IaC (CFN)

Question 1

What’s the difference between CloudFormation logical and physical resources?

Answer 1

Logical - The resource as defined in a CFN template.

Physical - The actual resources created when a template is applied.

Question 2

What are CFN stacks?

Answer 2

Organizational units for physical resources with a logical boundary - they are isolated and self-contained by default.

Question 3

What is the importance of DependsOn?

Answer 3

Many resources have implicit dependencies (in terms of create order) that CFN can auto-detect, especially in the presence of !Refs.

DependsOn allows the specification of explicit dependencies that CFN cannot auto-detect, such as an ElasticIP resource.

Question 4

What is the CFN Stack resource limit?

Answer 4

500.

Question 5

What are some other limits of CFN stacks and templates that Nested Stacks can help with?

Answer 5

• Shared lifecycle.
• Can’t easily reference other stacks.
• Can’t easily reuse resources like VPCs.

Question 6

What CFN directive is used by stacks to reference each other?

Answer 6

The Outputs directive, which can be referenced or used as parameters for other templates/stacks.

Question 7

What is the main difference between Cross-Stack References and Nested Stacks?

Answer 7

Nested stacks are for lifecycle-linked resources and help with code (template) re-use, NOT with resource re-use or sharing.

Question 8

What CFN Directives are useful for Cross-Stack References?

Answer 8

Export, inside a single Output, paired with !ImportValue.

Question 9

What are CFN StackSets?

Answer 9

Containers for Stack Instances (which themselves reference actual Stacks), and used to deploy Stacks across many Accounts and Regions.

Question 10

What are the uses of a CFN DeletionPolicy?

Answer 10

By default, CFN deletes physical resources when the logical resource is deleted. DeletionPolicies can instruct CFN to either Retain or Snapshot the physical resources, depending on individual resource support for these actions.

Question 11

What is the purpose of CFN Stack Roles?

Answer 11

Used for role separation, where a user with Stack-based access can pass an IAM Role to CFN that itself has the permissions to CRUD the resources.

Question 12

What is CloutFormationInit?

Answer 12

A system to describe a desired state for EC2 instances, as an alternative to defining procedural steps in the user-data. Is idempotent.

Question 13

What’s the use case for cfn-hup?

Answer 13

This helper daemon can detect changes in resource metadata and run configuration actions.

Question 14

Is user-data, even when parameterized, re-applied during stack updates?

Answer 14

No. The user-data is run only once, when the stack and physical resources are first created.

Question 15

Where is the output of the user-data process captured on the EC2 instance (Linux)?

Answer 15

In the /var/log/cloud-init-output.log file.

Question 16

What are CFN Change Sets?

Answer 16

A preview of a stack update that can be reviewed for accuracy or other concerns, especially if resources will be disrupted or outright replaced.

Question 17

What is the purpose of CFN Custom Resources?

Answer 17

To allow CFN to integrate with anything it doesn’t yet or doesn’t natively support.

Question 18

How do Custom Resources work during stack updates?

Answer 18

Event data is sent to a Lambda or SNS topic and can receive data back about the state of that resource.