Section 9: AWS CICD: CodeCommit, CodePipeline, CodeBuild, CodeDeploy Flashcards Preview

.๐’œ๐’ฒ๐’ฎ ๐’ž๐‘’๐“‡๐“‰๐’พ๐’ป๐’พ๐‘’๐’น ๐’Ÿ๐‘’๐“‹๐‘’๐“๐‘œ๐“…๐‘’๐“‡ > Section 9: AWS CICD: CodeCommit, CodePipeline, CodeBuild, CodeDeploy > Flashcards

Flashcards in Section 9: AWS CICD: CodeCommit, CodePipeline, CodeBuild, CodeDeploy Deck (81)
Loading flashcards...
1
Q

What does CI/CD stand for?

A

Continuous Integration / Continuous Delivery

2
Q

What does Continuous Integration look like?

A

A developer pushes code to online repository
A testing/build server checks the code as itโ€™s pushed
The developer gets feedback about the tests that have passed/failed

3
Q

What are the benefits of CI?

A

Find bugs early, fix bugs
Deliver faster as the code is tested
Deploy often
Happier developers

4
Q

What are the benefits of CD?

A

Shift away from โ€œone release every 3 monthsโ€ to โ€5 releases a dayโ€

5
Q

What does the development process look like when doing CICD?

A
Code
Build
Test
Deploy
Provision
6
Q

What is AWS CodeCommit?

A

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories.

7
Q

What is the size limit of CodeCommit repos?

A

No size limit

8
Q

With what CI tools can CodeCommit be integrated with?

A

AWS CodeBuild, Jenkins, other

9
Q

What authentication options are available to establish a connection to AWS CodeCommit from your workstation? (2)

A

SSH Keys

HTTPS

10
Q

How to setup SSH authentication to establish a connection to AWS CodeCommit?

A

By setting your public ssh-rsa key in your IAM user security credentials tab and creating a โ€œconfigโ€ file in your .ssh directory on your machine with the following content:

Host git-codecommit.*.amazonaws.com
User XXXXXXXXXXXXXXXXX
IdentityFile ~/.ssh/codecommit_rsa

Where โ€œXXXXXXXXXXXXXXXXXโ€ is your SSH key ID (provided by AWS when you upload your SSH public key) and โ€œcodecommit_rsaโ€ is the name of the file containing your private SSH key.

11
Q

How to setup HTTPS authentication to establish a connection to AWS CodeCommit?

A

By generating HTTPS git credentials in your IAM user security credentials tab and entering the username and password AWS provides you with in the Windows popup which will appear when doing your first git clone.

12
Q

Is there a distinction in the URL to use when using SSH or HTTPS when cloning from git?

A

Yes, HTTPS and SSH have different urls.

13
Q

What manages authorization in AWS CodeCommit?

A

IAM Policies manage user / roles rights to repositories

14
Q

Is there encryption in CodeCommit?

A

Yes, repos are automatically encrypted at rest using KMS and in transit (can only use HTTPS or SSH - both secure)

15
Q

How to provide cross-account access to your Git repositories in AWS CodeCommit?

A

Setup an IAM Role in your account and tell him to use STS cross-account access to assume that role (with AWS STS AssumeRole API)

16
Q

What is the difference between triggers and notifications in CodeCommit?

A

Triggers are triggered by branch creation, deletion, or pushes to an existing branch. They can publish (with custom data) to an SNS topic or call an AWS Lambda function directly

Notifications are triggered by CloudWatch Events and get published to SNS topics you define

17
Q

What is AWS CodePipeline?

A

AWS CodePipeline is a fully managed continuous delivery service. It automates the build, test, and deploy phases of your release process every time there is a code change.

18
Q

What are some deploy options in CodePipeline?

A

AWS CodeDeploy, Beanstalk, CloudFormation, ECS, etc.

19
Q

What are pipelines essentially made of?

A

Stages

20
Q

What are stages essentially made of?

A

Action groups

21
Q

What do action groups represent?

A

Parallel actions

22
Q

Can you have more than one action group per stage?

A

Yes

23
Q

In what order are action groups executed in a stage?

A

In sequence

24
Q

What sources are available in CodePipeline?

A

CodeCommit, GitHub, Amazon S3, Amazon ECR, Bitbucket

25
Q

What is the output of each stage in a CodePipeline?

A

Artifacts

26
Q

Where are artifacts stored?

A

In an S3 bucket

27
Q

Where do CodePipeline state changes events happen?

A

In AWS CloudWatch Events

28
Q

How to set up events for failed pipelines and cancelled stages?

A

By creating corresponding event rules in CloudWatch

29
Q

What will happen to the pipeline if a stage fails?

A

It will stop and you will get information in the console

30
Q

How to audit AWS API calls?

A

By using AWS CloudTrail

31
Q

What should you check if CodePipeline canโ€™t perform an action?

A

Make sure the IAM Service Role attached does have enough permissions (IAM Policy)

32
Q

What is AWS CodeBuild

A

A fully managed build service. An alternative to other build tools such as Jenkins.

33
Q

What does AWS CodeBuild leverages to get reproducible builds?

A

Docker

34
Q

What do you pay for when using AWS CodeBuild?

A

Pay for usage (time it takes to complete the builds)

35
Q

How does AWS CodeBuild scale (in regards to how the developer uses the service)?

A

Continuously (no servers to manage)

36
Q

What can you do if AWS doesnโ€™t provide you with a compatible Docker image for your project?

A

Provide your own

37
Q

Is CodeBuild secure?

A

Yes, it integrates with KMS for artifacts, IAM for build permissions, VPC for network and CloudTrail for API calls logging

38
Q

Where should build instructions be when using CodeBuild?

A

In a buildspec.yml file at the root of the source code

39
Q

Where can CodeBuild send logs?

A

To an S3 bucket

To AWS CloudWatch

40
Q

What can you use to detect failed builds and trigger notifications?

A

CloudWatch events

41
Q

What can you use if you need to set failure โ€œtresholdsโ€ and get notifications?

A

CloudWatch alarms

42
Q

How to troubleshoot your CodeBuild?

A

By looking at the logs in S3
By looking at the logs in CloudWatch
By reproducing CodeBuild locally (itโ€™s an available feature)

43
Q

Where can CodeBuild reside / be used?

A

Within a CodePipeline

Standalone

44
Q

What environment does CodeBuild support?

A
Java
Ruby
Python
Go
Node.js
Android
.NET Core
PHP
Docker: extend any environment you like
45
Q

What type of environment variables are available in CodeBuild?

A

Plaintext variables

SSM Parameter Store

46
Q

What are the four phases of a CodeBuild and what do they do?

A

Install (Install depencies)
Pre build (Cmds to execute before build)
Build (Actual build)
Post build (Cleanup, finishing touches)

47
Q

What to put in Artifacts section of buildspec.yml file?

A

Files to upload to S3

48
Q

What to put in Cache section of buildspec.yml file?

A

Files to cache to S3 (usually dependencies) for future build speedup

49
Q

What do you need in order to run CodeBuild locally?

A

Docker

CodeBuild Agent

50
Q

What is AWS CodeDeploy and what problem does it solve?

A

AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services.

51
Q

What is AWS CodeDeploy not built for?

A

Deploying to EB. EB is an end-to-end application management solution.

52
Q

What compute services can AWS CodeDeploy deploy code to?

A

Amazon EC2 instances and your on-premises servers

53
Q

What do machines (EC2/your on premise servers) need to be able to work with CodeDeploy?

A

The CodeDeploy Agent installed and running

54
Q

What is the CodeDeploy agent doing continuously?

A

Polling AWS CodeDeploy for work to do

55
Q

Where is the application pulled from by the compute services when a new version is ready to be installed? (2 options)

A

S3

GitHub

56
Q

When using AWS CodeDeploy, who runs the deployment instructions?

A

The machines installing the updates themselves

57
Q

What happens if a machine running the CodeDeploy agent fails to complete the deployment instructions it needed to do?

A

The CodeDeploy Agent will report it to AWS CodeDeploy

58
Q

What happens if a machine running the CodeDeploy agent succeeds in completing the deployment instructions it needed to do?

A

The CodeDeploy Agent will report it to AWS CodeDeploy

59
Q

Where must the deployment instructions be when using AWS CodeDeploy?

A

In an appspec.yml file located at the root level of the source code

60
Q

How to group instances in AWS CodeDeploy? (dev, prod, other)

A

By using deployment groups

61
Q

Does CodeDeploy work with any application?

A

Yes

62
Q

Does CodeDeploy support auto scaling integration?

A

Yes

63
Q

Does Blue/Green work with on premise machines?

A

No, only EC2 instances

64
Q

Does CodeDeploy provision resources?

A

No

65
Q

What are the primary components of AWS CodeDeploy?

A
Application
Compute platform (EC2/On premise or Lambda)
Deployment configuration (Rules for success/failure)
Deployment group (group of tagged instances)
Deployment type
IAM instance profile (Need to give EC2 permission to pull from S3/GitHub)
Application Revision (Application code + appspec.yml)
Service Role (Role for CodeDeploy to perform what it needs)
Target Revision (Target deployment application version)
66
Q

What consists of the deployment configuration of AWS CodeDeploy when deploying lambdas?

A

Deployment rules for success/failure

Specification about how traffic is routed to the updated Lamdba version

67
Q

What is present in an appspec.yml file?

A

File selection

Hooks

68
Q

What are hooks in AWS CodeDeploy

A

Set of instructions to do to deploy the new version

69
Q

What are the main hooks in AWS CodeDeploy

A
ApplicationStop
DownloadBundle
BeforeInstall
Install
AfterInstall
ApplicationStart
ValidateService
BeforeAllowTraffic
AllowTraffic
AfterAllowTraffic
70
Q

What hook in AWS CodeDeploy should be used to make sure our app is running correctly on its instance?

A

ValidateService

71
Q

What happens to instances that fail when using CodeDeploy until new deployment?

A

They stay in โ€œfailed stateโ€

72
Q

What instances are targetted first when deploying through CodeDeploy?

A

Instances which are in โ€œFailed stateโ€

73
Q

How โ€œfixโ€ instances in โ€œFailed stateโ€

A

Redeploy old deployment or enable automated rollback

74
Q

What are the available deployment targets when using CodeDeploy?

A

Set of EC2 instances with tags
Directly to an ASG (with a certain tag)
Mix of ASG/Tags

75
Q

How can you customize CodeDeploy scripts?

A

By using environment variables such as DEPLOYMENT_GROUP_NAME

76
Q

What is in place deployment when using CodeDeploy?

A

A certain percentage of the instances at a time get deregistered from the LB to perform their update/deployment and then get re-registered

77
Q

What is Blue/Green deployment when using CodeDeploy?

A

Similar to how Beanstalk does it. New instances get created and new version of the application is installed on those instances. DNS points to the new instances and the old instances get terminatted.

78
Q

What is CodeStar?

A

An integrated solution that regroups: GitHub, CodeCommit, CodeBuild, CodeDeploy, CloudFormation, CodePipeline, CloudWatch

79
Q

What is the pricing of CodeStar?

A

It is free, you only pay for the underlying resources

80
Q

What is Cloud9?

A

A web IDE provided by AWS. Not available in all regions.

81
Q

What does CodeStar help us with?

A

Quickly create CICD projects for EC2, Lambda, Beanstalk