Skip to main content
  1. Home
  2. >
  3. AWS
  4. >
  5. SAP-C02
  6. >
  7. This article

AWS SAP-C02 Drill: Serverless CI/CD - The Deployment Velocity vs. Safety Trade-off

·1236 words·6 mins·
Architecture Drills AWS SAP-C02 FinOps Decision Matrix Lambda SAM CodeDeploy CloudFormation API Gateway Serverless CI/CD Canary Deployment
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | Multi-Cloud Architect & Strategist.
Jeff's Architecture Insights
Go beyond static exam dumps. Jeff’s Insights is engineered to cultivate the mindset of a Production-Ready Architect. We move past ‘correct answers’ to dissect the strategic trade-offs and multi-cloud patterns required to balance reliability, security, and TCO in mission-critical environments.
Table of Contents

While preparing for the AWS SAP-C02, many candidates get confused by serverless deployment automation strategies. In the real world, this is fundamentally a decision about Deployment Velocity vs. Blast Radius Control vs. Engineering Time Investment. Let’s drill into a simulated scenario.

The Scenario
#

StreamVibe, a video streaming analytics company, operates a serverless API serving 2.3 million requests per day. The architecture consists of Amazon CloudFront (CDN layer), Amazon API Gateway (REST API), and AWS Lambda functions (business logic).

Currently, their deployment process is manual and high-risk:

  • DevOps engineers create a new Lambda version
  • Run a custom bash script to update the API Gateway integration
  • If errors occur in production, run a separate rollback script to revert to the previous version
  • Problem: Last month, a faulty deployment caused 47 minutes of degraded service before rollback completed, costing $12,000 in SLA credits

Business Directive: The CTO mandates:

  1. Reduce deployment time for Lambda function updates
  2. Reduce error detection time from minutes to seconds
  3. Automate rollback to eliminate human reaction delay

Key Requirements
#

Minimize Mean Time to Detect (MTTD) and Mean Time to Recover (MTTR) for Lambda deployments while reducing manual toil, with consideration for infrastructure-as-code maturity and cost of automation tooling.

The Options
#

  • A) Create nested AWS CloudFormation stacks: parent stack contains CloudFront distribution and API Gateway, child stack contains Lambda function. For Lambda changes, create CloudFormation change sets and deploy. If errors trigger, roll back the CloudFormation change set to the previous version.

  • B) Use AWS SAM with built-in AWS CodeDeploy to deploy new Lambda versions with gradual traffic shifting to the new version. Use pre-traffic and post-traffic test functions to validate code. If Amazon CloudWatch alarms trigger, automatically roll back.

  • C) Refactor AWS CLI scripts into a single unified script that deploys new Lambda versions. After deployment completes, execute test scripts. If errors are detected, roll back to the previous Lambda version.

  • D) Create and deploy an AWS CloudFormation stack containing a new API Gateway endpoint that references the new Lambda version. Modify the CloudFront origin to point to the new API Gateway endpoint. Monitor for errors, and if detected, modify the CloudFront origin back to the previous API Gateway endpoint.

Correct Answer
#

Option B.

The Architect’s Analysis
#

Correct Answer
#

Option B - AWS SAM with AWS CodeDeploy progressive deployment.

Step-by-Step Winning Logic
#

This solution delivers three critical capabilities not available in other options:

  1. Automated Canary/Linear Traffic Shifting
    CodeDeploy shifts traffic incrementally (e.g., 10% every 5 minutes) while monitoring CloudWatch metrics. If error rates spike, rollback is automatic - no human intervention required.

  2. Pre-Traffic & Post-Traffic Validation Hooks
    SAM’s DeploymentPreference allows you to run Lambda test functions before shifting traffic (smoke tests) and during canary phases (integration tests). This catches errors in seconds, not minutes.

  3. Native CloudWatch Alarm Integration
    CodeDeploy monitors user-defined alarms (e.g., Lambda errors > 1%, API Gateway 5xx > 0.5%). Alarm breach = instant rollback. MTTR drops from 47 minutes to ~2 minutes.

FinOps Win: SAM is free (just CloudFormation under the hood). CodeDeploy charges $0.00 for Lambda deployments (only EC2/ECS incur costs). You gain enterprise-grade deployment safety with zero additional service costs.

The Traps (Distractor Analysis)
#

  • Why not Option A (CloudFormation Nested Stacks)?
    CloudFormation change sets provide rollback capability, but it’s all-or-nothing - no gradual traffic shifting. If 100% of traffic hits a bad Lambda version, you’ve already failed. Also, CloudFormation rollback is slower (typically 3-5 minutes) vs. CodeDeploy’s sub-60-second alias shift. Lacks blast radius control.

  • Why not Option C (Unified CLI Script)?
    This is just manual automation - you’ve consolidated scripts but not solved the core problem. Error detection still depends on post-deployment testing, and rollback is still a manual CLI command. No improvement in MTTD/MTTR. This is an Associate-level approach, not Professional.

  • Why not Option D (Blue/Green API Gateway Endpoints)?
    While creative, this introduces unnecessary complexity:

    • Creates duplicate API Gateway resources (higher cost: ~$3.50/month per additional REST API)
    • CloudFront origin switching takes 5-10 minutes to propagate globally (cache invalidation delays)
    • No built-in health checks - you’re manually monitoring and switching origins
    • Violates the immutable infrastructure principle - you’re managing stateful endpoint mappings instead of stateless deployments

The Architect Blueprint
#

graph TB subgraph "Deployment Pipeline" Developer[Developer: git push] --> CodePipeline[AWS CodePipeline] CodePipeline --> SAM[AWS SAM Build/Package] SAM --> CodeDeploy[AWS CodeDeploy] end subgraph "Progressive Deployment" CodeDeploy --> PreTest[Pre-Traffic Hook<br/>Lambda Test Function] PreTest -->|Pass| Canary[Shift 10% Traffic<br/>to New Version] Canary --> CW[CloudWatch Alarms<br/>Errors, Latency, Custom Metrics] CW -->|Healthy| Linear[Linear Shift<br/>+10% every 5 min] Linear --> Full[100% on New Version] CW -->|Alarm Breach| Rollback[Automatic Rollback<br/>to Previous Alias] end subgraph "Production Traffic" CloudFront[CloudFront Distribution] --> APIGW[API Gateway] APIGW --> LambdaAlias[Lambda Alias: live<br/>CodeDeploy Managed] LambdaAlias -.-> V1[Version 47<br/>90% Traffic] LambdaAlias -.-> V2[Version 48<br/>10% Traffic] end Full -.-> LambdaAlias Rollback -.-> LambdaAlias style CodeDeploy fill:#FF9900,stroke:#232F3E,color:#FFF style CW fill:#FF4F8B,stroke:#232F3E,color:#FFF style Rollback fill:#D13212,stroke:#FFF,color:#FFF

Diagram Note: SAM/CodeDeploy uses Lambda aliases (e.g., live) with weighted traffic routing between versions. CloudWatch alarms continuously monitor the canary cohort - any breach triggers instant rollback via alias weight reset.

The Decision Matrix
#

Option Est. Complexity Est. Monthly Cost MTTR (Rollback Time) Blast Radius Control Pros Cons
A) CloudFormation Nested Stacks Medium Low ($0) 3-5 minutes ❌ None (100% cutover) • IaC benefits
• Version control
• Drift detection		 • No canary deployment
• Slow rollback
• All-or-nothing risk
B) SAM + CodeDeploy Medium Low ($0) 30-90 seconds ✅ Granular (10% increments) • Automated canary
• Free for Lambda
• Built-in health checks
• Sub-minute rollback		 • Requires CloudWatch alarm setup
• Learning curve for SAM syntax
C) Unified CLI Script Low Low ($0) 5-10 minutes ❌ None • Simple to understand
• No new tools		 • Manual testing required
• Human-triggered rollback
• No improvement over current state
D) Blue/Green API Gateway High Medium ($7-15/mo) 8-12 minutes ⚠️ Endpoint-level only • Full environment isolation • CloudFront cache delays
• Duplicate API Gateway costs
• Complex state management
• Manual orchestration

FinOps Quantification:

  • Option B hidden cost: CloudWatch alarms (~$0.10/alarm/month × 3 alarms = $0.30/mo) + CodePipeline if used ($1/active pipeline/month)
  • Option D cost breakdown: 2 API Gateway REST APIs ($3.50/mo each) + additional Lambda invocations during testing ($0.20/1M requests × test volume)
  • Avoided cost (current state): $12,000 SLA penalty ÷ 12 months = $1,000/month risk exposure

Real-World Practitioner Insight
#

Exam Rule
#

For the SAP-C02 exam, when you see:

  • “Serverless” + “Gradual rollout” + “Automated rollback” → AWS SAM + CodeDeploy
  • “CloudWatch alarms” + “Traffic shifting” → CodeDeploy deployment preferences
  • Keywords: “canary”, “linear”, “all-at-once” → These are CodeDeploy deployment types

Real World
#

In production environments, we typically combine approaches:

  1. Option B (SAM/CodeDeploy) as the foundation - handle 95% of deployments
  2. Add synthetic monitoring (e.g., CloudWatch Synthetics canaries) for post-deployment verification beyond just CloudWatch metrics
  3. Implement feature flags (AWS AppConfig) for runtime killswitches - even faster than CodeDeploy rollback for configuration changes
  4. Cost optimization: For high-traffic functions (>10M invocations/day), consider Lambda Provisioned Concurrency during canary phases to eliminate cold start noise in metrics

The hidden trade-off: SAM/CodeDeploy assumes your CloudWatch metrics are meaningful. In reality, you need:

  • Application-level metrics (not just Lambda errors)
  • Customer journey validation (e.g., “checkout completion rate”)
  • This often requires custom CloudWatch embedded metrics in your Lambda code - an engineering investment not mentioned in the exam scenario

Anti-pattern warning: I’ve seen teams over-engineer this with CodeDeploy + multiple API Gateway stages + CloudFront behaviors. Keep it simple - the Lambda alias is the only traffic control point you need.

Related Articles

Mastering AWS Solutions Architect Professional (SAP-C02)

Advanced architectural patterns, multi-account governance, and complex migrations.