CodeCommit to the Bit
A company needs a version control system for their fast development lifecycle with incremental changes, version control, and support to existing Git tools.
Which AWS service will meet these requirements?
A. Amazon Versioned S3 Bucket
B. AWS CodePipeline
C. AWS CodeCommit
D. AWS CodeBuild
Correct Answer: C
Explanation: AWS CodeCommit is a fully-managed Source Control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. AWS CodeCommit helps you collaborate on code with teammates via pull requests, branching and merging. AWS CodeCommit keeps your repositories close to your build, staging, and production environments in the AWS cloud. You can transfer incremental changes instead of the entire application. AWS CodeCommit supports all Git commands and works with your existing Git tools. You can keep using your preferred development environment plugins, continuous integration/continuous delivery systems, and graphical clients with CodeCommit.
Which AWS service can be used to compile source code, run tests and also package code?
A. CodeDeploy
B. CodeCommit
C. CodeBuild
D. CodePipeline
Correct Answer: C
Explanation: CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
You have a Java-based application running on EC2 instances loaded with AWS CodeDeploy agents. You are considering different options for deployment, one is the flexibility that allows for incremental deployment of your new application versions and replaces existing versions in the EC2 instances. The other option is a strategy in which an Auto Scaling group is used to perform a deployment.
Which of the following options will allow you to deploy in this manner? (Select two)
A. Warm Standby Deployment
B. Blue/green Deployment
C. Pilot Light Deployment
D. In-place Deployment
E. Cattle Deployment
Correct Answers: B, D
Explanation:
In-place Deployment: The application on each instance in the deployment group is stopped, the latest application revision is installed, and the new version of the application is started and validated. You can use a load balancer so that each instance is deregistered during its deployment and then restored to service after the deployment is complete.
Blue/green Deployment: With a blue/green deployment, you provision a new set of instances on which CodeDeploy installs the latest version of your application. CodeDeploy then re-routes load balancer traffic from an existing set of instances running the previous version of your application to the new set of instances running the latest version. After traffic is re-routed to the new instances, the existing instances can be terminated.
Which AWS service can be used to fully automate your entire release process?
A. CodePipeline
B. CodeBuild
C. CodeDeploy
D. CodeCommit
Correct Answer: A
Explanation: AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.
Which of the following practices allows multiple developers working on the same application to merge code changes frequently, without impacting each other and enables the identification of bugs early on in the release process?
A. Continuous Deployment
B. Continuous Delivery
C. Continuous Development
D. Continuous Integration
Correct Answer: D
Explanation: Continuous Integration (CI) is the practice of merging all developers' working copies to a shared repository frequently, preferably several times a day. One of the key benefits of integrating regularly is that you can detect errors quickly and locate them more easily. As each change introduced is typically small, pinpointing the specific change that introduced a defect can be done quickly.
A company would like to migrate the existing application code from a GitHub repository to AWS CodeCommit.
As an AWS Certified Developer Associate, which of the following would you recommend for migrating the cloned repository to CodeCommit over HTTPS?
A. Use Git credentials generated from IAM
B. Use IAM Multi-Factor authentication
C. Use IAM user secret access key and access key ID
D. Use authentication offered by GitHub secure tokens
Correct Answer: A
Explanation: CodeCommit repositories are Git-based and support the basic functionalities of Git such as Git credentials. AWS recommends that you use an IAM user when working with CodeCommit. You can access CodeCommit with other identity types, but the other identity types are subject to limitations.
The simplest way to set up connections to AWS CodeCommit repositories is to configure Git credentials for CodeCommit in the IAM console, and then use those credentials for HTTPS connections. You can also use these same credentials with any third-party tool or individual development environment (IDE) that supports HTTPS authentication using a static user name and password.
An IAM user is an identity within your Amazon Web Services account that has specific custom permissions. For example, an IAM user can have permissions to create and manage Git credentials for accessing CodeCommit repositories. This is the recommended user type for working with CodeCommit. You can use an IAM user name and password to sign in to secure AWS webpages like the AWS Management Console, AWS Discussion Forums, or the AWS Support Center.
As a site reliability engineer, you work on building and running large-scale, distributed, fault-tolerant systems in the cloud using automation. You have just replaced the company's Jenkins based CI/CD platform with AWS CodeBuild and would like to programmatically define your build steps.
Which of the following options should you choose?
A. Define an appspec.yml file in the codebuild/ directory
B. Define a buildspec.yml file in the codebuild/ directory
C. Define an appspec.yml file in the root directory
D. Define a buildspec.yml file in the root directory
Correct Answer: D
Explanation: AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications.
Your web application architecture consists of multiple Amazon EC2 instances running behind an Elastic Load Balancer with an Auto Scaling group having the desired capacity of 5 EC2 instances. You would like to integrate AWS CodeDeploy for automating application deployment. The deployment should re-route traffic from your application's original environment to the new environment.
Which of the following options will meet your deployment criteria?
A. Opt for In-place deployment
B. Opt for Blue/Green deployment
C. Opt for Rolling deployment
D. Opt for Immutable deployment
Correct Answer: B
Explanation: A Blue/Green deployment is used to update your applications while minimizing interruptions caused by the changes of a new application version. CodeDeploy provisions your new application version alongside the old version before rerouting your production traffic. The behavior of your deployment depends on which compute platform you use:
AWS Lambda: Traffic is shifted from one version of a Lambda function to a new version of the same Lambda function.
Amazon ECS: Traffic is shifted from a task set in your Amazon ECS service to an updated, replacement task set in the same Amazon ECS service.
EC2/On-Premises: Traffic is shifted from one set of instances in the original environment to a replacement set of instances.
An AWS CodePipeline was configured to be triggered by Amazon CloudWatch Events. Recently the pipeline failed and upon investigation, the Team Lead noticed that the source was changed from AWS CodeCommit to Amazon Simple Storage Service (S3). The Team Lead has requested you to find the user who had made the changes.
Which service will help you solve this?
A. AWS CloudTrail
B. Amazon Inspector
C. Amazon CloudWatch
D. AWS X-Ray
Correct Answer: A
Explanation: AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.
An e-commerce company has implemented AWS CodeDeploy as part of its AWS cloud CI/CD strategy. The company has configured automatic rollbacks while deploying a new version of its flagship application to Amazon EC2.
What occurs if the deployment of the new version fails?
A. AWS CodePipeline promotes the most recent working deployment with a SUCCEEDED status to production
B. A new deployment of the last known working version of the application is deployed with a new deployment ID
C. CodeDeploy switches the Route 53 alias records back to the known good green deployment and terminates the failed blue deployment
D. The last known working deployment is automatically restored using the snapshot stored in Amazon S3
Correct Answer: B
Explanation: AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during deployment, and handles the complexity of updating your applications.
CodeDeploy rolls back deployments by redeploying a previously deployed revision of an application as a new deployment. These rolled-back deployments are technically new deployments, with new deployment IDs, rather than restored versions of a previous deployment.
To roll back an application to a previous revision, you just need to deploy that revision. AWS CodeDeploy keeps track of the files that were copied for the current revision and removes them before starting a new deployment, so there is no difference between redeploy and rollback. However, you need to make sure that the previous revisions are available for rollback.
An organization recently began using AWS CodeCommit for its source control service. A compliance security team visiting the organization was auditing the software development process and noticed developers making many git push commands within their development machines. The compliance team requires that encryption be used for this activity.
How can the organization ensure source code is encrypted in transit and at rest?
A. Enable KMS encryption
B. Use a git command line hook to encrypt the code client side
C. Use AWS Lambda as a hook to encrypt the pushed code
D. Repositories are automatically encrypted at rest
Correct Answer: D
Explanation: Data in AWS CodeCommit repositories is encrypted in transit and at rest. When data is pushed into an AWS CodeCommit repository (for example, by calling git push), AWS CodeCommit encrypts the received data as it is stored in the repository.
A developer in your company has configured a build using AWS CodeBuild. The build fails and the developer needs to quickly troubleshoot the issue to see which commands or settings located in the BuildSpec file are causing an issue.
Which approach will help them accomplish this?
A. SSH into the CodeBuild Docker container
B. Freeze the CodeBuild during its next execution
C. Run AWS CodeBuild locally using CodeBuild Agent
D. Enable detailed monitoring
Correct Answer: C
Explanation: AWS CodeBuild is a fully managed build service. There are no servers to provision and scale, or software to install, configure, and operate.
With the Local Build support for AWS CodeBuild, you just specify the location of your source code, choose your build settings, and CodeBuild runs build scripts for compiling, testing, and packaging your code. You can use the AWS CodeBuild agent to test and debug builds on a local machine.
Your AWS CodeDeploy deployment to T2 instances succeed. The new application revision makes API calls to Amazon S3 however the application is not working as expected due to authorization exceptions and you were assigned to troubleshoot the issue.
Which of the following should you do?
A. Fix the IAM permissions for the EC2 instance role
B. Fix the IAM permissions for the CodeDeploy service role
C. Enable CodeDeploy Proxy
D. Make the S3 bucket public
Correct Answer: A
Explanation: You should use an IAM role to manage temporary credentials for applications that run on an EC2 instance. When you use a role, you don't have to distribute long-term credentials (such as a user name and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they make calls to other AWS resources. In this case, make sure your role has access to the S3 bucket.
You have been hired at a company that needs an experienced developer to help with a continuous integration/continuous delivery (CI/CD) workflow on AWS. You configure the company’s workflow to run an AWS CodePipeline pipeline whenever the application’s source code changes in a repository hosted in AWS Code Commit and compiles source code with AWS Code Build. You are configuring ProjectArtifacts in your build stage.
Which of the following should you do?
A. Contact AWS Support to allow AWS CodePipeline to manage build outputs
B. Give AWS CodeBuild permissions to upload the build output to your Amazon S3 bucket
C. Configure AWS CodeBuild to store output artifacts on EC2 servers
D. Give AWS CodeCommit permissions to upload the build output to your Amazon S3 bucket
Correct Answer: B
Explanation: If you choose ProjectArtifacts and your value type is S3 then the build project stores build output in Amazon Simple Storage Service (Amazon S3). For that, you will need to give AWS CodeBuild permissions to upload.
You have a workflow process that pulls code from AWS CodeCommit and deploys to EC2 instances associated with tag group ProdBuilders. You would like to configure the instances to archive no more than two application revisions to conserve disk space.
Which of the following will allow you to implement this?
A. Have a load balancer in front of your instances
B. AWS CloudWatch Log Agent
C. CodeDeploy Agent
D. Integrate with AWS CodePipeline
Correct Answer: C
Explanation: The CodeDeploy agent is a software package that, when installed and configured on an instance, makes it possible for that instance to be used in CodeDeploy deployments. The CodeDeploy agent archives revisions and log files on instances. The CodeDeploy agent cleans up these artifacts to conserve disk space. You can use the :max_revisions: option in the agent configuration file to specify the number of application revisions to the archive by entering any positive integer. CodeDeploy also archives the log files for those revisions. All others are deleted, except for the log file of the last successful deployment.
Your organization has developers that merge code changes regularly to an AWS CodeCommit repository. Your pipeline has AWS CodeCommit as the source and you would like to configure a rule that reacts to changes in CodeCommit.
Which of the following options do you choose for this type of integration?
A. Use Lambda Event Rules
B. Use CloudTrail Event rules with Amazon Simple Email Service (SES)
C. Use Lambda function with Amazon Simple Notification Service (SNS)
D. Use CloudWatch Event Rules
Correct Answer: D
Explanation: Amazon CloudWatch Events is a web service that monitors your AWS resources and the applications you run on AWS. You can use Amazon CloudWatch Events to detect and react to changes in the state of a pipeline, stage, or action. Then, based on rules you create, CloudWatch Events invokes one or more target actions when a pipeline, stage, or action enters the state you specify in a rule.
An organization is moving its on-premises resources to the cloud. Source code will be moved to AWS CodeCommit and AWS CodeBuild will be used for compiling the source code using Apache Maven as a build tool. The organization wants the build environment to allow for scaling and running builds in parallel.
Which of the following options should the organization choose for their requirement?
A. Choose a high-performance instance type for your CodeBuild instances
B. CodeBuild scales automatically, the organization does not have to do anything for scaling or for parallel builds
C. Run CodeBuild in an Auto Scaling group
D. Enable CodeBuild Auto Scaling
Correct Answer: B
Explanation: AWS CodeBuild is a fully managed build service in the cloud. CodeBuild compiles your source code, runs unit tests, and produces artifacts that are ready to deploy. CodeBuild eliminates the need to provision, manage, and scale your own build servers. It provides prepackaged build environments for popular programming languages and build tools such as Apache Maven, Gradle, and more. You can also customize build environments in CodeBuild to use your own build tools. CodeBuild scales automatically to meet peak build requests.
As a site reliability engineer, you are responsible for improving the company’s deployment by scaling and automating applications. As new application versions are ready for production you ensure that the application gets deployed to different sets of EC2 instances at different times allowing for a smooth transition.
Using AWS CodeDeploy, which of the following options will allow you to do this?
A. CodeDeploy Agent
B. Define multiple CodeDeploy Applications
C. CodeDeploy Deployment Groups
D. CodeDeploy Hooks
Correct Answer: C
Explanation: You can specify one or more deployment groups for a CodeDeploy application. The deployment group contains settings and configurations used during the deployment. Most deployment group settings depend on the compute platform used by your application. Some settings, such as rollbacks, triggers, and alarms can be configured for deployment groups for any compute platform.
In an EC2/On-Premises deployment, a deployment group is a set of individual instances targeted for deployment. A deployment group contains individually tagged instances, Amazon EC2 instances in Amazon EC2 Auto Scaling groups, or both.
Your e-commerce company needs to improve its software delivery process and is moving away from the waterfall methodology. You decided that every application should be built using the best CI/CD practices and every application should be packaged and deployed as a Docker container. The Docker images should be stored in ECR and pushed with AWS CodePipeline and AWS CodeBuild.
When you attempt to do this, the last step fails with an authorization issue. What is the most likely issue?
A. The ECR repository is stale, you must delete and re-create it
B. CodeBuild cannot talk to ECR because of security group issues
C. The ECS instances are misconfigured and must contain additional data in /etc/ecs/ecs.config
D. The IAM permissions are wrong for the CodeBuild service
Correct Answer: D
Explanation: The IAM permissions are wrong for the CodeBuild service. You can push your Docker or Open Container Initiative (OCI) images to an Amazon ECR repository with the docker push command.
Amazon ECR users require permission to call ecr:GetAuthorizationToken before they can authenticate to a registry and push or pull any images from any Amazon ECR repository. Amazon ECR provides several managed policies to control user access at varying levels
A data analytics company with its IT infrastructure on the AWS Cloud wants to build and deploy its flagship application as soon as there are any changes to the source code.
As a Developer Associate, which of the following options would you suggest to trigger the deployment? (Select two)
A. Keep the source code in an AWS CodeCommit repository and start AWS CodePipeline whenever a change is pushed to the CodeCommit repository
B. Keep the source code in an Amazon S3 bucket and start AWS CodePipeline whenever a file in the S3 bucket is updated
C. Keep the source code in an Amazon S3 bucket and set up AWS CodePipeline to recur at an interval of every 15 minutes
D. Keep the source code in Amazon EFS and start AWS CodePipeline whenever a file is updated
E. Keep the source code in an Amazon EBS volume and start AWS CodePipeline whenever there are updates to the source code
Correct Answers: A, B
Explanation: AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define.
Using change detection methods that you specify, you can make your pipeline start when a change is made to a repository. You can also make your pipeline start on a schedule.
When you use the console to create a pipeline that has a CodeCommit source repository or S3 source bucket, CodePipeline creates an Amazon CloudWatch Events rule that starts your pipeline when the source changes. This is the recommended change detection method.
If you use the AWS CLI to create the pipeline, the change detection method defaults to starting the pipeline by periodically checking the source (CodeCommit, Amazon S3, and GitHub source providers only). AWS recommends that you disable periodic checks and create the rule manually.
You want users to receive an email notification whenever they push code to their AWS CodeCommit repositories. How can you configure this?
A. Configure a CloudWatch Events rule to send a message to SES which will trigger an email to be sent whenever a user pushes code to the repository
B. Configure Notifications in the AWS CodeCommit console, this will create a CloudWatch Events rule to send a notification to an Amazon SNS topic which will trigger an email to be sent to the user
C. Configure a CloudWatch Events rule to send a message to SQS which will trigger an email to be sent whenever a user pushes code to the repository
D. Create a new SNS topic and configure it to poll for CodeCommit events. Ask all your users subscribe to the topic to receive notifications
Correct Answer: B
Explanation: You can set up notification rules for a repository so that repository users receive emails about the repository event types you specify. Notifications are sent when events match the notification rule settings. You can create an Amazon SNS topic to use for notifications or use an existing one in your AWS account. You can use the CodeCommit console and the AWS CLI to configure notification rules.
You are working on a project that has over 100 dependencies. Every time your AWS CodeBuild runs a build step it has to resolve Java dependencies from external Ivy repositories which take a long time. Your manager wants to speed this process up in AWS CodeBuild.
Which of the following will help you do this with minimal effort?
A. Ship all the dependencies as part of the source code
B. Use Instance Store type of EC2 instances to facilitate internal dependency cache
C. Reduce the number of dependencies
D. Cache dependencies on S3
Correct Answer: D
Explanation: AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your build servers.
Downloading dependencies is a critical phase in the build process. These dependent files can range in size from a few KBs to multiple MBs. Because most of the dependent files do not change frequently between builds, you can noticeably reduce your build time by caching dependencies in S3.
A communication platform serves millions of customers and deploys features in a production environment on AWS via CodeDeploy. You are reviewing scripts for the deployment process located in the AppSpec file.
Which of the following options lists the correct order of lifecycle events?
A. ValidateService => BeforeInstall =>DownloadBundle => ApplicationStart
B. BeforeInstall => ValidateService =>DownloadBundle => ApplicationStart
C. DownloadBundle => BeforeInstall => ApplicationStart => ValidateService
D. BeforeInstall => ApplicationStart => DownloadBundle => ValidateService
Correct Answer: C
Explanation: AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications.
You can specify one or more scripts to run in a hook. Each hook for a lifecycle event is specified with a string on a separate line. Correct order of lifecycle events: https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html#reference-appspec-file-structure-hooks-run-order
An IT company leverages CodePipeline to automate its release pipelines. The development team wants to write a Lambda function that will send notifications for state changes within the pipeline.
As a Developer Associate, which steps would you suggest to associate the Lambda function with the event source?
A. Set up an Amazon CloudWatch alarm that monitors status changes in Code Pipeline and triggers the Lambda function
B. Use the CodePipeline console to set up a trigger for the Lambda function
C. Set up an Amazon CloudWatch Events rule that uses CodePipeline as an event source with the target as the Lambda function
D. Use the Lambda console to configure a trigger that invokes the Lambda function with CodePipeline as the event source
Correct Answer: C
Explanation: Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams.
You can use Amazon CloudWatch Events to detect and react to changes in the state of a pipeline, stage, or action. Then, based on rules you create, CloudWatch Events invokes one or more target actions when a pipeline, stage, or action enters the state you specify in a rule. For the given use-case, you can set up a rule that detects pipeline changes and invokes an AWS Lambda function.
You would like to have a one-stop dashboard for all the CI/CD needs of one of your projects. You don't need heavy control of the individual configuration of each component in your CI/CD, but need to be able to get a holistic view of your projects.
Which service do you recommend?
A. CodeBuild
B. CodePipeline
C. CodeStar
D. CodeDeploy
Correct Answer: C
Explanation: AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place. With AWS CodeStar, you can set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster. AWS CodeStar makes it easy for your whole team to work together securely, allowing you to easily manage access and add owners, contributors, and viewers to your projects. Each AWS CodeStar project comes with a project management dashboard, including an integrated issue tracking capability powered by Atlassian JIRA Software. With the AWS CodeStar project dashboard, you can easily track progress across your entire software development process, from your backlog of work items to teams’ recent code deployments.