Infrastructure as code (CF)

Question 1

CloudFormation

Answer 1

CloudFormation defines logical resources within templates (using YAML or JSON).

Question 2

CloudFormation Stacks

Answer 2

what gets created from a CF template

Question 3

Parameters

Answer 3

Template parameters accept input form console ,CL, or API

when a stack is created or updated

Question 4

Template Parameters

Answer 4

Default, or explicit values chosen

you set the values in the template

Parameters references are used by CloudFormation to provision physical resources

Question 5

Pseudo Parameters

Answer 5

Parameters provided by AWS based on environment when creating the stack

Question 6

CloudFormation Intrinsic functions: Fn::GettAtt

Answer 6

GetATT can be used to retrieve any attribute associated with the resource. Most Logical resources return detailed configuration of the physical resources.

Question 7

CloudFormation Intrinsic Functions

Answer 7

AWS CloudFormation provides several built-in functions that help you manage your stacks. Use intrinsic functions in your templates to assign values to properties that are not available until runtime.

Question 8

CloudFormation Intrinsic functions: Ref

Answer 8

using !Ref on template or pseudo parameters returns their value. When used with logical resources-the physical ID is usually returned

Question 9

CloudFormation Intrinsic functions:

Fn::Join and Fn: Split

Answer 9

split or join strings

Question 10

CloudFormation Intrinsic functions:

Fn::GetAZs and Fn::Select

Answer 10

!GetAZs and !Select, a template can be made portable. Rather than explicitly specifying AZ by using intrinsic functions resources can be launched or created in AZ1 AZ2

Question 11

CloudFormation Intrinsic functions:

Fn::Basse64 & Fn::Sub

Answer 11

Fn::Base64 accepts plaintext .. and outputs Base64 encoded text

Fn::Sub substitutes variables in the input, which their actual runtime values. In the example the instanceid attribute of the instance logical resource.

Question 12

CloudFormation Conditions

Answer 12

created in the optional ‘conditions’ section of a template

conditions are evaluated to True or False

processed before resources are created

user the other intrinsic function AND,EQUALS,IF,NOT, OR

associated with local resources to control if they are created or not

Question 13

CloudFormation Intrinsic functions:

Fn::Cider

Answer 13

Fn::Cider is used to generate a number of smaller CIDR ranges for subnets, from a larger VPC range

Question 14

CloudFormation Mappings

Answer 14

Templates can contain a mapping object which contains may mappings which maps keys to values , allowing lookup

can have one key, or Top & second level

Mappings use the !FindInMap intrinsic function

Common use.. retrieve AMI for given region & architecture

Question 15

CloudFormation Outputs

Answer 15

Templates can have an optional output section values can be declared in this section visible as outputs when using CLI or console UI.

accessible from a parent stack when using nesting. can be exported , allowing cross-stack references.

Question 16

CloudFormation DependsOn

Answer 16

Depends on let you explicitly define the dependency order

ex: if resources B and C depends on A both wait for A to complete before starting

Question 17

CloudFormation Wait Condition, Creation Policy & cfn-signal

Answer 17

configure CloudFormation to hold → wait for ‘x’ number of success signals

wait for Timeout H:M:S for those signals(12hr Max)

can send success or fail signals

EC2 and to scaling groups(AWS resouces) → user a creationPolicy

EC2 or external Systems → used to get information from external system

Question 18

CloudFormation Nested Stacks

Answer 18

used to overcome the 500 resource limit of one stack

modular template .. code reuse

Make the installation process easier

nested stack created by the root stack

you can only refence the outputs when using nested stacks you can’t reference the logical resources created in any of the nested stack

Question 19

CloudFront Cross-Stack References

Answer 19

outputs are normally not visible from other stacks

Nested stacks can reference them

outputs can be exported… Making them visible from other stacks

Exports must have a unique name in the regions

Fn::Import can be used instead of Ref

Question 20

CloudFormation StackSets

Answer 20

Deploy CFN stacks across many account & regions

stack sets are containers in a admin account

container stack instances .. which reference stacks

stack instance & stacks are in ‘target accounts’

each stack = 1 region in 1 account

Question 21

Retain stack

Answer 21

allows you to remove stack instances from stack sets and by default it will remove the stacks in target accounts but can be set to retain Stack after removal.

Question 22

Stack Failure Tolerance

Answer 22

the amount of individual deployment can fail before the Stack set is consider failed

Question 23

Stack set operation options : Maximum concurrent accounts

Answer 23

how many stacks you want deployed in each region

Question 24

When would you use CloudFormation StackSets

Answer 24

Enabling AWS config

Aws config Rules - MFA, EIPS,EBS encryption

create IAM Roles for cross-account access

Question 25

CloudFormation DeletionPolicy

Answer 25

if you delete logical resource’s from a template the physical resources is also deleted which could cause data loss.

With deletion policy, you can define on each resource Delete(Default), Retain or (if supported) Snapshot.

Question 26

What resources can an CloudFormation DeletionPolicy be used on ?

Answer 26

EBS volume, ElastiCache , Neptune ,RDS , Redshift

Question 27

CF Stack Roles

Answer 27

CFN uses the permissions of the logged in identity

which means you need permission for AWS

CFN can assume a role to gain permissions

This lets you implement role separation

The identities creating the stack.. doesn’t need resource permission-only PassRole

Question 28

CloudFormation cfn-init

Answer 28

Another way you can provide configuration information to an ec2 instance

simple configuration management system AWS::CloudFormation::Init part of logical resouces

Desired state -What(Cfn-init decides How)

Cfn-init helper-script -installed on EC2 OS(makes it so)

Question 29

CloudFormation cfn-hup

Answer 29

if CloudFormation::Init is updated, it isn’t run

cfn-hup helper is a daemon which can be installed

detects changes in resources metadata

running configurable actions when a change is detected

Update Stack → update config on EC2 instances

Question 30

CloudFormation Change Sets

Answer 30

changes to stacks could cause no interruptions, some interruption, or Replacement which cause interruptions.

change sets let you preview changes(A change set: over view of changes to a stack)

multiple different version(lots of change sets)

chosen changes can be applied by executing the change set

Question 31

CloudFormation Custom Resources

Answer 31

Custom resources Lets CFN integrated with anything it doesn’t yet or doesn’t natively support

passes data to something and gets data back from something

CFN sends data to an endpoint that you define within the custom Resources that data gets sent to a lambada function or an SNS topic once created it then signals back to CFN

Question 32

How does Cloud Formation work ? Explain the process ?

Answer 32

The logical resource defines the WHAT, and leaves the HOW up to the CFN product.

A CFN stack creates a physical resource for every logical resource - updating or deleting them as a template changes.

Question 33

What some defaults that parameters can be configured with ?

Answer 33

can be configured with Defaults, AllowedValues, Min and Max length & Allowed Patterns, No Echo & Type

Question 34

How can parameters influence the resources created ?

Answer 34

can be referenced from within Logical resources

which allows them influence physical resources and /or configuration