Answers are from chatgpt please verify before refering

Q 1. Explain different deployment strategies available for virtual machine

in AWS.

DEPLOYMENT STRATEGIES FOR EC2 (VIRTUAL MACHINES)

In-place deployment:-
• In-place Deployment is a deployment strategy where the application on each compute
resource (or instance) is stopped, the latest version is installed, and then the updated
application is started and validated.
• This approach involves minimal disruption to the underlying infrastructure since new
resources are not created; instead, updates happen directly on the existing resources.
• Only deployments that use the EC2/On-Premises compute platform can use in-place
deployments.

Advantages :
1. Application deployments with minimal disturbance to underlying infrastructure.
2. Application deployment without creating new infrastructure
3. Minimizes infrastructure costs and management overhead associated with creating new
resources
Disadvantage :
1. The availability of your application can be affected during these deployments
2. There may be a temporary period when the application is unavailable. This is because
instances are taken offline during the deployment and only brought back online once the
deployment is complete.

Blue/green deployments:-

• A blue/green deployment is a deployment strategy in which you create two separate, but
identical environments.
• One environment (blue) is running the current application version and one environment
(green) is running the new application version.
• Using a blue/green deployment strategy increases application availability and reduces
deployment risk by simplifying the rollback process if a deployment fails.
• Once testing has been completed on the green environment, live application traffic is
directed to the green environment and the blue environment is deprecated.
• A number of AWS deployment services support blue/green deployment strategies
including Elastic Beanstalk, OpsWorks, CloudFormation, CodeDeploy, and Amazon ECS

Advantages :
1. Minimize downtime during application updates, mitigating risks surrounding downtime
and rollback functionality.
2. Enables to launch a new version (green) of your application alongside the old version
(blue), and monitor and test the new version before you reroute traffic to it, rolling back
on issue detection.

Disadvantages:
1. Requires double infrastructure temporarily, leading to increased costs.
2. Maintaining and synchronizing two identical environments can be challenging.
3. Difficult to keep data consistent across both environments in real-time.

Q 2. Explain role of AppSpec File in Code Deploy.

The AppSpec file is a critical component in AWS CodeDeploy, serving as a configuration file
to manage deployments. It provides instructions for how the deployment should proceed on
each instance. The AppSpec file can be formatted in YAML or JSON and plays an essential
role in defining the deployment process.

Key Functions and Components of the AppSpec File

1. Mapping Source Files: The AppSpec file maps the source files from your application
revision to their destination paths on the target instances. This mapping ensures that each
file is placed correctly during deployment, allowing the application to function as
intended.
2. Defining Lifecycle Hooks: It specifies scripts to be run during different stages of the
deployment lifecycle, such as BeforeInstall, AfterInstall, and ApplicationStart. These
scripts can perform setup, cleanup, or validation tasks, enabling you to control each step
of the deployment process.
3. Naming and Placement: The file must be named appspec.yml and must be located in the
root folder of your application source code. This naming convention is necessary for
CodeDeploy to recognize and utilize the file during deployment.
4. Validation of the AppSpec File: AWS provides an AppSpec Assistant script to validate
the contents of the AppSpec file. This tool helps ensure that the configuration is correct,
preventing deployment errors caused by syntax or structural issues in the file.
5. Syntax Checking Tools: You can use online tools such as YAML Lint or Online YAML
Parser to verify your YAML syntax. This is especially useful to catch syntax errors, such
as improper indentation, that could disrupt the deployment.

Example:-
AppSpec file structure for Amazon ECS deployments

Amazon ECS Deployments

• version: Specifies the AppSpec file version, with "0.0" as the allowed value.
• resources: Contains information about the Amazon ECS application to deploy.
• hooks: Defines Lambda functions to execute at specific deployment lifecycle events.
The AppSpec file in CodeDeploy acts as a deployment blueprint, detailing where files should
be placed, what scripts should run, and how the application should be deployed. Proper setup
and validation of this file are essential for smooth, reliable deployments, as it directly impacts
file placement and deployment stages.

Q 3. Explain different deployment strategies available for serverless

compute environment in AWS.

When deploying updates to serverless applications in AWS, particularly with AWS Lambda,
several deployment strategies are available to manage how traffic shifts from the current
version to the updated one. These strategies are designed to minimize disruption, allow
testing of new versions, and control the risk associated with new deployments. Here’s an
overview of the main strategies:
1. Blue/Green Deployment on AWS Lambda
• In a blue/green deployment, two environments are created: the "blue" environment
with the current version and the "green" environment with the updated version. Traffic
is then shifted from the blue to the green environment in increments based on the
deployment configuration.
• Traffic shifting options include canary, linear, or all-at-once, which control how
traffic moves to the updated Lambda function.
2. Canary Deployment
• Traffic is shifted in two increments.
• During the first increment, a specified percentage of traffic is shifted to the updated
Lambda function, allowing you to test the new version with a smaller load.
• After a defined interval (in minutes), the remaining traffic is then shifted to the
updated version.
• This strategy allows a quick rollback if issues arise, as only a small portion of traffic
is initially exposed to the new version.
3. Linear Deployment
• In a linear deployment, traffic is shifted gradually in equal increments over time.
• Each increment moves a specific percentage of traffic to the new version, with a set
time interval between increments.
• For example, if you choose a 10% increment every 5 minutes, then 10% of traffic
moves to the new version every 5 minutes until it reaches 100%.
• This approach reduces the risk associated with deployment by slowly exposing users
to the new version.
4. All-at-Once Deployment
• In an all-at-once deployment, 100% of traffic is shifted from the old version to the
updated Lambda function in one go.
• This is the fastest deployment option but also carries the highest risk, as any issues
with the new version affect all users immediately.
• This strategy is often used for small changes with minimal impact or when quick
deployment is necessary.
Each deployment strategy provides a balance between risk and deployment speed. Choosing
the appropriate strategy depends on factors like the criticality of the application, testing
requirements, and acceptable downtime.

Q 4. Explain general troubleshooting checklist while deploying an

application using Code Deploy.

Q 5. Explain few deployment issues faced during deployment on EC2/on-

premises compute environment.

Deploying applications on EC2 or on-premises environments often involves a range of

challenges and troubleshooting needs. Below are some of the common issues faced during
deployment and their troubleshooting methods:

CodeDeploy plugin CommandPoller missing credentials error :

IAM instance profile is incorrectly associated
The instance you are deploying to does not have an IAM instance profile associated with it.
Your IAM instance profile does not have the correct permissions configured.

Deployment fails with the message “Validation of PKCS7 signed message failed” :
This error message indicates the instance is running a version of the CodeDeploy agent that
supports only the SHA-1 hash algorithm.

Deployment or redeployment of the same files to the same instance locations fail with
the error "The deployment failed because a specified file already exists at this location"
When CodeDeploy tries to deploy a file to an instance but a file with the same name already
exists in the specified target location, the deployment to that instance may fail.
You may receive the error message "The deployment failed because a specified file already
exists at this location: location-name

Long file paths cause "No such file or directory" errors :

For deployments to Windows instances, if you have a file path greater than 260 characters in
the files section of your appspec.yml file, you may see deployments fail with an error similar
to the following:
No such file or directory @ dir_s_mkdir - C:\your-long-file-path

Long-running processes can cause deployments to fail

A deployment script that starts a long-running process, CodeDeploy might spend a long time
waiting in the deployment lifecycle event and then fail the deployment

Troubleshooting a failed AllowTraffic lifecycle event with no error reported in the

deployment logs:
This failure is typically due to incorrectly configured health checks in Elastic Load Balancing
for the Classic Load Balancer, Application Load Balancer, or Network Load Balancer used to
manage traffic for the deployment group.
Troubleshooting a failed DownloadBundle deployment lifecycle event with
UnknownError: not opened for reading:
During a deployment, the CodeDeploy agent runs the scripts specified for ApplicationStop,
BeforeBlockTraffic, and AfterBlockTraffic in the AppSpec file from the previous successful
deployment. (All other scripts are run from the AppSpec file in the current deployment.)
If one of these scripts contains an error and does not run successfully, the deployment can
fail.

Troubleshooting a failed DownloadBundle deployment lifecycle event with

UnknownError: not opened for reading:
This error may occur when deploying from Amazon S3 due to (a) internal Amazon S3 service
issues, (b) incorrect permissions in the IAM instance profile, or (c) a region mismatch
between the EC2 instance and the S3 bucket.

Troubleshooting all lifecycle events skipped errors

If all lifecycle events in an EC2 or on-premises deployment are skipped and you see an error
like “The overall deployment failed because too many individual instances failed deployment,
too few healthy instances are available for deployment, or some instances in your deployment
group are experiencing problems” (Error code: HEALTH_CONSTRAINTS), consider these
causes:
1. appspec.yml File: Ensure it's present and configured correctly.
2. Instance Health: Confirm instances are healthy and meet deployment criteria.
3. IAM Permissions: Verify the instance’s IAM role has CodeDeploy permissions.
4. Application Revision: Ensure the revision is accessible and configured correctly.

Windows PowerShell scripts fail to use the 64-bit version of Windows PowerShell by
default
By default, CodeDeploy uses the 32-bit version of Windows PowerShell for deployment
scripts. If a script requires 64-bit functionality (e.g., for higher memory usage or 64-bit
libraries), it may fail or crash.

Q 6. Explain few deployment issues faced during deployment on ECS

compute environment.

A timeout occurs while waiting for replacement task set

This error might occur if there is a mistake in your task definition file or other
deployment-related files. For example, if there is a typo in the image field in your task
definition file, Amazon ECS will try to pull the wrong container image and continuously
fail, causing this error.

A timeout occurs while waiting for a notification to continue

This error might occur if you specified a wait time in the Specify when to reroute
traffic field when you created your deployment group, but the deployment couldn't finish
before the wait time expired.

The IAM role does not have enough permissions

This error might occur if you specified a Lambda function in the AppSpec file's Hooks
section, but you did not give CodeDeploy permission to the Lambda service.

The deployment timed out while waiting for a status callback

This error might occur if you specified a Lambda function in the AppSpec file's Hooks
section, but Lambda function could not call the
necessary PutLifecycleEventHookExecutionStatus API to return
a Succeeded or Failed status to CodeDeploy.

The deployment failed because one or more of the lifecycle event validation
functions failed
This error might occur if you specified a Lambda function in the AppSpec file's Hooks
section, but the Lambda function returned Failed to CodeDeploy when it
called PutLifecycleEventHookExecutionStatus. This failure indicates to CodeDeploy that
the lifecycle validation test failed.

The ELB could not be updated due to the following error: Primary taskset target
group must be behind listener
This error might occur if you have configured an optional test listener, and it is
configured with wrong target group

My deployment sometimes fails when using Auto Scaling

This problem might occur if CodeDeploy and Auto Scaling processes conflict.

Only ALB supports gradual traffic routing, use AllAtOnce Traffic routing instead
when you create/update Deployment group
This error might occur if you're using a Network Load Balancer and tried to use a
predefined deployment configuration other than CodeDeployDefault.ECSAllAtOnce.

Even though my deployment succeeded, the replacement task set fails the Elastic
Load Balancing health checks, and my application is down
Even though CodeDeploy indicates that my deployment succeeded, the replacement task
set fails the health checks from Elastic Load Balancing, and my application is down.

Can I attach multiple load balancers to a deployment group?

No. If you want to use multiple Application Load Balancers or Network Load Balancers,
use Amazon ECS rolling updates instead of CodeDeploy blue/green deployments.

Can I perform CodeDeploy blue/green deployments without a load balancer?

No, you cannot perform CodeDeploy blue/green deployments without a load balancer. If
you are unable to use a load balancer, use Amazon ECS's rolling updates feature instead.
 How can I update my Amazon ECS service with new information during a
deployment?
To have CodeDeploy update your Amazon ECS service with a new parameter while it
conducts a deployment, specify the parameter in the resources section of the AppSpec file

Q 7. How can DevOps pipeline be automated in AWS environment?

AWS CodePipeline, is a continuous delivery service that automates the building, testing,
and deployment of your software into production.
CodePipeline automates the steps required to release your software changes continuously.
• Continuous delivery : Every software change is automatically built, tested, and
deployed to production. Before the final push to production, a person, an automated test,
or a business rule decides when the final push should occur. Although every successful
software change can be immediately released to production with continuous delivery, not
all changes need to be released right away.
• Continuous integration : Members of a team use a version control system and
frequently integrate their work to the same location, such as a main branch. Each change
is built and verified to detect integration errors as quickly as possible

Types of pipeline :
• V1 type pipelines have a JSON structure that contains standard pipeline, stage, and action-
level parameters.
• V2 type pipelines have the same structure as a V1 type, along with additional parameters for
release safety and trigger configuration

CodePipeline can deploy applications to EC2 instances by using CodeDeploy, AWS Elastic
Beanstalk, or AWS OpsWorks Stacks. CodePipeline can also deploy container-based
applications to services by using Amazon ECS. Developers can also use the integration points
provided with CodePipeline to plug in other tools or services, including build services, test
providers, or other deployment targets or systems
Q 8. Explain IaC service provided by AWS. OR Explain Cloud Formation
service.

Infrastructure as Code (IaC) is a method of managing and provisioning IT infrastructure

using code, rather than manual configuration. It allows teams to automate the setup and
management of their infrastructure, making it more efficient and consistent. This is
particularly useful in the DevOps environment, where teams are constantly updating and
deploying software.
Features of IaC
• Automation: IAC automates the provisioning and configuration of infrastructure,
reducing manual errors and saving time.
• Repeatability: IAC scripts can be used repeatedly, making it easy to recreate the
same infrastructure in multiple environments.
• Version Control: IAC code is stored in version control systems like Git, which makes
it easy to track changes, revert to previous versions, and collaborate with others.
• Scalability: IAC makes it easy to scale infrastructure up or down, adding or removing
resources as needed.
• Transparency: IAC makes the infrastructure transparent and understandable, as the
code defines the infrastructure components and their relationships.
• Improved Security: IAC helps ensure that infrastructure is configured consistently
and securely, reducing the risk of security vulnerabilities.
Applications of IaC
Infrastructure as Code has a wide range of applications across different domains, including
1. Cloud computing: IAC is widely used in cloud computing, where it can be used to
provision and configure cloud resources, such as virtual machines, storage, and
databases.
2. DevOps: IAC is a key component of DevOps, where it is used to automate the
deployment and management of infrastructure and applications.
3. Continuous integration and delivery (CI/CD): IAC is used in CI/CD pipelines to
automate the deployment and configuration of infrastructure and applications.
4. Networking: IAC can be used to automate the deployment and management of
networks, including creating and managing subnets, security groups, and firewalls.
5. Web application deployment: IAC can be used to automate the deployment and
management of web applications, including specifying the web server, application
server, and load balancer.
6. Database deployment: IAC can be used to automate the deployment and
management of databases, including specifying the database engine, creating tables,
and configuring users.
7. Big data: IAC can be used to automate the deployment and management of big data
infrastructure, including setting up clusters and configuring data processing
frameworks such as Apache Hadoop or Apache Spark.
AWS services for treating infrastructure as code (IaC):
1. AWS CloudFormation: Automates infrastructure setup by defining resources in
templates, ensuring consistent environments across deployments.
2. AWS Serverless Application Model (SAM): Simplifies IaC for serverless
applications, providing shorthand syntax for AWS Lambda, API Gateway,
DynamoDB, and more.
3. AWS Cloud Development Kit (CDK): Lets you define infrastructure using familiar
programming languages, making IaC accessible to developers.
4. AWS CDK for Kubernetes: Integrates Kubernetes with IaC, enabling Kubernetes
resources to be defined using AWS CDK.
5. AWS CDK for Terraform: Extends IaC for multi-cloud setups by allowing
Terraform configurations within AWS CDK.
6. AWS Cloud Control API: Provides programmatic access to AWS resources, allowing
custom IaC solutions with various AWS services.
These tools enable reliable, repeatable, and version-controlled infrastructure management in
DevOps.

Explain Cloud Formation service

AWS CloudFormation is a service that helps you model and set up your AWS resources so
that you can spend less time managing those resources and more time focusing on your
applications that run in AWS. You create a template that describes all the AWS resources that
you want (like Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation
takes care of provisioning and configuring those resources for you. You don't need to
individually create and configure AWS resources and figure out what's dependent on what;
CloudFormation handles that.

Use Cases Of AWS Cloudformation

1. Infrastructure Provisioning: AWS Cloudformation is used to provision the
infrastructure which means as an infrastructure as a code and it can be performed
multiple times to get exact replicas across all the environments.
2. AutoScaling Environments: The infrastructure provisioned using AWS
Cloudformation will always get provisioned with scaling environments which will
help you scale up and scale down depending on the incoming load.
3. Integration With Services: Y ou can integrate the AWS Cloudformation with
different services like code pipeline, Jenkins CI/CD pipeline and so on which will
help to automate the deployment.
4. Deployment In Multiple Regions: You can manage the AWS cloud formation to
deploy it in multiple regions which will help you in disasters.
Benefits of AWS Cloudformation
1. Automation: AWS CloudFormation helps to automate the process of creating,
configuring, and managing AWS resources. This allows for the infrastructure to be
deployed quickly, reliably, and repeatedly.
 2. Consistency and standardization: With AWS CloudFormation, it is possible to
create standard templates of infrastructure stacks that can be used to create identical
copies of the same infrastructure. This ensures consistency in the infrastructure
deployment and makes it easier to maintain.
3. Cost savings: AWS CloudFormation helps to reduce costs by allowing customers to
use existing infrastructure templates and reuse them across multiple environments.
This reduces the cost of designing and deploying new infrastructure.
4. Security: AWS CloudFormation helps to ensure that all AWS resources are
configured securely by using security policies and rules. This helps to protect the
infrastructure from potential security threats.
5. Scalability: AWS CloudFormation allows for the quick and easy scaling of resources
on demand. This means that customers can quickly and easily add resources to meet
their changing needs.

Q 9. Explain different troubleshooting issues faced while using Cloud

Formation.

Delete stack fails

Some resources must be empty before they can be deleted.
Ensure that you have the necessary IAM permissions to delete the resources in the stack

Dependency error
Add a DependsOn attribute to resources that depend on other resources in your template.

AWS Config and AWS Systems Manager conflicts

Review the configuration of AWS Config and Systems Manager in the associated AWS
account and AWS Region.
Check your CloudFormation template for any resources managed by AWS Config and
Systems Manager.

Error parsing parameter when passing a list

When you use the AWS Command Line Interface or CloudFormation to pass in a list, add
the escape character (\) before each comma.

Insufficient IAM permissions

When you work with a CloudFormation stack, you not only need permissions to use
CloudFormation, you must also have permission to use the underlying services that are
described in your template

Invalid value or unsupported resource property

When creating or updating a CloudFormation stack, failures can occur due to invalid
parameters, unsupported resource property names, or invalid values. Ensure that specified
resources, like EC2 key pairs or VPC IDs, exist in your account and region. Using AWS-
specific parameter types helps validate values
Quota exceeded
If you exceed a service quota, such as the maximum number of EC2 On-Demand
instances, CloudFormation stack creation fails (e.g., with a "start_failed" error). To
resolve this, check AWS service quotas and request increases if needed. During updates,
CloudFormation may replace resources, temporarily exceeding quotas, which can also
cause failures. You can avoid this by removing unnecessary resources or requesting quota
adjustments

Nested stacks are stuck in UPDATE_COMPLETE_CLEANUP_IN_PROGRESS,

UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS, or
UPDATE_ROLLBACK_IN_PROGRESS
When a nested stack rollback fails, CloudFormation pauses cleanup for all nested stacks
until each completes its update or rollback. If one stack fails, others may get stuck in a
cleanup state (e.g., UPDATE_COMPLETE_CLEANUP_IN_PROGRESS). Rollback
issues often arise due to external changes, mismatched stack templates, or insufficient
Auto Scaling timeout signals. Contact AWS Support to resolve these rollback issues.

No updates to perform
CloudFormation requires actual updates to parameters or template content to recognize a
stack update. Modifications like deletion policies, update policies, conditions, or output
declarations alone don’t trigger an update. To apply such changes without altering
functionality, add or change a metadata attribute, which CloudFormation doesn’t process
but will register as an update.

Resource failed to stabilize during a create, update, or delete stack operation

If a resource fails to stabilize during a CloudFormation stack operation, it might be due to
timeout or service interruptions. Confirm that the relevant AWS service is operational,
then retry. Some resources like AutoScalingGroups, RDS instances, and Redshift clusters
may exceed default timeouts.