Question #892
A company’s CISO wants to redesign their CI/CD pipeline to ensure that security patches can be deployed rapidly with minimal downtime and the ability to revert changes immediately if issues arise. The application runs on a fleet of Amazon EC2 instances behind an Application Load Balancer. The current setup uses GitHub for source control, AWS CodeBuild for building the application, and AWS CodePipeline to orchestrate the workflow triggered by GitHub commits.
Which CI/CD configuration best meets these requirements?
Set up CodePipeline with a deployment stage using AWS CodeDeploy configured for in-place deployments. If issues occur, deploy a new version to replace the existing instances.
Configure CodePipeline to use AWS CodeDeploy with a blue/green deployment strategy. If problems are detected, initiate a rollback through CodeDeploy to revert to the previous environment.
Implement AWS CloudFormation in CodePipeline to manage deployments through stack updates. Roll back by updating the stack with the previous template.
Use AWS OpsWorks in the deploy stage with rolling deployments. Roll back by deploying the previous version incrementally.
Explanation
Answer B is correct because blue/green deployments with AWS CodeDeploy meet the requirements of rapid deployment with minimal downtime and immediate rollback. Blue/green deployments create a new environment (green) alongside the existing one (blue), allowing testing before shifting traffic. If issues occur, CodeDeploy can quickly revert traffic to the blue environment, ensuring minimal disruption.
Option A (in-place deployments) causes downtime during updates and lacks immediate rollback. Option C (CloudFormation stack rollbacks) is slower and less suited for EC2 instance fleets. Option D (OpsWorks rolling deployments) involves incremental rollbacks, which are not as immediate as blue/green. Key points: Blue/green deployments reduce downtime, enable testing before traffic shift, and allow instant rollback via CodeDeploy.
Answer
The correct answer is: B