CloudFormation 1

Question 1

Nested Stacks

What are Nested Stacks?

Answer 1

Multi-level tree of stacks that all deploy together, succeed/fail together, delete together

Question 2

Nested Stacks

What about resourcees in a stack and individual lifecycles?

Answer 2

All resources in a single stack share a common lifecycle (live and die together)

Question 3

Nested Stacks

Max number of resources in a single CFN Stack?

Answer 3

500

Question 4

Nested Stacks

Why aren’t single-stack solutions a good idea in an enterprise?

Answer 4

Can’t re-use anything in a stack

Question 5

Nested Stacks

How do you set up Nested Stacks?

Answer 5

AWS::CloudFormation::Stack resource, points to a URL where the template lives

Question 6

Nested Stacks

How do parent-child stacks communicate?

Answer 6

Parent passes Parameters to child, child’s Outputs referencable in parent stack

Question 7

Nested Stacks

How can a parent stack reference individual resources in a child stack?

Answer 7

Can’t. Parent can only reference the child’s Outputs section

Question 8

Nested Stacks

How do you control the sequence of parent resources and multiple child stacks?

Answer 8

DependsOn

Question 9

Nested Stacks

When should you use Nested Stacks over Cross-Stack References or StackSets?

important

Answer 9

Single AWS account, need whole set to succeed or fail together as a unit., Lifecycle-Linked

Question 10

Nested Stacks

What should you do if you want to share template components across multiple stacks?

Answer 10

Nested Stacks

Question 11

Nested Stacks

If a template creates a VPC and it’s a child template in two Nested Sets, how many VPCs do you have?

Answer 11

Two. You’re sharing the template, not the resources it creates.

Question 12

Cross-stack References

What are Cross-stack References?

Answer 12

Two independent Stacks, one has a dependency on a resource in the other

Question 13

Cross-stack References

How do you use cross-stack references?

important

Answer 13

One uses Export in Outputs section, other uses Fn::ImportValue (not “!Ref”!)

Question 14

Cross-stack References

What are the constraints on names in Exports section?

important

Answer 14

They have to be unique in the region in your AWS account

Question 15

Cross-stack References

How do you !ImportValue from an Export in a different AWS account?

Answer 15

Can’t. This is only within one AWS account

Question 16

Cross-stack References

When should you use Cross-Stack References over Nested Stacks or StackSets?

Answer 16

Single AWS account, want to deploy sub-stacks independently.

Question 17

Cross-stack References

Typical enterprise architecture that would work well with cross-stack references?

important

Answer 17

Services-oriented (SOA) where tons of apps need to reference each other

Question 18

Cross-stack References

If a template creates a VPC and another template references it via !ImportValue, how many VPCs do you have?

Answer 18

One

Question 19

Stack Sets

What are StackSets?

Answer 19

Deploy stacks across accounts and regions

Question 20

Stack Sets

What is an “admin account” for a StackSet?

Answer 20

Just the AWS account coordinating the work. Nothing administrative or elevated privs about it

Question 21

Stack Sets

What and where is an actual StackSet? Where does it live and what is it?

Answer 21

The account that admins the StackSet has a StackSet—just a container for Stack Instances

Question 22

Stack Sets

Do StackSets live anywhere other than a StackSet admin account?

Answer 22

No. Actual StackSet is just a notional container, no resources in it

Question 23

Stack Sets

What is a Stack Instance?

Answer 23

Place in a Target account that references a real CFN Stack in that account

Question 24

Stack Sets

Why have both Stack Instances and stacks?

Answer 24

Instances outlive actual CFN stacks; hold status. Instances are shadows of real stacks, pointers

Question 25

Stack Sets

What are in the non-admin accounts?

Answer 25

Target accounts. They get real CF Stacks.

Question 26

Stack Sets

How do you control the security across all these accounts?!

Answer 26

Do it manually yourself or use AWS Organizations

Question 27

Stack Sets

How do you manually set up the security for StackSets?

important

Answer 27

Called “self-managed”. You create lots of cross-account roles and permissions

Question 28

Stack Sets

How does Organizations handle security?

important

Answer 28

Called “service-managed”, Orgs establishes all the roles for you

Question 29

Stack Sets

How do you control the rate that things happen with StackSets?

Answer 29

“Concurent Accounts” setting: sets number of accts deployed at same time

Question 30

Stack Sets

What happens if you remove a stack from a Stack Set?

Answer 30

Depends on what you set for “Retain Stacks”: can leave them alone or delete them

Question 31

Stack Sets

So…what happens if a Stack fails in a StackSet?

Answer 31

Depends. What’s the Failure Tolerance? :-)

Question 32

Stack Sets

When should you use StackSets?

Answer 32

Need cross-account or cross-region references.