CodeDeploy
we want to deploy our application automatically to many EC2 instances and we’re talking about hundreds of EC2 instances. So we have our V1 EC2 instances and we upgrade them to V2.
these instances are not managed by Elastic Beanstalk!!!! So everything we see with Elastic Beanstalk before there was one way to manage EC2 instances.
CodeDeploy instances
can be EC2 or or it can be an on premise machine runnning CodeDeploy agent. The agent is going to continuously poll for the AWS CodeDeploy service and ask it - do I have to deploy new stuff?
CodeDeploy will send the appspec.yml file and point to the application we pull from GitHub and S3 and EC2 will run the deployment instructions and CodeDeploy agent at the end of it will report whether or not
there was a success or a failure of the deployment on the instance.
appspec.yml has to be at the root of your source code
CodeDeploy EC2 instances are grouped by
by something called deployment group.
You can have dev, test, prod or just different segments.
You can integrate CodeDeploy with CodePipeline
and use the artifacts straight out of CodePipeline
CodeDeploy - for IAM profile you basically need to say
my EC2 instances must have the IAM role
necessary to pull the files from S3 and GitHub.
CodeDeploy appspec.yml (exam)
- File section: how to source and copy from S3 or GitHub to file system
- Hooks: instructions how to deploy new version
CodeDeploy appspec.yml (exam) Hooks order
- ApplicationStop (stop current version running)
- DownloadBundle (how do I download my new app)
- BeforeInstall (preparation before installation)
- AfterInstall (CleanUp?)
- ApplicationStart (how to start the app)
- ValidateService (perform helath check once started)
- BeforeAllowTraffic
- AllowTraffic
- AfterAllowTraffic
the order is important but not all of them are necessary
CodeDeploy Deployment Config
- How to deploy:
- one at a time and if one fails deployment stops or
- half at a time
- all at once, but then no healthy host, downtime, so good for dev
- your own configuration (for ex., with percentage) - Failures
- in case of deployment failures instances stay in failed state and when you re-deploy new deployment will first be deployed to failed instances
- you can enable automated rollback for failures - Deployment Targets
can be a set of EC2 instances with tags or an ASG or a mix of both
In Place Deployment
half at a time
Blue-Green Deployment
you have a load balancer. It’s attached to one auto scaling group of instances and then you’re going to create a new auto scaling group of instances and the load balancer is going to redirect to both these things
and then if everything succeed and they have instances, pass the health checks, then the first auto scaling group is deleted and the load balancer just talks to your V2.
there are 2 kinds of deployments in CodeDeploy (exam)
- in-place
2. blue-green
CodeDeploy Deployment to ASG (exam)
- in-place - the same as with EC2 instances, but in case your auto-scaling group does create instances during your deployment or afterwards, the auto-scaling group instances will automatically
get the deployment. - blue-green deployment: you will be having a new auto-scaling group created, and the settings will be copied over. And we can choose how long to keep the old instances. For the blue-green deployment to work,
we must be using an elastic load balancer on top of our auto-scaling group.
there is a way to specify automated rollback options in CodeDeploy. (exam)
you may wanna roll back when a deployment fails,
or you may want to roll back when a CloudWatch alarm is met and therefore something is wrong.
Or you can also disable rollbacks altogether and do not perform any rollbacks for any kind of deployments.
If somehow a rollback happens in CodeDeploy, (exam)
then CodeDeploy actually redeploys the last known
good revision as a new deployment.
So when a rollback happens, it’s actually a new deployment with the previous good known version.
And therefore, this new deployment will get a new version ID
CodeStar
an integrated solution that regroups all the bunch of CICD services we’ve seen. GitHub, CodeCommit for storing code, CodeBuild for billing the code, CodeDeploy, CloudFormation for deploying the code,
CodePipeline for handling the pipeline orchestration,
and CloudWatch.
a wrapper around everything and gives you a nice one stop dashboard for this. So it helps to create very quickly CICD-ready projects and that you can deploy them on EC2, on AWS Lambda, or on Elastic Beanstalk.
It supports many language.
there is an issue tracking integration that you can do with Jira if you use Jira in your enterprise, or GitHub Issues if you use GitHub as a source code repository.
CodeStar costs
It’s a free service.
You’re only going to pay for the underlying usage
of the other services,
CodeStar customization
And there is limited customization, so you cannot edit every single setting of every single underlying service.
It’s meant to be simple and get you started very quickly.
Which AWS Service helps you run automated test in your CICD?
CodeBuild
You are looking to automatically trigger a code analysis at each commit in CodeCommit to ensure your developers haven’t committed secret credentials. How can you achieve this?
set up AWS SNS / Lambda integration in CodeCommit
You want to send email alerts anytime pull requests are open or comments are added to commits in CodeCommit. You should use
CloudWatch Events
CodeCommit supports the following authentication
- IAM credentials helper with AWS CLI and git
- SSH keys in user profiles
- HTTPS credentials in user profiles
does not support HTTP public access
You want to give a colleague that has an IAM User in another AWS Account access to your CodeCommit repository. How should you achieve that?
set up an IAM role in your account and tell him to use STS cross-account access to assume this role
Your CodePipeline hasn’t deployed code to Elastic Beanstalk even though you’ve pushed code to your CodeCommit repository. It used to work 10 minutes ago. What reason is the most likely to explain that situation?
CodeBuild stage failed some tests
Your manager wants to receive emails when your CodePipeline fails in order to take action. How do you do it?
set up a cloudWatch Event rule
