Code Pipeline Code Commit and Code Deploy - CI/CD Flashcards
What is a type of action supported by a code pipeline action (6)?
Source Build Test Compile Deploy Checkout Approval Invoke Update
Which if any of these steps is manual and are there restrictions on where this step can appear?
The six supported types are Source, Build, Test, Deploy, Approval, Invoke. Compile, Update, Checkout are NOT actions.
Approval is a manual step and cannot appear in a source action.
Your manager wants to receive emails when your CodePipeline fails in order to take action. How do you do it? Do you use SNS or a Cloudwatch Event
You use a CW event
What is the most likely root cause for when Code Pipeline cannot perform an action?
The most likely cause is the IAM SERVICE role for code pipeline does not have sufficient permission in its IAM policy
In chef, what is a layer and how does recipe code apply to a layer?
A layer is a group of instances or resources based on a common function. Your layer is where the configuration of nodes are stored. Chef recipe code applies to a layer and all instances in that layer.
What needs to be done to allow CodeBuild access to resources within a VPC’s private sub net?
You will need to specify a VPC configuration containing the VPC ID, Subnet ID’s and Security group ID’s when you are setting up your CodeBuild project
Code Deploy can take the outputs of which AWS CI/CD tool as its input (1)?
AWS Code Pipeline. Code Deploy is able to use output artefacts from Code Pipeline
is there a limit on the amount of code that you can store in code commit?
No. Code commit imposes no limits,
How can AWS API calls be audited in a Code Pipeline process?
CloudTrail can audit AWS API calls used during CP processes
Are code commit repos available outside of AWS
No. Code commit repos are private to AWS.
Does Code Deploy provision infrastructure?
No. Code deploy assumes that the EC2 instances it is deploying on already exist.
When specifying a VPC Configuration for CodeBuild, where will code build containers be launched? Why would you need to do this?
Within the specified VPC. Useful for integration testing, data query testing or if access is needed to internal load balancers.
CodeBuld logs can be output to two different AWS services. What are they?
S3 and Cloudwatch logs
Which order must the following hooks be executed in?
ApplicationStart BeforeInstall ApplicationStop AfterInstall ValidateService DownloadBundle
Does an appspec.yaml file need all of these?
- ApplicationStop
- DownloadBundle
- BeforeInstall
- AfterInstall
- ApplicationStart
- ValidateService
You appspec file does not require all of these steps, however the steps it does have MUST be in order.
Your CodePipeline hasn’t deployed code to Elastic Beanstalk even though you’ve pushed code to your CodeCommit repository. It used to work 10 minutes ago. What reason is the most likely to explain that situation and how do you roll back a CodeDeploy deployment (2 ways)?
Its likely that you code has failed tests within CodeBuild. You can Either re-deploy you old version or enable rollbacks when setting up CodeDeploy. This will deploy the last known good version as a new deployment.
What is the minimum number of stages in a CodePipeline pipeline. What restrictions are there around source actions? If you have a pipeline with multiple source actions, what happens if a change is detected in any one of the sources associated with an action?
A pipeline must have at least 2 stages. The first stage includes one or more source actions, and source actions can only occur in the first stage. If a change is detected in source for any of the source actions, then all actions will be invoked.
Can you perform a blue/green deployment on a mix of onpremise and EC2 instances in code deploy?
No, you can only do a blue/green deployment on EC2 instances with CodeDeploy
In Opsworks - when are instances associated with an ELB?
When the come on line within the layer
What is a Code Pipeline Artefact? Where would an artefact be stored?
An artefact is an output from a code pipeline process that is stored in S3 and used as an input for the next code pipeline process - I.e. the artefact of a commit is a bundle of code which can then be used as the input of the build.
Which AWS technologies are used in codebuild for:
- Encryption of Artefacts
- NETWORK Security
- Managing Build permissions
Encryption is handled by KMS
NETWORK security is done via VPC (not security groups)
Build Permissions are managed via IAM
When you perform a roll back in CodeDeploy to the last known good version - does this get a new version Id?
Yes.
What events in CodeCommit will trigger a notification to SNS or Lambda vs Cloudwatch Events?
When a change is made to the code base, we can trigger notifications to Lambda and SNS. When a pull (create, update, delete) request is made, we trigger a cloud watch event or when a comment is made on a commit.
What 2 deployment types are supported by codedeploy?
Blue/Green
All at Once
I am working with CodePipeline to manage the source build and deploy phases for my Elastic Beanstalk app. This was working previously, but significant code and resources have been added to my app meaning the application archive is now 527MB in size. My deployment is failing. Why?
The max archive size we can deploy to elastic beanstalk is 512MB
We are using code build for our project, and we have a large build cycle coming up. What do we need to do to minimize the build queue for our project?
Nothing - code build is scalable
What is a deployment group in code deploy? what does a deployment group contain?
A deployment group determines how EC2 instances are grouped in code deploy. For instance, Dev/Test/Prod groups.
Each application deployment uses one of its deployment groups. The deployment group contains settings and configurations used during the deployment.
Chef uses Berkshelf to manage dependencies of cookbooks throughout the dev and deployment cycle. From an AWS point of view is there a risk to this and what are the alternatives?
AWS recommends not to use berkshelf as this requires dependencies to be imported from the chef public supermarket. If this is not available the chef run may fail. AWS recommends packaging dependencies into a zip and store it on s3
In Opsworks are instances on-prem or in AWS?
They can be both
What are the three deployment targets that can be setup with respect to CodeDeploy ?
- EC2 instances with specified tags
- Autoscaling Groups
- Or a mix of ASGs and tagged EC2 instances
How do you manage users in Code Commit?
Via IAM users and roles
Code Commit can send notifications to 3 different targets in AWS - what are they?
SNS, CloudWatch Events, Lambda
Why would you use code deploy over Beanstalk?
You would use code deploy to deploy you application to EC2 instances that you manage and are not managed by beanstalk. This allows for greater flexibility
For each build and test action in codebuild, how many input and output artefacts are there?
1 input
0 or 1 outputs
I need to set up encryption at rest for my Code Commit repository. How do I do this?
You don’t need to set up encryption. This is done automatically using KMS.
What is the role of AWS Code Pipeline?
Code Pipeline is used to orchestrate Code Commit, Code Deploy and Elastic Beanstalk/CodeDeploy/Cloud Formation activities
Why would you use code commit over Git or Git lab?
Code commit is integrated with AWS so you can leverage AWS services such as IAM as well as getting scalability benefits
In a code deploy deployment, where are the deployment instructions run?
The deployment instructions are run on the EC2 instance(s) the application is being deployed to
White respect to codebuild - what is the purpose of the buildspec.yaml file?
buildspec.yaml contains build instructions for codebuild to execute.
In Code Pipeline, What does an action group do and where are they set up? Are they sequential or parallel?
In AWS CodePipeline, an action is part of the sequence in a stage of a pipeline. It is a task performed on the artifact in that stage. Actions can be executed in sequence or in parallel or a mix.
What tool is used to interact with Code Commit?
git
By default, are code build containers launching in or outside of your VPC? What are the implications for this if resources are required from a private subnet inside a VPC?
By default, containers used by code build to build your project are launched outside of your VPC - therefore by default CB will not have access to resources inside a private subnet.
You would like to improve the performance of your CodeBuild build. You realize that 15 minutes at each build is spent on pulling dependencies from remote repositories and that takes a while. What should you do to drastically speed up the build time?
- Remove the Dependencies
- Commit the Dependencies into Code
- Update buildspec.yml to Cache the Dependencies in S3
Update buildspec.yml to Cache the Dependencies in S3
In Opsworks - when does patching occur on an instance?
On first boot only - this is done to avoid impacting performance on applications
Assume that we have a code pipeline project that requires several sets of dependencies. Can these be bundled into an application artifact and which stage would this occur at:
Source
Build
Test
Deploy
You can bundle dependencies into you artefact at the build stage.
Why would you want to reproduce you CodeBuild environment on a local machine?
to assist in troubleshooting errors. Once CodeBuild has completed in AWS it will remove all the resources created as part of the build process - including the docker containers so all you will have available are the CW events
If I wanted to use IAM to authenticate to code commit, what AWS service would HELP me to do this?
AWS Credential Helper.
Does code pipeline require an IAM role?
Yes, Code pipeline requires an IAM service role to interact with the other AWS Ci/CD tools (code deploy, beanstalk, code build)
In code build, where would you define your pre-build, built and post build activities
In buildspec.yml in your projects root directory
Which AWS CI/CD technology allows you to utilise Chef, Puppet, Ansible?
CodeDeploy
If we have a failure during a code deploy deployment on an EC2 instance, what is the resulting instance state for that Instance ? If I run the deployment again, which machines will CodeDeploy deploy to first?
Failed. If you run the deploy again It will deploy to the Failed instances first.
Your CodeBuild has failed. What isn’t a solution to troubleshoot what happened?
- View the logs on S3
- View Logs in CloudWatch
- SSH into the code build container
- Reproduce the build by running it locally
SSH - you cant ssh into a code build container as they are deleted end of their execution and you can’t ssh into them when they are running
For AWS OpsWorks when do instances download custom resources from the repository?
When instances are first created and started in the stack. This is only on FIRST create however. Running instances will not download new cookbooks
What is the underlying technology used by code build to achieve reproducible builds?
Docker
For AWS code pipeline, can we have more than one revision passing though it at any one time? Can a stage process more than one revision at a time?
A pipeline can have more than one revision at a time passing through it. A stage cannot.
In Opsworks - there are three classes of instances to do with scaling. What are they and when are they used?
24x7: Similar to Ondemand. Runs until stopped
Time Based: Similar to scheduled. Run on a daily or weekly schedule good for predicable increases in load
Load Based: Start and stop automatically based on utilization metrics.
Time and load based instances must be created ahead of time unlike an ASG
Can code commit repos be shared between AWS accounts? if so how?
Yes they can. You will need to set up an IAM role in YOUR account and then the other account will use the STS AssumeRole API to access it
What are the two places that CodeDeploy can pull your application from (1 AWS, 1 Non AWS)
S3 and Git
In AWS code pipeline- which source providers can it use to access your input artifacts (3 AWS services, 2 non AWS Services) ?
For one of the AWS services, outside of IAM permissions, something needs to be enabled if it is being used as a source provider - what is it?
Code Commit
ECR
S3 - the bucket must be versioned
Git
Bitbucket
What must be running on an EC2 instance for Code Deploy to function?
The CodeDeploy agent must be running on your EC2 instances.
In Codebuild - what do the following sections in the buildspec.yaml define: ver env phases artefacts cache
ver: version of the file
env: environment variables
phases: which commands to run at each stage
artifacts: location to place completed code build artefacts
cache: specify which files to upload to s3 for use in subsequent builds.
There are four deployment models for CodeDeploy.
What are they and can you describe them and how is a successful deployment measured?
(Hint: These are somewhat different to the Beanstalk Deployment Model).
All At Once: No health checks but quick. Some down time.
One at a time: Deploy to one instance, check, deploy to another. If an instance fails, the deployment stops
50% at a time - deploy to half the instances, then the other half. If at least half of the deployment works, it is successful.
Custom % at a time: as with half at a time, but with a custom percentage.
What is the recommended detection mode to automatically start your pipeline when a change occurs in the source code?
Cloud Watch Events
You would like to deploy static web files to Amazon S3 automatically, after generating the static websites from markdown files. Would you use CodePipeline and Code Deploy or would you use CodePipeline and CodeBuild? Why?
CodePipeline+CodeBuild can run any commands, so you can use it to run commands including generating a static website and copy your static web files to Amazon S3. Code DEPLOY can only run against EC2 and Lambda
What does a hook do in the CodeDeploy Appspec.yml file?
A hook is an instruction that CodeDeploy executes when it is deploying an application
If we have a manual approval step in a code pipeline stage, under what two circumstances will a build stop?
- If the approval delay timeout expires
2. If the approval is rejected
What are the 3 ways to connect to a CodeCommit repository? Which uses keys?
SSH (via keys), HTTPS Credentials, HTTPS(Git Remote Client)
Where are Code Pipeline artefacts stored?
In S3
Can you have more than one action group in a code pipeline stage? What happens to the stage if an action fails? What two things can we do if a stage fails?
Yes. If an action fails, the entire stage is marked as failed. If a stage fails, we can either try to re-run it with the current code revision, or the stage can have a new revision passed to it
Which AWS Service helps you run automated test in your CICD?
CodeBuild
Can we run CodeDeploy on both Onpremise and AWS Ec2 instances?
Yes, CodeDeploy can run on both on premise and AWS instances.
Where are Code Pipeline state changes logged to and what can be done with these?
State changes are logged to CloudWatch events and can be used to trigger SNS notifications
In codebuild, what would trigger a CloudWatch ALARM?
A failed build
which TWO pipeline actions are supported by codebuild?
Build
Test
