Table of Contents
Why Are Quality Gates Essential for Preventing Unintended Deployments in CI/CD?
Learn why adding a manual approval stage in AWS CodePipeline is a critical best practice. Discover how this quality gate requires human confirmation before deploying to production, preventing errors and ensuring that only verified changes go live.
Question
What is the purpose of adding an approval stage in CodePipeline?
A. To visualize deployment steps as charts
B. To create automatic database connections
C. To require manual confirmation before production deployment
D. To configure environment variables
Answer
C. To require manual confirmation before production deployment
Explanation
Approval stages act as quality gates.
The primary purpose of adding an approval stage in AWS CodePipeline is to introduce a manual checkpoint that requires human confirmation before the pipeline proceeds, most critically before deploying changes to a production environment. This stage acts as a crucial safety measure to prevent unintended or unverified releases.
The correct answer is C. To require manual confirmation before production deployment.
An approval stage in AWS CodePipeline serves as a deliberate pause in an otherwise automated workflow. While automation is key to CI/CD efficiency, certain actions—especially promoting code to a live production environment—carry significant risk. The approval stage mitigates this risk by enforcing a manual review.
Here is a more detailed breakdown of its purpose and function:
Acts as a Quality Gate
The approval stage functions as a final quality gate before a critical transition. After automated builds and tests have successfully passed, this stage allows a designated person (like a project manager, QA lead, or senior engineer) to perform a final verification. This could involve reviewing test results, checking that business requirements have been met, or confirming that the deployment is happening within a scheduled maintenance window.
Prevents Accidental Deployments
In a fully automated pipeline, a single code commit could theoretically travel all the way to production in minutes. An approval stage ensures that this process stops at a strategic point, giving teams control over the timing and authorization of production releases. This prevents situations where a developer accidentally pushes a commit that triggers an unwanted production update.
Enforces Compliance and Business Rules
For many organizations, compliance standards (like SOX or PCI-DSS) require a separation of duties and explicit approval for production changes. The approval stage provides an auditable mechanism to meet these requirements. The action is logged in AWS, showing who approved the change and when.
Configuration and Workflow
When setting up an approval action in CodePipeline, you specify an IAM user or role that is authorized to approve or reject the action. When the pipeline reaches this stage, it pauses and sends a notification (typically via Amazon SNS) to the approvers. The pipeline will only continue to the next stage (e.g., deployment to production) if an authorized user manually approves it.
The other options are incorrect as they describe different functions within a CI/CD process:
A. To visualize deployment steps as charts: Visualization of the pipeline is a built-in feature of the CodePipeline console itself, not the purpose of an approval stage.
B. To create automatic database connections: Database connections are managed through environment variables or services like AWS Secrets Manager within the application’s configuration, not by a pipeline approval stage.
D. To configure environment variables: This is typically done within the build specification (e.g., buildspec.yml in CodeBuild) or in the deployment configuration of a service like Elastic Beanstalk or ECS, not within an approval action.
AWS Elastic Beanstalk & CI/CD for Cloud Projects certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the AWS Elastic Beanstalk & CI/CD for Cloud Projects exam and earn AWS Elastic Beanstalk & CI/CD for Cloud Projects certificate.