MyCertStack logoMyCertStack

    AWS - DevOps Engineer Professional Study Guide

    1: SDLC Automation

    This chapter covers the design and operation of AWS-native continuous integration and continuous delivery pipelines, including source control strategy, test integration, build and deployment models, artifact management, and security scanning. It focuses on the configuration decisions a senior practitioner makes when wiring CodePipeline, CodeBuild, CodeDeploy, and the surrounding ecosystem into a production-grade software delivery lifecycle.

    Learning Objectives

    By the end of this chapter, you will be able to:

    • Implement CI/CD pipelines on AWS using CodePipeline, CodeBuild, CodeDeploy, and supporting services, with the correct test and deployment-model selection for the workload.
    • Choose between trunk-based, GitFlow, and feature-branch workflows and map each to AWS CodePipeline trigger configurations, environment promotion, and CodeDeploy rollback semantics on Amazon EC2.
    • Integrate unit, integration, load, and syntactic-analysis tests into a pipeline using AWS CodeBuild and AWS Lambda actions, with explicit gating, code-coverage policy, and container-target deployment via Amazon ECS, Amazon EKS, and AWS Fargate.
    • Select build and deployment strategies (in-place, blue/green, canary, rolling, immutable) for Amazon EC2, container, and serverless workloads, and pair them with artifact management for AMIs, container images, and ZIP packages.
    • Embed Amazon Inspector, Amazon CodeGuru Reviewer, and AWS Config rules into the pipeline, manage artifact repositories in AWS CodeArtifact, Amazon ECR, and Amazon S3, and configure alarm-based and automated rollback in AWS CodeDeploy.
    • Define a version control strategy with branching and tagging conventions for application code and infrastructure as code, and pair it with build artifacts (AMIs, containers, ZIP files) under a managed artifact lifecycle.
    • Decide when to run unit, integration, acceptance, and load tests across pipeline stages and select the optimal artifact storage strategy with lifecycle policies and cross-Region replication.
    • Apply the right deployment model and rollback automation for instance, container, and serverless workloads, including Lambda traffic shifting, ECS blue/green, and EKS rolling deployments.

    Executive Summary

    • AWS-native CI/CD is a small set of building blocks: CodePipeline orchestrates, CodeBuild compiles and tests, CodeDeploy ships to compute, and CodeArtifact / Amazon ECR / Amazon S3 store the artifacts. Every senior decision is about which block holds which responsibility and how failures bounce between them.
    • Deployment-model selection is constrained by the compute target: Lambda supports All-at-once, Canary, and Linear via alias traffic shifting; Amazon ECS supports rolling (native) and blue/green (CodeDeploy); Amazon EC2 supports in-place, blue/green, and immutable.
    • Rollback is a design property, not a runtime accident. Configure CloudWatch alarms attached to CodeDeploy deployment groups, automatic rollback on deployment failure, and treat deployment configurations as the contract for blast radius.
    • Artifact discipline (immutable identifiers, S3 lifecycle, ECR image scanning, CodeArtifact upstream repositories, KMS encryption) is what separates a pipeline that survives an incident from one that becomes the incident.

    Assumptions

    • The reader has Associate-tier familiarity with AWS Identity and Access Management, Amazon Virtual Private Cloud, Amazon EC2, AWS Lambda, and Amazon S3.
    • Terminology follows AWS documentation conventions: "CodePipeline" is AWS CodePipeline, "CodeBuild" is AWS CodeBuild, "CodeDeploy" is AWS CodeDeploy, "Amazon ECR" is Amazon Elastic Container Registry, and "Amazon ECS" is Amazon Elastic Container Service.
    • Region examples use us-east-1 for the primary Region and us-west-2 for the disaster-recovery Region, except where noted.
    • Pipelines described follow the AWS recommendation of distinct accounts for development, staging, and production with cross-account roles for deployment actions.

    Sections in this chapter

    1. Free
    2. Free with account
    3. Free with account
    4. Free with account
    5. Free with account
    6. Free with account
    7. Free with account
    8. Free with account
    9. Free with account