Section 9: AWS CICD: CodeCommit, CodePipeline, CodeBuild, CodeDeploy Flashcards
What does CI/CD stand for?
Continuous Integration / Continuous Delivery
What does Continuous Integration look like?
A developer pushes code to online repository
A testing/build server checks the code as itโs pushed
The developer gets feedback about the tests that have passed/failed
What are the benefits of CI?
Find bugs early, fix bugs
Deliver faster as the code is tested
Deploy often
Happier developers
What are the benefits of CD?
Shift away from โone release every 3 monthsโ to โ5 releases a dayโ
What does the development process look like when doing CICD?
Code Build Test Deploy Provision
What is AWS CodeCommit?
AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories.
What is the size limit of CodeCommit repos?
No size limit
With what CI tools can CodeCommit be integrated with?
AWS CodeBuild, Jenkins, other
What authentication options are available to establish a connection to AWS CodeCommit from your workstation? (2)
SSH Keys
HTTPS
How to setup SSH authentication to establish a connection to AWS CodeCommit?
By setting your public ssh-rsa key in your IAM user security credentials tab and creating a โconfigโ file in your .ssh directory on your machine with the following content:
Host git-codecommit.*.amazonaws.com
User XXXXXXXXXXXXXXXXX
IdentityFile ~/.ssh/codecommit_rsa
Where โXXXXXXXXXXXXXXXXXโ is your SSH key ID (provided by AWS when you upload your SSH public key) and โcodecommit_rsaโ is the name of the file containing your private SSH key.
How to setup HTTPS authentication to establish a connection to AWS CodeCommit?
By generating HTTPS git credentials in your IAM user security credentials tab and entering the username and password AWS provides you with in the Windows popup which will appear when doing your first git clone.
Is there a distinction in the URL to use when using SSH or HTTPS when cloning from git?
Yes, HTTPS and SSH have different urls.
What manages authorization in AWS CodeCommit?
IAM Policies manage user / roles rights to repositories
Is there encryption in CodeCommit?
Yes, repos are automatically encrypted at rest using KMS and in transit (can only use HTTPS or SSH - both secure)
How to provide cross-account access to your Git repositories in AWS CodeCommit?
Setup an IAM Role in your account and tell him to use STS cross-account access to assume that role (with AWS STS AssumeRole API)
What is the difference between triggers and notifications in CodeCommit?
Triggers are triggered by branch creation, deletion, or pushes to an existing branch. They can publish (with custom data) to an SNS topic or call an AWS Lambda function directly
Notifications are triggered by CloudWatch Events and get published to SNS topics you define
What is AWS CodePipeline?
AWS CodePipeline is a fully managed continuous delivery service. It automates the build, test, and deploy phases of your release process every time there is a code change.
What are some deploy options in CodePipeline?
AWS CodeDeploy, Beanstalk, CloudFormation, ECS, etc.
What are pipelines essentially made of?
Stages
What are stages essentially made of?
Action groups
What do action groups represent?
Parallel actions
Can you have more than one action group per stage?
Yes
In what order are action groups executed in a stage?
In sequence
What sources are available in CodePipeline?
CodeCommit, GitHub, Amazon S3, Amazon ECR, Bitbucket
What is the output of each stage in a CodePipeline?
Artifacts
Where are artifacts stored?
In an S3 bucket
Where do CodePipeline state changes events happen?
In AWS CloudWatch Events
How to set up events for failed pipelines and cancelled stages?
By creating corresponding event rules in CloudWatch
What will happen to the pipeline if a stage fails?
It will stop and you will get information in the console
How to audit AWS API calls?
By using AWS CloudTrail
What should you check if CodePipeline canโt perform an action?
Make sure the IAM Service Role attached does have enough permissions (IAM Policy)
What is AWS CodeBuild
A fully managed build service. An alternative to other build tools such as Jenkins.
What does AWS CodeBuild leverages to get reproducible builds?
Docker
What do you pay for when using AWS CodeBuild?
Pay for usage (time it takes to complete the builds)
How does AWS CodeBuild scale (in regards to how the developer uses the service)?
Continuously (no servers to manage)
What can you do if AWS doesnโt provide you with a compatible Docker image for your project?
Provide your own
Is CodeBuild secure?
Yes, it integrates with KMS for artifacts, IAM for build permissions, VPC for network and CloudTrail for API calls logging
Where should build instructions be when using CodeBuild?
In a buildspec.yml file at the root of the source code
Where can CodeBuild send logs?
To an S3 bucket
To AWS CloudWatch
What can you use to detect failed builds and trigger notifications?
CloudWatch events
What can you use if you need to set failure โtresholdsโ and get notifications?
CloudWatch alarms
How to troubleshoot your CodeBuild?
By looking at the logs in S3
By looking at the logs in CloudWatch
By reproducing CodeBuild locally (itโs an available feature)
Where can CodeBuild reside / be used?
Within a CodePipeline
Standalone
What environment does CodeBuild support?
Java Ruby Python Go Node.js Android .NET Core PHP Docker: extend any environment you like
What type of environment variables are available in CodeBuild?
Plaintext variables
SSM Parameter Store
What are the four phases of a CodeBuild and what do they do?
Install (Install depencies)
Pre build (Cmds to execute before build)
Build (Actual build)
Post build (Cleanup, finishing touches)
What to put in Artifacts section of buildspec.yml file?
Files to upload to S3
What to put in Cache section of buildspec.yml file?
Files to cache to S3 (usually dependencies) for future build speedup
What do you need in order to run CodeBuild locally?
Docker
CodeBuild Agent
What is AWS CodeDeploy and what problem does it solve?
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services.
What is AWS CodeDeploy not built for?
Deploying to EB. EB is an end-to-end application management solution.
What compute services can AWS CodeDeploy deploy code to?
Amazon EC2 instances and your on-premises servers
What do machines (EC2/your on premise servers) need to be able to work with CodeDeploy?
The CodeDeploy Agent installed and running
What is the CodeDeploy agent doing continuously?
Polling AWS CodeDeploy for work to do
Where is the application pulled from by the compute services when a new version is ready to be installed? (2 options)
S3
GitHub
When using AWS CodeDeploy, who runs the deployment instructions?
The machines installing the updates themselves
What happens if a machine running the CodeDeploy agent fails to complete the deployment instructions it needed to do?
The CodeDeploy Agent will report it to AWS CodeDeploy
What happens if a machine running the CodeDeploy agent succeeds in completing the deployment instructions it needed to do?
The CodeDeploy Agent will report it to AWS CodeDeploy
Where must the deployment instructions be when using AWS CodeDeploy?
In an appspec.yml file located at the root level of the source code
How to group instances in AWS CodeDeploy? (dev, prod, other)
By using deployment groups
Does CodeDeploy work with any application?
Yes
Does CodeDeploy support auto scaling integration?
Yes
Does Blue/Green work with on premise machines?
No, only EC2 instances
Does CodeDeploy provision resources?
No
What are the primary components of AWS CodeDeploy?
Application Compute platform (EC2/On premise or Lambda) Deployment configuration (Rules for success/failure) Deployment group (group of tagged instances) Deployment type IAM instance profile (Need to give EC2 permission to pull from S3/GitHub) Application Revision (Application code + appspec.yml) Service Role (Role for CodeDeploy to perform what it needs) Target Revision (Target deployment application version)
What consists of the deployment configuration of AWS CodeDeploy when deploying lambdas?
Deployment rules for success/failure
Specification about how traffic is routed to the updated Lamdba version
What is present in an appspec.yml file?
File selection
Hooks
What are hooks in AWS CodeDeploy
Set of instructions to do to deploy the new version
What are the main hooks in AWS CodeDeploy
ApplicationStop DownloadBundle BeforeInstall Install AfterInstall ApplicationStart ValidateService BeforeAllowTraffic AllowTraffic AfterAllowTraffic
What hook in AWS CodeDeploy should be used to make sure our app is running correctly on its instance?
ValidateService
What happens to instances that fail when using CodeDeploy until new deployment?
They stay in โfailed stateโ
What instances are targetted first when deploying through CodeDeploy?
Instances which are in โFailed stateโ
How โfixโ instances in โFailed stateโ
Redeploy old deployment or enable automated rollback
What are the available deployment targets when using CodeDeploy?
Set of EC2 instances with tags
Directly to an ASG (with a certain tag)
Mix of ASG/Tags
How can you customize CodeDeploy scripts?
By using environment variables such as DEPLOYMENT_GROUP_NAME
What is in place deployment when using CodeDeploy?
A certain percentage of the instances at a time get deregistered from the LB to perform their update/deployment and then get re-registered
What is Blue/Green deployment when using CodeDeploy?
Similar to how Beanstalk does it. New instances get created and new version of the application is installed on those instances. DNS points to the new instances and the old instances get terminatted.
What is CodeStar?
An integrated solution that regroups: GitHub, CodeCommit, CodeBuild, CodeDeploy, CloudFormation, CodePipeline, CloudWatch
What is the pricing of CodeStar?
It is free, you only pay for the underlying resources
What is Cloud9?
A web IDE provided by AWS. Not available in all regions.
What does CodeStar help us with?
Quickly create CICD projects for EC2, Lambda, Beanstalk
