Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Developer 2.0 > Deployment as Code > Flashcards

Deployment as Code Flashcards

1
Q

What are benefits of Continuous Delivery?

A

Reduced manual effort to ensure code changes are tested
Developers can focus on software
Changes are delivered faster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is AWS CodePipeline?

A

A continuous integration and delivery service for fast and reliable application and infrastructure updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a pipeline in AWS Pipeline?

A

A pipeline is the overall workflow that defines what transformations software changes will undergo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the AWS Pipeline components?

A

Pipeline
Revision
Stage
Action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a revision in AWS Pipeline?

A

A revision is a work item that passes through a pipeline.
A pipeline can have multiple revisions flowing through it at the same time but a single stage can only processes one revision at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a stage in AWS Pipeline?

A

A stage is a group of one or more actions.
Each stage must have a unique name.
Should any action fail, the entire stage fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an action in AWS Pipeline?

A

An action defines the work to perform on a revision. Pipeline actions can run in parallel. If all actions succeed the revision moves to the next stage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What types of actions does AWS Pipeline offer?

A 
Source
Build
Test
Deploy
Approval
Invoke
Artifact
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the source action do in AWS Pipeline?

A

Defines location of source files, Modifications to the source files trigger deployments in a pipeline.

Amazon S3
AWS CodeCommit
GitHub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the build action do in AWS Pipeline?

A

It can compile source code, run unit tests, or perform other tasks that produce artifacts.

Good to import large assets that are not part of the source bundle.

AWS CodeBuild 
CloudBees 
Jenkins
Solano CI 
TeamCity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does the test action do in AWS Pipeline?

A

Run various tests against source and compiled code, such as lint or syntax tests on source code, and unit tests on compiled code.

AWS CodeBuild
BlazeMeter
Ghost Inspector
Hewlett Packard Enterprise (HPE) StormRunner Load Nouvola
Runscope
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the deploy action do in AWS Pipeline?

A

Taking compiled or prepared assets and installing them on EC2 instances, on-premises server, serverless function, or deploying and updating infrastructure with CloudFormation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the approval action do in AWS Pipeline?

A

A manual gate that controls whether a revision passes to the next stage. Further progress is halted until an IAM user or role with the codepipeline::PutApprovalResult action in its policy approves.
7 days limit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to notify someone that approval is pending within in an approval action in AWS Pipeline?

A

Send an AWS SNS notification.

Use check URL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the invoke action do in AWS Pipeline?

A

Invoke actions execute lambda functions. Allows arbitrary code to run in a pipeline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the artifact action do in AWS Pipeline?

A

Artifacts can pass between actions or stages in a pipeline.
Every stage makes use of the S3 artifact bucket, defined during pipeline creation.
Unique an matching input and output artifact names have to be defined to transition between stages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a transition in AWS Pipeline?

A

Connects stages in pipeline. Can be disabled which halts the pipeline but can be resumed afterwards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Are build and deploy actions required in AWS Pipelineß

A

If a build provider is NOT selected then a deployment provider has to be selected.
If a build provider is selected, then the deployment provider is optional.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How to invoke a pipeline?

A

In CodePipeline console: Select Release Change
AWS CLI:
aws codepipeline start-pipeline-execution –name SamplePipeline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How to retry a failed action in a pipeline?

A

Either use the console or CLI:
aws codepipeline retry-stage-execution

Fails, if retry is in progress
Other actions in the same stage have not completed
Pipeline itself has changed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How to create a cross-account pipeline?

A

pipeline account: Contains the pipeline
target account: Account to deploy resources to

Pipeline account steps:

  1. Create an AWS Key Management Service (AWS KMS) key in the pipeline account, and apply it to the pipeline. This key encrypts artifacts that pass between stages, and you configure it to allow access to the target account in a later step. After you create the AWS KMS key, you apply a key policy that allows access to the key by both the AWS CodePipeline service role in the pipeline account and the Amazon Resource Name (ARN) of the target account.
  2. Apply a bucket policy to the Amazon S3 bucket for the pipeline. This policy must grant access to the bucket by the target account.
  3. Create a policy that allows the pipeline account to assume a role in the target account. You attach this policy to the AWS CodePipeline service role.

Target account steps:

  1. Create an IAM role that contains a trust relationship policy that allows the pipeline account to assume the role.
  2. Create an IAM policy that allows access to deploy to the pipeline’s resources. Attach this policy to the IAM role.
  3. Create an IAM policy that allows access to the Amazon S3 bucket in the pipeline account, and attach it to the IAM role. After completing the previous steps, revisions that pass through the pipeline account will be accessible by the target account.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is AWS CodeCommit?

A

AWS CodeCommit leverages the Git framework, and it is fully compatible with existing tooling. There are a number of benefits to this service, such as the following:

Automatic encryption in-transit and at rest.
Scaling to handle rapid release cycles and large repositories.
Access control to the repository using IAM users, IAM roles, and IAM policies. Hypertext Transfer Protocol Secure (HTTPS) and Secure Shell (SSH) connectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How to connect to CodeCommit via HTTPS?

A

To use AWS CodeCommit with HTTPS credentials, you must first add them to an IAM user with sufficient permissions to interact with the repository. To create Git credentials for your IAM user, you open the IAM console, and select the user who will need to authenticate to the AWS CodeCommit repository
via HTTPS.
AWS generates security credentials for the usernames and passwords, and they cannot
be set to custom values.
After you configure your Git CLI/application to use the repository’s HTTPS endpoint and the username/password, you will have access to the AWS CodeCommit repository.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How to connect to CodeCommit via SSH?

A

With SSH authentication, there is no need to install the AWS CLI to connect to your reposi- tory. However, you perform some additional configuration tasks.

Your IAM user must have the ability to manage their own SSH keys.
To accomplish this, you add the IAMUserSSHKeys managed policy to the account.
Scaling to handle rapid release cycles and large repositories.
For Windows users, install a bash emulator, such as Git Bash.
To configure SSH authentication to AWS CodeCommit repositories, follow these steps:
In the IAM console, select the user account you want to modify.

Upload the public SSH key on the Security Credentials tab.

Copy the SSH key identity (ID). This follows the form APKAEIGHANK3EXAMPLE.

Update the ~/.ssh/config file on your workstation to include these contents:
Host git-codecommit.*.amazonaws.com User YOUR_SSH_KEY_ID
IdentityFile YOUR_PRIVATE_KEY_FILE

To verify the configuration, test a simple SSH connection to the AWS CodeCommit endpoint, as shown here:
# Format: ssh git-codecommit.[REGION_CODE].amazonaws.com ssh git-codecommit.us-east-1.amazonaws.com
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Can you authenticate to CodeCommit via IAM credentials, as well?

A

It is also possible to authenticate to AWS CodeCom- mit with IAM credentials and the AWS CodeCommit credential helper. The credential helper translates IAM credentials to those that AWS CodeCommit can use to perform Git actions, such as to clone a repository or merge a pull request. To configure the credential helper on your workstation, do the following:
1. Install and configure the AWS CLI.
2. Install Git.
3. Configure Git to leverage the credential helper from the AWS CLI with these commands:
git config –global \
credential.helper ‘!aws codecommit credential-helper $@’
git config –global credential.UseHttpPath true
Once complete, HTTPS interactions with the AWS CodeCommit repository should work
as expected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which IDE support git CodeCommit authentication via git credentials and IAM?

A

AWS CodeCommit integrates automatically with any development tools that support IAM credentials. Additionally, after you set up HTTPS Git credentials, you are able to use any tools that support this authentication mechanism instead.
Examples of supported integrated development environment (IDE) include the following:
AWS Cloud9
Eclipse
IntelliJ
Visual Studio

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is a repository in CodeCommit?

A

This is the location where you store source code files, track revisions, and merge contributions (commits). When you create a repository, it will contain an empty master branch by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Are there any CodeCommit events that trigger notifications via AWS SNS?

A 
AWS CodeCommit supports triggers via Amazon SNS, which you can use to leverage other AWS services for post-commit actions, such as firing a webhook with AWS Lambda after a commit is pushed to a development branch. To implement this, AWS CodeCommit uses AWS CloudWatch Events. You create event rules that trigger for each of the event types that you select in AWS CodeCommit. Event types that will fire notifications include the following:
Pull Request 
Update Events 
Create a Pull Request
Close a Pull Request
Update Code in a Pull Request 
Title or Description Changes 
Pull Request Comment Events 
Commit Comment Events 
Comments on Code Changes 
Comments on Files in a Commit 
Comments on the Commit Itself
29
Q

Are repository Triggers the same as repository notifications?

A

Repository triggers are not the same as notifications, as the events that fire each differ greatly. Use repository triggers to send notifications to Amazon SNS or AWS Lambda during these events:
Push to Existing Branch
Create a Branch or Tag
Delete a Branch or Tag

Triggers are similar in functionality to webhooks used by other Git providers, like GitHub.
You can use triggers to perform automated tasks such as to start external builds, to notify administrators of code pushes, or to perform unit tests.
There are some restrictions on how to configure triggers.

The trigger destination, Amazon SNS or AWS Lambda, must exist in the same AWS region as the repository.

If the destination is Amazon SNS in another AWS account, the Amazon SNS topic must have a policy that allows notifications from the account that contains the repository.

30
Q

Is Cross-Account Access possible with CodeCommit?

A

In some situations, the repository that contains the application source code may be located in a separate AWS account from the IAM user/role attempting to access it. In these situations, there are several steps that you must perform in the repository account and the user account.

Repository Account Actions

  1. Create a policy for access to the repository. This policy should allow users in the user account to access one or more specific repositories, as well as (optionally) to view a list of all repositories.
  2. Attach this policy to a role in the same account, and allow users in the user account to assume this role.

User Account Actions

  1. Create an IAM user or IAM group. This user or group will be able to access the repository after the next step.
  2. Assign a policy to the user or group that allows them to assume the role created in the repository account as part of the previous steps.

Once these steps are complete, the IAM user will first need to assume the cross-account
role before you attempt to clone or otherwise access the repository.

You adjust the AWS credentials file ~/.aws/config (Linux/macOS) or drive:\Users\username.aws\config (Windows). A profile will be added to this config file that specifies the cross-account role to assume.

[profile MyCrossAccountProfile]
region = US East (Ohio) role_arn=arn:aws:iam:111122223333:role/MyCrossAccountContributorRole source_profile=default

Lastly, you need to modify the AWS CLI credential helper so that you use MyCrossAccountProfile.

git config –global credential.helper \
‘!aws codecommit credential-helper –profile MyCrossAccountProfile $@’

From this point, the IAM user in the user account will be able to clone and interact with the repository in the repository account.

31
Q

What are Pull Requests in CodeCommit?

A

Pull requests are the primary vehicle on which you review and merge code changes between branches. Unlike branch merging, pull requests allow multiple users to comment on changes before they merge with the destination branch. The typical workflow of a pull request is as follows:

  1. Create a new branch off the default branch for the feature or bug fix.
  2. Make changes to the branch files, commit, and push to the remote repository.
  3. Create a pull request for the changes to integrate them with the default branch, as shown in Figure 7.8.
  4. Other users can review the changes in the pull request and provide comments, as shown in Figure 7.9.
  5. You can push any additional changes from user feedback to the same branch to include them in the pull request.
  6. Once all reviewers provide approval, the pull request merges into the default branch and closes. You can close pull requests when you merge the branches locally or when you close the request via the AWS CodeCommit console or the AWS CLI.
32
Q

What are commits in CodeCommit?

A

Commits are point-in-time changes to contents of files in a repository. A commit is not a new copy of the file, but it is instead a way to track changes in the line(s) in a file, by whom, and when. When you push a commit to the repository, AWS CodeCommit tracks the following file changes:
Author Name
Author Email
Commit Message

33
Q

In what ways can commits be executed for CodeCommit?

A

Commits to a repository in AWS CodeCommit can be made in one of two ways. The most common workflow is to use the Git CLI and update the repository using git push. The AWS CLI supports the aws codecommit put-file action, which allows you to update a file on the repository with a local copy and specify a branch, parent commit, and message.
aws codecommit put-file –repository-name MyDemoRepo \ –branch-name feature-branch \
–file-content file://MyDirectory/ExampleFile.txt \ –file-path /solutions/ExampleFile.txt \ –parent-commit-id 11112222EXAMPLE \
–name “Developer” \
–email developer@myexamplesite.com \ –commit-message “Fixed a bug”

34
Q

What are branches in CodeCommit?

A

Branches are ways to separate and organize groups of commits. This allows developers to organize work in a meaningful fashion, separating changes into logical groups based on the feature or bug-fix being developed.

35
Q

How to migrate a git repo to CodeCommit?

A

The first step is to create the AWS CodeCommit repository (via either the AWS Management Console or the AWS CLI or AWS SDK). After you create the repository, clone the project to a local workstation. To push this repository to AWS CodeCommit, set the repository’s remote to the AWS CodeCommit repository’s HTTPS or SSH URL.

git push \ https://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyClonedRepository \ –all

If you need to push any tags to the new repository, run the following code:

git push \ https://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyClonedRepository \ –tags

36
Q

How to migrate unversioned content to CodeCommit?

A

Run git commit -m ‘Initial Commit’ to generate a commit. Lastly, push the commit to AWS CodeCommit with git push https://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyFirstRepo –all.

37
Q

How to migrate incrementelly to CodeCommit?

A

For large repositories, you can migrate in incremental steps and push many smaller files. This prevents any network issues that may cause the entire push to fail. If any smaller commit fails, it is a trivial matter to restart it when you compare it to a single, mono- lithic commit.
Additionally, when you push large repositories, AWS recommends that you use SSH over HTTPS, as there is a chance that the HTTPS connection may terminate because of various network or firewall issues.

38
Q

What if a project requires versioning of large binary files?

A

Instead of storing binary files in AWS CodeCommit, add an additional Amazon S3 source action to the AWS pipeline. If you store large binary files in Amazon S3, you can reduce the overall cost and development time because of the reduction of time it takes to push/pull commits. Since Amazon S3 already supports versioning (and requires it for use with AWS CodePipeline), changes to binary objects will still be tracked so that rollbacks are straightforward.

39
Q

What is AWS CodeDeploy?

A

AWS CodeDeploy standardizes and automates deployments of any types of content or configuration to Amazon EC2 instances, on-premises servers, or AWS Lambda functions. Be- cause of its flexibility, it is not restricted to deploy only application code, and it can perform various administrative tasks that are part of your deployment process. Additionally, you can create custom deployment configurations tailored to your specific infrastructure needs.

40
Q

How are deployment failures handled within CodeDeploy?

A

Should deployments fail in your environment, you can configure AWS CodeDeploy with a predetermined failure tolerance. Once this tolerance is breached, deployment will automatically roll back to the last version that works.

41
Q

What are the main CodeDeploy concepts?

A 
Revision
Deployment
Deployment Group
Deployment Configuration
Application
CodeDeploy Agent
42
Q

What is revision in CodeDeploy?

A

A revision is an artifact that contains both application files to deploy and an AppSpec con- figuration file. Application files can include compiled libraries, configuration files, installation packages, static media, and other content. The AppSpec file specifies what steps AWS CodeDeploy will follow when it performs deployments of an individual revision.
A revision must contain any source files and scripts to execute on the target instance inside a root directory. Within this root directory, the appspec.yml file must exist at the topmost level and not in any subfolders.

Also for Lambda:
When a code revision is ready to deploy, you package it into an archive file and store it in one of these three repositories:
Amazon S3 
GitHub 
Bitbucket

When you use GitHub or Bitbucket, the source code does not need to be a .zip archive, as AWS CodeDeploy will package the repository contents on your behalf. Amazon S3, however, requires a .zip archive file.

43
Q

What is a revision in CodeDeploy when deploying to Lambda?

A

When you deploy to AWS Lambda, a revision contains only the AppSpec file. It contains information about the functions to deploy, as well as the steps to validate that the deployment was successful.

44
Q

What is a deployment in CodeDeploy?

A

A deployment is the process of copying content and executing scripts on instances in your deployment group.

45
Q

What types of deployments are supported by CodeDeploy?

A

in-place

blue/green

46
Q

What part do Rollbacks play in CodeDeploy deployments?

A

AWS CodeDeploy achieves automatic rollbacks by redeploying the last working revision to any instances in the deployment group (this will generate a new deployment ID). If you do not configure automatic rollbacks for the application, you can perform a manual rollback by redeploying a previous revision as a new deployment. This will accomplish the same result as an automatic rollback.
During the rollback process, AWS CodeDeploy will attempt to remove any file(s) that were created on the instance during the failed deployment. A record of the created files is kept in the location on your instances.

Linux: /opt/codedeploy-agent/deployment-root/deployment-instructions/ [deployment-group-id]-cleanup

Windows: C:\ProgramData\Amazon\CodeDeploy\deployment-instructions\ [deployment-group-id]-cleanup

The AWS CodeDeploy agent that runs on the instance will reference this cleanup file as a record of what files were created during the last deployment.

AWS CodeDeploy tracks cleanup files; however, script executions are not tracked. Any configuration or modification to the instance that is done by scripts run on your instance cannot be rolled back automatically by AWS CodeDeploy. As an administrator, you will be responsible for implementing logic in your deployment scripts to ensure that the desired state is reached during deployments and rollbacks.

47
Q

How to test whether a revision will successfully deploy in CodeDeploy?

A

use the codedeploy-local command in the AWS CodeDeploy agent. This command will search the execution path for an AppSpec file and any content to deploy. If this is found, the agent will attempt a deployment on the instance and provide feedback on the results. This provides a useful alternative to executing the full workflow when you want simply to validate the deployment package.
The following example command attempts to perform a local deployment of an archive file located in Amazon S3:

codedeploy-local –bundle-location s3://mybucket/bundle.tgz –type tgz

48
Q

What is a Deployment Group in CodeDeploy?

A

A deployment group designates the Amazon EC2 on-premises instances that a revision deploys. When you deploy to AWS Lambda functions, this specifies what functions will deploy new versions. Deployment groups also specify alarms that trigger automatic rollbacks after a specified number or percentage of instances, or functions fail their deployment.

You can identify instances by individual tags or tag groups.

49
Q

What extras can be configured with a deployment group in CodeDeploy?

A

SNS Notifications: Any recipients that subscribe to the topic will receive notifications when deployment events occur. You must create the topic before you configure this notification, and the AWS CodeDeploy service role must have permission to publish mes- sages to the topic.

CloudWatch Alarms: You can configure alarms to trigger cancellation and roll- back of deployments whenever the metric has passed a certain threshold. For example, you could configure an alarm to trigger when CPU utilization exceeds a certain percentage for instances in an AWS Auto Scaling group. If this alarm triggers, the deployment automatically rolls back. For AWS Lambda deployments, you can configure alarms to monitor function invocation errors.

Automatic Rollback: You can configure rollbacks to initiate automatically when a deploy- ment fails or based on Amazon CloudWatch alarms. To test deployments, you can disable automatic rollbacks when you create a new deployment.

50
Q

How to configure an on-premises instance to work with CodeDeploy?

A

To configure an on-premises instance to work with AWS CodeDeploy, you must complete several tasks. Before you begin, you need to ensure that the instance has the ability to communicate with AWS CodeDeploy service endpoints over HTTPS (port 443). You will also need to create an IAM user that the instance assumes and has permissions to interact with AWS CodeDeploy.

Install the AWS CLI on the instance.
Configure the AWS CLI with an IAM user. Call the aws configure command, and specify the secret key ID and secret access key of the IAM user.
Register the instance with AWS CodeDeploy. Call the aws codedeploy register AWS CLI command from the on-premises instance. Provide a unique name with the –instance-name property. When you execute this command, include an IAM user to associate with the instance and tags to apply.
aws deploy register –instance-name AssetTag12010298EX \ –iam-user-arn arn:aws:iam::8039EXAMPLE:user/CodeDeployUser-OnPrem \ –tags Key=Name,Value=CodeDeloyDemo-OnPrem \
–region us-west-2
Register the instance with AWS CodeDeploy. Install the AWS CodeDeploy agent. Run the aws codedeploy install AWS CLI command. By default, it will install a basic configuration file with preconfigured settings. If you would like to override this, you can provide your own configuration file with the –config-file parameter. If you specify the –override-config parameter, this will override the current configuration file on the instance.
aws deploy install –override-config \ –config-file /tmp/codedeploy.onpremises.yml \ –region us-west-2

After you complete the previous steps, the instance will be available for deployments to the deployment group(s).

51
Q

How to configure CodeDeploy with EC2 Auto Scaling groups?

A

When you deploy to Amazon EC2 Auto Scaling groups, AWS CodeDeploy will automatically run the latest successful deployment on any new instances created when the group scales out. If the deployment fails on an instance, it updates to maintain the count of healthy in- stances.

You should combine your application deployments into one or consider the use of multiple Auto Scaling groups with smaller instance types.

52
Q

What is a Deployment Configuration in CodeDeploy?

A

It allows configure deployments to deploy to all instances in a deployment group at once or subgroups of instances at a time, or you can create an entire new group of instances (blue/green deployment). A deployment configuration also specifies the fault tolerance of deployments, so you can roll back changes if a specified number or percentage of instances or functions in your deployment group fail to complete their deployments and signal success back to AWS CodeDeploy.

53
Q

What are the deployment types for EC2 and on-premises instances?

A

In-Place deployments These deployments recycle currently running instances and deploy revisions on existing instances.

Blue/Green deployments These deployments replace currently running instances with sets of newly created instances.

In both scenarios, you can specify wait times between groups of deployed instances (batches). Additionally, if you register the deployment group with an elastic load balancer, newly deployed instances also register with the load balancer and are subject to its health checks.
The deployment configuration specifies success criteria for deployments, such as the minimum number of healthy instances that must pass health checks during the deployment process. This is done to maintain required availability during application updates

54
Q

What are the 3 built-in deployment configurations in CodeDeploy for EC2 and on-premises instances?
How are they affected by the chosen deployment type?

A

CodeDeployDefault.AllAtOnce:
For in-place deployments, AWS CodeDeploy will attempt to deploy to all instances in the deployment group at the same time. The success criteria for this deployment configuration requires that at least once instance succeed for the deployment to be successful. If all in- stances fail the deployment, then the deployment itself fails.
For blue/green deployments, AWS CodeDeploy will attempt to deploy to the entire set of replacement instances at the same time and follows the same success criteria as in-place deployments. Once deployment to the replacement instances succeeds (at least one instance deploys successfully), traffic routes to all replacement instances at the same time. The deployment fails only if all traffic routing to replacement instances fails.

CodeDeployDefault.HalfAtATime:
For in-place deployments, up to half of the instances in the deployment group deploy at the same time (rounded down). Success criteria for this deployment configuration requires that at least half of the instances (rounded up) deploy successfully.
Blue/green deployments use the same rules for the replacement environment, with the exception that the deployment will fail if less than half of the instances in the replacement environment successfully handle rerouted traffic.

CodeDeployDefault.OneAtATime:
For in-place and blue/green deployments, this is the most stringent of the built-in deployment configurations, as it requires all instances to deploy the new application revision successfully, with the exception of the final instance in the deployment. For deployment groups with only one instance, the instance must complete successfully for the deployment to complete.
For blue/green deployments, the same rule applies for traffic routing. If all but the last instance registers successfully, the deployment is successful (with the exception of single-instance environments, where it must register without error).

55
Q

How does deployment configuration work for Lambdas in CodeDeploy?

A

When you deploy to AWS Lambda, the deployment configuration specifies the traffic switching policy to follow, which stipulates how quickly to route requests from the original function versions to the new versions. You can configure AWS CodeDeploy to deploy instances only in a blue/green fashion. AWS Lambda does not support in-place deployments. This is because AWS CodeDeploy will deploy updates to new functions.
AWS CodeDeploy supports three methods for handling traffic switching in an AWS Lambda environment.

Canary:
Traffic shifts in two percentage-based increments. The first increment routes to the new function version, and it is monitored for the number of minutes you define. After this time period, the remainder of traffic routes to the new version if the initial increment of request executes.
AWS CodeDeploy provides a number of built-in canary-based deployment configurations, such as CodeDeployDefault.LambdaCanary10Percent15Minutes. If you use this deployment configuration, 10 percent of traffic shifts in the first increment and is monitored for 15 minutes. After this time period, the 90 percent of traffic that remains shifts to the new function version. You can create additional configurations as needed.

Linear:
Traffic can be shifted in a number of percentage-based increments, with a set number of minutes between each increment. During the waiting period between each increment, the requests routed to the new function versions must complete successfully for the deployment to continue.
AWS CodeDeploy provides a number of built-in linear deployment configurations, such as CodeDeployDefault.LambdaLinear10PercentEvery1Minute. With this configuration, 10 percent of traffic is routed to the new function version every minute, until all traffic is routed after 10 minutes.

All-at-Once:
All traffic is shifted at once to the new function versions.

56
Q

What is an Application in CodeDeploy?

A

An application is a logical grouping of a deployment group, revision, and deployment configuration. This serves as a reference to the entire set of objects needed to complete a deployment to your instances or functions.

It uses an AppSpec configuration file written in JSON or YAML.

57
Q

How does the AppSpec file work for EC2 and on-premises instances work in CodeDeploy?

A

For Amazon EC2 on-premises deployments, the AppSpec file must be YAML formatted
and follow the YAML specifications for spacing and indentation. You place the AppSpec file (appspec.yml) in the root of the revision’s source code directory structure (it cannot be in a subfolder).
When you deploy to Amazon EC2 on-premises instances, the AppSpec file defines the following:

A mapping of files from the revision and location on the instance
The permissions of files to deploy
Scripts to execute throughout the lifecycle of the deployment

The AppSpec file specifies scripts to execute at each stage of the deployment lifecycle. These scripts must exist in the revision for AWS CodeDeploy to call them successfully; however, they can call any other scripts, commands, or tools present on the instance. The AWS CodeDeploy agent uses the hooks section of the AppSpec file to reference which scripts must execute at specific times in the deployment lifecycle. When the deployment is at the specified stage (such as ApplicationStop), the AWS CodeDeploy agent will execute any scripts in that stage in the hooks section of the AppSpec file. All scripts must return an exit code of 0 to be successful.
For any files to place on the instance, the AWS CodeDeploy agent refers to the files section of the AppSpec file, where a mapping of files and directories in the revision dictates where on the instance these files reside and with what permissions

Example fo appspec.yml:
version: 0.0 
os: linux 
files:
  - source: /
  destination: /var/www/html/WordPress
hooks: 
  BeforeInstall:
    - location: scripts/install_dependencies.sh 
    timeout: 300
    runas: root
  AfterInstall:
    - location: scripts/change_permissions.sh
    timeout: 300
    runas: root 
  ApplicationStart:
    - location: scripts/start_server.sh
    - location: scripts/create_test_db.sh
    timeout: 300
    runas: root 
ApplicationStop:
    - location: scripts/stop_server.sh 
    timeout: 300
    runas: root

In the previous example, the following events occur during deployment:
During the install phase of the deployment, all files from the revision (source: /) are
placed on the instance in the /var/www/html/WordPress directory.
The install_dependencies.sh script (located in the scripts directory of the revision)
executes during the BeforeInstall phase.
The change_permissions.sh script executes in the AfterInstall phase.
The start_server.sh and create_test_db.sh scripts execute in the ApplicationStart phase.
The stop_server.sh script executes in the ApplicationStop phase.

58
Q

High level structure of an EC2 & on-premises appspec.yml file for CodeDeploy:

A

version: 0.0
os: operating-system-name
files:
source-destination-files-mappings
permissions:
permissions-specifications
hooks:
deployment-lifecycle-event-mappings

version
Currently the only supported version number is 0.0.

os
The os section defines the target operating system of the deployment group. Either
windows or linux (Amazon Linux, Ubuntu, or Red Hat Enterprise Linux) is supported.

files
The files section defines the mapping of revision files and their location to deploy on-instance during the install lifecycle event. This section is not required if no files are being copied from the revision to your instance. The files section supports a list of source/
destination pairs.
files:
- source: source-file-location
destination: destination-file-location
The source key refers to a file or a directory’s local path within the revision (use / for all files in the revision). If source refers to a file, the file copies to destination, specified as the fully qualified path on the instance. If source refers to a directory, the directory contents copy to the instance.
permissions For any deployed files or directories, the permissions section specifies the permissions to apply to files and directories on the target instance. You can also apply permissions to files on the instance by AWS CodeDeploy using the files directive of the AppSpec configuration.

permissions:
- object: object-specification
pattern: pattern-specification except: exception-specification owner: owner-account-name group: group-name
mode: mode-specification acls:
- acls-specification context:
user: user-specification type: type-specification range: range-specification
type:
- object-type

Each object specification includes a set of files or directories to which the permissions will apply. You can select files based on a pattern expression and ignore them with a comma- delimited list in the except property. The owner, group, and mode properties correspond to their Linux equivalents. You can apply access control lists with the acls property, providing a list of user/group permissions assignments (such as u:ec2-user:rw). The context property is reserved for SELinux-enabled instances. This property corresponds to a set of context la- bels to apply to objects. Lastly, you use the type property to specify to which types of objects (file or directory) the specified permissions will apply.

hooks The hooks section specifies the scripts to run at each lifecycle event and under what
user context to execute them.
One or more scripts can execute for each lifecycle hook.
ApplicationStop Before the application revision downloads to the instance, this lifecycle event can stop any running services on the instance that would be affected by the update. It is important to note that, since the revision has not yet been downloaded, the scripts execute from the previous revision. Because of this, the ApplicationStop hook does not run on the first deployment to an instance.
DownloadBundle The AWS CodeDeploy agent uses this lifecycle event to copy application revision files to a temporary location on the instance.
Linux /opt/codedeploy-agent/deployment-root/[deployment-group-id]/ [deployment-id]/deployment-archive
Windows C:\ProgramData\Amazon\CodeDeploy[deployment-group-id]\ [deployment-id]\deployment-archive
This event cannot run custom scripts, as it is reserved for the AWS CodeDeploy agent.
BeforeInstall Use this event for any pre-installation tasks, such as to clear log files or to create backups.
Install This event is reserved for the AWS CodeDeploy agent.
AfterInstall Use this event for any post-installation tasks, such as to modify the
application configuration.
ApplicationStart Use this event to start any services that were stopped during the ApplicationStop event.
ValidateService Use this event to verify deployment completed successfully.
If your deployment group is registered with a load balancer, additional lifecycle events become available. These can be used to control certain behaviors as the instance is regis- tered or deregistered from the load balancer.
BeforeBlockTraffic Use this event to run tasks before the instance is deregistered from the load balancer.
BlockTraffic This event is reserved for the AWS CodeDeploy agent. AfterBlockTraffic Use this event to run tasks after the instance is deregistered from the
load balancer.
BeforeAllowTraffic Similar in concept to BeforeBlockTraffic, this event occurs before instances register with the load balancer.
AllowTraffic This event is reserved for the AWS CodeDeploy agent.
AfterAllowTraffic Similar in concept to AfterBlockTraffic, this event occurs after instances register with the load balancer.

hooks: deployment-lifecycle-event-name:
- location: script-location timeout: timeout-in-seconds runas: user-name
In the hooks section, the lifecycle name must match one of the previous event names, which are not reserved for the AWS CodeDeploy agent. The location property refers to
the relative path in the revision archive where the script is located. You can configure an optional timeout to limit how long a script can run before it is considered failed. (Note that this does not stop the script’s execution.) The maximum script duration is 1 hour (3,600 seconds) for each lifecycle event. Lastly, the runas property can specify the user to execute the script. This user must exist on the instance and cannot require a password.
Figure 7.20 displays lifecycle hooks and their availability for in-place deployments with and without a load balancer.

59
Q

High level structure of an Lambda appspec.yml or appspec.json file for CodeDeploy:

A

The high-level structure of an AWS Lambda deployment AppSpec file is as follows:
version: 0.0 resources:
lambda-function-specifications hooks:
deployment-lifecycle-event-mappings
version Currently the only supported version number is 0.0.
resources The resources section defines the AWS Lambda functions to deploy.
resources:
- name-of-function-to-deploy:
type: “AWS::Lambda::Function” properties:
name: name-of-lambda-function-to-deploy
alias: alias-of-lambda-function-to-deploy
currentversion: lambda-function-version-traffic-currently-points-to targetversion: lambda-function-version-to-shift-traffic-to
Name each function in the resources list both as the list item name and in the name property. The alias property specifies the function alias, which maps from the version specified in currentversion to the version specified in targetversion after the update deploys.
hooks The hooks section specifies the additional AWS Lambda functions to run at specific stages of the deployment lifecycle to validate success. The following lifecycle events support hooks in AWS Lambda deployments:
BeforeAllowTraffic For running any tasks prior to traffic shifting taking place AfterAllowTraffic For any tasks after all traffic shifting has completed
hooks:
- BeforeAllowTraffic: BeforeAllowTrafficHookFunctionName - AfterAllowTraffic: AfterAllowTrafficHookFunctionName

For any functions in the hooks section, the function is responsible for notifying AWS CodeDeploy of success or failure with the PutLifecycleEventHookExecutionStatus call API from within your validation function. Here’s an example for Node.js:
CodeDeploy the prepared validation test results. codedeploy.putLifecycleEventHookExecutionStatus(params, function(err, data) {
if (err) {
// Validation failed. callback('Validation test failed');
} else {
// Validation succeeded.
callback(null, 'Validation test succeeded');
} });
60
Q

What a CodeDeploy Agent in CodeDeploy?

A

The AWS CodeDeploy agent is responsible for driving and validating deployments on Amazon EC2 on-premises instances. The agent currently supports Amazon Linux (Amazon EC2 only), Ubuntu Server, Microsoft Windows Server, and Red Hat Enterprise Linux,
and it is available as an open source repository on GitHub (https://github.com/aws/ aws-codedeploy-agent).

When the agent installs, a codedeployagent.yml configuration file copies to the instances. You can use this file to adjust the behavior of the AWS CodeDeploy agent on instances throughout various deployments. This configuration file is stored in /etc/codedeploy- agent/conf on Linux instances and C:\ProgramData\Amazon\AWS CodeDeploy on Windows Server instances.
The most common settings are as follows:

max_revisions
Use this to configure how many application revisions to archive on an instance. If you are experiencing storage limitations on your instances, turn this value down and release some storage space consumed by the agent.

root_dir
Use this to change the default storage location for revisions, scripts, and archives. verbose Set this to true to enable verbose logging output for debugging purposes.

proxy_url
For environments that use an HTTP proxy, this specifies the URL and credentials to authenticate to the proxy and connect to the AWS CodeDeploy service.

61
Q

CodeDeploy in CodePipeline, what can be done?

A

AWS CodeDeploy can integrate automatically with AWS CodePipeline as a deployment action to deploy changes to Amazon EC2 on-premises instances or AWS Lambda functions. You can configure applications, deployment groups, and deployments directly in the AWS CodePipeline console when you create or edit a pipeline, or you can do this ahead of time with the AWS CodeDeploy console or the AWS CLI or AWS SDK.

62
Q

What is AWS CodeBuild?

A

AWS CodeBuild enables you to define the build environment to perform build tasks and the actual tasks that it will perform.

63
Q

What are the concepts of CodeBuild?

A

Build Projects
Build Environments
Builds

64
Q

How to create a Build Project in CodeBuild?

A
  1. Choose a source provider:
    AWS CodeBuild supports AWS CodeCommit, Amazon S3, GitHub, and BitBucket as source providers.
  2. Select a Build Environment:
    AWS CodeBuild provides preconfigured build environments for some operating systems, runtimes, and runtime versions, such as Ubuntu with Java 9.
  3. Configure the Build Specification:
    This can be done in one of two ways. You can insert build commands in the console or specify a buildspec.yml file in your source code. Both options are valid, but if you use a buildspec.yml file, you will see additional configuration options.

Every build project requires an IAM service role that is accessible by AWS CodeBuild. When you create new projects, you can automatically create a service role that you restrict to this project only. You can update service roles to work with up to 10 build projects
at a time.
Lastly, you can configure AWS CodeBuild to create build environments with connectivity to an Amazon Virtual Private Cloud (Amazon VPC) in your account. To do so, specify the Amazon VPC ID, subnets, and security groups to assign to the build environment. You can configure other settings when you create the build, such as to run the Docker daemon in privileged mode to build Docker images.
After you set the build project properties, you can select the compute type (memory and vCPU settings), any environment variables to pass to the build container, and tags to apply to the project.

65
Q

How does a buildspec.yml look for CodeBuild?

A

version: 0.2
env:
variables:
key: “value”
parameter-store:
key: “value”
phases:
install:
commands:
- command
pre_build:
commands:
- command
build:
commands:
- command
post_build:
commands:
- command
artifacts:
files:
- location
discard-paths: yes
base-directory: location
cache:
paths:
- path

Phases
The phases mapping specifies commands to run at each stage of the build job. When you specify build settings in the AWS CodeBuild console, AWS CLI, or AWS SDK, you are not able to separate commands into phases. With a build specifications file, you can separate commands into phases.

install
Commands to execute during installation of the build environment.

pre_build
Commands to be run before the build begins.

build
Commands to be run during the build.

post_build
Commands to be run after the build completes.

Artifacts
The artifacts mapping specifies where AWS CodeBuild will place output artifacts, if any. This is required only if your build job produces actual outputs. For example, unit tests would not produce output artifacts for later use in a pipeline. The files list specifies individual files in the build environment that will act as output artifacts. You can specify individual files, directories, or recursive directories. You can use discard-paths and base-directory to specify a different directory structure to package output artifacts.

Cache
If you configure caching for the build project, the cache map specifies which files to upload to Amazon S3 for use in subsequent builds.

66
Q

What is a Build Environment in CodeBuild?

A

A build environment is a Docker image with a preconfigured operating system, program- ming language runtime, and any other tools that AWS CodeBuild uses to perform build tasks and communicate with the service, along with other metadata for the environment, such as the compute settings. AWS CodeBuild maintains its own repository of preconfigured build environments. If these environments do not meet your requirements, you can use public Docker Hub images. Alternatively, you can use container images in Amazon Elastic Container Registry (Amazon ECR).

AWS CodeBuild Environments
AWS CodeBuild provides build environments for Ubuntu and Amazon Linux operating systems, and it supports the following:
Android 
Docker 
Golang 
Java 
Node.js 
PHP 
Python 
Ruby .
NET Core
Compute Type
BUILD_GENERAL1_SMALL BUILD_GENERAL1_MEDIUM BUILD_GENERAL1_LARGE
Memory vCPUs Disk Space
3 GB       2          64 GB
7 GB       4          128 GB
15 GB      8         128 GB

AWS CodeBuild provides several environment variables by default, such as AWS_REGION, CODEBUILD_BUILD_ID, and HOME.

67
Q

What are Builds in CodeBuild?

A

When you initiate a build, AWS CodeBuild copies the input artifact(s) into the build environment. AWS CodeBuild uses the build specification to run the build process, which includes any steps to perform and outputs to provide after the build completes. Build logs are made available to Amazon CloudWatch Logs for real-time monitoring.

68
Q

How to use CodeBuild within CodePipeline?

A

AWS CodePipeline enables you to build jobs for both build and test actions. Both action types require exactly one input artifact and may return zero or one output artifacts. When you create a build or test actions in your pipeline with your build projects, the only input that you require is the build project name. The AWS CodePipeline console also has the option to create new build projects when you create the action.

AWS Developer 2.0 (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions