Chapter 8 Infrastructure as Code

Question 1

Two major benefits of using CloudFormation

Answer 1

Your infrastructure is now repeatable and versionable

Question 2

Why should you NOT manually update resources outside of AWS CloudFormation?

Answer 2

Inconsistencies b/w state CloudFormation expects and actual resource state. Can cause future stack failures.

Question 3

What is a ‘change set’ in CloudFormation?

Answer 3

A description of changes that will occur on a stack, if a template is submitted. If the changes are acceptable, change set itself can execute on the stack and implement proposed modifications. Important when dealing with potential data loss.

Question 4

Additional benefit of using a service role in CloudFormation

Answer 4

it will extend the default timeout for stack create, update, and delete actions

Question 5

If there is a need to restrict what permissions a single IAM user or AWS role can have, you can provide a…

Answer 5

service role the stack uses for the create, update, or delete actions.

Question 6

In order to submit a local file as a template in CloudFormation, what must you do. Why?

Answer 6

Add S3 related permissions (createBucket, putObject, etc.) to the CloudFormation service role. Reason is that templates are stored/pulled from S3.

Question 7

What is a pseudo parameter in CloudFormation?

Answer 7

Used within template. Parameter that AWS defines on your behalf. Example: ‘AWS::Region’

Question 8

Equivalent of NULL in CloudFormation templates

Answer 8

AWS::NoValue

Question 9

What are Transforms in CloudFormation

Answer 9

Reusable macros (functions really) that transform template based on logic of transform function. “stuff you want to do to your template before launching it”

• Can isolate where in template macro execute via ‘Fn::Transform’
• Used commonly for SAM (extension of CloudFormation syntax)
• Used commonly for including other templates vis snippets pulled from S3

Question 10

In CloudFormation, what happens when an update fails?

Answer 10

AWS rolls back your stack to previous state.

Question 11

3 days CloudFormation updates resources

Answer 11

1. No interruption
2. Some interruption
3. Replacement (i.e. ec2 instance)

Question 12

9 unique sections of template

Answer 12

1. AWSTemplateFormatVersion (there’s only 1 version)
2. Description
3. Metadata
4. Parameters
5. Mappings
6. Conditions
7. Transform
8. Resources
9. Outputs

Question 13

What is the purpose/process of Output in CloudFormation?

Answer 13

This is a top level property in a template. It allows you to export some value that any other stack has access to.

Question 14

How can a template be transformed?

Answer 14

Via a template snippet pulled from S3 or by lambda function

Question 15

In CloudFormation how do you resolve values that cannot be determined until input into a template stack is created?

Answer 15

intrinsic functions

Question 16

How are custom resources applied in CF?

Answer 16

via Lambda or SNS topics

Question 17

In order for a custom resource to be successful, what must happen?

Answer 17

resource provider must return success response to presigned S3 URL you provide in request

Question 18

How to ensure that creation of resource should not begin until another one completes?

Answer 18

use the ‘DependsOn’ attribute

Question 19

What is ‘Creation Policy’ in CF?

Answer 19

it instructs CF not to mark resource as CREATE_COMPLETE until resource itself signals back to service

Question 20

Alternative to Creation Policy in CF

Answer 20

WaitCondition. Based on arbitrary pauses. Should create a new WaitCondition for each update.

Question 21

Stack actions all linked to CloudTrail via a single…

Answer 21

ClientRequestToken

Question 22

T/F: Physical ID or resource changes if resource is replaced.

Answer 22

True

Question 23

What is additional fail safe to prevent accidental updates to critical resources in CF?

Answer 23

stack policies - cannot be removed, only replaced

Question 24

central control interface/feature to manage, control, provision stacks across accounts

Answer 24

StackSets

Question 25

Only required section of a template in CF

Answer 25

resources

Question 26

Two ways to configure instances via CF

Answer 26

1. AWS::CloudFormation::Init template section with cfn-init helper script.
2. userData property

Question 27

Long running custom resources should use ____

Answer 27

SNS Topics. Not lambda b/c lambda has 5 minute timeout.

Question 28

If a stack update includes a bucket name change, what must you do?

Answer 28

Create a new bucket

Question 29

User ____ in CF is there to detect a potential for data loss.

Answer 29

Change sets

Question 30

Transforms pull template snippets from S3 to update _____

Answer 30

The template itself

Question 31

How to implement custom resources in CF (AWS services not compatible with CD)

Answer 31

via Lambda or SNS with service token

Question 32

what must occur before a stack that exports an output can be deleted?

Answer 32

Any stacks importing the exported value must remove the import.

Question 33

When you attempt to update an Amazon Relational Database Service (Amazon RDS) instance in your AWS CloudFormation stack, you experience a Resource failed to stabilize error, which causes the stack to roll back any changes you attempted. What might be the cause of this error, and how could it be resolved?

Answer 33

The database took too long to update, and the session credentials used by AWS CloudFormation timed out. Use a service role to perform the update.

An AWS CloudFormation service role extends the default timeout value for stack actions to allow you to manage resources with longer update periods.

Question 34

Which of these helper scripts performs updates to OS configuration when an AWS CloudFormation stack updates?

Answer 34

cfn-hup

Question 35

Which of these options allows you to specify a required number of signals to mark the resource as CREATE_COMPLETE?

Answer 35

CreationPolicy

Question 36

How would you access a property of a resource created in a nested stack?

Answer 36

In the child stack, declare the resource property as a stack output. In the parent stack, use Fn::GetAtt and pass in two parameters, the child stack logical ID and Outputs.NestedStackOutputName.

Question 37

An AWS CloudFormation template declares two resources: an AWS Lambda function and an Amazon DynamoDB table. The function code is declared inline as part of the template and references the table. In what order will AWS CloudFormation provision the two resources?

Answer 37

This cannot be determined ahead of time

Question 38

What does a service token represent in a custom resource declaration?

Answer 38

The Amazon Simple Notification Service (Amazon SNS) or AWS Lambda resource Amazon Resource Name (ARN) that receives the request

Question 39

The _______ helper script performs updates on an instance when its parent stack is updated.

Answer 39

cfn-hup

Question 40

_______ enable you to specify a count and timeout.

Answer 40

creation policies

Question 41

The _______ helper script is used to define which packages, files, and other configurations will be performed when an instance is first launched.

Answer 41

cfn-init

Question 42

The _______ helper script is used to signal back to AWS CloudFormation when a resource creation or update has completed

Answer 42

cfn-signal