AWS Certified Developer - Associate (DVA-C02) #10 Domain 3-2 Deployment — IaC and Serverless Deployment

4 min read

In #9 CI/CD we covered the build and deployment tools, so this time it’s about IaC (Infrastructure as Code), defining the infrastructure itself as code. Infrastructure built by hand in the console is hard to reproduce and version-control. AWS’s IaC backbone is CloudFormation, with serverless-specific SAM on top of it, and Elastic Beanstalk as a platform abstraction.

CloudFormation #

When you define AWS resources in a declarative template (YAML/JSON), CloudFormation creates, updates, and deletes them exactly as specified. The bundle of created resources is a Stack.

Template Structure #

SectionRole
ResourcesThe only required section. Defines the resources to create
ParametersInput values at deploy time (environment,instance type, etc.)
MappingsKey-value lookups (per-region AMIs, etc.)
ConditionsConditional resource creation
OutputsOutput values for other stacks to reference (export)
TransformSpecifies macros,SAM

Intrinsic functions also come up often. !Ref (reference), !GetAtt (get an attribute), !Sub (string substitution), !FindInMap (mapping lookup), !ImportValue (reference another stack’s output).

Stack Operations #

  • Change Set — Before updating a stack, preview what will change. Prevents unintended replacement,deletion.
  • Drift Detection — Detects parts changed manually in the console (the difference from the template).
  • Rollback — On a create/update failure, automatically reverts to the previous state.
  • Nested Stack — Separates common components into reusable child stacks.
  • DeletionPolicy — On stack deletion, preserves the resource (Retain) or leaves a snapshot (Snapshot). Used for resources you can’t afford to lose, like a database.

Exam trap: the answer to “check the scope of impact before a stack update” is the change set. The answer to “I want to keep the DB even after deletion” is DeletionPolicy: Retain.

SAM — Serverless Application Model #

SAM is a CloudFormation extension that simplifies serverless deployment. Put Transform: AWS::Serverless-2016-10-31 at the top of the template, and you can use SAM shorthand resource types.

SAM resourceCorresponds to
AWS::Serverless::FunctionLambda function + role + event source
AWS::Serverless::ApiAPI Gateway
AWS::Serverless::SimpleTableDynamoDB table
  • sam build — Builds with dependencies included.
  • sam deploy — Packages and deploys via CloudFormation (internally an S3 upload + stack creation).
  • sam localRuns and debugs Lambda,API locally (using Docker).
  • A SAM template is transformed into plain CloudFormation at deploy time.

The key: to define, deploy, and locally test a serverless app (Lambda + API Gateway + DynamoDB) with little code, use SAM. SAM also easily supports #11’s canary/linear deployment and automatic rollback via AutoPublishAlias,DeploymentPreference.

Elastic Beanstalk #

A platform abstraction (PaaS) that, once you upload your code, automatically provisions EC2,ELB,ASG,health monitoring. Developers focus on the application rather than the infrastructure. Internally it creates resources via CloudFormation.

Deployment Policies #

Beanstalk’s deployment policies are an exam regular.

PolicyBehaviorDowntimeExtra cost
All at onceReplaces everything at onceYesNone
RollingReplaces batch by batchNone (reduced capacity)None
Rolling with additional batchReplaces while adding a new batchNone (capacity maintained)Temporary extra instances
ImmutableDeploys to a new instance group, then switchesNoneTemporary double
Blue/Green (environment swap)Deploys to a new environment, then swaps the URLNoneDouble

The core distinction: the safest and easiest to roll back is Immutable/Blue-Green (deploy to new instances), the fastest but with downtime is All at once, and gradual replacement while maintaining capacity is Rolling with additional batch.

  • .ebextensions — Customizes the environment,resources via .config files.
  • Beanstalk suits EC2,container-based web apps, while pure serverless (Lambda) is a better fit for SAM.

IaC Quick-Select Table #

RequirementAnswer
Arbitrary AWS resources as codeCloudFormation
Serverless (Lambda/API GW/DynamoDB) conciselySAM
Just upload a web app without worrying about infraElastic Beanstalk
Preview the impact of a stack updateChange set
Test Lambda locallysam local

Exam question patterns #

  • “Define and deploy a serverless app with little code.” → SAM.
  • “Debug Lambda locally.” → sam local invoke.
  • “Check the impact of changes before updating a stack.” → Change set.
  • “Preserve RDS when deleting a stack.” → DeletionPolicy: Retain.
  • “Quickly deploy a web app without managing infra.” → Elastic Beanstalk.
  • “Deploy safely with no downtime and easy rollback.” → Immutable / Blue-Green.
  • “Select a different AMI per region.” → Mappings + !FindInMap.

Wrap-up #

What this post locked in:

  • CloudFormation — only Resources is required. Change set (impact preview),drift,nested stacks,DeletionPolicy
  • SAM — a serverless CFN extension. sam build/deploy/local, built-in canary deployment
  • Elastic Beanstalk — PaaS. The trade-offs of deployment policies (All at once/Rolling/Immutable/Blue-Green)
  • Safety,rollback first is Immutable/Blue-Green, speed first is All at once

Next — Domain 3-3 Deployment Strategies #

Now that we’ve covered the tools, the last topic is the zero-downtime deployment strategies themselves. In #11 Deployment Strategies, I’ll cover in-place vs blue/green, canary and linear deployment, Lambda aliases,versions and weighted routing, and CodeDeploy/SAM automatic rollback.

X