Cloud Formation Flashcards
(25 cards)
Where does CloudFormation pull your templates from?
Amazon S3
What are the 7 components in a CloudFormation template?
AWS Template Format Version
Description
Resources
Parameters - Dynamic inputs
Mappings - Static inputs
Outputs
Conditionals
What are the 2 helpers for a CloudFormation template?
References
Functions
How is a resource type identifier structured in CloudFormation?
service-provider::service-name::data-type-name
Is it possible to create a dynamic number of resources in CloudFormation?
Yes you can by using Macros and Transform
Even though CloudFormation almost supports every AWS service, what is the standard workaround?
Using Custom Resources
What question should you ask yourself in a value should be a Paramter in CloudFormation?
Is this resource configuration likely to change in the future?
Suppose you want to limit what values can be inputed into a specific paramter in CloudFormation?
Allowed Values
Suppose there is a sensitive input that you would not like to appear in logs, what configuration should you place on the CloudFormation input?
No Echo
How do you use a paramater or resource (but not a condition) within a CloudFormation?
!Ref
What are Pseudo Paramters in CloudFormation?
Paramters provided by AWS with helpful reference values
What are Mappings in CloudFormation? How can you use a map in a template?
They are static values stored within a map that can be accessed using !FindInMap [Key1, Key2, Key3]
How would you share values between one CloudFormation template to another?
“Export” the name of the value as an “output” from one template and reference it in another using !ImportValue
What functions can you use to define a condition in CloudFormation?
Fn:And
Fn::Equals
Fn:If
Fn:Not
Fn::Or
Explain each of the following “Must know” intrinsic functions in CloudFormation:
- Ref
- Fn::GetAtt
- Fn::FindInMap
- Fn::ImportValue
- Condition Functions (Fn:If etc)
- Ref : Used to ‘reference’ paramters or resources
- Fn::GetAtt : Gets an attribute from an existing resource
- Fn::FindInMap : Gets a named value from a specific key set in a map
- Fn::ImportValue : Import values that were exported from an existing stack
- Fn::Base64 : Converts string to Bas64 (Used to encode data like a UserData script for an EC2 instance.
- Condition Functions (Fn:If etc) : Builds a condition
What is the default behaviour of a failed CloudFormation deployment?
New stack: Everything gets deleted
Update fails: Rolled back to previously working state
Rollback fails: Fix template issues and use use ContinueUpdateRollback API to retrigger rollback
How would you allow a user to create/update/delete stack resources even if they shouldnt have permission to work with the resources in the stack?
Give the user the iam:PassRole
What capabilities should you enable to allow a CloudFormation template to create or update IAM resources?
CAPABILITY_NAMED_IAM and CAPABILITY_IAM
What capabilities should you enable if your CloudFormation contains macros or nested stacks
CAPABILITY_AUTO_EXPAND
How would you stop a resource from being deleted if its CloudFormation stack is? What if you just want the data within it?
Set deletion policy to retain or snapshot
How can you prevent resources within a CloudFormation stack from being accidently modified?
Using Stack Policies to define what actions are allowed on specific reources
Which of the following is the recommended way to define a custom resource in CloudFormation?
1. AWS::CloudFormation:CustomResource
2. Custom::MyCustomResourceTypeName
- Custom::MyCustomResourceTypeName
Suppose you wanted to clear a S3 buckets upon deleting a Cloudformation stack (because otherwise it cant be deleted), how could you trigger this with Lambda?
Define a custom resource
What does the CloudFormation custom resource ‘Servicetoken’ define?
A Lambda or SNS ARN
