Code Pipeline Code Commit and Code Deploy - CI/CD

Question 1

What is a type of action supported by a code pipeline action (6)?

Source
Build
Test
Compile
Deploy
Checkout
Approval
Invoke
Update 

Which if any of these steps is manual and are there restrictions on where this step can appear?

Answer 1

The six supported types are Source, Build, Test, Deploy, Approval, Invoke. Compile, Update, Checkout are NOT actions.
Approval is a manual step and cannot appear in a source action.

Question 2

Your manager wants to receive emails when your CodePipeline fails in order to take action. How do you do it? Do you use SNS or a Cloudwatch Event

Answer 2

You use a CW event

Question 3

What is the most likely root cause for when Code Pipeline cannot perform an action?

Answer 3

The most likely cause is the IAM SERVICE role for code pipeline does not have sufficient permission in its IAM policy

Question 4

In chef, what is a layer and how does recipe code apply to a layer?

Answer 4

A layer is a group of instances or resources based on a common function. Your layer is where the configuration of nodes are stored. Chef recipe code applies to a layer and all instances in that layer.

Question 5

What needs to be done to allow CodeBuild access to resources within a VPC’s private sub net?

Answer 5

You will need to specify a VPC configuration containing the VPC ID, Subnet ID’s and Security group ID’s when you are setting up your CodeBuild project

Question 6

Code Deploy can take the outputs of which AWS CI/CD tool as its input (1)?

Answer 6

AWS Code Pipeline. Code Deploy is able to use output artefacts from Code Pipeline

Question 7

is there a limit on the amount of code that you can store in code commit?

Answer 7

No. Code commit imposes no limits,

Question 8

How can AWS API calls be audited in a Code Pipeline process?

Answer 8

CloudTrail can audit AWS API calls used during CP processes

Question 9

Are code commit repos available outside of AWS

Answer 9

No. Code commit repos are private to AWS.

Question 10

Does Code Deploy provision infrastructure?

Answer 10

No. Code deploy assumes that the EC2 instances it is deploying on already exist.

Question 11

When specifying a VPC Configuration for CodeBuild, where will code build containers be launched? Why would you need to do this?

Answer 11

Within the specified VPC. Useful for integration testing, data query testing or if access is needed to internal load balancers.

Question 12

CodeBuld logs can be output to two different AWS services. What are they?

Answer 12

S3 and Cloudwatch logs

Question 13

Which order must the following hooks be executed in?

ApplicationStart
BeforeInstall
ApplicationStop
AfterInstall
ValidateService
DownloadBundle

Does an appspec.yaml file need all of these?

Answer 13

1. ApplicationStop
2. DownloadBundle
3. BeforeInstall
4. AfterInstall
5. ApplicationStart
6. ValidateService

You appspec file does not require all of these steps, however the steps it does have MUST be in order.

Question 14

Your CodePipeline hasn’t deployed code to Elastic Beanstalk even though you’ve pushed code to your CodeCommit repository. It used to work 10 minutes ago. What reason is the most likely to explain that situation and how do you roll back a CodeDeploy deployment (2 ways)?

Answer 14

Its likely that you code has failed tests within CodeBuild. You can Either re-deploy you old version or enable rollbacks when setting up CodeDeploy. This will deploy the last known good version as a new deployment.

Question 15

What is the minimum number of stages in a CodePipeline pipeline. What restrictions are there around source actions? If you have a pipeline with multiple source actions, what happens if a change is detected in any one of the sources associated with an action?

Answer 15

A pipeline must have at least 2 stages. The first stage includes one or more source actions, and source actions can only occur in the first stage. If a change is detected in source for any of the source actions, then all actions will be invoked.

Question 16

Can you perform a blue/green deployment on a mix of onpremise and EC2 instances in code deploy?

Answer 16

No, you can only do a blue/green deployment on EC2 instances with CodeDeploy

Question 17

In Opsworks - when are instances associated with an ELB?

Answer 17

When the come on line within the layer

Question 18

What is a Code Pipeline Artefact? Where would an artefact be stored?

Answer 18

An artefact is an output from a code pipeline process that is stored in S3 and used as an input for the next code pipeline process - I.e. the artefact of a commit is a bundle of code which can then be used as the input of the build.

Question 19

Which AWS technologies are used in codebuild for:

• Encryption of Artefacts
• NETWORK Security
• Managing Build permissions

Answer 19

Encryption is handled by KMS
NETWORK security is done via VPC (not security groups)
Build Permissions are managed via IAM

Question 20

When you perform a roll back in CodeDeploy to the last known good version - does this get a new version Id?

Answer 20

Yes.

Question 21

What events in CodeCommit will trigger a notification to SNS or Lambda vs Cloudwatch Events?

Answer 21

When a change is made to the code base, we can trigger notifications to Lambda and SNS. When a pull (create, update, delete) request is made, we trigger a cloud watch event or when a comment is made on a commit.

Question 22

What 2 deployment types are supported by codedeploy?

Answer 22

Blue/Green

All at Once

Question 23

I am working with CodePipeline to manage the source build and deploy phases for my Elastic Beanstalk app. This was working previously, but significant code and resources have been added to my app meaning the application archive is now 527MB in size. My deployment is failing. Why?

Answer 23

The max archive size we can deploy to elastic beanstalk is 512MB

Question 24

We are using code build for our project, and we have a large build cycle coming up. What do we need to do to minimize the build queue for our project?

Answer 24

Nothing - code build is scalable

Question 25

What is a deployment group in code deploy? what does a deployment group contain?

Answer 25

A deployment group determines how EC2 instances are grouped in code deploy. For instance, Dev/Test/Prod groups.

Each application deployment uses one of its deployment groups. The deployment group contains settings and configurations used during the deployment.

Question 26

Chef uses Berkshelf to manage dependencies of cookbooks throughout the dev and deployment cycle. From an AWS point of view is there a risk to this and what are the alternatives?

Answer 26

AWS recommends not to use berkshelf as this requires dependencies to be imported from the chef public supermarket. If this is not available the chef run may fail. AWS recommends packaging dependencies into a zip and store it on s3

Question 27

In Opsworks are instances on-prem or in AWS?

Answer 27

They can be both

Question 28

What are the three deployment targets that can be setup with respect to CodeDeploy ?

Answer 28

• EC2 instances with specified tags
• Autoscaling Groups
• Or a mix of ASGs and tagged EC2 instances

Question 29

How do you manage users in Code Commit?

Answer 29

Via IAM users and roles

Question 30

Code Commit can send notifications to 3 different targets in AWS - what are they?

Answer 30

SNS, CloudWatch Events, Lambda

Question 31

Why would you use code deploy over Beanstalk?

Answer 31

You would use code deploy to deploy you application to EC2 instances that you manage and are not managed by beanstalk. This allows for greater flexibility

Question 32

For each build and test action in codebuild, how many input and output artefacts are there?

Answer 32

1 input

0 or 1 outputs

Question 33

I need to set up encryption at rest for my Code Commit repository. How do I do this?

Answer 33

You don’t need to set up encryption. This is done automatically using KMS.

Question 34

What is the role of AWS Code Pipeline?

Answer 34

Code Pipeline is used to orchestrate Code Commit, Code Deploy and Elastic Beanstalk/CodeDeploy/Cloud Formation activities

Question 35

Why would you use code commit over Git or Git lab?

Answer 35

Code commit is integrated with AWS so you can leverage AWS services such as IAM as well as getting scalability benefits

Question 36

In a code deploy deployment, where are the deployment instructions run?

Answer 36

The deployment instructions are run on the EC2 instance(s) the application is being deployed to

Question 37

White respect to codebuild - what is the purpose of the buildspec.yaml file?

Answer 37

buildspec.yaml contains build instructions for codebuild to execute.

Question 38

In Code Pipeline, What does an action group do and where are they set up? Are they sequential or parallel?

Answer 38

In AWS CodePipeline, an action is part of the sequence in a stage of a pipeline. It is a task performed on the artifact in that stage. Actions can be executed in sequence or in parallel or a mix.

Question 39

What tool is used to interact with Code Commit?

Answer 39

git

Question 40

By default, are code build containers launching in or outside of your VPC? What are the implications for this if resources are required from a private subnet inside a VPC?

Answer 40

By default, containers used by code build to build your project are launched outside of your VPC - therefore by default CB will not have access to resources inside a private subnet.

Question 41

You would like to improve the performance of your CodeBuild build. You realize that 15 minutes at each build is spent on pulling dependencies from remote repositories and that takes a while. What should you do to drastically speed up the build time?

• Remove the Dependencies
• Commit the Dependencies into Code
• Update buildspec.yml to Cache the Dependencies in S3

Answer 41

Update buildspec.yml to Cache the Dependencies in S3

Question 42

In Opsworks - when does patching occur on an instance?

Answer 42

On first boot only - this is done to avoid impacting performance on applications

Question 43

Assume that we have a code pipeline project that requires several sets of dependencies. Can these be bundled into an application artifact and which stage would this occur at:

Source
Build
Test
Deploy

Answer 43

You can bundle dependencies into you artefact at the build stage.

Question 44

Why would you want to reproduce you CodeBuild environment on a local machine?

Answer 44

to assist in troubleshooting errors. Once CodeBuild has completed in AWS it will remove all the resources created as part of the build process - including the docker containers so all you will have available are the CW events

Question 45

If I wanted to use IAM to authenticate to code commit, what AWS service would HELP me to do this?

Answer 45

AWS Credential Helper.

Question 46

Does code pipeline require an IAM role?

Answer 46

Yes, Code pipeline requires an IAM service role to interact with the other AWS Ci/CD tools (code deploy, beanstalk, code build)

Question 47

In code build, where would you define your pre-build, built and post build activities

Answer 47

In buildspec.yml in your projects root directory

Question 48

Which AWS CI/CD technology allows you to utilise Chef, Puppet, Ansible?

Answer 48

CodeDeploy

Question 49

If we have a failure during a code deploy deployment on an EC2 instance, what is the resulting instance state for that Instance ? If I run the deployment again, which machines will CodeDeploy deploy to first?

Answer 49

Failed. If you run the deploy again It will deploy to the Failed instances first.

Question 50

Your CodeBuild has failed. What isn’t a solution to troubleshoot what happened?

• View the logs on S3
• View Logs in CloudWatch
• SSH into the code build container
• Reproduce the build by running it locally

Answer 50

SSH - you cant ssh into a code build container as they are deleted end of their execution and you can’t ssh into them when they are running

Question 51

For AWS OpsWorks when do instances download custom resources from the repository?

Answer 51

When instances are first created and started in the stack. This is only on FIRST create however. Running instances will not download new cookbooks

Question 52

What is the underlying technology used by code build to achieve reproducible builds?

Answer 52

Docker

Question 53

For AWS code pipeline, can we have more than one revision passing though it at any one time? Can a stage process more than one revision at a time?

Answer 53

A pipeline can have more than one revision at a time passing through it. A stage cannot.

Question 54

In Opsworks - there are three classes of instances to do with scaling. What are they and when are they used?

Answer 54

24x7: Similar to Ondemand. Runs until stopped

Time Based: Similar to scheduled. Run on a daily or weekly schedule good for predicable increases in load

Load Based: Start and stop automatically based on utilization metrics.

Time and load based instances must be created ahead of time unlike an ASG

Question 55

Can code commit repos be shared between AWS accounts? if so how?

Answer 55

Yes they can. You will need to set up an IAM role in YOUR account and then the other account will use the STS AssumeRole API to access it

Question 56

What are the two places that CodeDeploy can pull your application from (1 AWS, 1 Non AWS)

Answer 56

S3 and Git

Question 57

In AWS code pipeline- which source providers can it use to access your input artifacts (3 AWS services, 2 non AWS Services) ?

For one of the AWS services, outside of IAM permissions, something needs to be enabled if it is being used as a source provider - what is it?

Answer 57

Code Commit
ECR
S3 - the bucket must be versioned

Git
Bitbucket

Question 58

What must be running on an EC2 instance for Code Deploy to function?

Answer 58

The CodeDeploy agent must be running on your EC2 instances.

Question 59

In Codebuild - what do the following sections in the buildspec.yaml define:
ver
env
phases
artefacts
cache

Answer 59

ver: version of the file
env: environment variables
phases: which commands to run at each stage
artifacts: location to place completed code build artefacts
cache: specify which files to upload to s3 for use in subsequent builds.

Question 60

There are four deployment models for CodeDeploy.

What are they and can you describe them and how is a successful deployment measured?

(Hint: These are somewhat different to the Beanstalk Deployment Model).

Answer 60

All At Once: No health checks but quick. Some down time.

One at a time: Deploy to one instance, check, deploy to another. If an instance fails, the deployment stops

50% at a time - deploy to half the instances, then the other half. If at least half of the deployment works, it is successful.

Custom % at a time: as with half at a time, but with a custom percentage.

Question 61

What is the recommended detection mode to automatically start your pipeline when a change occurs in the source code?

Answer 61

Cloud Watch Events

Question 62

You would like to deploy static web files to Amazon S3 automatically, after generating the static websites from markdown files. Would you use CodePipeline and Code Deploy or would you use CodePipeline and CodeBuild? Why?

Answer 62

CodePipeline+CodeBuild can run any commands, so you can use it to run commands including generating a static website and copy your static web files to Amazon S3. Code DEPLOY can only run against EC2 and Lambda

Question 63

What does a hook do in the CodeDeploy Appspec.yml file?

Answer 63

A hook is an instruction that CodeDeploy executes when it is deploying an application

Question 64

If we have a manual approval step in a code pipeline stage, under what two circumstances will a build stop?

Answer 64

1. If the approval delay timeout expires

2. If the approval is rejected

Question 65

What are the 3 ways to connect to a CodeCommit repository? Which uses keys?

Answer 65

SSH (via keys), HTTPS Credentials, HTTPS(Git Remote Client)

Question 66

Where are Code Pipeline artefacts stored?

Answer 66

In S3

Question 67

Can you have more than one action group in a code pipeline stage? What happens to the stage if an action fails? What two things can we do if a stage fails?

Answer 67

Yes. If an action fails, the entire stage is marked as failed. If a stage fails, we can either try to re-run it with the current code revision, or the stage can have a new revision passed to it

Question 68

Which AWS Service helps you run automated test in your CICD?

Answer 68

CodeBuild

Question 69

Can we run CodeDeploy on both Onpremise and AWS Ec2 instances?

Answer 69

Yes, CodeDeploy can run on both on premise and AWS instances.

Question 70

Where are Code Pipeline state changes logged to and what can be done with these?

Answer 70

State changes are logged to CloudWatch events and can be used to trigger SNS notifications

Question 71

In codebuild, what would trigger a CloudWatch ALARM?

Answer 71

A failed build

Question 72

which TWO pipeline actions are supported by codebuild?

Answer 72

Build

Test