Question #1022
A company is using AWS SAM for deploying serverless applications. All application code and templates are stored in Amazon S3 buckets with versioning enabled. Developers access an Amazon EC2 instance hosting a cloud-based IDE. They download code from S3, make changes, run unit tests locally, and upload the modified code back to S3. The team aims to enhance their deployment process by adopting CI/CD with AWS CodePipeline.
The developers must meet these requirements:
- Utilize AWS CodeCommit for source control.
- Automate unit testing and security checks.
- Notify developers immediately if unit tests fail.
- Dynamically toggle application features and customize deployments within the CI/CD pipeline.
- Require approval from the lead developer prior to production deployment.
Which solution fulfills these requirements?
Use AWS CodeBuild to automate unit tests and security scans. Configure an Amazon EventBridge rule to trigger Amazon SNS notifications when tests fail. Implement AWS CDK constructs with a feature toggle manifest file to enable/disable features dynamically. Include a manual approval step in the pipeline for the lead developer's review before deployment.
Use AWS Step Functions to orchestrate unit tests and security scans. Use Amazon CloudWatch Logs to detect test failures and send alerts via Amazon SES. Deploy feature toggles using AWS CloudFormation parameters and conditions. Integrate an Amazon SQS queue for the lead developer to approve deployments asynchronously.
Use AWS Lambda functions to execute unit tests and security scans. Configure an Amazon CloudWatch Events rule to send alerts via Amazon SNS upon test failures. Manage feature toggles using AWS Systems Manager Parameter Store and update parameters during deployment. Use AWS CodeDeploy hooks for the lead developer's approval.
Use Jenkins pipelines within AWS to run unit tests and security scans. Trigger Amazon SNS alerts via AWS CLI commands in the pipeline when tests fail. Implement feature flags using Amazon DynamoDB and custom scripts. Require the lead developer to approve deployments via an Amazon API Gateway endpoint.
Explanation
Option A is correct because:
1. AWS CodeBuild automates unit tests and security scans, aligning with CI/CD best practices.
2. Amazon EventBridge + SNS provides immediate failure notifications, satisfying the alerting requirement.
3. AWS CDK constructs with a manifest file enable dynamic feature toggling, allowing runtime customization.
4. Manual approval step in CodePipeline ensures lead developer review before production.
Other options fail because:
- B: Step Functions isn't ideal for CI/CD testing; SES isn't optimal for alerts; SQS approval is non-standard.
- C: Lambda isn't optimized for build/test phases; Parameter Store lacks CDK's deployment integration.
- D: Jenkins contradicts AWS-native service requirements; DynamoDB/API Gateway are unconventional for feature toggles/approvals.
Key Points:
- Use AWS-native services (CodeBuild, CodePipeline) for CI/CD.
- EventBridge + SNS enables real-time notifications.
- CDK allows infrastructure-as-code with dynamic toggles.
- CodePipeline's manual approval step enforces pre-deployment reviews.
Answer
The correct answer is: A