What should a DevOps Engineer do to meet all of these requirements while following Cl/CD best practices?

By:
In: DOP-C01
Tagged:
With: 1 Comment
A company using AWS CodeCommit for source control wants to automate its continuous integration and continuous delivery pipeline on AWS in its development environment.The company has three requirements:1.There must be a legal and a security review of any code change to make sure sensitive information is not leaked through the source code.2.Every change must go through unit testing.3.Every change must go through a suite of functional testing to ensure functionality.In addition, the company has the following requirements for automation:1.Code changes should automatically trigger the CI/CD pipeline.2.Any failure in the pipeline should notify [email protected] must be an approval to stage the assets to Amazon S3 after tests have been performed.

What should a DevOps Engineer do to meet all of these requirements while following Cl/CD best practices?

Commit to the development branch and trigger AWS CodePipeline from the development branch. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use Amazon CloudWatch metrics to detect changes in pipeline stages and Amazon SES for emailing [email protected].

Commit to mainline and trigger AWS CodePipeline from mainline. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use AWS CloudTrail logs to detect changes in pipeline stages and Amazon SNS for emailing [email protected].

Commit to the development branch and trigger AWS CodePipeline from the development branch. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use Amazon CloudWatch Events to detect changes in pipeline stages and Amazon SNS for emailing [email protected].

Commit to mainline and trigger AWS CodePipeline from mainline. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use Amazon CloudWatch Events to detect changes in pipeline stages and Amazon SES for emailing [email protected].

Explanations:

While this option uses the development branch and includes all required stages, using CloudWatch metrics does not effectively notify about pipeline failures. Instead, CloudWatch Events should be used to trigger notifications.

Committing to the mainline goes against the best practice of using a development branch for integration. Additionally, AWS CloudTrail is not the best tool for detecting changes in the pipeline stages; CloudWatch Events would be more appropriate. Also, SNS should be used for notifications instead of CloudTrail.

This option correctly commits to the development branch, which is suitable for CI/CD practices. It includes all required stages and utilizes Amazon CloudWatch Events to detect changes in the pipeline and SNS for email notifications, aligning well with the automation requirements.

Similar to option B, committing to the mainline does not align with CI/CD best practices. Although it uses CloudWatch Events and SES for notifications, the use of the mainline branch is a critical flaw.

2025-10-07

1 Comment

  1. Dennis
    Author

    As far as I can tell, the answer is:
    Commit to the development branch and trigger AWS CodePipeline from the development branch. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use Amazon CloudWatch Events to detect changes in pipeline stages and Amazon SNS for emailing [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *

5 − 2 =