeploy compute platforms?

A

o EC2/On-Premise
o Lambda
o ECS

50
Q

What is a CodeDeploy Deployment group?

A

set of EC2 instances where you are going to deploy. You must first tag your EC2 instance, something like environment -> dev, you can have whatever you want.

51
Q

What are the CodeDeploy deployment types?

A

o In-place deployment

o Blue/green deployment (does not work with On-prem instances)

52
Q

What are the CodeDeploy environment configuration options?

A

Any combination of:
o ASGs
o EC2 instances
o On-prem instances

53
Q

What is defined by the Code Deploy deployment configuration?

A

How fast the app will be deployed and deployment rules for success / failures
o EC2/On-Premise: you can specify the minimum number of healthy instances for the deployment.
o AWS Lambda: specify how traffic is routed to your updated Lambda function versions.

54
Q

What are the CodeDeploy deployment configuration options?

A
  • One at a time: one instance at a time, one instance fails => deployment stops
  • Half at a time: 50%
  • All at once: quick but no healthy host, downtime. Good for dev
  • Custom
55
Q

What is the composition of appspec.yml?

A
  • File section: how to source and copy from S3 / GitHub to filesystem
  • Hooks: set of instructions to do to deploy the new version (hooks can have timeouts).
56
Q

What is the order of CodeDeploy hooks?

A
o	ApplicationStop
o	DownloadBundle
o	BeforeInstall
o	Install
o	AfterInstall
o	ApplicationStart
o	ValidateService: really important
o	BeforeAllowTraffic
o	AllowTraffic
o	AfterAllowTraffic
57
Q

How does work CodeDeploy Blue/Green deployment type?

A

A new ASG with new version, similar to existing ASG with existing version and must be using an ELB

58
Q

Where does CodeDeploy try to deploy first?

A

New deployments will first be deployed to “failed state” instances

59
Q

When can you trigger automated rollbacks in CodeDeploy?

A
  • when a deployment fails

- when alarm thresholds are met

60
Q

Can you disable CodeDeploy automated rollbacks?

A

You can disable rollbacks by specifying to not perform rollbacks for a specific deployment

61
Q

What is deployed by CodeDeploy when a rollback happens?

A

If a rollback happens, CodeDeploy redeploys the last known good revision as a new deployment, therefore a new version id.

62
Q

What is CodeStar?

A

CodeStar is an integrated solution that regroups: GitHub, CodeCommit, CodeBuild, CodeDeploy, CloudFormation, CodePipeline, CloudWatch

63
Q

How much do you pay for using CodeStar?

A

Free service, pay only for the underlying usage of other services

64
Q

What can be integrated CodeStar to?

A
  • Issue tracking integration with: JIRA / GitHub Issues

* Ability to integrate with Cloud9 to obtain a web IDE (not all regions)