DevOps Flashcards
What are Cloudformation Resources ?
Resources are the core of Cloudformation and only mandatory section of the template. They represent different AWS components that will be created and configured in AWS.
What are Cloudformation Parameters ? How do we decide when to choose a parameter
Parameters a way to provide an input to a Cloudformation template. We should ask ourselves if a configuration is going to be changed in future, if yes we should create it as a parameter.
Provide few examples of Cloudformation Parameters
Some examples are
1. AllowedValues - allows the users to choose from a list of predefined values
2. NoEcho: true/false - whether a parameter values should be displayed or not like the DB password
How can we reference a Cloudformation parameter ?
We can reference a Cloudformation parameter using a function called !Ref which can be referenced anywhere in the template
What are Pseudo Parameters in a Cloudformation Template ? Provide few examples
Pseudo parameters are AWS parameters offered by AWS. For example, AWS::AccountId returns the current account id, AWS::Region returns the region etc
What are Cloudformation Mappings ?
Cloudformation mappings are hardcoded fixed values within a template in the form of Maps. They are handy to differentiate between different values like environments, regions etc
What are Cloudformation Outputs and how they are used ?
Cloudformation Outputs are a way to import an output from another Cloudformation stack into the current stack. We use EXPORT block and !ImportValue function to perform the same.
What are Cloudformation conditions and how to use them ?
Cloudformation Conditions allow us to write conditional blocks for example create resources based on env Dev Vs Prod
What are intrinsic functions ? Whats the use of intrinsic functions such as Ref, GetAtt, FindInMap, ImportValue, Base64 and various Conditional functions
Intrinsic functions are functions provided by AWS. Some of the important functions are:
1. Ref - Used to reference another resource inside a CF template, returns the value of a parameter or a resource
2. GetAtt - Used to provide more information about a attribute. Ref returns a reference to that resource, but GetAtt prvoides more details of various attributes of that resource
3. FindInMap - Get a value from a map by providing a key
4. ImportValue - To import an output of another EXPORT block
5. Base64 - We provide a string value in front of that function and it encodes that value using Base64 encoding
6. Conditions functions - Used to write conditional blocks, for example, AND, EQUALS, IF, NOT, OR etc
What are various rollback options while using a Cloudformation template. How to retrigger after fixing the issues manually after rollback ?
There are two options to rollback
1. Stack creation fails - Everything rollbacks
2. Stack update fails - Everything rollbacks to previous known state
After fixing the issues manually, issue ContinueUpdateRollback API from console or continue-update-rollback from the CLI to retrigger creation or update the stacks
What is Cloudformation Service role ?
It’s an IAM role to allow CF to create/update/delete resources on our behalf, in case we dont have permissions to create, update or delete the resource directly
User must have iam::PassRole permissions
What are Cloudformation Capabilities and various types of CF capabilities ? What exception is thrown when we dont have the necessary CF capabilities ?
These are capabilities you need to give to CF in order to create/update/delete resources. Two types
1. CAPABILITY_NAMED_IAM and CAPABILITY_IAM - create/update/delete IAM resources like user or group creation etc.
2. CAPABILITY_AUTO_EXPAND - when template have nested staks and CF is going to created resources dynamically.
So we are acknowledging that CF can create these type of resources. If CF is nor provided these capabilities then it will throw InsufficientCapabilitiesException
What is Cloudformation Deletion policy and what are various types ?
Controls what happens when a resource is delete from stack or when a resource is removed from a CF template.
- Default value of this policy is “DeletionPolicy=Delete” (only exception is when we delete a S3 bucket but its not empty, in that case the bucket wont get deleted)
- “DeletionPolicy=Retain” - to retain a resource when a CF is deleted like in case of DynamoDB, for instance
- “DeletionPolicy=Snapshot” - Take a final snapshot before the resource is deleted from CF, for example EBS volumes, RDS instances etc
What is Cloudformation Stack policy ?
It’s a JSON document that specifies what updates are allowed on a stack during CF update. For example, allow updates on resources in all env except the ProductionDatabase resource
How can we prevent the accidental deletes of Cloudformation stacks ?
We can enable a feature called Termination Protection for Cloudformation Stacks
What are Cloud Formation Custom Resources used for ? Provide an example
Custom Resources are used for following
1. Define resources not yet supported by CF
2. Define custom provisioning logic that are outside of CF like on-premise resources and 3rd party resources
3. Have custom scripts run during create/update/delete through Lambda functions
Let’s suppose we need to delete a S3 bucket. However we cant delete a non-empty S3 bucket through CF stack. So we can write a custom script to empty a S3 bucket before CF stack runs and deletes the bucket
What are Cloudformation StackSets and why they are used ?
CF StackSets are used to create/update/delete stacks across multiple accounts and regions with a single operation and template. The StackSets are typically run from the administrator’s account.
