Amazon Web Services DOP-C02 - AWS Certified DevOps Engineer - Professional

To implement a more reliable deployment solution, a DevOps engineer should take the following actions:

Create a pipeline in AWS CodePipeline that uses the CodeCommit repository as a source provider. Configure pipeline stages that run the CodeBuild project in parallel to build and test the application. In the pipeline, pass the CodeBuild project output artifact to an AWS CodeDeploy action. This action will improve the deployment reliability by automating the entire process from code commit to deployment, reducing human errors and inconsistencies. By running the build and test stages in parallel, the pipeline can also speed up the delivery time and provide faster feedback. By using CodeDeploy as the deployment action, the pipeline can leverage the features of CodeDeploy, such as traffic shifting, health checks, rollback, and deployment configuration123

Create an AWS CodeDeploy application and a deployment group to deploy the packaged code to the EC2 instances. Configure the ALB for the deployment group. This action will improve the deployment reliability by using CodeDeploy to orchestrate the deployment across multiple EC2 instances behind an ALB. CodeDeploy can perform blue/green deployments or in-place deployments with traffic shifting, which can minimize downtime and reduce risks. CodeDeploy can also monitor the health of the instances during and after the deployment, and automatically roll back if any issues are detected. By configuring the ALB for the deployment group, CodeDeploy can register and deregister instances from the load balancer as needed, ensuring that only healthy instances receive traffic45

The other options are not correct because they do not improve the deployment reliability or follow best practices. Creating separate pipeline stages that run a CodeBuild project to build and then test the application is not a good option because it will increase the pipeline execution time and delay the feedback loop. Creating individual Lambda functions that use CodeDeploy instead of Systems Manager to run build, test, and deploy actions is not a valid option because it will add unnecessary complexity and cost to the solution. Lambda functions are not designed for long-running tasks such as building or deploying applications. Creating an Amazon S3 bucket and modifying the CodeBuild project to store the packages in the S3 bucket instead of in CodeArtifact is not a necessary option because it will not affect the deployment reliability. CodeArtifact is a secure, scalable, and cost-effective package management service that can store and share software packages for application development67

1: What is AWS CodePipeline? - AWS CodePipeline

2: Create a pipeline in AWS CodePipeline - AWS CodePipeline

3: Deploy an application with AWS CodeDeploy - AWS CodePipeline

4: What is AWS CodeDeploy? - AWS CodeDeploy

5: Configure an Application Load Balancer for your blue/green deployments - AWS CodeDeploy

6: What is AWS Lambda? - AWS Lambda

7: What is AWS CodeArtifact? - AWS CodeArtifact

Comprehensive and Detailed Explanation From Exact Extract:

ALB natively supports WebSocket protocols and sticky sessions via target group session affinity. Deploying ALBs in multiple regions with cross-zone load balancing ensures high availability and fault tolerance.

Using Route 53 latency-based routing allows users worldwide to connect to the lowest latency region, minimizing delay.

NLBs do not support sticky sessions and WebSocket protocol as well as ALBs do. Combining ALBs and NLBs (Option D) increases complexity. CloudFront (Option C) does not natively support WebSocket sticky sessions.

Option A is the simplest, most effective solution meeting all requirements with least operational overhead.

Comprehensive and Detailed Explanation From Exact Extract:

To add an automated test in AWS CodePipeline that checks the HTTP response code of a deployed application, the most straightforward and operationally efficient method is to create an AWS Lambda function that makes an HTTP request to the application URL, checks the response code, and then reports success or failure back to CodePipeline.

The Lambda function can be invoked as an action in the pipeline stage.

If the response code is not 200 OK, the Lambda function can return a failure, causing the pipeline stage to fail and halt further execution.

Option A’s CloudWatch synthetic canary monitors are useful for ongoing monitoring but are not natively integrated as CodePipeline actions to control pipeline flow.

Option C incorrectly uses CodeDeploy action for testing, which is not designed for this purpose.

Option D introduces unnecessary complexity by deploying API Gateway and Device Farm, which is not required for a simple HTTP status check.Therefore, option B provides a clean, simple, and fully automated way to enforce HTTP response validation within the pipeline.

Reference from AWS Official Documentation:

AWS CodePipeline Custom Actions:"You can create Lambda invoke actions in your pipeline stages to run custom validation or testing functions."(AWS CodePipeline User Guide - Lambda Actions)

AWS Lambda Function for Health Checks:"Lambda functions can be used to perform health checks or API response validations and report results back to invoking services."(AWS Lambda Developer Guide)

https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-managed-instance-activation.html

To meet the new guideline for application deployment, the company can use a combination of AWS CodePipeline and AWS CloudTrail. A manual approval action in CodePipeline allows the security team to review and approve changes before they are deployed. This action can be configured to pause the pipeline until approval is granted, ensuring that no changes move to production without the necessary sign-off. Additionally, by creating an AWS CloudTrail trail, all actions taken within CodePipeline, including approvals, are recorded and delivered to an Amazon S3 bucket. This provides an audit trail that can be retained for compliance and review purposes.

AWS CodePipeline’s manual approval action provides a way to ensure that a member of the security team can review and approve changes before they are deployed1.

AWS CloudTrail integration with CodePipeline allows for the recording and retention of all pipeline actions, including approvals, which can be stored in Amazon S3 for record-keeping2.

Comprehensive and Detailed Explanation From Exact Extract:

The operating system (Amazon Linux) uses yum for package management. To use both the default and a custom repository, the simplest method is to add the custom repository configuration file under /etc/yum.repos.d/ using the yum-config-manager CLI, and enable it. This allows the system to access both repositories during patching automatically.

This approach requires minimal setup and effort and leverages the existing yum patching mechanisms.

Option A and D involve managing multiple patch baselines in Systems Manager Patch Manager, which does not natively support custom repositories — it relies on the underlying OS package manager.

Option B (Direct Connect) is not necessary unless network connectivity is an issue.

Thus, option C meets the requirement with the least effort.

Option A is incorrect because setting the deployment configuration to LambdaAllAtOnce means that the new version of the application will be deployed to all Lambda functions at once, affecting all customers. This does not meet the requirement of affecting the fewest customers possible. Moreover, configuring automatic rollbacks on the deployment group is not operationally efficient, as it requires manual intervention to fix the errors and redeploy the application.

Option B is correct because setting the deployment configuration to LambdaCanary10Percent10Minutes means that the new version of the application will be deployed to 10 percent of the Lambda functions first, and then to the remaining 90 percent after 10 minutes. This minimizes the impact of errors on customers, as only 10 percent of them will be affected by a faulty deployment. Configuring automatic rollbacks on the deployment group also meets the requirement of reverting to the most recent stable version of the application when an error is detected. Creating a CloudWatch alarm that detects HTTP Bad Gateway errors on API Gateway is a valid way to monitor the health of the application and trigger a rollback if needed.

Option C is incorrect because setting the deployment configuration to LambdaAllAtOnce means that the new version of the application will be deployed to all Lambda functions at once, affecting all customers. This does not meet the requirement of affecting the fewest customers possible. Moreover, configuring manual rollbacks on the deployment group is not operationally efficient, as it requires human intervention to stop the current deployment and start a new one. Creating an SNS topic to send notifications every time a deployment fails is not sufficient to detect errors in the application, as it does not monitor the API Gateway responses.

Option D is incorrect because configuring manual rollbacks on the deployment group is not operationally efficient, as it requires human intervention to stop the current deployment and start a new one. Creating a metric filter on a CloudWatch log group for API Gateway to monitor HTTP Bad Gateway errors is a valid way to monitor the health of the application, but invoking a new Lambda function to perform a rollback is unnecessary and complex, as CodeDeploy already provides automatic rollback functionality.

Comprehensive and Detailed Explanation From Exact Extract of DevOps Engineer documents only:

Use cross-account EventBridge by configuring a rule in the source (automation) account to send events to the target accounts’ default event buses, and grant permissions on the target default event buses to accept events from the source account. This is the standard cross-account event routing model.

The latency in processing and ingesting logs can be caused by several factors, such as the throughput of the Kinesis data stream, the concurrency of the Lambda function, and the configuration of the event source mapping. To reduce the latency, the following steps can be taken:

Create a data stream consumer with enhanced fan-out. Set the Lambda function that processes the logs as the consumer. This will allow the Lambda function to receive records from the data stream with dedicated throughput of up to 2 MB per second per shard, independent of other consumers1. This will reduce the contention and delay in accessing the data stream.

Increase the ParallelizationFactor setting in the Lambda event source mapping. This will allow the Lambda service to invoke more instances of the function concurrently to process the records from the data stream2. This will increase the processing capacity and reduce the backlog of records in the data stream.

Configure reserved concurrency for the Lambda function that processes the logs. This will ensure that the function has enough concurrency available to handle the increased load from the data stream3. This will prevent the function from being throttled by the account-level concurrency limit.

The other options are not effective or may have negative impacts on the latency. Option D is not suitable because increasing the batch size in the Kinesis data stream will increase the amount of data that the Lambda function has to process in each invocation, which may increase the execution time and latency4. Option E is not advisable because turning off the ReportBatchItemFailures setting in the Lambda event source mapping will prevent the Lambda service from retrying the failed records, which may result in data loss. Option F is not necessary because increasing the number of shards in the Kinesis data stream will increase the throughput of the data stream, but it will not affect the processing speed of the Lambda function, which is the bottleneck in this scenario.

1: Using AWS Lambda with Amazon Kinesis Data Streams - AWS Lambda

2: AWS Lambda event source mappings - AWS Lambda

3: Managing concurrency for a Lambda function - AWS Lambda

4: AWS Lambda function scaling - AWS Lambda

AWS Lambda event source mappings - AWS Lambda

Scaling Amazon Kinesis Data Streams with AWS CloudFormation - Amazon Kinesis Data Streams