CICD

Question 1

What 2 ways can you authenticate in Git using CodeCommit?

Answer 1

• SSH keys: AWS users can configure ssh keys in the IAM console
• HTTPS: Done through the AWS CLI Authentication Helper or Generating HTTPS credentials.

Question 2

How do you Authorize users to interact with your code in Git using CodeCommit?

Answer 2

• IAM Policies manage users/roles rights to repos.

Question 3

How are CodeCommit repos encrypted?

Answer 3

• Encrypted at REST using KMS

- Encrypted in transit using SSH or HTTPS

Question 4

How do you provide Cross Account access to your CodeCommit repos?

Answer 4

Use IAM role in your AWS account and use AWS STS with AssumedRole API.

Question 5

What 3 services does CodeCommit integrate with for notifications?

Answer 5

• SNS
• Lambda
• CloudWatch Event Rules

Question 6

What type of events would you use SNS/Lambda notification integration for in CodeCommit?

Answer 6

Branch events or action in the master branch

Question 7

What type of events would you use Cloudwatch Event Rules notification integration for in CodeCommit?

Answer 7

PR or commit comments

Question 8

What is Code Pipeline?

Answer 8

It is an orchestration tool to visualize your workflow from source, build, test and deployment

Question 9

What is a CodePipeline Artifact?

Answer 9

It is a file that is passed from one stage in the workflow to the next, stored in S3.

Question 10

What happens when CodePipeline state changes?

Answer 10

A Cloudwatch Event is triggered, which can create SNS notifications.

Question 11

What happens if CodePipeline fails a stage?

Answer 11

The pipeline stops and more information is available in the console.

Question 12

What could be the cause of CodePipeline being unable to perform an action?

Answer 12

The IAM Service Role assigned to the Pipeline does not have the correct permissions.

Question 13

How do you define build instructions for CodeBuild?

Answer 13

In a file called buildspec.yml at the root of the code

Question 14

How do you define secret variables in the buildspec.yml file?

Answer 14

Use SSM Parameter Store

Question 15

What are the 4 phases covered in the buildspec.yml file?

Answer 15

• Install
• PreBuild
• Build
• Post Build

Question 16

How can you improve CodeBuild buildspec performance?

Answer 16

Cache dependencies in an S3 Cache Bucket

Question 17

What do you need to run/debug CodeBuild locally?

Answer 17

CodeBuild Agent and Docker

Question 18

What is CodeDeploy used for?

Answer 18

Its used for deploying code to multiple EC2 instances

Question 19

What are the 6 steps to make CodeDeploy work?

Answer 19

• Run CodeDeploy Agent on each instance
• The Agent must continuously poll for CodeDeploy work.
• CodeDeploy will send the appspec.yml file to the Agent
• The application is pulled from Github or S3
• EC2 will run the deployment instructions
• Agent will report success/failed deployment on the instance

Question 20

Can you do Blue/Green deployments in CodeDeploy?

Answer 20

Yes, but only in EC2 instances, not on premise

Question 21

What are the sections of the appspec.yml file for CodeDeploy?

Answer 21

• File section that describes how to source and copy from Github/S3 to filesystem
• Hooks, which are a set of instructions to follow to deploy the new version.

Question 22

What is the correct order of the 6 Hooks for CodeDeploy?

Answer 22

• ApplicationStop
• DownloadBundle
• BeforeInstall
• AfterInstall
• ApplicationStart
• ValidateService

Question 23

What are the 4 possible Deployment Configs for CodeDeploy?

Answer 23

• One at a time
• Half at a time
• All at once
• Custom

Question 24

What is the behavior of a failed deployment in CodeDeploy?

Answer 24

The failed instance stays in the Failed state, and new deployments will be deployed to the failed instances first.

Question 25

What are the 4 possible Deployment targets for CodeDeploy?

Answer 25

• EC2 instances with tags
• Directly to Auto Scaling Group
• Mix of ASG/Tags so you can build deployment segments.
• Customization in scripts with DEPLOYMENT_GROUP_NAME env variables.