AWS Certified Developer - Associate (DVA-C02) #10 Domain 3-2 Deployment — IaC and Serverless Deployment
In #9 CI/CD we covered the build and deployment tools, so this time it’s about IaC (Infrastructure as Code), defining the infrastructure itself as code. Infrastructure built by hand in the console is hard to reproduce and version-control. AWS’s IaC backbone is CloudFormation, with serverless-specific SAM on top of it, and Elastic Beanstalk as a platform abstraction.
CloudFormation #
When you define AWS resources in a declarative template (YAML/JSON), CloudFormation creates, updates, and deletes them exactly as specified. The bundle of created resources is a Stack.
Template Structure #
| Section | Role |
|---|---|
Resources | The only required section. Defines the resources to create |
Parameters | Input values at deploy time (environment,instance type, etc.) |
Mappings | Key-value lookups (per-region AMIs, etc.) |
Conditions | Conditional resource creation |
Outputs | Output values for other stacks to reference (export) |
Transform | Specifies macros,SAM |
Intrinsic functions also come up often. !Ref (reference), !GetAtt (get an attribute), !Sub (string substitution), !FindInMap (mapping lookup), !ImportValue (reference another stack’s output).
Stack Operations #
- Change Set — Before updating a stack, preview what will change. Prevents unintended replacement,deletion.
- Drift Detection — Detects parts changed manually in the console (the difference from the template).
- Rollback — On a create/update failure, automatically reverts to the previous state.
- Nested Stack — Separates common components into reusable child stacks.
DeletionPolicy— On stack deletion, preserves the resource (Retain) or leaves a snapshot (Snapshot). Used for resources you can’t afford to lose, like a database.
Exam trap: the answer to “check the scope of impact before a stack update” is the change set. The answer to “I want to keep the DB even after deletion” is
DeletionPolicy: Retain.
SAM — Serverless Application Model #
SAM is a CloudFormation extension that simplifies serverless deployment. Put Transform: AWS::Serverless-2016-10-31 at the top of the template, and you can use SAM shorthand resource types.
| SAM resource | Corresponds to |
|---|---|
AWS::Serverless::Function | Lambda function + role + event source |
AWS::Serverless::Api | API Gateway |
AWS::Serverless::SimpleTable | DynamoDB table |
sam build— Builds with dependencies included.sam deploy— Packages and deploys via CloudFormation (internally an S3 upload + stack creation).sam local— Runs and debugs Lambda,API locally (using Docker).- A SAM template is transformed into plain CloudFormation at deploy time.
The key: to define, deploy, and locally test a serverless app (Lambda + API Gateway + DynamoDB) with little code, use SAM. SAM also easily supports #11’s canary/linear deployment and automatic rollback via AutoPublishAlias,DeploymentPreference.
Elastic Beanstalk #
A platform abstraction (PaaS) that, once you upload your code, automatically provisions EC2,ELB,ASG,health monitoring. Developers focus on the application rather than the infrastructure. Internally it creates resources via CloudFormation.
Deployment Policies #
Beanstalk’s deployment policies are an exam regular.
| Policy | Behavior | Downtime | Extra cost |
|---|---|---|---|
| All at once | Replaces everything at once | Yes | None |
| Rolling | Replaces batch by batch | None (reduced capacity) | None |
| Rolling with additional batch | Replaces while adding a new batch | None (capacity maintained) | Temporary extra instances |
| Immutable | Deploys to a new instance group, then switches | None | Temporary double |
| Blue/Green (environment swap) | Deploys to a new environment, then swaps the URL | None | Double |
The core distinction: the safest and easiest to roll back is Immutable/Blue-Green (deploy to new instances), the fastest but with downtime is All at once, and gradual replacement while maintaining capacity is Rolling with additional batch.
.ebextensions— Customizes the environment,resources via.configfiles.- Beanstalk suits EC2,container-based web apps, while pure serverless (Lambda) is a better fit for SAM.
IaC Quick-Select Table #
| Requirement | Answer |
|---|---|
| Arbitrary AWS resources as code | CloudFormation |
| Serverless (Lambda/API GW/DynamoDB) concisely | SAM |
| Just upload a web app without worrying about infra | Elastic Beanstalk |
| Preview the impact of a stack update | Change set |
| Test Lambda locally | sam local |
Exam question patterns #
- “Define and deploy a serverless app with little code.” → SAM.
- “Debug Lambda locally.” →
sam local invoke. - “Check the impact of changes before updating a stack.” → Change set.
- “Preserve RDS when deleting a stack.” →
DeletionPolicy: Retain. - “Quickly deploy a web app without managing infra.” → Elastic Beanstalk.
- “Deploy safely with no downtime and easy rollback.” → Immutable / Blue-Green.
- “Select a different AMI per region.” → Mappings +
!FindInMap.
Wrap-up #
What this post locked in:
- CloudFormation — only
Resourcesis required. Change set (impact preview),drift,nested stacks,DeletionPolicy - SAM — a serverless CFN extension.
sam build/deploy/local, built-in canary deployment - Elastic Beanstalk — PaaS. The trade-offs of deployment policies (All at once/Rolling/Immutable/Blue-Green)
- Safety,rollback first is Immutable/Blue-Green, speed first is All at once
Next — Domain 3-3 Deployment Strategies #
Now that we’ve covered the tools, the last topic is the zero-downtime deployment strategies themselves. In #11 Deployment Strategies, I’ll cover in-place vs blue/green, canary and linear deployment, Lambda aliases,versions and weighted routing, and CodeDeploy/SAM automatic rollback.