volume_mute

In CloudFormation, you can define the resources that you want to protect from unintentional updates during a stack update

publish date2024/08/16 02:06:00 UTC

volume_mute
True
False

Correct Answer

True

Explanation

In AWS CloudFormation, you can define resources that you want to protect from unintentional updates during a stack update using the UpdateReplacePolicy and DeletionPolicy attributes, as well as the Resource Attribute to enable resource-level protection.

UpdateReplacePolicy

The UpdateReplacePolicy attribute specifies what AWS CloudFormation should do with the resource when it must be replaced during a stack update. It helps control the deletion or retention of the resource:

  • Delete: AWS CloudFormation deletes the resource.
  • Retain: AWS CloudFormation keeps the resource in the account.
  • Snapshot: AWS CloudFormation creates a snapshot of the resource before deleting it.

DeletionPolicy

The DeletionPolicy attribute allows you to specify what AWS CloudFormation should do with the resource when it is deleted or replaced as part of the stack operation. The options are the same as for UpdateReplacePolicy:

  • Delete: Deletes the resource when the stack is deleted.
  • Retain: Retains the resource and its data when the stack is deleted.
  • Snapshot: Creates a snapshot of the resource before deleting it.

Resource Attribute Protection

To further protect resources from unintentional updates, you can set resource attribute constraints or explicitly state properties that should not be updated:

  • UpdatePolicy: Defines how AWS CloudFormation handles updates to resources like Auto Scaling groups, ElastiCache clusters, etc.

  • Immutable: Use resource properties to make some resources immutable, meaning they cannot be updated once created without a complete replacement.

Example Usage

Here’s an example CloudFormation snippet showing how to use these attributes:

Resources:
  MyDatabase:
    Type: AWS::RDS::DBInstance
    Properties:
      DBInstanceClass: db.t2.micro
      AllocatedStorage: 20
      Engine: mysql
      MasterUsername: admin
      MasterUserPassword: password
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain

 

Reference

AWS Skill Builder

Quizzes you can take where this question appears