AWS CodePipeline Cheat Sheet

• A fully managed continuous delivery service that helps you automate your release pipelines for application and infrastructure updates.
• You can easily integrate AWS CodePipeline with third-party services such as GitHub or with your own custom plugin.

Concepts

• • A pipeline defines your release process workflow, and describes how a new code change progresses through your release process.
  • A pipeline comprises a series of stages (e.g., build, test, and deploy), which act as logical divisions in your workflow. Each stage is made up of a sequence of actions, which are tasks such as building code or deploying to test environments.
    • Pipelines must have at least two stages. The first stage of a pipeline is required to be a source stage, and the pipeline is required to additionally have at least one other stage that is a build or deployment stage.
  • Define your pipeline structure through a declarative JSON document that specifies your release workflow and its stages and actions. These documents enable you to update existing pipelines as well as provide starting templates for creating new pipelines.
  • A revision is a change made to the source location defined for your pipeline. It can include source code, build output, configuration, or data. A pipeline can have multiple revisions flowing through it at the same time.
  • A stage is a group of one or more actions. A pipeline can have two or more stages.
  • An action is a task performed on a revision. Pipeline actions occur in a specified order, in serial or in parallel, as determined in the configuration of the stage.
    • You can add actions to your pipeline that are in an AWS Region different from your pipeline.
    • There are six types of actions
      • Source
      • Build
      • Test
      • Deploy
      • Approval
      • Invoke
  • When an action runs, it acts upon a file or set of files called artifacts. These artifacts can be worked upon by later actions in the pipeline. You have an artifact store which is an S3 bucket in the same AWS Region as the pipeline to store items for all pipelines in that Region associated with your account.
  • The stages in a pipeline are connected by transitions. Transitions can be disabled or enabled between stages. If all transitions are enabled, the pipeline runs continuously.
  • An approval action prevents a pipeline from transitioning to the next action until permission is granted. This is useful when you are performing code reviews before code is deployed to the next stage.

Features

• • AWS CodePipeline provides you with a graphical user interface to create, configure, and manage your pipeline and its various stages and actions.
  • A pipeline starts automatically (default) when a change is made in the source location, or when you manually start the pipeline. You can also set up a rule in CloudWatch to automatically start a pipeline when events you specify occur.
  • You can model your build, test, and deployment actions to run in parallel in order to increase your workflow speeds.
  • AWS CodePipeline can pull source code for your pipeline directly from AWS CodeCommit, GitHub, Amazon ECR, or Amazon S3.
  • It can run builds and unit tests in AWS CodeBuild.
  • It can deploy your changes using AWS CodeDeploy, AWS Elastic Beanstalk, Amazon ECS, AWS Fargate, Amazon S3, AWS Service Catalog, AWS CloudFormation, and/or AWS OpsWorks Stacks.
  • You can use the CodePipeline Jenkins plugin to easily register your existing build servers as a custom action.
  • When you use the console to create or edit a pipeline that has a GitHub source, CodePipeline creates a webhook. A webhook is an HTTP notification that detects events in another tool, such as a GitHub repository, and connects those external events to a pipeline. CodePipeline deletes your webhook when you delete your pipeline.
• As a best practice, when you use a Jenkins build provider for your pipeline’s build or test action, install Jenkins on an Amazon EC2 instance and configure a separate EC2 instance profile. Make sure the instance profile grants Jenkins only the AWS permissions required to perform tasks for your project, such as retrieving files from Amazon S3.
• AWS CodePipeline now supports Amazon VPC endpoints powered by AWS PrivateLink. This means you can connect directly to CodePipeline through a private endpoint in your VPC, keeping all traffic inside your VPC and the AWS network.
• You can view details for each of your pipelines, including when actions last ran in the pipeline, whether a transition between stages is enabled or disabled, whether any actions have failed, and other information. You can also view a history page that shows details for all pipeline executions for which history has been recorded. Execution history is retained for up to 12 months.

AWS CodePipelineLimits

• • Maximum number of total pipelines per Region in an AWS account is 300
  • Number of stages in a pipeline is minimum of 2, maximum of 10

AWS CodePipeline Pricing

• • You are charged per active pipeline each month. Newly created pipelines are free to use during the first 30 days after creation.

CI/CD for Containers: A Way Forward for Your DevOps Pipeline:

Validate Your Knowledge

Question 1

A company is using a combination of CodeCommit, CodeBuild, CodePipeline and CodeDeploy services for its continuous integration and continuous delivery (CI/CD) pipeline on AWS. They want someone to perform a code review before a revision is allowed into the next stage of a pipeline. If the action is approved, the pipeline execution resumes but if it is not then the pipeline execution will not proceed.

Which of the following is the MOST suitable solution to implement in this scenario?

1. Implement a manual approval actions configuration in CodePipeline. Send the approval request to an SNS Topic.
2. Remodel the pipeline using AWS Serverless Application Model (AWS SAM)
3. Implement a manual approval actions configuration in CodePipeline. Send the approval request to an SQS Queue.
4. Split the processes into different Task states using Step Functions. Use a Wait state to set a timeout for approval.

Show me the answer!

Correct Answer: 1

In AWS CodePipeline, you can add an approval action to a stage in a pipeline at the point where you want the pipeline execution to stop so that someone with the required AWS Identity and Access Management permissions can approve or reject the action.

If the action is approved, the pipeline execution resumes. If the action is rejected – or if no one approves or rejects the action within seven days of the pipeline reaching the action and stopping – the result is the same as an action failing, and the pipeline execution does not continue.

You might use manual approvals for these reasons:

– You want someone to perform a code review or change management review before a revision is allowed into the next stage of a pipeline.

– You want someone to perform manual quality assurance testing on the latest version of an application, or to confirm the integrity of a build artifact, before it is released.

– You want someone to review new or updated text before it is published to a company website.

You can configure an approval action to publish a message to an Amazon Simple Notification Service topic when the pipeline stops at the action. Amazon SNS delivers the message to every endpoint subscribed to the topic. You must use a topic created in the same AWS region as the pipeline that will include the approval action. When you create a topic, it is recommended that you give it a name that will identify its purpose, in formats such as tutorialsdojoManualApprovalPHL-us-east-2-approval.

Hence, the correct answer is to Implement a manual approval actions configuration in CodePipeline. Send the approval request to an SNS Topic. 

The option that says: Remodel the pipeline using AWS Serverless Application Model (AWS SAM) is incorrect because this service is just a framework for building serverless applications, not a replacement for a CI/CD pipeline.

The option that says: Implement a manual approval actions configuration in CodePipeline. Send the approval request to an SQS Queue is incorrect. Although setting up a manual approval is valid, the use of SQS is wrong because it doesn’t have an integration with manual approval actions. Use SNS instead to send the approval action emails to the recipient who will either approve or deny the action.

The option that says: Split the processes into different Task states using Step Functions. Use a Wait state to set a timeout for approval is incorrect as this would add unnecessary complexity to the CI/CD pipeline. The requirement in the scenario can be achieved using the built-in manual approval actions in CodePipeline.

References:
https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals.html
https://docs.aws.amazon.com/codepipeline/latest/userguide/actions.html

Note: This question was extracted from our AWS Certified Developer Associate Practice Exams.

For more AWS practice exam questions with detailed explanations, visit the Tutorials Dojo Portal:

Additional Training Materials: AWS CodePipeline Video Courses on Udemy

1. AWS CodeCommit CodeBuild CodeDeploy CodePipeline | Hands On

AWS CodePipeline Cheat Sheet References:

https://aws.amazon.com/codepipeline/features/?nc=sn&loc=2
https://aws.amazon.com/codepipeline/pricing/?nc=sn&loc=3
https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html
https://aws.amazon.com/codepipeline/faqs/?nc=sn&loc=5