AWS Certified Solutions Architect Professional SAP-C02 Practice Question

The correct answer is to implement a blue/green deployment strategy using AWS CodeDeploy. This approach involves provisioning a new, independent 'green' environment with the new application version that runs alongside the existing 'blue' production environment. After the green environment is validated through automated tests, traffic is shifted from the blue environment to the green one with near-zero downtime. A key component of this strategy for operational excellence is configuring CodeDeploy to monitor CloudWatch alarms. If key performance metrics (like error rates or latency) breach predefined thresholds after the traffic shift, CodeDeploy can automatically trigger a rollback, redirecting traffic back to the stable blue environment, thus providing a rapid and automated recovery mechanism.

A rolling deployment updates a subset of instances at a time, which means for a period, both old and new versions of the application are running simultaneously. While this reduces downtime compared to an all-at-once strategy, rollbacks are more complex than with blue/green, as it's not an instant switch back to a fully separate, stable environment.

Performing an in-place deployment, even with enhanced manual monitoring, is still an all-at-once strategy. It carries the highest risk because it directly overwrites the production environment, and relying on manual rollback procedures is slow and prone to human error, which does not align with the goal of improving operational excellence through automation.

Using AWS Systems Manager to patch and harden instances is a crucial best practice for security and operations but does not directly address the risks associated with the application deployment and traffic cutover process. It is a complementary activity, not a replacement for a safe deployment strategy.