Chapter 8 Infrastructure as Code Flashcards
Two major benefits of using CloudFormation
Your infrastructure is now repeatable and versionable
Why should you NOT manually update resources outside of AWS CloudFormation?
Inconsistencies b/w state CloudFormation expects and actual resource state. Can cause future stack failures.
What is a ‘change set’ in CloudFormation?
A description of changes that will occur on a stack, if a template is submitted. If the changes are acceptable, change set itself can execute on the stack and implement proposed modifications. Important when dealing with potential data loss.
Additional benefit of using a service role in CloudFormation
it will extend the default timeout for stack create, update, and delete actions
If there is a need to restrict what permissions a single IAM user or AWS role can have, you can provide a…
service role the stack uses for the create, update, or delete actions.
In order to submit a local file as a template in CloudFormation, what must you do. Why?
Add S3 related permissions (createBucket, putObject, etc.) to the CloudFormation service role. Reason is that templates are stored/pulled from S3.
What is a pseudo parameter in CloudFormation?
Used within template. Parameter that AWS defines on your behalf. Example: ‘AWS::Region’
Equivalent of NULL in CloudFormation templates
AWS::NoValue
What are Transforms in CloudFormation
Reusable macros (functions really) that transform template based on logic of transform function. “stuff you want to do to your template before launching it”
- Can isolate where in template macro execute via ‘Fn::Transform’
- Used commonly for SAM (extension of CloudFormation syntax)
- Used commonly for including other templates vis snippets pulled from S3
In CloudFormation, what happens when an update fails?
AWS rolls back your stack to previous state.
3 days CloudFormation updates resources
- No interruption
- Some interruption
- Replacement (i.e. ec2 instance)
9 unique sections of template
- AWSTemplateFormatVersion (there’s only 1 version)
- Description
- Metadata
- Parameters
- Mappings
- Conditions
- Transform
- Resources
- Outputs
What is the purpose/process of Output in CloudFormation?
This is a top level property in a template. It allows you to export some value that any other stack has access to.
How can a template be transformed?
Via a template snippet pulled from S3 or by lambda function
In CloudFormation how do you resolve values that cannot be determined until input into a template stack is created?
intrinsic functions
How are custom resources applied in CF?
via Lambda or SNS topics
In order for a custom resource to be successful, what must happen?
resource provider must return success response to presigned S3 URL you provide in request
How to ensure that creation of resource should not begin until another one completes?
use the ‘DependsOn’ attribute
What is ‘Creation Policy’ in CF?
it instructs CF not to mark resource as CREATE_COMPLETE until resource itself signals back to service
Alternative to Creation Policy in CF
WaitCondition. Based on arbitrary pauses. Should create a new WaitCondition for each update.
Stack actions all linked to CloudTrail via a single…
ClientRequestToken
T/F: Physical ID or resource changes if resource is replaced.
True
What is additional fail safe to prevent accidental updates to critical resources in CF?
stack policies - cannot be removed, only replaced
central control interface/feature to manage, control, provision stacks across accounts
StackSets
Only required section of a template in CF
resources
Two ways to configure instances via CF
- AWS::CloudFormation::Init template section with cfn-init helper script.
- userData property
Long running custom resources should use ____
SNS Topics. Not lambda b/c lambda has 5 minute timeout.
If a stack update includes a bucket name change, what must you do?
Create a new bucket
User ____ in CF is there to detect a potential for data loss.
Change sets
Transforms pull template snippets from S3 to update _____
The template itself
How to implement custom resources in CF (AWS services not compatible with CD)
via Lambda or SNS with service token
what must occur before a stack that exports an output can be deleted?
Any stacks importing the exported value must remove the import.
When you attempt to update an Amazon Relational Database Service (Amazon RDS) instance in your AWS CloudFormation stack, you experience a Resource failed to stabilize error, which causes the stack to roll back any changes you attempted. What might be the cause of this error, and how could it be resolved?
The database took too long to update, and the session credentials used by AWS CloudFormation timed out. Use a service role to perform the update.
An AWS CloudFormation service role extends the default timeout value for stack actions to allow you to manage resources with longer update periods.
Which of these helper scripts performs updates to OS configuration when an AWS CloudFormation stack updates?
cfn-hup
Which of these options allows you to specify a required number of signals to mark the resource as CREATE_COMPLETE?
CreationPolicy
How would you access a property of a resource created in a nested stack?
In the child stack, declare the resource property as a stack output. In the parent stack, use Fn::GetAtt and pass in two parameters, the child stack logical ID and Outputs.NestedStackOutputName.
An AWS CloudFormation template declares two resources: an AWS Lambda function and an Amazon DynamoDB table. The function code is declared inline as part of the template and references the table. In what order will AWS CloudFormation provision the two resources?
This cannot be determined ahead of time
What does a service token represent in a custom resource declaration?
The Amazon Simple Notification Service (Amazon SNS) or AWS Lambda resource Amazon Resource Name (ARN) that receives the request
The _______ helper script performs updates on an instance when its parent stack is updated.
cfn-hup
_______ enable you to specify a count and timeout.
creation policies
The _______ helper script is used to define which packages, files, and other configurations will be performed when an instance is first launched.
cfn-init
The _______ helper script is used to signal back to AWS CloudFormation when a resource creation or update has completed
cfn-signal
