Chapter 7 Deployment as Code

Question 1

How to define CodePipeline workflow steps? In other words, what tools allow you to define the steps?

Answer 1

Visual editor via AWS Management Console or through JSON with CLI/SDK

Question 2

Can you change the name of a pipeline?

Answer 2

No, you must create a new one.

Question 3

What does the term ‘source revision’ refer to?

Answer 3

Change in source code triggers pipeline execution. The version of code in this scenario is the ‘source revision’.

Question 4

Name the types of ‘source revision’ sources for CodePipeline.

Answer 4

Git repositories and versioned S3 Buckets.

Question 5

What happens when an action fails in a CodePipeline?

Answer 5

The revision does not pass to the next stage.

Question 6

What is only stage which can contain source actions?

Answer 6

The first stage

Question 7

Every action in a stage must have…

Answer 7

a unique name.

Question 8

Approval actions in a CodePipeline expire in ____ days.

Answer 8

7

Question 9

Explain the ‘invoke’ action in CodePipeline

Answer 9

Lambda integration. Can be used for a wide variety of things like:

1. backing up data volumes, DBs, buckets
2. interact w/ 3rd party APIs
3. update IAM roles
4. Stage swap in Elastic Beanstalk (blue/green deployment)

Question 10

Explain the S3 artifact bucket used in CodePipeline

Answer 10

The input and output artifacts of each stage from from and are sent to an S3 artifact bucket. Refer to picture from chapter.

Question 11

Transitions

Answer 11

Point in pipeline where execution moves from one stage to the next. If a transition is disabled and multiple revision arrive at the transition, only the last one (most recent) will be allowed to proceed when the transition is re-enabled.

Question 12

Maximum artifact size for CodePipeline

Answer 12

256MB

Question 13

Available providers for deployment stage in CodePipeline

Answer 13

1. ECS
2. CloudFormation
3. CodeDeploy
4. Elastic Beanstalk
5. OpWorks Stacks

Question 14

Maximum size for Elastic Beanstalk deployment

Answer 14

512MB

Question 15

Can CodePipeline deploy across different accounts?

Answer 15

Yes, but if sourcing from S3, the bucket must pertain to pipeline account

Question 16

Example uses of repository triggers

Answer 16

1. Start external build
2. notify administrators of code push
3. perform unit tests

Question 17

In the case of sensitive values for build jobs, what is alternative to setting environment variables?

Answer 17

AWS Systems Manager Parameter Store. Using environment variables will result in plaintext appearing in CLI/Console/SDK

Question 18

buildspec.yml

Answer 18

provides the build specifications for projects in AWS CodeBuild

Question 19

phases of CodeBuild

Answer 19

1. install
2. pre_build
3. build`
4. post_build
5. artifacts (where to place artifacts)

Question 20

OS build environments available in CodeBuild

Answer 20

Amazon Linux and Ubuntu

Question 21

What is a ‘revision’ in the context of CodeDeploy?

Answer 21

Artifact that contains both the application files to deploy and an AppSpec configuration file.

• appSpec must be located at root
• for Lambda deployment, revision only contains AppSpec

Question 22

Lambda deployments only support ____ as the source repository

Answer 22

S3 Buckets

Question 23

When a code revision is ready to deploy, you 1.______ it into a/an 2. _____.

Answer 23

1. package

2. archive file (.zip)

Question 24

What are the two types of deployments supported by CodeDeploy?

Answer 24

1. In-place

2. blue/green

Question 25

How to handle failed deployments?

Answer 25

Configure automatic rollbacks in AWS CodeDeploy.

-This has added benefit of removing any successfully created files

Question 26

What is an issue with a stopped deployment, and how to you address it?

Answer 26

In the event of a stopped deployment, some instances will be in an undesired state (i.e. wrong/difference application version). You can effectively rollback by launching a new deployment with the previous revision.

Question 27

What is a limitation of the CodeDeploy rollback process?

Answer 27

Scripts executed on an instance cannot be rolled back. For these types of files, you must manually ensure that the instance is reverted to a proper state.

Question 28

How to test whether a revision will successfully deploy to an instance?

Answer 28

Use the codedeploy-local command in the CodeDeploy agent. The agent searches for an AppSpec file and attempts a deployment on the instance and provide feedback.

Question 29

What can be configured for a deployment group (CodeDeploy)?

Answer 29

1. SNS notifications
2. CloudWatch Alarms
3. Auto Rollbacks

Question 30

CodeDeploy Deployment Configurations

Answer 30

1. AllAtOnce: only 1 instance needs to succeed
2. HalfAtATime: only half of instances need to succeed
3. OneAtATime: all but final instance need to succeed

Question 31

CodeDeploy supports 3 methods for handling traffic switching in Lambda:

Answer 31

1. Canary: two percentage based increments
2. Linear: number of percentage based increments
3. All at Once

Question 32

Application (in context of CodeDeploy)

Answer 32

logical grouping of deployment group, revision, and deployment configuration.

Question 33

Main CodePipeline stages

Answer 33

build, test, deploy, invoke

Question 34

What is required for on prem EC2 deployments?

Answer 34

Installation of the CodeDeploy agent

Question 35

What is the credential helper?

Answer 35

Tool which allows access to CodeCommit repositories using IAM credentials (requires AWS CLI and proper Git configuration)

Question 36

Requirements for cross account pipeline

Answer 36

1. pipeline account must create KMS key available to both accounts
2. pipeline account must specify bucket policy for second account (grant access)
3. AWS CodePipeline IAM role must include policy that lets it assume role in other account
4. other account must have role assumed by pipeline account

Question 37

You have two AWS CodeDeploy applications that deploy to the same Amazon EC2 Auto Scaling group. The first deploys an e-commerce app, while the second deploys custom administration software. You are attempting to deploy an update to one application but cannot do so because another deployment is already in progress. You do not see any instances undergoing deployment at this time. What could be the cause of this?

Answer 37

If both deployment groups reference the same Auto Scaling group, a failure of the first group’s deployment can block the second until the deployment times out. Since the instance that failed deployment has been terminated from the Auto Scaling group, the AWS CodeDeploy agent is unable to provide results to the service.

Question 38

If a single pipeline contains multiple sources, such as an AWS CodeCommit repository and an Amazon S3 archive, under what circumstances will the pipeline be triggered?

Answer 38

When either a commit is pushed to the repository or the archive is updated, regardless of timing.

Question 39

T/F: AWS CodePipeline does not support multiple sources in the same pipeline.

Answer 39

False

Question 40

If you want to implement a deployment pipeline that deploys both source files and large binary objects to instance(s), how would you best achieve this while taking cost into consideration?

Answer 40

store the source files in AWS CodeCommit. Store the binary objects in an Amazon S3 archive.

Question 41

Why are blue/green deployments not considered a lowest cost option?

Answer 41

The original environment will be left intact, accruing charges until it is manually deleted.

Question 42

Compare rolling deployments with additional batches to immutable deployments.

Answer 42

Both are cost effective and have 100% availability. However, immutable deployments are faster because everything is deployed at once.

Question 43

Compare blue/green deployments to immutable deployments in the context of Elastic Beanstalk

Answer 43

Blue/green involves creating new environment and performing a CNAME swap (and terminating old environment)

Immutable uses same environment. A new temporary autoscaling group is added to environment and new instances are launched into the the temporary auto scaling group. After health checks, instances are transferred from the temp ASG into original one. Finally, old instances (and temp ASG) are terminated.

Question 44

How do you output build artifacts from AWS CodeBuild to AWS CodePipeline?

Answer 44

Specify artifact files in the buildspec.yml configuration file

Question 45

In what ways can pipeline actions be ordered in a stage?

Answer 45

series and parallel

Question 46

Can data passed to build projects using environment variables be encrypted or protected?

Answer 46

No, but this can be supported using other AWS products and services (SMPS)

Question 47

What is the only deployment type supported by on-premises instances?

Answer 47

in-place

Question 48

If your AWS CodeDeploy configuration includes creation of a file, nginx.conf, but the file already exists on the server (prior to the use of AWS CodeDeploy), what is the default behavior that will occur during deployment?

Answer 48

the deployment will fail