AWS CodePipeline is a fully managed continuous delivery service that can help you automate your release pipelines for fast and reliable application and infrastructure updates. It allows for both manual and automatic approvals, each having its unique advantages and suitable use cases which we will explore in this post in the context of preparing for the AWS Certified Developer – Associate (DVA-C02) exam.
AWS CodePipeline’s Manual Approval Actions
Manual approval actions pause a pipeline to allow human intervention before the pipeline continues. This process allows the pipeline to resume once the approving party gives their go-ahead.
For instance, you might need to manually approve the deployment to a production environment after a series of automated tests on a staging environment. Or perhaps a supervisor or stakeholder needs to sign-off before release to customers. A typical scenario could look like this:
Build/Test -> Manual Approval -> Deploy to Stage -> Manual Approval -> Deploy to Production
The advantages of manual approval actions include:
- Enhanced security and compliance: It offers stakeholders a chance to inspect changes before they’re live.
- Risk management: It presents an opportunity to conduct final checks and verifications.
- Improved Oversight: It enables tracking and visibility, knowing who approved what and when.
However, manual approvals also have some disadvantages such as:
- Slower release cycles due to waiting for manual intervention.
- Potential for human error or oversight.
- Inconsistency due to varying interpretation or understanding of approval criteria.
AWS CodePipeline’s Automated Approval Actions
In contrast, automated approval actions make decisions based on predefined criteria without requiring human intervention. This is typically achieved by implementing AWS Lambda functions that carry out checks and validate deployment actions before either approving or rejecting progress.
Imagine the lambda function checking whether all tests passed a specific threshold. If the threshold is reached, the pipeline progresses automatically; otherwise, the pipeline stops.
def approve_or_reject(build_info):
threshold = 95
if build_info[‘pass_rate’] >= threshold:
approve()
else:
reject()
The advantages of automated approvals include:
- Speed and efficiency: Automated checks are typically faster than manual checks.
- Consistency: The same criteria are applied each time.
- Reduced human error: As the checks are governed by predefined rules.
Nonetheless, there are a few potential downsides such as:
- Not all situations can be automated due to complex or subjective approval criteria.
- Errors can still occur if the predefined criteria or code are incorrect.
- There may be a lack of human oversight which could be risky in certain situations.
Comparing Manual and Automated Approvals
This table provides an at-a-glance comparison of the two types of CodePipeline approvals:
| Criteria | Manual Approvals | Automated Approvals |
|---|---|---|
| Speed | Slow | Fast |
| Consistency | Varying | High |
| Oversight | High | Lower |
| Error Potential | Higher | Lower |
Conclusion
Both manual approvals and automated approvals are useful tools in AWS CodePipeline, each with their advantages depending on the specific needs and conditions of your deployment. Being able to use and understand both ensures a more flexible and effective deployment process, which is key component in the AWS Certified Developer – Associate (DVA-C02) exam.
Practice Test
True/False: AWS CodePipeline allows you to automate the software release process and the approval process.
- True
- False
Answer: True
Explanation: AWS CodePipeline is a service that helps you automate your software release process. It can include manual and automated approvals.
Which of the following can approve action in AWS CodePipeline?
- A. IAM Users
- B. IAM Roles
- C. Both A and B
- D. Neither A nor B
Answer: C. Both A and B
Explanation: Either IAM users or roles can approve manual approval actions in AWS CodePipeline.
True/False: Manual approval in AWS CodePipeline requires human intervention.
- True
- False
Answer: True
Explanation: Manual approvals in AWS CodePipeline require a person to review and approve or reject a change before it progresses in a pipeline.
What does automated approvals in AWS CodePipeline typically involve?
- A. CloudFormation
- B. AWS Lambda functions
- C. EC2 Instances
- D. Both A and B
Answer: D. Both A and B
Explanation: Automated approvals in AWS CodePipeline often involve AWS Lambda functions or CloudFormation templates where these tools automatically evaluate and approve (or reject) changes in the pipeline.
True/False: Manual and automated approvals can be set up to send email notifications.
- True
- False
Answer: True
Explanation: Both manual and automated approvals in AWS CodePipeline can be set up with email notifications to alert approvers of necessary actions.
True/False: Manual approvals in AWS CodePipeline require that the pipeline execution be paused until the approval or rejection is done.
- True
- False
Answer: True
Explanation: Once a manual approval action starts, the pipeline execution pauses until review and approval is done.
What happens when an automated approval in AWS CodePipeline fails?
- A. The pipeline stops
- B. The pipeline continues to the next action
- C. The pipeline reverts the changes
- D. None of the above
Answer: A. The pipeline stops
Explanation: If an automated approval action fails, the pipeline stops at that action until you fix the issue.
True/False: Only IAM users who have sufficient permissions can review and approve manual approvals in AWS CodePipeline.
- True
- False
Answer: True
Explanation: Only IAM users and roles with the necessary permissions can review and approve manual approval actions in AWS CodePipeline.
AWS CodePipeline can be configured to use automated approvals from which of the following AWS services?
- A. Amazon SNS
- B. AWS Lambda
- C. AWS SES
- D. Both A and B
Answer: D. Both A and B
Explanation: AWS CodePipeline can use Amazon SNS for notifications and AWS Lambda for automated approval functions.
True/False: In AWS CodePipeline, you can add comments to your approval or rejection in both manual and automated approvals.
- True
- False
Answer: False
Explanation: You can add optional comments to your approval or rejection only in manual approvals.
What AWS service can notify you when a manual approval action is required?
- A. Amazon SES
- B. Amazon SNS
- C. Amazon EC2
- D. None of the above
Answer: B. Amazon SNS
Explanation: AWS CodePipeline uses Amazon Simple Notification Service (SNS) to notify users when a manual approval action is required in a pipeline.
True/False: AWS CodePipeline automated approvals use AWS CloudFormation templates to approve changes.
- True
- False
Answer: True
Explanation: AWS CodePipeline automated approvals can use AWS CloudFormation templates or AWS Lambda functions to automatically evaluate and approve changes.
Which of the following is required in AWS CodePipeline to manually approve an action?
- A. IAM Roles
- B. IAM Full Access policy
- C. AWS CodePipeline Approval permission
- D. AWS CLI
Answer: C. AWS CodePipeline Approval permission
Explanation: To manually approve a pipeline action, the user needs the AWSCodePipelineApproval permission.
True/False: AWS Lambda can be used to automate the approval process in AWS CodePipeline.
- True
- False
Answer: True
Explanation: AWS Lambda can be used to automate the approval process in AWS CodePipeline by writing a custom workflow and approval rule.
Which IAM role permissions are required for manual approvals in AWS CodePipeline?
- A. ReadOnlyAccess
- B. AWSCloudFormationFullAccess
- C. AWSCodePipelineApproverAccess
- D. None of the above
Answer: C. AWSCodePipelineApproverAccess
Explanation: An IAM user or role requires AWSCodePipelineApproverAccess permissions to approve or reject the manual approval action in AWS CodePipeline.
Interview Questions
What is AWS CodePipeline?
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.
What is the primary purpose of manual and automated approvals in AWS CodePipeline?
Manual and automated approvals in AWS CodePipeline enable the developers and admins to actively control if a code change should go into the next stage of the software delivery process.
Can you explain what a manual approval in AWS CodePipeline is?
A Manual approval in AWS CodePipeline is an action that halts the pipeline’s execution until a specified user takes explicit action. These approvals can allow code changes to be reviewed before being pushed to production.
How are notifications for manual approvals delivered?
Notifications for manual approvals in AWS CodePipeline can be delivered via Amazon SNS (Simple Notification Service) as an email message or a mobile push notification.
Where would you go to manually approve a release in AWS CodePipeline?
To manually approve a release in AWS CodePipeline, you would go to the AWS Management Console, select the CodePipeline service, and then select the pipeline that is pending approval. A review button would appear at the appropriate action in the pipeline’s diagram.
What automated systems can AWS CodePipeline integrate with for automated approval actions?
AWS CodePipeline can integrate with automated systems like AWS CodeBuild and third-party tools like Jenkins that can execute scripts for automatic testing and approve or reject a release based on test results.
Which AWS IAM permissions are needed for a user to manually approve an action?
The AWS IAM permission that a user needs to manually approve an action is “codepipeline:PutApprovalResult”.
How can AWS CodePipeline help to incorporate manual checks and balances in the development process?
AWS CodePipeline’s manual approval features allow teams to incorporate code review, quality assurance testing, and other checks and balances into their continuous integration and deployment processes.
What happens in AWS CodePipeline if the specified result for an action is ‘rejected’?
If the specified result for an action is ‘Rejected’, the pipeline status changes to ‘Failed’, and the pipeline doesn’t proceed to the next action or stage.
Can multiple manual approval actions be added to a single AWS CodePipeline stage?
Yes, multiple manual approval actions can be added to a single AWS CodePipeline stage.
How are manual approval results provided in AWS CodePipeline?
Approval or rejection results in AWS CodePipeline are provided through the console or the AWS CLI.
Can automated approval/rejection be conditional based on specific criteria in CodePipeline?
Yes, automated approvals can be made conditional based on specific criteria such as test results or performance metrics.
Can you skip a manual approval step in an AWS CodePipeline?
No, once a manual approval action is added to the AWS CodePipeline, it can’t be skipped.
What is the timeout period for manual approvals in AWS CodePipeline?
The timeout period for manual approvals in AWS CodePipeline is 7 days. If approval is not received within this time, the action fails.
In which cases would manual approvals be more advantageous than automated approvals in AWS CodePipeline?
Manual approvals can be more advantageous than automated approvals when the input of an experienced developer or tester is needed, or when detailed inspections or reviews in certain stages of the pipeline are required.
extutorials.com