Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AWS Security > CloudFormation 1 > Flashcards

CloudFormation 1 Flashcards

1
Q

Nested Stacks

What are Nested Stacks?

A

Multi-level tree of stacks that all deploy together, succeed/fail together, delete together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Nested Stacks

What about resourcees in a stack and individual lifecycles?

A

All resources in a single stack share a common lifecycle (live and die together)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Nested Stacks

Max number of resources in a single CFN Stack?

A

500

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Nested Stacks

Why aren’t single-stack solutions a good idea in an enterprise?

A

Can’t re-use anything in a stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Nested Stacks

How do you set up Nested Stacks?

A

AWS::CloudFormation::Stack resource, points to a URL where the template lives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Nested Stacks

How do parent-child stacks communicate?

A

Parent passes Parameters to child, child’s Outputs referencable in parent stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Nested Stacks

How can a parent stack reference individual resources in a child stack?

A

Can’t. Parent can only reference the child’s Outputs section

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Nested Stacks

How do you control the sequence of parent resources and multiple child stacks?

A

DependsOn

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Nested Stacks

When should you use Nested Stacks over Cross-Stack References or StackSets?

important

A

Single AWS account, need whole set to succeed or fail together as a unit., Lifecycle-Linked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Nested Stacks

What should you do if you want to share template components across multiple stacks?

A

Nested Stacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Nested Stacks

If a template creates a VPC and it’s a child template in two Nested Sets, how many VPCs do you have?

A

Two. You’re sharing the template, not the resources it creates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cross-stack References

What are Cross-stack References?

A

Two independent Stacks, one has a dependency on a resource in the other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cross-stack References

How do you use cross-stack references?

important

A

One uses Export in Outputs section, other uses Fn::ImportValue (not “!Ref”!)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cross-stack References

What are the constraints on names in Exports section?

important

A

They have to be unique in the region in your AWS account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cross-stack References

How do you !ImportValue from an Export in a different AWS account?

A

Can’t. This is only within one AWS account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cross-stack References

When should you use Cross-Stack References over Nested Stacks or StackSets?

A

Single AWS account, want to deploy sub-stacks independently.

17
Q

Cross-stack References

Typical enterprise architecture that would work well with cross-stack references?

important

A

Services-oriented (SOA) where tons of apps need to reference each other

18
Q

Cross-stack References

If a template creates a VPC and another template references it via !ImportValue, how many VPCs do you have?

19
Q

Stack Sets

What are StackSets?

A

Deploy stacks across accounts and regions

20
Q

Stack Sets

What is an “admin account” for a StackSet?

A

Just the AWS account coordinating the work. Nothing administrative or elevated privs about it

21
Q

Stack Sets

What and where is an actual StackSet? Where does it live and what is it?

A

The account that admins the StackSet has a StackSet—just a container for Stack Instances

22
Q

Stack Sets

Do StackSets live anywhere other than a StackSet admin account?

A

No. Actual StackSet is just a notional container, no resources in it

23
Q

Stack Sets

What is a Stack Instance?

A

Place in a Target account that references a real CFN Stack in that account

24
Q

Stack Sets

Why have both Stack Instances and stacks?

A

Instances outlive actual CFN stacks; hold status. Instances are shadows of real stacks, pointers

25
Q

Stack Sets

What are in the non-admin accounts?

A

Target accounts. They get real CF Stacks.

26
Q

Stack Sets

How do you control the security across all these accounts?!

A

Do it manually yourself or use AWS Organizations

27
Q

Stack Sets

How do you manually set up the security for StackSets?

important

A

Called “self-managed”. You create lots of cross-account roles and permissions

28
Q

Stack Sets

How does Organizations handle security?

important

A

Called “service-managed”, Orgs establishes all the roles for you

29
Q

Stack Sets

How do you control the rate that things happen with StackSets?

A

“Concurent Accounts” setting: sets number of accts deployed at same time

30
Q

Stack Sets

What happens if you remove a stack from a Stack Set?

A

Depends on what you set for “Retain Stacks”: can leave them alone or delete them

31
Q

Stack Sets

So…what happens if a Stack fails in a StackSet?

A

Depends. What’s the Failure Tolerance? :-)

32
Q

Stack Sets

When should you use StackSets?

A

Need cross-account or cross-region references.

AWS Security (83 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions