CodePipeline, CodeBuild, CodeDeploy, CodeStar

Question 1

CodeDeploy

Answer 1

we want to deploy our application automatically to many EC2 instances and we’re talking about hundreds of EC2 instances. So we have our V1 EC2 instances and we upgrade them to V2.

these instances are not managed by Elastic Beanstalk!!!! So everything we see with Elastic Beanstalk before there was one way to manage EC2 instances.

Question 2

CodeDeploy instances

Answer 2

can be EC2 or or it can be an on premise machine runnning CodeDeploy agent. The agent is going to continuously poll for the AWS CodeDeploy service and ask it - do I have to deploy new stuff?

CodeDeploy will send the appspec.yml file and point to the application we pull from GitHub and S3 and EC2 will run the deployment instructions and CodeDeploy agent at the end of it will report whether or not
there was a success or a failure of the deployment on the instance.

appspec.yml has to be at the root of your source code

Question 3

CodeDeploy EC2 instances are grouped by

Answer 3

by something called deployment group.

You can have dev, test, prod or just different segments.

Question 4

You can integrate CodeDeploy with CodePipeline

Answer 4

and use the artifacts straight out of CodePipeline

Question 5

CodeDeploy - for IAM profile you basically need to say

Answer 5

my EC2 instances must have the IAM role

necessary to pull the files from S3 and GitHub.

Question 6

CodeDeploy appspec.yml (exam)

Answer 6

1. File section: how to source and copy from S3 or GitHub to file system
2. Hooks: instructions how to deploy new version

Question 7

CodeDeploy appspec.yml (exam) Hooks order

Answer 7

1. ApplicationStop (stop current version running)
2. DownloadBundle (how do I download my new app)
3. BeforeInstall (preparation before installation)
4. AfterInstall (CleanUp?)
5. ApplicationStart (how to start the app)
6. ValidateService (perform helath check once started)
7. BeforeAllowTraffic
8. AllowTraffic
9. AfterAllowTraffic

the order is important but not all of them are necessary

Question 8

CodeDeploy Deployment Config

Answer 8

1. How to deploy:
   - one at a time and if one fails deployment stops or
   - half at a time
   - all at once, but then no healthy host, downtime, so good for dev
   - your own configuration (for ex., with percentage)
2. Failures
   - in case of deployment failures instances stay in failed state and when you re-deploy new deployment will first be deployed to failed instances
   - you can enable automated rollback for failures
3. Deployment Targets

can be a set of EC2 instances with tags or an ASG or a mix of both

Question 9

In Place Deployment

Answer 9

half at a time

Question 10

Blue-Green Deployment

Answer 10

you have a load balancer. It’s attached to one auto scaling group of instances and then you’re going to create a new auto scaling group of instances and the load balancer is going to redirect to both these things
and then if everything succeed and they have instances, pass the health checks, then the first auto scaling group is deleted and the load balancer just talks to your V2.

Question 11

there are 2 kinds of deployments in CodeDeploy (exam)

Answer 11

1. in-place

2. blue-green

Question 12

CodeDeploy Deployment to ASG (exam)

Answer 12

1. in-place - the same as with EC2 instances, but in case your auto-scaling group does create instances during your deployment or afterwards, the auto-scaling group instances will automatically
   get the deployment.
2. blue-green deployment: you will be having a new auto-scaling group created, and the settings will be copied over. And we can choose how long to keep the old instances. For the blue-green deployment to work,
   we must be using an elastic load balancer on top of our auto-scaling group.

Question 13

there is a way to specify automated rollback options in CodeDeploy. (exam)

Answer 13

you may wanna roll back when a deployment fails,

or you may want to roll back when a CloudWatch alarm is met and therefore something is wrong.

Or you can also disable rollbacks altogether and do not perform any rollbacks for any kind of deployments.

Question 14

If somehow a rollback happens in CodeDeploy, (exam)

Answer 14

then CodeDeploy actually redeploys the last known
good revision as a new deployment.

So when a rollback happens, it’s actually a new deployment with the previous good known version.

And therefore, this new deployment will get a new version ID

Question 15

CodeStar

Answer 15

an integrated solution that regroups all the bunch of CICD services we’ve seen. GitHub, CodeCommit for storing code, CodeBuild for billing the code, CodeDeploy, CloudFormation for deploying the code,
CodePipeline for handling the pipeline orchestration,
and CloudWatch.

a wrapper around everything and gives you a nice one stop dashboard for this. So it helps to create very quickly CICD-ready projects and that you can deploy them on EC2, on AWS Lambda, or on Elastic Beanstalk.
It supports many language.

there is an issue tracking integration that you can do with Jira if you use Jira in your enterprise, or GitHub Issues if you use GitHub as a source code repository.

Question 16

CodeStar costs

Answer 16

It’s a free service.

You’re only going to pay for the underlying usage

of the other services,

Question 17

CodeStar customization

Answer 17

And there is limited customization, so you cannot edit every single setting of every single underlying service.
It’s meant to be simple and get you started very quickly.

Question 18

Which AWS Service helps you run automated test in your CICD?

Answer 18

CodeBuild

Question 19

You are looking to automatically trigger a code analysis at each commit in CodeCommit to ensure your developers haven’t committed secret credentials. How can you achieve this?

Answer 19

set up AWS SNS / Lambda integration in CodeCommit

Question 20

You want to send email alerts anytime pull requests are open or comments are added to commits in CodeCommit. You should use

Answer 20

CloudWatch Events

Question 21

CodeCommit supports the following authentication

Answer 21

1. IAM credentials helper with AWS CLI and git
2. SSH keys in user profiles
3. HTTPS credentials in user profiles

does not support HTTP public access

Question 22

You want to give a colleague that has an IAM User in another AWS Account access to your CodeCommit repository. How should you achieve that?

Answer 22

set up an IAM role in your account and tell him to use STS cross-account access to assume this role

Question 23

Your CodePipeline hasn’t deployed code to Elastic Beanstalk even though you’ve pushed code to your CodeCommit repository. It used to work 10 minutes ago. What reason is the most likely to explain that situation?

Answer 23

CodeBuild stage failed some tests

Question 24

Your manager wants to receive emails when your CodePipeline fails in order to take action. How do you do it?

Answer 24

set up a cloudWatch Event rule

Question 25

Which AWS Services allow you to track and audit API calls made to and from CodePipeline?

Answer 25

AWS CloudTrail

Question 26

Your CodeBuild has failed. What is a solution to troubleshoot what happened?

Answer 26

1. logs in CloudWatch
2. Logs in S3
3. run CodeBuild locally to reproduce the build

you can not! ssh into the CodeBuild container to debug from there because CodeBuild containers are deleted at the end of their execution (success or failed). You can’t SSH into them, even while they’re running

Question 27

You would like to improve the performance of your CodeBuild build. You realize that 15 minutes at each build is spent on pulling dependencies from remote repositories and that takes a while. What should you do to drastically speed up the build time?

Answer 27

change buildspec.yml to enable dependencies caching in S3

Question 28

You would like to deploy static web files to Amazon S3 automatically, after generating the static websites from markdown files. Which services should you use for this?

Answer 28

CodePipeline + CodeBuild

CodeBuild can run any commands, so you can use it to run commands including generating a static website and copy your static web files to Amazon S3.

Question 29

Which hook step should be used in appspec.yml file to ensure the application is properly running after being deployed?

Answer 29

ValidateService

Question 30

You’ve created a fleet of EC2 & on-premise instances and you’re trying to run your first CodeDeploy. It doesn’t work, why?

Answer 30

you’ve probably forgotten to install and start CodeDeploy agent

Question 31

You would like to have a one-stop dashboard for all the CICD needs of one of your projects. You don’t need heavy control of the individual configuration of each components in your CICD, but need to be able to get a holistic view of your projects. Which service do you recommend?

Answer 31

CodeStar