Automation

Question 1

What is CloudFormation?

Answer 1

CloudFormation is perfect for creating immutable architecture.
When you create resources using CloudFormation, you can easily
pick that template up and run it anywhere you want.

Question 2

What is Elastic Beanstalk?

Answer 2

The Amazon PaaS tool.

Question 3

What Is Systems Manager?

Answer 3

Systems Manager is a suite of tools designed to let you view, control, and
automate both your AWS architecture and on-premises resources.

Question 4

Features of Systems Manager

Answer 4

• Automation Documents: Can be used to control your instances or
  AWS resources(For example, using Automation documents to fix S3 bucket
  permissions or using Session Manager to connect to an instance. )
• Run Command: Execute commands on your hosts
• Patch Manager: Manages your application versions
• Parameter Store: Securely store your secret values
• Hybrid Activations: Control your on-premises architecture
  using Systems Manager
• Session Manager: Remotely connect and interact with
  your architecture

Question 5

How are AWS CloudFormation template parameters used?

Answer 5

• They are defined in the Parameters section of the template.
• Users can provide values for parameters when creating or updating a stack.

Question 6

What are AWS CloudFormation pseudo parameters and how are they used?

Answer 6

• Pseudo parameters are predefined variables in AWS CloudFormation.
• Pseudo parameters do not need to be explicitly defined in the Parameters section.
• Examples include AWS::Region, AWS::Partition, and AWS::AccountId.
• Pseudo parameters are automatically populated by AWS CloudFormation.

Question 7

What are the purposes of the AWS CloudFormation intrinsic functions !Ref and !GetAtt?

Answer 7

• !Ref is used to get the value of a specified parameter or resource within a CloudFormation template (!Ref LogicalResource OR !Ref Parameter )
• !GetAtt is used to retrieve the value of an attribute from a specified resource in the stack (!GetAtt LogicalResource.Attribute).

Question 8

What AWS CloudFormation intrinsic function is used for selecting elements from a list?

Answer 8

• !Fn::Select: Retrieves a specified element from a list.

SelectedElement:
Description: “Select the second element from the list”
Value: !Fn::Select [1, [“Element1”, “Element2”, “Element3”]]

Question 9

What AWS CloudFormation intrinsic function is used for retrieving availability zones from a region?

Answer 9

• !Fn::GetAZs: Returns a list of availability zones for a specified region.

AvailabilityZones:
Description: “List of availability zones in the us-east-1 region”
Value: !Fn::GetAZs: us-east-1

Question 10

What AWS CloudFormation intrinsic functions are used for joining and splitting strings in a template?

Answer 10

• !Fn::Join: Concatenates a list of values into a single string using a specified delimiter.
• !Fn::Split: Splits a string into a list of substrings based on a specified delimiter.

Examples:
```yaml
JoinedString:
Description: “Concatenate values into a comma-separated string”
Value: !Fn::Join [”,”, [“Value1”, “Value2”, “Value3”]]

SplitString:
Description: “Split a string into a list using a hyphen as the delimiter”
Value: !Fn::Split [”-“, “123-456-789”]

Question 11

What AWS CloudFormation intrinsic functions are used for encoding data in base64 and string interpolation?

Answer 11

• !Fn::Base64: Encodes data in base64 format. Commonly used for encoding user data in AWS::EC2::Instance resources.
• !Fn::Sub: Performs string interpolation, allowing you to substitute values into strings. ${LogicalResource}

Question 12

What AWS CloudFormation feature allows you to create a mapping of keys to corresponding values within a template?

Answer 12

• Mappings: A CloudFormation feature that allows you to create a static mapping of keys to corresponding values, providing a way to parameterize templates.

Question 13

What AWS CloudFormation section allows you to define values to be shown or exported after the stack creation or update?

Answer 13

The optional Outputs section declares output values that you can import into other stacks (to create cross-stack references), return in response (to describe stack calls), or view on the AWS CloudFormation console. For example, you can output the S3 bucket name for a stack to make the bucket easier to find.

Question 14

What are public parameters in AWS Systems Manager Parameter Store, and how can they be shared across accounts and regions?

Answer 14

• Public parameters in AWS Systems Manager Parameter Store are parameters that can be marked as accessible across accounts and regions.
• They provide a way to share configuration values with other AWS accounts.
• Access to public parameters is controlled by IAM policies.
• Cross-region access is supported, allowing parameters to be used in different AWS regions.
• Resource-based policies can be employed to share public parameters with other AWS accounts.

For more details, refer to: Public Parameters in Systems Manager

Question 15

In AWS CloudFormation, what feature allows you to control whether resources are created or how they are configured based on certain conditions?

Answer 15

• The optional Conditions section contains statements that define the circumstances under which entities are created or configured.
• You might use conditions when you want to reuse a template that can create resources in different contexts, such as a test environment versus a production environment.
• In your template, you can add an EnvironmentType input parameter, which accepts either prod or test as inputs.
• Conditions are evaluated based on predefined pseudo parameters or input parameter values that you specify when you create or update a stack.
• Within each condition, you can reference another condition, a parameter value, or a mapping.
• After you define all your conditions, you can associate them with resources and resource properties in the Resources and Outputs sections of a template

Question 16

In CloudFormation what is the DependsOn attribute?

Answer 16

With the DependsOn attribute, you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

Question 17

What AWS CloudFormation tool is used to signal the successful completion of an Amazon EC2 instance or an Auto Scaling group during stack creation or update?

Answer 17

• cfn-signal is a command-line tool used in conjunction with AWS CloudFormation to signal the successful completion of a specific resource, typically an Amazon EC2 instance or an Auto Scaling group.
• It is commonly used in UserData or cfn-init scripts to inform CloudFormation that the resource has been successfully configured and is ready to proceed.
• The cfn-signal command is typically included as the last step in user data scripts to avoid signaling before the resource is fully configured.
• You use the cfn-signal script in conjunction with a CreationPolicy attribute or an Auto Scaling group with a WaitOnResourceSignals update policy.

Question 18

What AWS CloudFormation attribute is used to define conditions for CloudFormation to wait before considering a resource as successfully created during stack creation?

Answer 18

• CreationPolicy is an AWS CloudFormation attribute used to specify conditions for CloudFormation to wait before signaling success for a particular resource during stack creation.
• It is commonly used when a resource requires additional time to stabilize or become available after creation.
• To signal a resource, you can use the cfn-signal helper script or SignalResource API.

Question 19

How can AWS CloudFormation WaitCondition be employed to wait for the completion of an external resource’s creation and use data from that resource?

Answer 19

• AWS CloudFormation WaitCondition can be used to wait for the completion of an external resource’s creation and incorporate data from that resource.

(For Amazon EC2 and Auto Scaling resources, AWS recommends that you use a CreationPolicy attribute instead of wait conditions. Add a CreationPolicy attribute to those resources, and use the cfn-signal helper script to signal when an instance creation process has completed successfully.)

Question 20

When working with AWS CloudFormation, what are the key differences between Nested Stacks and Cross-Stack References, and when would you choose one over the other?

Answer 20

• Nested Stacks:
  
  • Description: Involves creating a separate CloudFormation template (nested stack) that is referenced within the main template.
  • Use Case: Suitable when you want to break down a complex template into modular and reusable components.
  • Advantages: Improved template organization, reusability, and easier management of complex infrastructure.
  • Considerations: Resources in nested stacks are treated as a single unit, and outputs from nested stacks are accessible in the parent stack.
• Cross-Stack References:
  
  • Description: Involves exporting values from one stack (exporting stack) and importing them into another stack (importing stack).
  • Use Case: Appropriate when you need to share specific outputs (parameters or resources) between independent stacks.
  • Advantages: Decouples resources and allows sharing of specific outputs across stacks, promoting separation of concerns.
  • Considerations: Resource dependencies must be carefully managed to avoid circular dependencies.

Choosing Between Them:
- Nested Stacks: Use when focusing on modular templates and reusability within a single stack.
- Cross-Stack References: Use when separate stacks need to share specific outputs, promoting independence and maintainability.

Question 21

What are the key differences in how resources from different stacks can be accessed in Nested Stacks versus Cross-Stack References in AWS CloudFormation, including the intrinsic functions used?

Answer 21

• Nested Stacks:
  
  • Access Mechanism: Resources from nested stacks are treated as a single unit, and their outputs are automatically accessible within the parent stack.
  • Intrinsic Function: Outputs from nested stacks are implicitly available for use in the parent stack without the need for explicit export or import. The Fn::ImportValue function is not required.
• Cross-Stack References:
  
  • Access Mechanism: Resources are accessed explicitly through the use of Export and Import functions. Per region, per account.
  • Intrinsic Function: Resources must be explicitly exported from one stack (exporting stack) and then imported into another stack (importing stack) using the Fn::Export and Fn::ImportValue functions, respectively.

Considerations:
- Nested Stacks: Implicit access simplifies usage but may limit control over individual resource outputs.
- Cross-Stack References: Explicit access provides more control but requires careful management of exports and imports to avoid circular dependencies.

Question 22

What are CloudFormation StackSets?

Answer 22

• StackSets are a feature of CloudFormation allowing infrastructure to be deployed and managed across multiple regions and multiple accounts from a single location.
• Additionally, it adds a dynamic architecture - allowing automatic operations based on accounts being added or removed from the scope of a StackSet.
• Permissions granted via self-managed IAM Roles or service-managed within an ORG.
• StackSets gain access to Target Accounts and create stack instances and stacks.

Question 23

What is DeletionPolicy in CloudFormation?

Answer 23

With the DeletionPolicy attribute you can preserve or (in some cases, not supported for EC2) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.

Question 24

What are Stack roles in CloudFormation?

Answer 24

• Stack roles allow an IAM role to be passed into the stack via PassRole
• A stack uses this role, rather than the identity interacting with the stack to create, update and delete AWS resources.
• It allows role separation and is a powerful security feature.

Question 25

What are CloudFormationInit and cfn-init?

Answer 25

CloudFormationInit and cfn-init are tools that allow a desired state configuration management system to be implemented within CloudFormation

Use the AWS::CloudFormation::Init type to include metadata on an Amazon EC2 instance for the cfn-init helper script. If your template calls the cfn-init script, the script looks for resource metadata rooted in the AWS::CloudFormation::Init metadata key. cfn-init supports all metadata types for Linux systems & It supports some metadata types for Windows

Question 26

What is CloudFormation cfn-hup?

Answer 26

The cfn-hup helper is a daemon that detects changes in resource metadata and runs user-specified actions when a change is detected. This allows you to make configuration updates on your running Amazon EC2 instances through the UpdateStack API action.

Question 27

What are the files for diagnosing normal bootstrapping with user data and cfn-init?

Answer 27

• normal bootstrapping with user data: cloud-init-output.log, cloud-init.log
• bootstrapping with cfn-init: cfn-init-command.log, cfn-init.log

Question 28

Question: What are custom resources in AWS CloudFormation, and what services can be used as custom resource handlers?

Answer 28

Custom resources in AWS CloudFormation allow you to extend the functionality of CloudFormation by enabling you to write custom provisioning logic.

While Lambda functions are commonly used as custom resource handlers, other AWS services, such as AWS Simple Notification Service (SNS), can also be used to manage resources or perform additional tasks during the stack lifecycle.

Question 28

What are Change sets is CloudFormation?

Answer 28

When you need to update a stack, understanding how your changes will affect running resources before you implement them can help you update stacks with confidence. Change sets allow you to preview how proposed changes to a stack might impact your running resources, for example, whether your changes will delete or replace any critical resources, AWS CloudFormation makes the changes to your stack only when you decide to execute the change set, allowing you to decide whether to proceed with your proposed changes or explore other changes by creating another change set.