Section 9: AWS CICD: CodeCommit, CodePipeline, CodeBuild, CodeDeploy

Question 1

What does CI/CD stand for?

Answer 1

Continuous Integration / Continuous Delivery

Question 2

What does Continuous Integration look like?

Answer 2

A developer pushes code to online repository
A testing/build server checks the code as it’s pushed
The developer gets feedback about the tests that have passed/failed

Question 3

What are the benefits of CI?

Answer 3

Find bugs early, fix bugs
Deliver faster as the code is tested
Deploy often
Happier developers

Question 4

What are the benefits of CD?

Answer 4

Shift away from “one release every 3 months” to ”5 releases a day”

Question 5

What does the development process look like when doing CICD?

Answer 5

Code
Build
Test
Deploy
Provision

Question 6

What is AWS CodeCommit?

Answer 6

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories.

Question 7

What is the size limit of CodeCommit repos?

Answer 7

No size limit

Question 8

With what CI tools can CodeCommit be integrated with?

Answer 8

AWS CodeBuild, Jenkins, other

Question 9

What authentication options are available to establish a connection to AWS CodeCommit from your workstation? (2)

Answer 9

SSH Keys

HTTPS

Question 10

How to setup SSH authentication to establish a connection to AWS CodeCommit?

Answer 10

By setting your public ssh-rsa key in your IAM user security credentials tab and creating a “config” file in your .ssh directory on your machine with the following content:

Host git-codecommit.*.amazonaws.com
User XXXXXXXXXXXXXXXXX
IdentityFile ~/.ssh/codecommit_rsa

Where “XXXXXXXXXXXXXXXXX” is your SSH key ID (provided by AWS when you upload your SSH public key) and “codecommit_rsa” is the name of the file containing your private SSH key.

Question 11

How to setup HTTPS authentication to establish a connection to AWS CodeCommit?

Answer 11

By generating HTTPS git credentials in your IAM user security credentials tab and entering the username and password AWS provides you with in the Windows popup which will appear when doing your first git clone.

Question 12

Is there a distinction in the URL to use when using SSH or HTTPS when cloning from git?

Answer 12

Yes, HTTPS and SSH have different urls.

Question 13

What manages authorization in AWS CodeCommit?

Answer 13

IAM Policies manage user / roles rights to repositories

Question 14

Is there encryption in CodeCommit?

Answer 14

Yes, repos are automatically encrypted at rest using KMS and in transit (can only use HTTPS or SSH - both secure)

Question 15

How to provide cross-account access to your Git repositories in AWS CodeCommit?

Answer 15

Setup an IAM Role in your account and tell him to use STS cross-account access to assume that role (with AWS STS AssumeRole API)

Question 16

What is the difference between triggers and notifications in CodeCommit?

Answer 16

Triggers are triggered by branch creation, deletion, or pushes to an existing branch. They can publish (with custom data) to an SNS topic or call an AWS Lambda function directly

Notifications are triggered by CloudWatch Events and get published to SNS topics you define

Question 17

What is AWS CodePipeline?

Answer 17

AWS CodePipeline is a fully managed continuous delivery service. It automates the build, test, and deploy phases of your release process every time there is a code change.

Question 18

What are some deploy options in CodePipeline?

Answer 18

AWS CodeDeploy, Beanstalk, CloudFormation, ECS, etc.

Question 19

What are pipelines essentially made of?

Answer 19

Stages

Question 20

What are stages essentially made of?

Answer 20

Action groups

Question 21

What do action groups represent?

Answer 21

Parallel actions

Question 22

Can you have more than one action group per stage?

Answer 22

Yes

Question 23

In what order are action groups executed in a stage?

Answer 23

In sequence

Question 24

What sources are available in CodePipeline?

Answer 24

CodeCommit, GitHub, Amazon S3, Amazon ECR, Bitbucket

Question 25

What is the output of each stage in a CodePipeline?

Answer 25

Artifacts

Question 26

Where are artifacts stored?

Answer 26

In an S3 bucket

Question 27

Where do CodePipeline state changes events happen?

Answer 27

In AWS CloudWatch Events

Question 28

How to set up events for failed pipelines and cancelled stages?

Answer 28

By creating corresponding event rules in CloudWatch

Question 29

What will happen to the pipeline if a stage fails?

Answer 29

It will stop and you will get information in the console

Question 30

How to audit AWS API calls?

Answer 30

By using AWS CloudTrail

Question 31

What should you check if CodePipeline can’t perform an action?

Answer 31

Make sure the IAM Service Role attached does have enough permissions (IAM Policy)

Question 32

What is AWS CodeBuild

Answer 32

A fully managed build service. An alternative to other build tools such as Jenkins.

Question 33

What does AWS CodeBuild leverages to get reproducible builds?

Answer 33

Docker

Question 34

What do you pay for when using AWS CodeBuild?

Answer 34

Pay for usage (time it takes to complete the builds)

Question 35

How does AWS CodeBuild scale (in regards to how the developer uses the service)?

Answer 35

Continuously (no servers to manage)

Question 36

What can you do if AWS doesn’t provide you with a compatible Docker image for your project?

Answer 36

Provide your own

Question 37

Is CodeBuild secure?

Answer 37

Yes, it integrates with KMS for artifacts, IAM for build permissions, VPC for network and CloudTrail for API calls logging

Question 38

Where should build instructions be when using CodeBuild?

Answer 38

In a buildspec.yml file at the root of the source code

Question 39

Where can CodeBuild send logs?

Answer 39

To an S3 bucket

To AWS CloudWatch

Question 40

What can you use to detect failed builds and trigger notifications?

Answer 40

CloudWatch events

Question 41

What can you use if you need to set failure “tresholds” and get notifications?

Answer 41

CloudWatch alarms

Question 42

How to troubleshoot your CodeBuild?

Answer 42

By looking at the logs in S3
By looking at the logs in CloudWatch
By reproducing CodeBuild locally (it’s an available feature)

Question 43

Where can CodeBuild reside / be used?

Answer 43

Within a CodePipeline

Standalone

Question 44

What environment does CodeBuild support?

Answer 44

Java
Ruby
Python
Go
Node.js
Android
.NET Core
PHP
Docker: extend any environment you like

Question 45

What type of environment variables are available in CodeBuild?

Answer 45

Plaintext variables

SSM Parameter Store

Question 46

What are the four phases of a CodeBuild and what do they do?

Answer 46

Install (Install depencies)
Pre build (Cmds to execute before build)
Build (Actual build)
Post build (Cleanup, finishing touches)

Question 47

What to put in Artifacts section of buildspec.yml file?

Answer 47

Files to upload to S3

Question 48

What to put in Cache section of buildspec.yml file?

Answer 48

Files to cache to S3 (usually dependencies) for future build speedup

Question 49

What do you need in order to run CodeBuild locally?

Answer 49

Docker

CodeBuild Agent

Question 50

What is AWS CodeDeploy and what problem does it solve?

Answer 50

AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services.

Question 51

What is AWS CodeDeploy not built for?

Answer 51

Deploying to EB. EB is an end-to-end application management solution.

Question 52

What compute services can AWS CodeDeploy deploy code to?

Answer 52

Amazon EC2 instances and your on-premises servers

Question 53

What do machines (EC2/your on premise servers) need to be able to work with CodeDeploy?

Answer 53

The CodeDeploy Agent installed and running

Question 54

What is the CodeDeploy agent doing continuously?

Answer 54

Polling AWS CodeDeploy for work to do

Question 55

Where is the application pulled from by the compute services when a new version is ready to be installed? (2 options)

Answer 55

S3

GitHub

Question 56

When using AWS CodeDeploy, who runs the deployment instructions?

Answer 56

The machines installing the updates themselves

Question 57

What happens if a machine running the CodeDeploy agent fails to complete the deployment instructions it needed to do?

Answer 57

The CodeDeploy Agent will report it to AWS CodeDeploy

Question 58

What happens if a machine running the CodeDeploy agent succeeds in completing the deployment instructions it needed to do?

Answer 58

The CodeDeploy Agent will report it to AWS CodeDeploy

Question 59

Where must the deployment instructions be when using AWS CodeDeploy?

Answer 59

In an appspec.yml file located at the root level of the source code

Question 60

How to group instances in AWS CodeDeploy? (dev, prod, other)

Answer 60

By using deployment groups

Question 61

Does CodeDeploy work with any application?

Answer 61

Yes

Question 62

Does CodeDeploy support auto scaling integration?

Answer 62

Yes

Question 63

Does Blue/Green work with on premise machines?

Answer 63

No, only EC2 instances

Question 64

Does CodeDeploy provision resources?

Answer 64

No

Question 65

What are the primary components of AWS CodeDeploy?

Answer 65

Application
Compute platform (EC2/On premise or Lambda)
Deployment configuration (Rules for success/failure)
Deployment group (group of tagged instances)
Deployment type
IAM instance profile (Need to give EC2 permission to pull from S3/GitHub)
Application Revision (Application code + appspec.yml)
Service Role (Role for CodeDeploy to perform what it needs)
Target Revision (Target deployment application version)

Question 66

What consists of the deployment configuration of AWS CodeDeploy when deploying lambdas?

Answer 66

Deployment rules for success/failure

Specification about how traffic is routed to the updated Lamdba version

Question 67

What is present in an appspec.yml file?

Answer 67

File selection

Hooks

Question 68

What are hooks in AWS CodeDeploy

Answer 68

Set of instructions to do to deploy the new version

Question 69

What are the main hooks in AWS CodeDeploy

Answer 69

ApplicationStop
DownloadBundle
BeforeInstall
Install
AfterInstall
ApplicationStart
ValidateService
BeforeAllowTraffic
AllowTraffic
AfterAllowTraffic

Question 70

What hook in AWS CodeDeploy should be used to make sure our app is running correctly on its instance?

Answer 70

ValidateService

Question 71

What happens to instances that fail when using CodeDeploy until new deployment?

Answer 71

They stay in “failed state”

Question 72

What instances are targetted first when deploying through CodeDeploy?

Answer 72

Instances which are in “Failed state”

Question 73

How “fix” instances in “Failed state”

Answer 73

Redeploy old deployment or enable automated rollback

Question 74

What are the available deployment targets when using CodeDeploy?

Answer 74

Set of EC2 instances with tags
Directly to an ASG (with a certain tag)
Mix of ASG/Tags

Question 75

How can you customize CodeDeploy scripts?

Answer 75

By using environment variables such as DEPLOYMENT_GROUP_NAME

Question 76

What is in place deployment when using CodeDeploy?

Answer 76

A certain percentage of the instances at a time get deregistered from the LB to perform their update/deployment and then get re-registered

Question 77

What is Blue/Green deployment when using CodeDeploy?

Answer 77

Similar to how Beanstalk does it. New instances get created and new version of the application is installed on those instances. DNS points to the new instances and the old instances get terminatted.

Question 78

What is CodeStar?

Answer 78

An integrated solution that regroups: GitHub, CodeCommit, CodeBuild, CodeDeploy, CloudFormation, CodePipeline, CloudWatch

Question 79

What is the pricing of CodeStar?

Answer 79

It is free, you only pay for the underlying resources

Question 80

What is Cloud9?

Answer 80

A web IDE provided by AWS. Not available in all regions.

Question 81

What does CodeStar help us with?

Answer 81

Quickly create CICD projects for EC2, Lambda, Beanstalk