Ci/Cd Pipeline Architecture — AWS Developer (DVA-C02)
CodeBuild, CodeDeploy, CodePipeline: Distinct Responsibilities
Build, traffic shift, and orchestration are three concerns, and collapsing them into a single tool removes the alarm-driven rollback behavior that makes canary deployments safe. CodeBuild compiles and runs tests, producing build artifacts for downstream stages. CodeDeploy takes those artifacts and manages traffic-shifting deployment strategies: canary, linear, or all-at-once. When a CloudWatch alarm breaches during a canary deployment, CodeDeploy reroutes all traffic back to the previous version and halts the rollout automatically. CodePipeline connects the stages in order and passes artifacts between them. CodeArtifact stores and serves versioned packages that build stages pull during compilation, keeping external dependency fetching consistent across builds.
What This Pattern Tests
The exam presents deployment scenarios and tests strategy selection. CodeDeploy to EC2/ECS supports in-place (rolling), blue/green (two environments, instant cutover/rollback), and canary (shift 10% of traffic, wait, shift remaining). CodePipeline orchestrates the build-test-deploy chain with approval gates. The trap is choosing blue/green for a cost-sensitive deployment (doubles infrastructure) or rolling for a zero-downtime requirement on a single-instance deployment (rolling needs multiple instances). CloudFormation stack updates with change sets vs. SAM deploy for serverless vs. CDK for infrastructure-as-code add another decision layer.
Decision Axis
Risk tolerance (instant rollback vs. gradual validation) and cost constraints (double infrastructure vs. in-place) determine deployment strategy.
Associated Traps
More Top Traps on This Exam
Decision Rules
Whether the cfn-changeset-review-gate-before-execute constraint is best satisfied by CodePipeline's native manual approval action placed between a CHANGE_SET_REPLACE action and an EXECUTE_CHANGE_SET action, or by a custom Lambda orchestrator that inspects changeset JSON and routes approval requests by resource type before allowing pipeline continuation.
Only a CodeBuild test action whose buildspec propagates a non-zero exit code on failure satisfies the automated-gate-before-deploy-stage constraint; a Manual Approval action blocks the pipeline but requires human input and cannot evaluate test results, failing the automated-testing requirement.
Whether appspec.yml is placed at the root of the deployment bundle ZIP versus nested one directory level deep — only root placement satisfies CodeDeploy's artifact contract; all other positions are silently ignored at deploy time.
Whether to implement the CloudFormation changeset review gate using the native CodePipeline Manual Approval action between a CREATE_CHANGE_SET stage and an EXECUTE_CHANGE_SET stage, or to build a custom Lambda function that invokes the CloudFormation API, publishes changeset details, and waits for an external signal to resume the pipeline.
Domain Coverage
Difficulty Breakdown