18 - Code[Commit/Pipeline/Build/Deploy]

CodeArtifact - Resource Policy • A given principal can either _ _ the packages in a _ or _ _ _

A given principal can either read all the packages in a repository or none of them

CodePipeline When can manual approval be defined in CodePipeline?

At any stage

CodePipeline Manual Approval Owner is _ Action is _ What are the two permissions a user must have to approve?

Important: Owner is "AWS", Action is "Manual"

Amazon CodeGuru • An _-_ service for _ code reviews and application _ _ • Provides two functionalities • CodeGuru _: automated _ _ for _ _ analysis (_) • CodeGuru _: _/_ about _ _ during _ (_)

• An ML-powered service for automated code reviews and application performance recommendations • Provides two functionalities • CodeGuru Reviewer: automated code reviews for static code analysis (development) • CodeGuru Profiler: visibility/recommendations about application performance during runtime (production)

AWS CodeStar • An integrated solution that groups: ? • Quickly create "_-_" projects for...(3) • Issue tracking integration with _ / _ issues • Ability to integrate with _ (not all _) • _ _, pay for _ _ of _ _ • _ Customization

• An integrated solution that groups: GitHub, CodeCommit, CodeBuild, CodeDeploy, CloudFormation, CodePipeline, CloudWatch, ... • Quickly create "CICD-ready" projects for EC2, Lambda, Elastic Beanstalk • Issue tracking integration with JIRA / GitHub Issues • Ability to integrate with Cloud9 to obtain a web IDE (not all regions) • Free service, pay only for the underlying usage of other services • Limited Customization

AWS CodeCommit Security • Authentication • SSH Keys - AWS Users can configure SSH keys in their _ _ • HTTPS - with AWS CLI _ _ or Git _ for _ _

• Authentication • SSH Keys - AWS Users can configure SSH keys in their IAM Console • HTTPS - with AWS CLI Credential helper or Git Credentials for IAM user

CodeArtifact - External Connection • Example - Connect to npmjs.com • Configure one CodeArtifact Repository in your _ with an _ _ to npmjs.com • Configure all the other repositories with an _ to it • Packages fetched from npmjs.com are _ in the _ _, rather than fetching and storing them in _ _

• Configure one CodeArtifact Repository in your domain with an external connection to npmjs.com • Configure all the other repositories with an upstream to it • Packages fetched from npmjs.com are cached in the Upstream Repository, rather than fetching and storing them in each Repository

AWS CodeCommit Security • Cross-account Access • Do NOT share your _ _ or your _ _ • Use an _ _ in your AWS account and use AWS _(_ API)

• Cross-account Access • Do NOT share your SSH keys or your AWS credentials • Use an IAM Role in your AWS account and use AWS STS (AssumeRole API)

CodeArtifact - Domains • Easy _ Across _ and _ - all the _ and _ in a domain are encrypted with a single AWS _ _ • Apply _ Across _ Repositories - _ _ can apply policy across the domain such as: 1 Restricting which _ have access to _ in the _ 2 Who can _ _ to _ _ to use as sources of packages

• Easy Sharing Across Repositories and Teams - all the assets and metadata in a domain are encrypted with a single AWS KMS Key • Apply Policy Across Multiple Repositories - domain administrator can apply policy across the domain such as: • Restricting which accounts have access to repositories in the domain • Who can configure connections to public repositories to use as sources of packages

AWS CodeCommit Security • Encryption • Repositories are _ _ at rest using _ _ • Encrypted _ _(can only use _ or _ - both secure)

• Encryption • Repositories are automatically encrypted at rest using AWS KMS • Encrypted in transit (can only use HTTPS or SSH - both secure)

AWS CodeCommit Security • Authorization • _ _ to manage users/roles permissions to _

• IAM policies to manage users/roles permissions to repositories

CodeBuild • In case of need of deep troubleshooting beyond logs... • You can run CodeBuild locally on your desktop (after _ _) • For this, leverage the _ _

• In case of need of deep troubleshooting beyond logs... • You can run CodeBuild locally on your desktop (after installing Docker) • For this, leverage the CodeBuild Agent

CodeDeploy - appspec.yml • _ - set of instructions to do to deploy the new version (_ can have _), the order is: • _ • _ • _ • _ • _ • _ • _

• hooks - set of instructions to do to deploy the new version (hooks can have timeouts), the order is: • ApplicationStop • DownloadBundle • BeforeInstall • Install • AfterInstall • ApplicationStart • ValidateService