CLOUDFORMATION

Question 1

Ref! vs GetAtt Function

Answer 1

Ref! references: To access Physical or Logical resource. eg, InstanceID.

while

GetAtt: To access attributes(certain elements )within a logical or physical resource. eg, Public IP, DNS name. Inner details

Question 2

fn::Join vs Split

Answer 2

To concatenate two or more attributs. eg fn::join: [https://,instaceID,DNSname].

Split opposite of join.

Question 3

Fn:GetAZ and Fn::Select

Answer 3

Fn::GetAZ is used for returns AZ List from a region.

Fn::Select[index] is used to pick/accept an object from the AZ list

eg,
**Deleted subnets from vpc invalidates an AZ from being returned. **

Question 4

Fn::BAse64 vs Fn::Sub!

Answer 4

Fn::BAse64 accepts normal text and passes the converted Base64 encoded text.

Fn::Sub! allows replacement of variables

Question 5

AWS::Region

Answer 5

AWS::Region will always resolve to the Particular Region the stack is being uploaded to

Question 6

!FindInMap function

Answer 6

in the Below Map Block,

Mappings:
RegionMap:
us-east-1:
HVM64: “ami-Off8a91507f77f867”
HMG2: “ami-0a584ac55a7631c0c”
us-west-1:
HVM64: “ami-Obdb828fd58c52235”
HMG2: “ami-066ee5fd4a9ef77f1”
eu-west-1:
HVM64: “ami-047bb4163c506cd98”
HVMG2: “ami-31c2f645”

with the following function call:
!FindInMap [ “RegionMap”, !Ref ‘AWS::Region’,HVM64”]

• The “RegionMap” will return = call the Map Block
• The !Ref ‘AWS::Region will return = Current Region
• *'’HVM64’’ *will return the Value of the Key/Pair containing HVM64.

Question 7

Fn::Mappings

Answer 7

Is used to draw a Lookup Table that can be referenced or called with the !FindInMap to return a value from the Lookup table

Question 8

Fn:Outputs

Answer 8

in the below Block

Outputs:
WordpressURL:
Description: “Instance Web URL”
Value: !Join [ ‘’, [ ‘https: //’, !GetAtt. Instance.DNSName ]

The Above block will output the concatenated Value of https:// + the instance DNS Name

Note
Note that the GetAtt returns an attribute from a resource(Instance)

Note also that insamuch as the Outputs block is optional, the Description line is very important

Question 9

Portable vs NonPortable

Answer 9

Non Portable: HardCoded resources that can not be replicated across AWS or another region.

eg a stack containing a hard coded S3 Bucket name, a template containing an AMI(which is region specific

Question 10

Parameter Best Practices

Answer 10

• use as few as Possible Parameters
• Provide Default Values for Parameters

Question 11

what would this do in a buckets resource block?‘AWS::S3::Bucket’

Answer 11

Cloudformation will create a bucket with a unique name for you

Question 12

DependsOn

Answer 12

Without this specification, Cloudformation deploys resources in its most convenient order, which might simply be random.

With the DependsOn attribute, you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in theDependsOn attribute.

the DependsOn atribute is used for resource creations that will malfunction if the order of creation is not explicitly defined. Eg, Userdata must not run until EC2 instance is fully up and running, deleting vpc before Elastic IP

This helps to implement orderliness in resource deployment to ensure dependencies are run exactly when they should.

Question 14

Cfn-Signal

Answer 14

A tool Added to resource block as utility to an instance during bootstrapping. It supplies utility signals to the required service

Question 15

Creation Policy

Answer 15

Creation Policy is a tool that adds signal requirements for a resource to be either deployed or rolled back. It integrates with Cfn-signal which is the supplier of the signal data to be used. It Basically handles the wait schedule before the next deployment, eg in an ASG; it can require 3 signals within 15mins before next instance is deployed. It depends on Cfn-signal for the alarm.

Question 16

Wait condition

Answer 16

Is a dataflow resource that works like Creation Policy but as a resource on it’s own. This works with other services that are not EC2 instances. It waits for signals from various sources within a specified time-out.

Wait condition can receive data (JSON) from a process and forward it to appropriate process that are requesting. Other processes can request the Wait condition’s output via !GetAtt waitcondition.data. It’s output is a Pre-signed URL which is useable by any other application even a non- AWS application.

Question 17

CLoudformation Stack

Answer 17

All resources within a Cloudformation stack share a single Lifecycle. Ie CRUD are all done at same time.

Question 18

Cloudformation Stack Quota

Answer 18

Limit of 500 Resources per stack

Question 19

CF Stack resources lifecycle

Answer 19

All resources within a stack shares the same Lifecycle

Question 20

CF Resource sharing

Answer 20

CF stacks are Isolated. You can use the !Ref function to access other resources within the same stack, however you cannot access resources outside the stack.

Question 21

Multi-Stack Architecture

Answer 21

• Nested Stacks
• Cross-Stack Referencing

Question 22

Nested Stacks

Answer 22

You can only reference the output of a nested stack. You can not reference a logical resource of another stack

Question 23

Nested Stcks referencing

Answer 23

You can only reference the output of another stack. You cannot reference logical resources from a nested stack

Question 24

Handling dependencies in nested stacks

Answer 24

Dependencies are controlled with judicious use of Depends on, Wait conditions, or Cfn-signals tools and functions

Question 25

Nested Stacks

Answer 25

Breaking down solutions into modular templates

Question 26

CF rootstack

Answer 26

Any normal stack that controls/references other stacks.

Question 27

Nested Stacks vs Cross-stack Reference

Answer 27

Nested Stack reuses the code of another stack. It creates fresh resources using the other nested stack as template.

Reference Stack references the Physical Resource of another stack, it builds on the Nested stack.

Question 28

Nested Stacks use case

Answer 28

1. To break Cloudformation stack quota constraints( 5 Nested Stacks can produce 2,500 Resources).
2. If modular resources are needed
3. 1 Template for several projects
4. Speed and consistency of creating resources
5. Maintaining Life-Cycle Link
6. Testing

Question 29

building a reference stack

Answer 29

Resource has to be exported in other to be available for referencing from other stacks. This is done using the output block.

Export name must be unique.

Question 30

Fn::ImportValue

Answer 30

This is used to call on the outputName from another stack. Not the !Ref function.

The other stack Exports OutputName from its Exports Block for any Application or user to use

Question 31

Deletion Policy

Answer 31

Defines how CFN should respond to a delete in a Logical resource.
It works only on Deletion Operation and not update or replacement operations.

Options
1. Delete
2. Retain
3. Snapshot: This option ensures a snapshot is taken before deletion of the resource’s volume (compatible resources; EBS, RDS, Dynamodb, Redshift
Elasticache.

Remember to clean up when necessary.

Question 32

CFN Delete Operation behavoir

Answer 32

There are three ways a physical resource can be removed or replaced. Delete and replace operation can be in the following forms:
1. Stack Delete
2. Edit a logical resource in the template, it will wipe and recreate a fresh version of that Resource
3. Delete a logical Resource in a template

EC2 instance is not supported in delete policy, but EBS is

Question 33

Cfn-Init (Cloudformation Init)

Answer 33

Cloudformation Native Configuration Management tool that works like Ec2 user data.

Configuration instructions are stored along with the resource it applies to.

Question 34

Cloudformation Init vs EC2 user data

Answer 34

Cloudformation Init is declarative, it just states What it wants while user data is procedural, ie, it tells the instance how to run the configuration.

Cloudformation Init declares the state

It can be cross-platformed.

Cloudformation Init is Idempotent; It does not override an existing state

Question 35

CFN Init Helper-Script Lifecycle

Answer 35

CFN Init Helper Script runs only once like userdata

Question 36

Cfn diagnostics

Answer 36

EC2 Logs for diagnostics, most especial user data installations

/var/log
in this directory are log files
use
~ sudo cat var/log/FileName

Key files
- /cloud-init-output - General bootstrap logs.
- /cfn-init-cmd.log -Cloudformation deployment log
- /cfn-init.log - Cloudformation deployment log

**~sudo tail -f cfn-hup.log **monitors cfn init logs realtime

Question 37

Cfn init during runtime

Answer 37

the use of cfn hup.

cfn-hup helper script is basically a daemon that detects changes in resource metadata and runs user-specified actions when a change is detected.

cfn hup checks for change in metadata of the instance and then rerun a given script if change is detected.

Question 38

CFN Change Set

Answer 38

An object which intermediately represents the difference between the old and new templates.

Question 39

CFN Events data

Answer 39

A JSON document sent by Cloudformation to resources such as Lambda and other non AWS resources, this document contains instructions on mainly the desired properties that is expected from the receiving resource. Then CFN receives back an OK message and registers the event as part of its Logical resource. Same is done during deletion, eg s3 buckets that wont allow deletion when not empty. This whole scenario is under Cloudformation Custom Resources

Question 40

CFN Events Integration

Answer 40

A huge part of CFN events is possible thanks to LAmbda.