CICD

Question 1

What is Continuous Integration?

Answer 1

1. Developers to push the code to a repository
2. A testing/build server checks the code as soon as it’s pushed
3. The developer gets feedback about the tests and checks that have passed/failed

Question 2

What is Continuous Delivery?

Answer 2

• Ensure that the software can be released reliably whenever needed.
• Ensures deployments are automated, happen often and are quick

Question 3

How many repositories are you allowed to have in CodeCommit?

Answer 3

No size limit on repositories (scale seamlessly)

Question 4

How can you authenticate in CodeCommit?

Answer 4

o SSH Keys: AWS Users can use SSH public keys in their IAM Console.
o HTTPS: Done through the AWS CLI Authentication helper or Generating HTTPS credentials (user name and password)

Question 5

How can you add extra safety to CodeCommit?

Answer 5

Enabling MFA

Question 6

How works authorization in CodeCommit?

Answer 6

IAM Policies manage user / roles rights to repositories

Question 7

How is Encryption in CodeCommit?

Answer 7

o Repositories are automatically encrypted at rest using KMS

o Encrypted in transit (can only use HTTPS or SSH – both secure)

Question 8

How can you grant Cross Account access in CodeCommit?

Answer 8

o Do not share your SSH keys
o Do not share your AWS credentials
o Use IAM Role in your AWS Account and use AWS STS (with AssumeRole API)

Question 9

What can you use to trigger notifications in CodeCommit?

Answer 9

• You can trigger notifications in CodeCommit using
o SNS
o Lambda
o CloudWatch Event Rules

Question 10

What are the use cases for SNS / Lambda notifications in CodeCommit?

Answer 10

• Use cases for SNS / AWS Lambda notifications:
o Deletion of branches
o Trigger for pushes that happens in master branch
o Notify external Build System
o Trigger AWS Lambda function to perform codebase analysis (maybe credentials got committed in the code?)

Question 11

What are the use cases for CloudWatch Event Rules in CodeCommit?

Answer 11

• Use cases for CloudWatch Event Rules notifications:
o Trigger for pull request updates (created / updated / deleted / commented)
o Commit comment events
o CloudWatch Event Rules goes into an SNS topic

Question 12

How many files can you upload directly from the console to your CodeCommit repository?

Answer 12

You can’t upload more than 1 file directly from the AWS console to your repository.

Question 13

What is made of CodePipeline?

Answer 13

Made of stages

Question 14

What is compossed of a CodePipeline stage?

Answer 14

Each stage might have multiple action groups

Question 15

What are the CodePipeline stages?

Answer 15

There are some pre-defined stages like: Source / Build / Deploy. You can create your own stages

Question 16

How are CodePipeline stages action groups?

Answer 16

Action groups are sequential and contain actions

Question 17

What does contain a CodePipeline stage action?

Answer 17

name of the action and the action provider

Question 18

What are the CodePipeline stage action providers?

Answer 18

o	Source action integrations
o	Build action integrations
o	Test action integrations
o	Deploy action integrations
o	A manual approval
o	Invoke a Lambda function

Question 19

What can a pipeline stage create?

Answer 19

Each pipeline stage can create ”artifacts”

Question 20

How does CodePipeline manage the stage artifacts?

Answer 20

Artifacts are stored in Amazon S3 before they are passed on to the next stage

Question 21

What can you do to troubleshooting failed pipelines?

Answer 21

create CloudWatch Events, which can in return create SNS notifications

Question 22

If pipeline can’t perform an action, what you should do?

Answer 22

If Pipeline can’t perform an action, make sure the “IAM Service Role” attached does have enough permissions (IAM Policy)

Question 23

What is AWS alternative to Jenkins?

Answer 23

CodeBuild

Question 24

What you pay for in CodeBuild?

Answer 24

Pay for usage: the time it takes to complete the builds

Question 25

What leverages CodeBuild?

Answer 25

Leverages Docker under the hood for reproducible builds

Question 26

Where are build instructions defined in CodeBuild?

Answer 26

Build instructions can be defined in code (buildspec.yml)

Question 27

What ability can you leverage to troubleshoot CodeBuild in case of errors

Answer 27

to reproduce CodeBuild locally

Question 28

What can CodeBuild use to increase performance?

Answer 28

It can optionally use a S3 bucket to cache some artifacts to increase performance

Question 29

Where can you store CodeBuild logs?

Answer 29

S3, CloudWatch

Question 30

What you need to define in your code to use CodeBuild?

Answer 30

buildspec.yml file must be at the root of your code

Question 31

What can you define in your buildspec.yml file?

Answer 31

* Environment variables * Phases (specify commands to run) * Artifacts * Cache

Question 32

How can you define the environment variables in your buildspec.yml file?

Answer 32

o Plaintext variables | o Secure secrets: use SSM Parameter store

Question 33

What phases can you define in your buildspec.yml file?

Answer 33

1. Install: install dependencies you may need for your build 2. Pre build: final commands to execute before build 3. BUILD: actual build commands 4. Post build: finishing touches (zip output for example)

Question 34

What can you define in the section Artifacts in your buildspec.yml file?

Answer 34

What to upload to S3 (encrypted with KMS)

Question 35

What can you define in the section Cache in your buildspec.yml file?

Answer 35

Files to cache (usually dependencies) to S3 for future build speedup

Question 36

What you need to install to run CodeBuild locally?

Answer 36

Docker

Question 37

What is the range and default Timeout values of CodeBuild?

Answer 37

5 min < 1 hours < 8 hours

Question 38

What is the range and default Queued Timeout values of CodeBuild?

Answer 38

5 min < 8 hours < 8 hours

Question 39

How can CodeBuild access the resources in the VPC?

Answer 39

• By default, your CodeBuild containers are launched outside your VPC • Therefore, by default it cannot access resources in a VPC • You can specify a VPC configuration: o VPC ID o Subnet IDs o Security Group IDs • Then your build can access resources in your VPC (RDS, ElastiCache, EC2, ALB…) • Use cases: integration tests, data query, internal load balancers

Question 40

What option do you have for not storing secrets as plaintext in environment variables in CodeBuild?

Answer 40

environment variables can reference parameter store parameters or secrets manager secrets

Question 41

What is AWS alternative to Ansible, Terraform, Chef, Puppet?

Answer 41

CodeDeploy

Question 42

What resources are provisioned by CodeDeploy?

Answer 42

CodeDeploy does not provision resources, so you must create by yourself your EC2 instances, IAM roles, etc

Question 43

What must be running the CodeDeploy Agent?

Answer 43

Each EC2 Machine (or On-Premise machine) must be running the CodeDeploy Agent

Question 44

What are the tasks of the CodeDeploy Agent?

Answer 44

* The agent is continuously polling AWS CodeDeploy for work to do * CodeDeploy Agent will report of success / failure of deployment on the instance

Question 45

What are the CodeDeploy primary components?

Answer 45

* IAM instance profile/role * Service role * Application: unique name * Compute platform * Deployment group * Deployment type * Environment configuration * Deployment configuration * Application Revision * Target revision

Question 46

What you must create before configuring CodeDeploy components?

Answer 46

You must create two IAM roles: • IAM instance profile/role • Service role

Question 47

What is used for the created IAM instance role by CodeDeploy?

Answer 47

need to give EC2 the permissions to pull from S3 / GitHub

Question 48

What is used for the created Service Role by CodeDeploy?

Answer 48

Role for CodeDeploy to perform what it needs

Question 49

What are the CodeDeploy compute platforms?

Answer 49

o EC2/On-Premise o Lambda o ECS

Question 50

What is a CodeDeploy Deployment group?

Answer 50

set of EC2 instances where you are going to deploy. You must first tag your EC2 instance, something like environment -> dev, you can have whatever you want.

Question 51

What are the CodeDeploy deployment types?

Answer 51

o In-place deployment | o Blue/green deployment (does not work with On-prem instances)

Question 52

What are the CodeDeploy environment configuration options?

Answer 52

Any combination of: o ASGs o EC2 instances o On-prem instances

Question 53

What is defined by the Code Deploy deployment configuration?

Answer 53

How fast the app will be deployed and deployment rules for success / failures o EC2/On-Premise: you can specify the minimum number of healthy instances for the deployment. o AWS Lambda: specify how traffic is routed to your updated Lambda function versions.

Question 54

What are the CodeDeploy deployment configuration options?

Answer 54

- One at a time: one instance at a time, one instance fails => deployment stops - Half at a time: 50% - All at once: quick but no healthy host, downtime. Good for dev - Custom

Question 55

What is the composition of appspec.yml?

Answer 55

* File section: how to source and copy from S3 / GitHub to filesystem * Hooks: set of instructions to do to deploy the new version (hooks can have timeouts).

Question 56

What is the order of CodeDeploy hooks?

Answer 56

``` o ApplicationStop o DownloadBundle o BeforeInstall o Install o AfterInstall o ApplicationStart o ValidateService: really important o BeforeAllowTraffic o AllowTraffic o AfterAllowTraffic ```

Question 57

How does work CodeDeploy Blue/Green deployment type?

Answer 57

A new ASG with new version, similar to existing ASG with existing version and must be using an ELB

Question 58

Where does CodeDeploy try to deploy first?

Answer 58

New deployments will first be deployed to “failed state” instances

Question 59

When can you trigger automated rollbacks in CodeDeploy?

Answer 59

- when a deployment fails | - when alarm thresholds are met

Question 60

Can you disable CodeDeploy automated rollbacks?

Answer 60

You can disable rollbacks by specifying to not perform rollbacks for a specific deployment

Question 61

What is deployed by CodeDeploy when a rollback happens?

Answer 61

If a rollback happens, CodeDeploy redeploys the last known good revision as a new deployment, therefore a new version id.

Question 62

What is CodeStar?

Answer 62

CodeStar is an integrated solution that regroups: GitHub, CodeCommit, CodeBuild, CodeDeploy, CloudFormation, CodePipeline, CloudWatch

Question 63

How much do you pay for using CodeStar?

Answer 63

Free service, pay only for the underlying usage of other services

Question 64

What can be integrated CodeStar to?

Answer 64

* Issue tracking integration with: JIRA / GitHub Issues | * Ability to integrate with Cloud9 to obtain a web IDE (not all regions)