CloudFormation Flashcards
This deck aims to help retain concepts related to the AWS CloudFormation service.
Which AWS service enables you to model and provision AWS resources using templates written in YAML or JSON?
AWS CloudFormation
What is an AWS CloudFormation Logical Resource?
A resource defined in a CloudFormation Template
What is an AWS CloudFormation Physical Resource?
The actual resource created in an AWS account by a CloudFormation stack
Which AWS CloudFormation component specifies the resources to be created and their configurations?
CloudFormation Template
Can an AWS CloudFormation Template be reused?
Yes, it can be reused across multiple accounts and regions
What AWS CloudFormation component creates and manages physical resources based on logical resources defined in a template, ensuring synchronization between them?
CloudFormation Stack
What happens when logical resources in an AWS CloudFormation Template are updated?
The stack will be updated, and the corresponding physical resources will be modified to reflect the changes
What happens if an AWS CloudFormation Stack is deleted?
All associated physical resources will also be deleted, unless they are protected or retained
What AWS CloudFormation Template section is used to explicitly provide input data when a stack is created or updated to customize the resources being created?
Hint: Input data can be provided using console UI, CLI, or API
Parameters
What AWS CloudFormation Template component represents predefined variables that are automatically populated by AWS?
Pseudo Parameters
What properties can an AWS CloudFormation Template Parameter be configured with?
- Description: Provides details about the parameter
- Default: Specifies a value to use if no input is given
- AllowedValues: Defines a list of valid options for the parameter
- AllowedPattern: Specifies a regular expression pattern to validate the input
- MinValue/MinLength: Sets the smallest acceptable numeric value or string length
- MaxValue/MaxLength: Sets the largest acceptable numeric value or string length
- NoEcho: Hides the parameter value, useful for sensitive data
- Type: Specifies the parameter’s data type (e.g., String, Number, List, CommaDelimitedList)
What are the most common AWS CloudFormation Pseudo Parameters?
- AWS::Region: Represents the region where the stack is created
- AWS::AccountId: Represents the account ID where the stack is created
- AWS::StackName: Represents the name of the stack
- AWS::StackId: Represents the unique identifier of the stack
- AWS::NoValue: Removes a resource property
What are the main differences between AWS CloudFormation Template Parameters and Pseudo Parameters?
Template Parameters:
- Defined by humans when creating a template
- Require explicit input during stack creation or update
Pseudo Parameters:
- Predefined by AWS
- Automatically injected and do not require user input
Which AWS CloudFormation Template components provide functionality to dynamically produce values, apply conditionals, and control resource characteristics?
Intrinsic Functions
What AWS CloudFormation intrinsic function returns the Base64 representation of the input string?
Fn::Base64: valueToEncode
What AWS CloudFormation intrinsic function returns an array of CIDR address blocks?
Fn::Cidr:
- ipBlock
- count
- cidrBits
What AWS CloudFormation intrinsic functions are used to conditionally create stack resources?
Fn::NotFn::AndFn::OrFn::IfFn::Equals
What AWS CloudFormation intrinsic function returns the value corresponding to keys in a two-level map?
Fn::FindInMap: [ MapName, TopLevelKey, SecondLevelKey ]
What AWS CloudFormation intrinsic function takes a collection and a fragment, and applies the items in the collection to the identifier in the provided fragment?
'Fn::ForEach::UniqueLoopName':
- Identifier
- - Value1 # collection
- Value2
- 'OutputKey':
OutputValue
What AWS CloudFormation intrinsic function returns the value of an attribute from a resource in the template?
Fn::GetAtt: [ logicalNameOfResource, attributeName ]
What AWS CloudFormation intrinsic function returns an array that lists Availability Zones for a specified Region?
Fn::GetAZs: region
What AWS CloudFormation intrinsic function returns the value of an output exported by another stack?
Fn::ImportValue: sharedValueToImport
What AWS CloudFormation intrinsic function appends a set of values into a single value?
Fn::Join: [ delimiter, [ comma-delimited list of values ] ]
What AWS CloudFormation intrinsic function returns the number of elements within an array or an intrinsic function that returns an array?
Fn::Length : IntrinsicFunction
What AWS CloudFormation intrinsic function returns a single object from a list of objects by index?
Fn::Select: [ index, listOfObjects ]
What AWS CloudFormation intrinsic function splits a string into a list of string values?
Fn::Split: [ delimiter, source string ]
What AWS CloudFormation intrinsic function substitutes variables in an input string with values that you specify?
Fn::Sub:
- String
- Var1Name: Var1Value
Var2Name: Var2Value
What AWS CloudFormation intrinsic function converts an object or array to its corresponding JSON string?
Fn::ToJsonString: Object/Array
What AWS CloudFormation intrinsic function specifies a macro to perform custom processing on part of a stack template?
Fn::Transform:
Name : macro name
Parameters :
Key : value
What AWS CloudFormation intrinsic function returns the value of the specified parameter or resource?
Ref: logicalName
What AWS CloudFormation Template optional section allows to provide keys and values for conditional parameters to improve template portability, supporting one or two-level lookups?
Mappings:
RegionMap:
us-east-1:
HVM64: "ami-Off8a91507f77f867"
HVMG2: "ami-0a584ac55a7631c0c"
us-west-1:
HVM64: "ami-0bdb828fd58c52235"
HVMG2: "ami-066ee5fd4a9ef77f1"
- !FindInMap [ “RegionMap”, !Ref ‘AWS::Region’, “HVM64” ]
What AWS CloudFormation Template optional section allows to declare output values for the stack, visible in the CLI, Console UI, and accessible from parent stacks in nested scenarios?
Outputs
Can AWS CloudFormation Template Outputs be exported?
Yes, Outputs can be exported to allow cross-stack references
What AWS CloudFormation Template optional section allows to define properties that are processed before resources are created and evaluate to TRUE or FALSE?
Conditions
What AWS CloudFormation intrinsic functions are used in the Conditions section?
Fn::NotFn::AndFn::OrFn::IfFn::Equals
What AWS CloudFormation Template attribute determines whether a logical resource is created based on a condition?
Hint: TRUE - resource is created, FALSE - resource is not created
Condition
Resources:
EC2:
Type: 'AWS::EC2::Instance'
Condition: IsCreated
Properties:
...
How are implicit dependencies created in an AWS CloudFormation Template?
Using intrinsic functions such as !Ref and !GetAtt
Example: IGW attachment that references both a VPC and an IGW
How are explicit dependencies created in an AWS CloudFormation Template?
Using the DependsOn attribute
Example: EIP explicitly requiring IGW to be attached to a VPC
How does AWS CloudFormation efficiently determine dependency trees when managing resources?
- Intrinsic functions (
!Refand!GetAtt) for implicit dependencies - The
DependsOnattribute for explicit dependencies
What AWS CloudFormation feature is used to signal whether resources like EC2 instances or Auto Scaling Groups (ASGs) have been successfully created or updated?
cfn-signal
What AWS CloudFormation attribute associated with a resource prevents its status from reaching CREATE_COMPLETE until a specified number of success signals are received or the timeout is exceeded?
CreationPolicy
Which AWS CloudFormation features can be used to send signals to resources with an associated CreationPolicy?
cfn-signal-
SignalResourceAPI call
What AWS CloudFormation logical resource is used to pause resource creation until a specific condition is met?
AWS::CloudFormation::WaitCondition
Can other resources within an AWS CloudFormation template depend on a WaitCondition resource?
Yes, resources can depend on the WaitCondition, and the WaitCondition can depend on resources
What AWS CloudFormation resource is used to generate a PreSigned URL for other resources to send a signal received by the WaitCondition?
AWS::CloudFormation::WaitConditionHandle
How can data attached to a signal sent by an EC2 instance to WaitConditionHandle be accessed within an AWS CloudFormation template?
By using !GetAtt WaitCondition.Data
What is the maximum number of resources that a single AWS CloudFormation stack can support?
500 resources
What are the two primary approaches for designing multi-stack architectures in AWS CloudFormation?
- Nested Stacks: Enables reusability and modularization of code by embedding templates within parent stacks
- Cross-Stack References: Facilitates resource sharing across stacks using exported outputs and imports
What AWS CloudFormation feature enables the creation of stacks within other stacks, promoting code reuse and modular architecture?
Nested StacksVPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://example.com/template.yaml
Parameters:
Param1: !Ref SomeParam1
...
What term defines AWS CloudFormation stack that serves as the starting point and may contain one or more nested stacks?
Root Stack
What term defines AWS CloudFormation stack that includes nested stacks?
Parent Stack
Can a nested stack in an AWS CloudFormation template contain additional nested stacks?
Yes, nested stacks can act as parent stacks to other nested stacks, creating a hierarchy originating from the root stack
Can a parent stack directly reference logical resources within a nested stack in AWS CloudFormation?
No, a parent stack can only reference the outputs explicitly returned by the nested stack
How can the outputs of one AWS CloudFormation nested stack be used as parameters for another nested stack within the same parent stack?
By utilizing the DependsOn attribute to define dependencies and passing the required outputs as parameters
Can existing resources be reused when creating an AWS CloudFormation nested stack?
No, Nested Stacks reuse templates, not resources, each stack defined in the template creates new set of resources when instantiated
What are the common use cases for implementing AWS CloudFormation nested stacks architecture?
- When stacks share the same lifecycle
- To overcome the limit of 500 resources per stack
- For reusing templates across multiple stacks
What AWS CloudFormation feature allows sharing resources between stacks by referencing outputs of one stack in another?
Cross-stack References
What AWS CloudFormation intrinsic function is used to reference exported outputs in a stack?
Fn::ImportValue: sharedValueToImport
What naming restrictions apply to exported values when using AWS CloudFormation Cross-stack References?
Exported values must have a unique name within the same AWS region and account
Where in an AWS CloudFormation template are values defined for export when using Cross-stack references?
In the Outputs section, under the Export key
What are the common scenarios for using AWS CloudFormation Cross-stack References?
- When stacks have independent lifecycles
- When resources from one stack need to be utilized by another stack
What AWS CloudFormation feature allows centralized management of stacks across multiple accounts and regions, enabling creation, updates, and deletions in a single operation using an administrator account and a shared template?
Stack Sets
In AWS CloudFormation, what acts as a container for managing stack instances within the administrator account?
Stack Set
When using AWS CloudFormation Stack Sets, what represents a reference to a stack created in a target account?
Stack Instance
How can permissions be granted to AWS CloudFormation Stack Sets?
- self-managed IAM Roles: created and managed by the customer
- service-managed IAM Roles: created and managed by AWS CloudFormation
What option in AWS CloudFormation Stack Sets defines the maximum number or percentage of target accounts where an operation runs simultaneously?
Concurrent Accounts
What option in AWS CloudFormation Stack Sets defines the maximum number or percentage of stack operation failures allowed per region, beyond which CloudFormation halts the operation automatically?
Fault Tolerance
What AWS CloudFormation Stack Sets option allows stacks and their resources to remain running even after stack instances are removed from a stack set?
Retain Stacks
What are the common use cases for implementing AWS CloudFormation Stack Sets?
- Enable AWS Config across multiple accounts
- Create AWS Config rules, such as MFA, Elastic IPs, and EBS Encryption
- Deploy IAM roles for cross-account access at scale
Which AWS CloudFormation attribute helps retain or backup a resource when its stack is deleted?
DeletionPolicy
Resources:
MyBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
What are the types of deletion policies available in AWS CloudFormation?
-
Delete- removes the resource and its contents (default) -
Retain- keeps the resource and its contents after stack deletion -
RetainExceptOnCreate- retains the resource except in cases of a creation rollback -
Snapshot- creates a snapshot of the resource before deletion (for resources that support snapshots)
Which AWS CloudFormation deletion policy retains a resource and its contents when the stack is deleted?
Retain - ensures that the resource and its contents are preserved during stack deletion
Which AWS CloudFormation deletion policy is applied by default when the DeletionPolicy attribute is not specified?
Delete - removing the resource and its contents during stack deletion
Which AWS CloudFormation deletion policy retains resources and their content during stack deletion, except in the case of a rollback for the initial stack creation?
RetainExceptOnCreate - retains resources and their content unless the operation is a creation rollback
Is the AWS CloudFormation deletion policy applied during both resource deletion and replacement operations?
No, the deletion policy is applied only during DELETE operations
Which AWS CloudFormation deletion policy creates a backup snapshot of a resource when its stack is deleted?
Snapshot - ensures that a snapshot of the resource is created, persisting beyond the stack’s lifetime, snapshots may incur additional charges
What credentials are used by default during AWS CloudFormation stack creation?
- The credentials of the IAM principal performing the stack operation
- The principal must have the necessary permissions to create, update, or delete the stack and its associated resources
What feature allows AWS CloudFormation to create, update, or delete resources on behalf of users, enabling role separation?
Service role (Stack Role)
How is a service role implemented in AWS CloudFormation?
- Admin creates an IAM role with permissions to create, update, and delete AWS resources
- Users are granted permissions to create, update, and delete stacks and to pass the service role
- The service role is attached to the stack during creation, enabling it to manage AWS resources
What is the use case for AWS CloudFormation Stack Roles?
When identities need to interact with CloudFormation stacks but should not have direct permissions to create, update, or delete AWS resources
What AWS CloudFormation feature facilitates configuration management on EC2 instances through helper scripts executed via user data?
cfn-init
Where are configuration directives for the AWS CloudFormation cfn-init feature defined?
In the Metadata attribute of an EC2 instance’s logical resource, using the AWS::CloudFormation::Init type
What will happen if AWS CloudFormation cfn-init feature is used to start a service that is already started?
Nothing, cfn-init is idempotent
What AWS CloudFormation feature provides a helper daemon that can be installed on an EC2 instance to detect changes in resource metadata and trigger user-defined actions in response?
cfn-hup
What action is commonly triggered when AWS CloudFormation’s cfn-hup daemon detects changes in logical resource metadata?
Typically, cfn-hup triggers a rerun of the cfn-init configuration script to reapply the desired state of the instance
Which AWS CloudFormation feature previews the impact of proposed changes to stack resources, properties, or attributes before execution?
Change Sets
How can critical resource deletions or replacements in an AWS CloudFormation Change Set be avoided?
Changes to the stack occur only after the Change Set is executed
To avoid undesired changes, review the Change Set and create a new one with adjusted modifications if necessary
Which AWS CloudFormation API methods are used to manage Change Sets?
aws cloudformation create-change-setaws cloudformation list-change-setsaws cloudformation describe-change-setaws cloudformation execute-change-setaws cloudformation delete-change-set
What AWS CloudFormation feature enables custom provisioning logic for resources not covered by built-in resource types, executed during resource creation, update, or deletion?
Custom Resources
What AWS CloudFormation resource type is used to define a Custom Resource?
Custom::CustomResourceTypeName
CustomS3Objects:
Type: "Custom::S3Objects"
Properties:
ServiceToken: !GetAtt LambdaFunction.Arn
Key1: "val-1"
Key2: "val-2"
What required AWS CloudFormation Custom Resources property defines the endpoint to send an event (e.g., AWS Lambda or SNS Topic) when a custom resource is created, updated, or deleted?
ServiceToken
In which order are AWS CloudFormation Custom Resources created by default?
Custom Resources are created in dependency order
If a custom resource is defined last in the template, it will be created last and deleted first
Provide an example use case for AWS CloudFormation Custom Resource.
A Lambda function that populates an S3 bucket with objects upon creation and removes objects from the bucket before deletion
How does AWS CloudFormation know that a custom resource was successfully created by AWS Lambda?
Event object provided to Lambda contains a ResponseURL, which Lambda uses to notify the stack of the resource’s successful creation or deletion
Which section of an AWS CloudFormation template cannot be associated with a Condition?
Parameters section
Do exported values in AWS CloudFormation need to have unique names across all AWS Regions?
No, they only need to be unique within a single AWS Region
What type of Parameter in AWS CloudFormation helps catch invalid values for AWS resource attributes during stack creation or updates?
AWS-specific parameter types, such as:
- AWS::EC2::VPC::Id
- AWS::EC2::Subnet::Id`
What CLI command packages local artifacts referenced in a CloudFormation template and uploads them, such as source code for AWS Lambda functions?
cloudformation package
What CLI command deploys an AWS CloudFormation template by creating and executing a changeset?
cloudformation deploy
