Section 18: AWS CloudFormation Flashcards

Question 1

Q

CloudFormation is … ? (hint, it’s a buzzword term. buzzterm?)

Answer

A

infrastructure as code

Question 2

Q

T/F, A CloudFormation stack relies on things called “templates” to determine what infrastucture is warranted. These templates are basically yaml or json files. This code (the templates/aka yamls aka json files) can be version controlled.

Question 3

Q

T/F When you specify a template you can use the url of a template you uploaded to S3, or you can upload a template file when creating a stack (and the file will end up in a new S3 URL anyway)

Answer

A

S3. I beleive you reference this uploaded templates via URL.

Question 4

Q

Can you edit existing versions of uploaded templates?

Answer

A

No. You have to upload new versions of the template instead.

Question 5

Q

What are stacks identified by?

Question 6

Q

What happens when you delete a template generated stack?

Answer

A

Every artifact belonging to that stack gets deleted

Question 7

Q

What is the manual way of deploying a CloudFormation template?

Answer

A

edit the template in the CloudFormation Designer and then use the console to input parameters.

Question 8

Q

What is the automated way of deploying CloudFormation templates?

Answer

A

You edit the yaml/json files and use aws cli to deploy the template.

Question 9

Q

What is the preferred way to deploy a cloudFormation template, manual or automatic?

Answer

A

Automatic.

Question 10

Q

What are template resources?

Answer

A

the aws resources declared in your template. These are mandatory.

Question 11

Q

What are the template parameters

Answer

A

the dynamic inputs for your template

Question 12

Q

what are the template mappings?

Answer

A

the static variables for your template

Question 13

Q

What are the template outputs?

Answer

A

references to what has been created

Question 14

Q

What are the template conditionals?

Answer

A

List of conditions to perform resource creation.

Question 15

Q

What is template metadata (answer is metadata)

Question 16

Q

What are the six main CloudFormation template components? What are the two template helpers?

Answer

A

main CloudFormation template components:
* resources
* parameters
* mappings
* outputs
* conditionals
* metadata
template helpers:
* references
* functions

Question 17

Q

Does the exam require you to write CloudFormation

Question 18

Q

Does the exam expect you to know how to read CloudFormation?

Question 19

Q

What is the name of the Resource created from this template? Is this template missing anything, or does it work?

Answer

A

Name is MyInstance. It’s not missing anything, it works.

Question 20

Q

T/F CloudFormation calls the things it makes “stacks”

Question 21

Q

Is the safest way to delete a stack to go into the individual components created by the stack and delete them, or is it to go to CloudFormation and delete the whole stack from there?

Answer

A

Delete the stack from CloudFormation, don’t try to delete each invidual resource on it’s usual aws page (ex, don’t go to ec2 and try to delete the ec2 instance associated with the stack).

Question 22

Q

T/F, steph thinks JSON is terrible for CloudFormation templates and that you should use YAML instead.

Question 23

Q

What is the core component of an aws cloudformation template?

Answer

A

Resources. These are MANDATORY. They represent the differente aws components that will be created and configured.

Question 24

Q

Can template resources reference each other?
Is this the valid resource identifier pattern:
AWS::aws-product-name::data-type-name

Answer

A

Yes. there are over 224 different types of resources.

Question 25

Q

What are parameters? When are they important?

Answer

A

Parameters are a way to provide inputs to your AWS CLoudFormation template. THey’re important if you want to reuse your templates accross a company. Some inputs cannot be determined ahead of time. You can ask yourself this: if a CloudFormation resource configuration is likely to change in the future, make it a parameter.

Question 26

Q

How do you reference a parameter in a template?

Answer

A

the Fn:Ref function can be leveraged to reference parameters. the shorthand for this in YAML is “!Ref” (but without the quotes). parameters can be used anywhere in the template.

Parameters:
Stage:
Type: String
Default: Dev
AllowedValues:
- Dev
- Prod
Conditions:
isProd: !Equals
- !Ref Stage
- Prod
isDev: !Equals
- !Ref Stage
- Dev

Question 27

Q

Which psuedo parameters can be referenced by default in any CloudFormation template?

Answer

A

AWS::AccountId
AWS::NotificationARNs
AWS::NoValue
AWS::Region
AWS::StackId
AWS::StackName

Question 28

Q

What are template mappings? Could you mention some key parts of a template with a region mapping?

Answer

A

Fixed variables within your cloudFormation Template. They’re very handy for differentiating between different environments (dev vs prod), regions (AWS), AMI types etc. all values are hardcoded within the template.

Question 29

Q

When would you use template mappings vs template parameters?

Answer

A

mappings are great when you’re dealing with variables such as aws regions, availabiilty zones, aws account, environment (dev v prod) etc. They allow safer controls over the template. Parameters are really best for when the values are user specific (not sure how this is different from account specific, but okay).

Question 30

Q

What do you use to return a named value from a specific key (a mapping key value pair) (hint, it’s code-looking.) Could you point out what the possible values of it might be in the picture?

Answer

A

Fn::FindInmap

!FindInMap [MapName, TopLevelKey, SecondLevelKey]

Question 31

Q

What is CloudFormation template Outputs section (or what goes in it/when would you use it etc)?

Answer

A

The outputs section declares optional outputs values that you can import into other stacks (if you export them first). you can view them using the aws console or aws cli. They’re useful if you define a network CloudFormation and output the variables such as VPC ID and Subnet IDs. It’s the best way perform some collaboration cross stack.

Question 32

Q

Can you delete a CloudFormation stack if it’s outputs are being referenced by another CloudFormation stack?

Question 33

Q

Does the definition of template outputs impply that you can create an ssh security group as part of one template, and then create an output (via template Outputs.Export.Name) that references that security group?

Question 34

Q

What is the name by which external stacks can reference the StackSSHSecurityGroup … object? item? resource? whatever it is … of the output value defined under StackSSHSecurityGroup in the following template section:

Answer

A

SSHSecurityGroup

Question 35

Q

What is cross stack referencing, in terms of CloudFormation?

Answer

A

Referencing the output (usually resources, idk if things like security groups are considered resources but lets say they are) of one stack (which of course was generated from a template) in a second template.

Question 36

Q

How do you leverage in template templateNumberTwo a security group named SSHSecurityGroup that was generated as an output of another stack/template templateNumberOne? Like, what’s the code (codeish keyword/s for it?)

Answer

A

Fn::ImportValue (Fn means function)

Question 37

Q

You’re having trouble deleting a stack, stackA. What might be a problem?

Answer

A

If it has a section of Outputs and an output resource, like a security group, is being used in another stack, say stackB, then you won’t be able to delete stackA.

Question 38

Q

Is this a valid way to use Fn::ImportValue

Question 39

Q

What are CloudFormation template conditions used for?

Answer

A

They’re used to control the creation of resources or ouputs based on a condition. Conditions can be whatever you want them to be, but some common ones are environment (dev test prod) aws region, any parameter value. each condition can reference another condition, parameter value or mappingl

Question 40

Q

Is this a valid way to define a condition?
What are the logical operators you can use when making conditions?
what is does a single exclaimation point mean when used in a yaml template?

Answer

A

yes
Fn::And; Fn:Equals; Fn:If; Fn:Not; Fn::Or
believe it or not, that exclaimation is not a logical Not. It is like a replacement for the whole “Fn::” thing.

Question 41

Q

Can conditions be used wherever you want them to be used?

Answer

A

Seems like yea.

Question 42

Q

Is the following code snippet a valid way of creating and using a condition in a template?

Question 43

Q

what are the cloudFormation must-know intrinsic functions?

Answer

A

Ref
Fn::GetAtt
Fn::FindInMap
Fn::ImportValue
Fn::Join
Fn::Sub
condition functions Fn::If, Fn::Not, Fn::Equals etc

Question 44

Q

How do you reference parameters or resources? (answer is the code function word things)

Answer

A

Fn::Ref. shorthand version is !Ref.

Question 45

Q

what function do you use to get attribute information on any stack generated resources?

Answer

A

Fn::GetAtt

Question 46

Q

How do you get the AZ of the following CloudFormation stack (which, again, are made from templates) EC2 instance? (from i beleive the same template)

Question 47

Q

What does Fn::Join do?
For example, with the following template code: !Join [”:”, [a, b, c]]
For example, with the template in the picture?

Answer

A

Joins values with a delimter. !Join[delimiter, [comma-delimited list of values]]
answer: it creates “a:b:c”
“Join using the ref function with parameters:
The following example uses Fn::Join to construct a string value. It uses the Ref function with the AWS::Partition parameter and the AWS::AccountId pseudo parameter.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-join.html

Question 48

Q

How do you substitute variables from text? (i think this is just asking “what is the code you use to use variables in templates?”). A different question will ask about interpreting usage.

Answer

A

Fn::Sub (shorthand version !Sub)

Question 49

Q

What does this do?

Answer

A

Usage of Fn::Sub with Fn::ImportValue function

The following example uses a mapping to substitute the Domain variable with the resulting value from the Fn::ImportValue function.

Note: “DomainName” is the name of the Output exported by another CloudFormation stack.

Question 50

Q

What happens by default if cloudFormation stack creation fails?

Answer

A

The default behavior is that everything rolls back, and since there is no back to roll to when doing an initial create, all stack-generated resources get deleted. We can look at the log.

Question 51

Q

What option do you have regarding cloudformation failed-stack-creation rollbacks?

Answer

A

There is an optoin to disable rollback and troubleshoot what happened.

Question 52

Q

What happens if a cloudFormation stack update fails?

Answer

A

the stack automatically rolls back to the previous known working state. You have the ability to see in the log what happened/what any error messages are.

Question 53

Q

you’ll learn more about SNS and lambda soon, so skipping over what those things are, can you use SNS with CloudFormation to i suppose trigger lamda functions, sending of email, etc?

Answer

A

Yes. You enable SNS integration on the CloudFormation side (i suppose in template form, though I am not certain). Then CloudFormation events get sent to SNS. Then that triggers things like a Lamda function. If, for example, the event was that a rollback was in progress that event might go to a different or maybe the same (haven’t learned about sns or lambda yet, so this is just my interpretation of a flow chart) sns things which then sends an email to perhaps someone with admin privileges.

Question 54

Q

What are change sets good for (hint, what do you look at when you review other people’s merge requests?)?
will changeSets indicate if the update will be successful?

Answer

A

it’s to check changes for greater confidence
No. I hope they’re not implying that they don’t even check whether an update should work. I think it’s about whether or not the unexpected will occur. but idk those are guesses based on literally no info.

Question 55

Q

What is a nested stack?
are they considered best practice?
why use them

Answer

A

stack in a stack.
yes
they’re like functions. not like, functions the way cloudformation has been using the word. I think of those more as keywords perhaps. or built in functions. nested stacks are like the kind of functions you’d write yourself in python or javascript or whatever. examples might be a load balancer configuration that is reused, a security group that is reused etc..

Question 56

Q

if you updated a stack that is nested into stacks elsewhere, do you update both the root stack and the stacks using the root stack, or just the root stack?

Answer

A

I believe just the root stack, but it’s real fuzzy honestly.

Question 57

Q

What’s the difference between cross stacks and nested stacks?

Answer

A

cross stacks seem like they’re more for exporting values or individual items that can get used by another stack. nested stack seems more like you use one whole stack inside another stack. like if you wanted to dedicate one stack to how to make an application load balancer so you didn’t have to write that same code every time you made a stack that needed an alb.

Question 58

Q

What’s a StackSet used for?
who all can use them?
if you update a stackset, are all associated stack instances updated throughout all accounts and regions?

Answer

A

to create, update or delete stacks across multiple accounts and regions with a single operation.
you need an admin account to create stackSets.
yes

Question 59

Q

What is CloudFormation Drift?
how can you preemptively prevent individuals from altering cloudformation generated resources (like ec2 instances, i’m not talking about preventing people from submitting a new template through cloudformation)

Answer

A

a new tool to tell you if people have altered by hand (outside of a cloudformation template/ui) any resources created using cloudformation.
If i’m reading things correctly, it looks like you can use CloudFormation Stack Policies. we’ll talk more about those sooon.

Question 60

Q

What are CloudFormation Stack Policies?
Why bother with them?
when you create a stack policy, are resources protected by default?

Answer

A

JSON docs that define the update actions that are allowed on specific resources during Stack updates.
they help protect resources from unintentional updates to cloudformation generated resources, like someone updating an ec2 instance through the ec2 instance ui.
yes, though the example is confusing.

Question 61

Q

What does this CloudFormation Stack Policy do?

Question 62

Q

Answer

A

Correct answer is B. no answers have notes.

Question 63

Q

Answer

A

A. Change Sets. No answers have notes.

Question 64

Q

Answer

A

The answer is A. Although I thought differently, it turns out that when an initial stack creation attempt fails, what gets deleted is all resources that may have been generated as a result of attempted to create the stack. The now-empty stack itself however, does not get deleted. Therefore, you need to delete the failed (empty) stack before you try to create the new one.

This answer didn’t have a note, I suspect none did. .

Answer 52

A

D. Stacksets. No answer choices have notes.

Answer 53

A

B. Drift. no answers have notes.

Answer 54

A

Correct answer: A. Fn::ImportValue No choices have notes.

Answer 55

A

answer is C. AWS::AccountName. No answers have notes.

Answer 56

A

Correct answer is B. update template. No answers have notes.

Answer 57

A

Correct answer is B. “CloudFormation references a template from Amazon S3, no matter what. If you upload the template from the AWS console, it gets uploaded to Amazon S3 behind the scenes, and CloudFormation references that template from there.”

Note that A is incorrect for this reason: “This is only true from the “AWS CloudFormation Console”, and then by using this option, your template is uploaded by AWS to Amazon S3 behind the scenes. So CloudFormation uses a reference to Amazon S3.”