CloudFormation Flashcards
This deck aims to help retain concepts related to the CloudFormation service.
1
Q
Which AWS service enables you to model and provision AWS resources using templates written in YAML or JSON?
A
AWS CloudFormation
2
Q
What is an AWS CloudFormation Logical Resource?
A
A resource defined in a CloudFormation Template
3
Q
What is an AWS CloudFormation Physical Resource?
A
The actual resource created in an AWS account by a CloudFormation stack
4
Q
Which AWS CloudFormation component specifies the resources to be created and their configurations?
A
CloudFormation Template
5
Q
Can an AWS CloudFormation Template be reused?
A
Yes, it can be reused across multiple accounts and regions
6
Q
What AWS CloudFormation component creates and manages physical resources based on logical resources defined in a template, ensuring synchronization between them?
A
CloudFormation Stack
7
Q
What happens when logical resources in an AWS CloudFormation Template are updated?
A
The stack will be updated, and the corresponding physical resources will be modified to reflect the changes
8
Q
What happens if an AWS CloudFormation Stack is deleted?
A
All associated physical resources will also be deleted, unless they are protected or retained
9
Q
What AWS CloudFormation Template section is used to explicitly provide input data when a stack is created or updated to customize the resources being created?
Hint: Input data can be provided using console UI, CLI, or API
A
Parameters
10
Q
What AWS CloudFormation Template component represents predefined variables that are automatically populated by AWS?
A
Pseudo Parameters
11
Q
What properties can an AWS CloudFormation Template Parameter be configured with?
A
- Description: Provides details about the parameter
- Default: Specifies a value to use if no input is given
- AllowedValues: Defines a list of valid options for the parameter
- AllowedPattern: Specifies a regular expression pattern to validate the input
- MinValue/MinLength: Sets the smallest acceptable numeric value or string length
- MaxValue/MaxLength: Sets the largest acceptable numeric value or string length
- NoEcho: Hides the parameter value, useful for sensitive data
- Type: Specifies the parameter’s data type (e.g., String, Number, List, CommaDelimitedList)
12
Q
What are the most common AWS CloudFormation Pseudo Parameters?
A
- AWS::Region: Represents the region where the stack is created
- AWS::AccountId: Represents the account ID where the stack is created
- AWS::StackName: Represents the name of the stack
- AWS::StackId: Represents the unique identifier of the stack
- AWS::NoValue: Removes a resource property
13
Q
What are the main differences between AWS CloudFormation Template Parameters and Pseudo Parameters?
A
Template Parameters:
- Defined by humans when creating a template
- Require explicit input during stack creation or update
Pseudo Parameters:
- Predefined by AWS
- Automatically injected and do not require user input
14
Q
Which AWS CloudFormation Template components provide functionality to dynamically produce values, apply conditionals, and control resource characteristics?
A
Intrinsic Functions
15
Q
What AWS CloudFormation intrinsic function returns the Base64 representation of the input string?
A
Fn::Base64: valueToEncode
16
Q
What AWS CloudFormation intrinsic function returns an array of CIDR address blocks?
A
Fn::Cidr:
- ipBlock
- count
- cidrBits
17
Q
What AWS CloudFormation intrinsic functions are used to conditionally create stack resources?
A
Fn::NotFn::AndFn::OrFn::IfFn::Equals
18
Q
What AWS CloudFormation intrinsic function returns the value corresponding to keys in a two-level map?
A
Fn::FindInMap: [ MapName, TopLevelKey, SecondLevelKey ]
19
Q
What AWS CloudFormation intrinsic function takes a collection and a fragment, and applies the items in the collection to the identifier in the provided fragment?
A
'Fn::ForEach::UniqueLoopName':
- Identifier
- - Value1 # collection
- Value2
- 'OutputKey':
OutputValue
20
Q
What AWS CloudFormation intrinsic function returns the value of an attribute from a resource in the template?
A
Fn::GetAtt: [ logicalNameOfResource, attributeName ]
21
Q
What AWS CloudFormation intrinsic function returns an array that lists Availability Zones for a specified Region?
A
Fn::GetAZs: region
22
Q
What AWS CloudFormation intrinsic function returns the value of an output exported by another stack?
A
Fn::ImportValue: sharedValueToImport
23
Q
What AWS CloudFormation intrinsic function appends a set of values into a single value?
A
Fn::Join: [ delimiter, [ comma-delimited list of values ] ]
24
Q
What AWS CloudFormation intrinsic function returns the number of elements within an array or an intrinsic function that returns an array?
A
Fn::Length : IntrinsicFunction
25
What AWS CloudFormation intrinsic function returns a single object from a list of objects by index?
`Fn::Select: [ index, listOfObjects ]`
26
What AWS CloudFormation intrinsic function splits a string into a list of string values?
`Fn::Split: [ delimiter, source string ]`
27
What AWS CloudFormation intrinsic function substitutes variables in an input string with values that you specify?
`Fn::Sub:
- String
- Var1Name: Var1Value
Var2Name: Var2Value`
28
What AWS CloudFormation intrinsic function converts an object or array to its corresponding JSON string?
`Fn::ToJsonString: Object/Array`
29
What AWS CloudFormation intrinsic function specifies a macro to perform custom processing on part of a stack template?
`Fn::Transform:
Name : macro name
Parameters :
Key : value`
30
What AWS CloudFormation intrinsic function returns the value of the specified parameter or resource?
`Ref: logicalName`
31
What AWS CloudFormation Template optional section allows to provide keys and values for conditional parameters to improve template portability, supporting one or two-level lookups?
`Mappings:
RegionMap:
us-east-1:
HVM64: "ami-Off8a91507f77f867"
HVMG2: "ami-0a584ac55a7631c0c"
us-west-1:
HVM64: "ami-0bdb828fd58c52235"
HVMG2: "ami-066ee5fd4a9ef77f1"`
- !FindInMap [ "RegionMap", !Ref 'AWS::Region', "HVM64" ]
32
What AWS CloudFormation Template optional section allows to declare output values for the stack, visible in the CLI, Console UI, and accessible from parent stacks in nested scenarios?
Outputs
33
Can AWS CloudFormation Template Outputs be exported?
Yes, Outputs can be exported to allow cross-stack references
34
What AWS CloudFormation Template optional section allows to define properties that are processed before resources are created and evaluate to TRUE or FALSE?
Conditions
35
What AWS CloudFormation intrinsic functions are used in the Conditions section?
- `Fn::Not`
- `Fn::And`
- `Fn::Or`
- `Fn::If`
- `Fn::Equals`
36
What AWS CloudFormation Template attribute determines whether a logical resource is created based on a condition?
Hint: TRUE - resource is created, FALSE - resource is not created
Condition
`Resources:
EC2:
Type: 'AWS::EC2::Instance'
Condition: IsCreated
Properties:
...`
37
How are implicit dependencies created in an AWS CloudFormation Template?
Using intrinsic functions such as !Ref and !GetAtt
Example: IGW attachment that references both a VPC and an IGW
38
How are explicit dependencies created in an AWS CloudFormation Template?
Using the `DependsOn` attribute
Example: EIP explicitly requiring IGW to be attached to a VPC
39
How does AWS CloudFormation efficiently determine dependency trees when managing resources?
- Intrinsic functions (`!Ref` and `!GetAtt`) for implicit dependencies
- The `DependsOn` attribute for explicit dependencies
40
What AWS CloudFormation feature is used to signal whether resources like EC2 instances or Auto Scaling Groups (ASGs) have been successfully created or updated?
`cfn-signal`
41
What AWS CloudFormation attribute associated with a resource prevents its status from reaching `CREATE_COMPLETE` until a specified number of success signals are received or the timeout is exceeded?
`CreationPolicy`
41
Which AWS CloudFormation features can be used to send signals to resources with an associated CreationPolicy?
- `cfn-signal`
- `SignalResource` API call
42
What AWS CloudFormation logical resource is used to pause resource creation until a specific condition is met?
`AWS::CloudFormation::WaitCondition`
43
Can other resources within an AWS CloudFormation template depend on a `WaitCondition` resource?
Yes, resources can depend on the `WaitCondition`, and the `WaitCondition` can depend on resources
44
What AWS CloudFormation resource is used to generate a PreSigned URL for other resources to send a signal received by the `WaitCondition`?
`AWS::CloudFormation::WaitConditionHandle`
45
How can data attached to a signal sent by an EC2 instance to `WaitConditionHandle` be accessed within an AWS CloudFormation template?
By using `!GetAtt WaitCondition.Data`
46
What is the maximum number of resources that a single AWS CloudFormation stack can support?
500 resources
47
What are the two primary approaches for designing multi-stack architectures in AWS CloudFormation?
- Nested Stacks: Enables reusability and modularization of code by embedding templates within parent stacks
- Cross-Stack References: Facilitates resource sharing across stacks using exported outputs and imports
48
What AWS CloudFormation feature enables the creation of stacks within other stacks, promoting code reuse and modular architecture?
Nested Stacks
`VPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://example.com/template.yaml
Parameters:
Param1: !Ref SomeParam1
...`
49
What term defines AWS CloudFormation stack that serves as the starting point and may contain one or more nested stacks?
Root Stack
50
What term defines AWS CloudFormation stack that includes nested stacks?
Parent Stack
50
Can a nested stack in an AWS CloudFormation template contain additional nested stacks?
Yes, nested stacks can act as parent stacks to other nested stacks, creating a hierarchy originating from the root stack
51
Can a parent stack directly reference logical resources within a nested stack in AWS CloudFormation?
No, a parent stack can only reference the outputs explicitly returned by the nested stack
52
How can the outputs of one AWS CloudFormation nested stack be used as parameters for another nested stack within the same parent stack?
By utilizing the `DependsOn` attribute to define dependencies and passing the required outputs as parameters
53
Can existing resources be reused when creating an AWS CloudFormation nested stack?
No, Nested Stacks reuse templates, not resources, each stack defined in the template creates new set of resources when instantiated
54
What are the common use cases for implementing AWS CloudFormation nested stacks architecture?
- When stacks share the same lifecycle
- To overcome the limit of 500 resources per stack
- For reusing templates across multiple stacks
55
What AWS CloudFormation feature allows sharing resources between stacks by referencing outputs of one stack in another?
Cross-stack References
56
What AWS CloudFormation intrinsic function is used to reference exported outputs in a stack?
`Fn::ImportValue: sharedValueToImport`
57
What naming restrictions apply to exported values when using AWS CloudFormation Cross-stack References?
Exported values must have a unique name within the same AWS region and account
58
Where in an AWS CloudFormation template are values defined for export when using Cross-stack references?
In the `Outputs` section, under the `Export` key
59
What are the common scenarios for using AWS CloudFormation Cross-stack References?
- When stacks have independent lifecycles
- When resources from one stack need to be utilized by another stack
60
What AWS CloudFormation feature allows centralized management of stacks across multiple accounts and regions, enabling creation, updates, and deletions in a single operation using an administrator account and a shared template?
Stack Sets
61
In AWS CloudFormation, what acts as a container for managing stack instances within the administrator account?
Stack Set
62
When using AWS CloudFormation Stack Sets, what represents a reference to a stack created in a target account?
Stack Instance
63
How can permissions be granted to AWS CloudFormation Stack Sets?
- self-managed IAM Roles: created and managed by the customer
- service-managed IAM Roles: created and managed by AWS CloudFormation
64
What option in AWS CloudFormation Stack Sets defines the maximum number or percentage of target accounts where an operation runs simultaneously?
Concurrent Accounts
65
What option in AWS CloudFormation Stack Sets defines the maximum number or percentage of stack operation failures allowed per region, beyond which CloudFormation halts the operation automatically?
Fault Tolerance
66
What AWS CloudFormation Stack Sets option allows stacks and their resources to remain running even after stack instances are removed from a stack set?
Retain Stacks
67
What are the common use cases for implementing AWS CloudFormation Stack Sets?
- Enable AWS Config across multiple accounts
- Create AWS Config rules, such as MFA, Elastic IPs, and EBS Encryption
- Deploy IAM roles for cross-account access at scale
68
Which AWS CloudFormation attribute helps retain or backup a resource when its stack is deleted?
DeletionPolicy
`Resources:
MyBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain`
69
What are the types of deletion policies available in AWS CloudFormation?
- `Delete` - removes the resource and its contents (default)
- `Retain` - keeps the resource and its contents after stack deletion
- `RetainExceptOnCreate` - retains the resource except in cases of a creation rollback
- `Snapshot` - creates a snapshot of the resource before deletion (for resources that support snapshots)
69
Which AWS CloudFormation deletion policy retains a resource and its contents when the stack is deleted?
`Retain` - ensures that the resource and its contents are preserved during stack deletion
70
Which AWS CloudFormation deletion policy is applied by default when the DeletionPolicy attribute is not specified?
`Delete` - removing the resource and its contents during stack deletion
71
Which AWS CloudFormation deletion policy retains resources and their content during stack deletion, except in the case of a rollback for the initial stack creation?
`RetainExceptOnCreate` - retains resources and their content unless the operation is a creation rollback
72
Is the AWS CloudFormation deletion policy applied during both resource deletion and replacement operations?
No, the deletion policy is applied only during DELETE operations
73
Which AWS CloudFormation deletion policy creates a backup snapshot of a resource when its stack is deleted?
`Snapshot` - ensures that a snapshot of the resource is created, persisting beyond the stack's lifetime, snapshots may incur additional charges
74
What credentials are used by default during AWS CloudFormation stack creation?
- The credentials of the IAM principal performing the stack operation
- The principal must have the necessary permissions to create, update, or delete the stack and its associated resources
75
What feature allows AWS CloudFormation to create, update, or delete resources on behalf of users, enabling role separation?
Service role (Stack Role)
76
How is a service role implemented in AWS CloudFormation?
1. Admin creates an IAM role with permissions to create, update, and delete AWS resources
2. Users are granted permissions to create, update, and delete stacks and to pass the service role
3. The service role is attached to the stack during creation, enabling it to manage AWS resources
77
What is the use case for AWS CloudFormation Stack Roles?
When identities need to interact with CloudFormation stacks but should not have direct permissions to create, update, or delete AWS resources
78
What AWS CloudFormation feature facilitates configuration management on EC2 instances through helper scripts executed via user data?
`cfn-init`
79
Where are configuration directives for the AWS CloudFormation `cfn-init` feature defined?
In the `Metadata` attribute of an EC2 instance's logical resource, using the `AWS::CloudFormation::Init` type
80
What will happen if AWS CloudFormation `cfn-init` feature is used to start a service that is already started?
Nothing, `cfn-init` is idempotent
81
What AWS CloudFormation feature provides a helper daemon that can be installed on an EC2 instance to detect changes in resource metadata and trigger user-defined actions in response?
`cfn-hup`
82
What action is commonly triggered when AWS CloudFormation's `cfn-hup` daemon detects changes in logical resource metadata?
Typically, `cfn-hup` triggers a rerun of the `cfn-init` configuration script to reapply the desired state of the instance
83
Which AWS CloudFormation feature previews the impact of proposed changes to stack resources, properties, or attributes before execution?
Change Sets
84
How can critical resource deletions or replacements in an AWS CloudFormation Change Set be avoided?
Changes to the stack occur only after the Change Set is executed
To avoid undesired changes, review the Change Set and create a new one with adjusted modifications if necessary
85
Which AWS CloudFormation API methods are used to manage Change Sets?
- `aws cloudformation create-change-set`
- `aws cloudformation list-change-sets`
- `aws cloudformation describe-change-set`
- `aws cloudformation execute-change-set`
- `aws cloudformation delete-change-set`
86
What AWS CloudFormation feature enables custom provisioning logic for resources not covered by built-in resource types, executed during resource creation, update, or deletion?
Custom Resources
87
What AWS CloudFormation resource type is used to define a Custom Resource?
`Custom::CustomResourceTypeName`
```
CustomS3Objects:
Type: "Custom::S3Objects"
Properties:
ServiceToken: !GetAtt LambdaFunction.Arn
Key1: "val-1"
Key2: "val-2"
```
88
What required AWS CloudFormation Custom Resources property defines the endpoint to send an event (e.g., AWS Lambda or SNS Topic) when a custom resource is created, updated, or deleted?
`ServiceToken`
89
In which order are AWS CloudFormation Custom Resources created by default?
Custom Resources are created in dependency order
If a custom resource is defined last in the template, it will be created last and deleted first
90
Provide an example use case for AWS CloudFormation Custom Resource.
A Lambda function that populates an S3 bucket with objects upon creation and removes objects from the bucket before deletion
91
How does AWS CloudFormation know that a custom resource was successfully created by AWS Lambda?
Event object provided to Lambda contains a `ResponseURL`, which Lambda uses to notify the stack of the resource’s successful creation or deletion
92
Which section of an AWS CloudFormation template cannot be associated with a Condition?
`Parameters` section
93
Do exported values in AWS CloudFormation need to have unique names across all AWS Regions?
No, they only need to be unique within a single AWS Region
94
What type of Parameter in AWS CloudFormation helps catch invalid values for AWS resource attributes during stack creation or updates?
AWS-specific parameter types, such as:
- `AWS::EC2::VPC::Id
- `AWS::EC2::Subnet::Id`
95
What CLI command packages local artifacts referenced in a CloudFormation template and uploads them, such as source code for AWS Lambda functions?
`cloudformation package`
96
What CLI command deploys an AWS CloudFormation template by creating and executing a changeset?
`cloudformation deploy`
