AWS Developer Tools Overview

• Suite of services to host, build, test, and deploy applications quickly and effectively.
• Includes SDKs, code editors, and CI/CD services for DevOps.

AWS CodeArtifact

• Definition: Fully managed artifact repository service.
• Purpose: Securely store, publish, and share software packages.
• Key Features:
  • Automatically fetches packages/dependencies from public repositories.
  • Works with common package managers/build tools (Maven, Gradle, npm, yarn, pip, NuGet).
  • Integrates into existing development workflows.

AWS CodeCommit

• Definition: Fully managed source control service for secure Git-based repositories.
• Key Features:
  • Centralized repository for code, binaries, images, libraries.
  • Tracks/manages code changes, maintains version history.
  • Enables collaboration (commit, branch, merge).
  • Private repositories, scales seamlessly.
  • Integrates with Jenkins, CodeBuild, other CI tools.
• Encryption:
  • In Transit: HTTPS or SSH.
  • At Rest: Automatically encrypted via AWS KMS (customer-specific keys).
• Authentication & Access Control:
  • Uses AWS IAM to control access.
  • Credentials: Git credentials (IAM-generated username/password over HTTPS), SSH keys (locally generated public-private pair), AWS access keys (with AWS CLI credential helper over HTTPS).
  • Authorization: IAM identity-based policies only (no resource-based policies).
  • Tags: Can use resource tags in IAM policies for access control (e.g., codecommit:ResourceTag/key-name).
• Notifications:
  • Triggered by AWS SNS, AWS Lambda, or AWS CloudWatch Event rules.
  • Use cases: Branch deletion, master branch pushes, external build system notification, codebase analysis (Lambda).
  • CloudWatch Event Rules: For pull request updates, commit comments (go to SNS Topic).

AWS CodeBuild

• Definition: Fully managed continuous integration (CI) service.
• Purpose: Compiles source code, runs tests, produces deployable software packages.
• Key Features:
  • No need to provision, manage, or scale build servers.
  • Scales continuously, processes multiple builds concurrently (no queueing).
  • Pay based on build time.
  • Preconfigured build environments (OS, runtime, tools like Maven, Gradle, npm).
  • Extend capabilities with custom Docker images (from Docker Hub or ECR).
  • Integrates with KMS (artifact encryption), IAM (permissions), VPC (network security), CloudTrail (API logging).
  • Source from GitHub, CodeCommit, CodePipeline, S3.
  • Output logs to S3 & CloudWatch Logs.
  • CloudWatch alarms for failed builds (trigger SNS).
• CodeBuild Concepts:
  • Build Project: Defines source, build environment, commands, output storage.
  • Build Environment: OS, language runtime, tools.
  • Build Specification (buildspec.yml): YAML file defining commands/settings for build.
    • Location: Must be at the root of your source code (Exam Tip!). Can override default name/location.
    • Phases:
      • install: Install dependencies.
      • pre_build: Final commands before build.
      • build: Actual build commands.
      • post_build: Finishing touches (e.g., zip output).
    • Artifacts: Output files uploaded to S3 (encrypted with KMS).
    • Cache: Files (dependencies) cached to S3 for future builds.
    • Environment Variables: Plaintext or secure secrets from SSM Parameter Store.
• CodeBuild Local Build: For deep troubleshooting, can run CodeBuild locally using Docker and the CodeBuild agent.

AWS CodeDeploy

• Definition: Deployment service that automates application deployments.
• Targets: Amazon EC2 instances, on-premises instances, serverless Lambda functions, Amazon ECS services.
• Content: Nearly unlimited (web/config files, executables, packages, scripts, multimedia).
• Source: S3 buckets, GitHub, Bitbucket repositories.
• No changes needed to existing code.
• Fully managed service, flexible deployment definitions.
• Integrates with CI/CD tools (Jenkins, GitHub, CodePipeline) and config management (Ansible, Puppet, Chef).

• CodeDeploy Application: Contains info about what/how to deploy.
  • Choose compute platform: EC2/On-premises, AWS Lambda, Amazon ECS.
• Deployment Group: Belongs to an application, specifies:
  • Deployment configuration (rules, success/failure conditions).
  • Notifications config.
  • CloudWatch alarms for monitoring.
  • Deployment rollback config.
• Deployment Types:
  • In-place Deployment:
    • Application on each instance is stopped, new revision installed, started, validated.
    • Can use load balancer for deregistration/restoration.
    • ONLY for EC2/On-premises compute platform. (Exam Tip!)
    • NOT for AWS Lambda or Amazon ECS deployments. (Exam Tip!)
  • Blue/Green Deployment:
    • New application version provisioned alongside old, then traffic rerouted. Minimizes interruptions.
    • EC2/On-Premises: Original instances replaced by new set. Works with EC2 instances only (not on-premises for B/G).
    • AWS Lambda: Traffic shifted from current Lambda version to new. All Lambda deployments are Blue/Green.
    • Amazon ECS: Traffic shifted from original task set to replacement task set. All ECS deployments are Blue/Green.
    • Traffic Shifting (for Lambda/ECS):
      • Canary: Traffic shifted in two increments (e.g., 10% then 90%).
      • Linear: Traffic shifted in equal increments over time.
      • All-at-once: All traffic shifted immediately.
• Deployment on Amazon EC2:
  • EC2 instances identified by tags or Auto Scaling Group name.
  • Each EC2 instance needs correct IAM instance profile and CodeDeploy agent installed/running.
  • Agent polls for work, pulls app code (GitHub/S3), runs deployment instructions from AppSpec file.
  • CodeDeploy reports success/failure.
  • Note: CodeDeploy deploys applications, it does not provision EC2 instances.
• AppSpec File (appspec.yml or appspec.yaml):
  • YAML/JSON formatted file used by CodeDeploy to manage deployments.
  • Defines deployment actions.
  • Name: appspec.yml for EC2/On-Premises; appspec.yaml or appspec.yml for ECS/Lambda.
  • Sections:
    • files: Specifies source/destination for copying files.
    • hooks: Set of instructions/scripts to run at different phases of deployment (e.g., BeforeInstall, AfterInstall, ApplicationStart, ApplicationStop). Hooks have timeouts.
  • ECS AppSpec: Specifies TaskDefinition ARN, LoadBalancerInfo (ContainerName, ContainerPort). Hooks are different.
  • Lambda AppSpec: Specifies Lambda function Name, Alias, CurrentVersion, TargetVersion. Hooks are different (e.g., BeforeAllowTraffic, AfterAllowTraffic).
• Revision: Archive file (AppSpec + application content) uploaded to S3/GitHub, representing a new version to deploy.

AWS CodePipeline

• Definition: Fully managed continuous delivery service.
• Purpose: Automates release pipelines for fast, reliable application/infrastructure updates.
• Automates build, test, deploy phases on code change.
• Integrates with AWS services (S3, CodeCommit, CodeBuild, CodeDeploy, CloudFormation, ECS, Elastic Beanstalk) and third-party services (GitHub, Bitbucket, Jenkins).
• Pay-as-you-go.
• Key Concepts:
  • Pipelines: Workflow describing software release process.
  • Artifacts: Files/changes worked on by actions/stages, passed via S3.
  • Stages: Pipeline broken into phases (e.g., Source, Build, Test, Deploy). Can have sequential or parallel actions. Manual approval can be defined at any stage.
  • Actions: Within stages, perform operations on artifacts (input, output, or both).
  • Transitions: Progressing from one stage to another.
• Notifications: State changes happen in CloudWatch Events, can create SNS notifications (e.g., for failed pipelines).
• Auditing: Audit API calls with AWS CloudTrail.
• Troubleshooting: Check IAM service role permissions if actions fail.

AWS CodeStar

• Definition: Enables quick development, build, and deployment of applications on AWS with a unified user interface.
• Key Features:
  • Sets up entire continuous delivery toolchain in minutes.
  • Unified UI for managing software development activities.
  • Secure team collaboration with built-in role-based policies (Owner, Contributor, Viewer).
  • Project management dashboard with integrated issue tracking (Atlassian Jira Software).
  • Project templates for various apps/languages (Java, JavaScript, PHP, Ruby, Python).
  • Supports multiple IDEs (AWS Cloud9, VS, Eclipse).
  • Integrates with CodeCommit, CodeBuild, CodeDeploy, CodePipeline, CloudWatch.
• Pricing: No additional charge for CodeStar itself; pay for underlying AWS resources used.
• Exam Tip: If a scenario requires a unified development toolchain, collaboration between team members, synchronization, and centralized management of the CI/CD pipeline, think CodeStar.

AWS Cloud9

• Definition: Cloud-based Integrated Development Environment (IDE).
• Key Features:
  • Write, run, debug code with just a browser (code editor, debugger, terminal).
  • Prepackaged with tools for popular languages (JavaScript, Python, PHP, etc.).
  • Cloud-based: Work from anywhere with internet.
  • Seamless serverless application development (define resources, debug, local/remote execution).
  • Real-time collaboration: Share environment, pair program, chat.
  • Direct terminal access to AWS (preauthenticated AWS CLI, sudo privileges).
  • Flexibility to run env on managed EC2 instance or existing Linux server (SSH).
  • Supports over 40 programming languages.
  • Maintain multiple development environments for project isolation.

Amazon CodeGuru

• Definition: Provides intelligent recommendations to improve code quality and identify expensive code lines.
• Components:
  • CodeGuru Reviewer: Automates code reviews.
    • Identifies quality issues, ensures best practices (AWS APIs, Java/Python).
    • Security Detection: Checks for OWASP Top 10, AWS API/security best practices, Java/Python crypto library best practices, secure web apps, sensitive info leaks, input validation.
    • Secrets Detection: Detects hardcoded secrets (API keys, passwords, SSH keys, access tokens, DB connection strings).
  • CodeGuru Profiler: Continuously monitors application performance in production.
    • Provides recommendations to improve performance and reduce cost.

AWS X-Ray

• Definition: Helps developers analyze and debug production, distributed applications (microservices).
• Purpose: Understand application/service performance, identify/troubleshoot root causes of issues.
• Provides end-to-end view of requests and a service map of components.
• Supports applications in development and production (simple 3-tier to complex microservices).
• Supported Platforms: EC2, ECS, Lambda, Elastic Beanstalk, EKS, Fargate.
• X-Ray Daemon:
  • Required for Linux systems (EC2, on-premises).
  • Managed by Lambda/Elastic Beanstalk integration.
  • Docker image for ECS/EKS/Fargate.
  • Forwards data to X-Ray API.
• X-Ray SDK:
  • Installed in your application.
  • Provides interceptors (HTTP requests), client handlers (AWS SDK calls), HTTP client (external web services).
  • Requires code instrumentation.
  • Supported languages: Node.js, Java, .NET.
• Cross-Account Tracing: Daemon config allows sending traces to a central account (requires IAM permissions).
• Key Terminology:
  • Trace: Set of data points sharing same trace ID.
  • Segments: Encapsulates data for a single component. Includes system/user-defined data (annotations).
  • Subsegments: More granular timing/details about downstream calls (AWS services, external HTTP APIs, SQL DBs, custom code). Can infer segments for non-tracing services.
  • Annotations: System or user-defined key/value pairs associated with a segment. Indexed for search/filtering. (Exam Tip!)
  • Metadata: Key/value pairs, not indexed and not used for searching. (Exam Tip!)
  • Sampling: Collects data for a statistically significant number of requests (not all). Not for audit/compliance (does not guarantee data completeness).

AWS Fault Injection Simulator (FIS)

• Definition: Fully managed service for running fault injection experiments.
• Purpose: Improve application performance, observability, and resiliency.
• Used in chaos engineering (stressing application by creating disruptive events).
• Helps uncover hidden bugs, monitoring blind spots, performance bottlenecks in distributed systems.

Overall Exam Highlights

• Managed Services: Most Code services (CodeCommit, CodeBuild, CodeDeploy, CodePipeline) are fully managed, reducing operational overhead.
• Integration: Understand how these services integrate with each other to form a complete CI/CD pipeline.
• Local Development: SAM CLI and Cloud9 are key for local testing and debugging serverless applications.
• Deployment Strategies: Differentiate between CodeDeploy's In-place and Blue/Green deployments, and their applicability to different compute platforms (EC2, Lambda, ECS). Know the traffic shifting options for Blue/Green.
• Artifacts: Understand how artifacts are passed between stages in CodePipeline (via S3).
• Configuration Files: Be familiar with buildspec.yml (CodeBuild) and appspec.yml/appspec.yaml (CodeDeploy) and their key sections/phases.
• Monitoring & Debugging: X-Ray for distributed tracing (know its components and terminology, especially Annotations vs. Metadata). CloudWatch for logs and metrics.
• Security: IAM roles for granting permissions to instances/services (more secure than hardcoded credentials). CodeGuru for code security and secrets detection.
• Cost: Generally pay-as-you-go; CodeStar itself has no additional charge.
• Key Differentiators: Be able to distinguish between similar services (e.g., CodeStar vs. CodePipeline, SAM vs. Serverless Framework).