What is CloudFormation?
CloudFormation is perfect for creating immutable architecture.
When you create resources using CloudFormation, you can easily
pick that template up and run it anywhere you want.
What is Elastic Beanstalk?
The Amazon PaaS tool.
What Is Systems Manager?
Systems Manager is a suite of tools designed to let you view, control, and
automate both your AWS architecture and on-premises resources.
Features of Systems Manager
- Automation Documents: Can be used to control your instances or
AWS resources(For example, using Automation documents to fix S3 bucket
permissions or using Session Manager to connect to an instance. ) - Run Command: Execute commands on your hosts
- Patch Manager: Manages your application versions
- Parameter Store: Securely store your secret values
- Hybrid Activations: Control your on-premises architecture
using Systems Manager - Session Manager: Remotely connect and interact with
your architecture
How are AWS CloudFormation template parameters used?
- They are defined in the
Parameterssection of the template. - Users can provide values for parameters when creating or updating a stack.
What are AWS CloudFormation pseudo parameters and how are they used?
- Pseudo parameters are predefined variables in AWS CloudFormation.
- Pseudo parameters do not need to be explicitly defined in the
Parameterssection. - Examples include AWS::Region, AWS::Partition, and AWS::AccountId.
- Pseudo parameters are automatically populated by AWS CloudFormation.
What are the purposes of the AWS CloudFormation intrinsic functions !Ref and !GetAtt?
- !Ref is used to get the value of a specified parameter or resource within a CloudFormation template (!Ref LogicalResource OR !Ref Parameter )
- !GetAtt is used to retrieve the value of an attribute from a specified resource in the stack (!GetAtt LogicalResource.Attribute).
What AWS CloudFormation intrinsic function is used for selecting elements from a list?
- !Fn::Select: Retrieves a specified element from a list.
SelectedElement:
Description: “Select the second element from the list”
Value: !Fn::Select [1, [“Element1”, “Element2”, “Element3”]]
What AWS CloudFormation intrinsic function is used for retrieving availability zones from a region?
- !Fn::GetAZs: Returns a list of availability zones for a specified region.
AvailabilityZones:
Description: “List of availability zones in the us-east-1 region”
Value: !Fn::GetAZs: us-east-1
What AWS CloudFormation intrinsic functions are used for joining and splitting strings in a template?
- !Fn::Join: Concatenates a list of values into a single string using a specified delimiter.
- !Fn::Split: Splits a string into a list of substrings based on a specified delimiter.
Examples:
```yaml
JoinedString:
Description: “Concatenate values into a comma-separated string”
Value: !Fn::Join [”,”, [“Value1”, “Value2”, “Value3”]]
SplitString:
Description: “Split a string into a list using a hyphen as the delimiter”
Value: !Fn::Split [”-“, “123-456-789”]
What AWS CloudFormation intrinsic functions are used for encoding data in base64 and string interpolation?
- !Fn::Base64: Encodes data in base64 format. Commonly used for encoding user data in AWS::EC2::Instance resources.
- !Fn::Sub: Performs string interpolation, allowing you to substitute values into strings. ${LogicalResource}
What AWS CloudFormation feature allows you to create a mapping of keys to corresponding values within a template?
- Mappings: A CloudFormation feature that allows you to create a static mapping of keys to corresponding values, providing a way to parameterize templates.
What AWS CloudFormation section allows you to define values to be shown or exported after the stack creation or update?
The optional Outputs section declares output values that you can import into other stacks (to create cross-stack references), return in response (to describe stack calls), or view on the AWS CloudFormation console. For example, you can output the S3 bucket name for a stack to make the bucket easier to find.
What are public parameters in AWS Systems Manager Parameter Store, and how can they be shared across accounts and regions?
- Public parameters in AWS Systems Manager Parameter Store are parameters that can be marked as accessible across accounts and regions.
- They provide a way to share configuration values with other AWS accounts.
- Access to public parameters is controlled by IAM policies.
- Cross-region access is supported, allowing parameters to be used in different AWS regions.
- Resource-based policies can be employed to share public parameters with other AWS accounts.
For more details, refer to: Public Parameters in Systems Manager
In AWS CloudFormation, what feature allows you to control whether resources are created or how they are configured based on certain conditions?
- The optional Conditions section contains statements that define the circumstances under which entities are created or configured.
- You might use conditions when you want to reuse a template that can create resources in different contexts, such as a test environment versus a production environment.
- In your template, you can add an EnvironmentType input parameter, which accepts either prod or test as inputs.
- Conditions are evaluated based on predefined pseudo parameters or input parameter values that you specify when you create or update a stack.
- Within each condition, you can reference another condition, a parameter value, or a mapping.
- After you define all your conditions, you can associate them with resources and resource properties in the Resources and Outputs sections of a template
In CloudFormation what is the DependsOn attribute?
With the DependsOn attribute, you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.
What AWS CloudFormation tool is used to signal the successful completion of an Amazon EC2 instance or an Auto Scaling group during stack creation or update?
cfn-signalis a command-line tool used in conjunction with AWS CloudFormation to signal the successful completion of a specific resource, typically an Amazon EC2 instance or an Auto Scaling group.- It is commonly used in UserData or cfn-init scripts to inform CloudFormation that the resource has been successfully configured and is ready to proceed.
- The
cfn-signalcommand is typically included as the last step in user data scripts to avoid signaling before the resource is fully configured. - You use the cfn-signal script in conjunction with a CreationPolicy attribute or an Auto Scaling group with a WaitOnResourceSignals update policy.
What AWS CloudFormation attribute is used to define conditions for CloudFormation to wait before considering a resource as successfully created during stack creation?
CreationPolicyis an AWS CloudFormation attribute used to specify conditions for CloudFormation to wait before signaling success for a particular resource during stack creation.- It is commonly used when a resource requires additional time to stabilize or become available after creation.
- To signal a resource, you can use the cfn-signal helper script or SignalResource API.
How can AWS CloudFormation WaitCondition be employed to wait for the completion of an external resource’s creation and use data from that resource?
- AWS CloudFormation WaitCondition can be used to wait for the completion of an external resource’s creation and incorporate data from that resource.
(For Amazon EC2 and Auto Scaling resources, AWS recommends that you use a CreationPolicy attribute instead of wait conditions. Add a CreationPolicy attribute to those resources, and use the cfn-signal helper script to signal when an instance creation process has completed successfully.)
When working with AWS CloudFormation, what are the key differences between Nested Stacks and Cross-Stack References, and when would you choose one over the other?
- Nested Stacks:
- Description: Involves creating a separate CloudFormation template (nested stack) that is referenced within the main template.
- Use Case: Suitable when you want to break down a complex template into modular and reusable components.
- Advantages: Improved template organization, reusability, and easier management of complex infrastructure.
- Considerations: Resources in nested stacks are treated as a single unit, and outputs from nested stacks are accessible in the parent stack.
- Cross-Stack References:
- Description: Involves exporting values from one stack (exporting stack) and importing them into another stack (importing stack).
- Use Case: Appropriate when you need to share specific outputs (parameters or resources) between independent stacks.
- Advantages: Decouples resources and allows sharing of specific outputs across stacks, promoting separation of concerns.
- Considerations: Resource dependencies must be carefully managed to avoid circular dependencies.
Choosing Between Them:
- Nested Stacks: Use when focusing on modular templates and reusability within a single stack.
- Cross-Stack References: Use when separate stacks need to share specific outputs, promoting independence and maintainability.
What are the key differences in how resources from different stacks can be accessed in Nested Stacks versus Cross-Stack References in AWS CloudFormation, including the intrinsic functions used?
- Nested Stacks:
- Access Mechanism: Resources from nested stacks are treated as a single unit, and their outputs are automatically accessible within the parent stack.
- Intrinsic Function: Outputs from nested stacks are implicitly available for use in the parent stack without the need for explicit export or import. The
Fn::ImportValuefunction is not required.
- Cross-Stack References:
- Access Mechanism: Resources are accessed explicitly through the use of Export and Import functions. Per region, per account.
- Intrinsic Function: Resources must be explicitly exported from one stack (exporting stack) and then imported into another stack (importing stack) using the
Fn::ExportandFn::ImportValuefunctions, respectively.
Considerations:
- Nested Stacks: Implicit access simplifies usage but may limit control over individual resource outputs.
- Cross-Stack References: Explicit access provides more control but requires careful management of exports and imports to avoid circular dependencies.
What are CloudFormation StackSets?
- StackSets are a feature of CloudFormation allowing infrastructure to be deployed and managed across multiple regions and multiple accounts from a single location.
- Additionally, it adds a dynamic architecture - allowing automatic operations based on accounts being added or removed from the scope of a StackSet.
- Permissions granted via self-managed IAM Roles or service-managed within an ORG.
- StackSets gain access to Target Accounts and create stack instances and stacks.
What is DeletionPolicy in CloudFormation?
With the DeletionPolicy attribute you can preserve or (in some cases, not supported for EC2) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.
What are Stack roles in CloudFormation?
- Stack roles allow an IAM role to be passed into the stack via PassRole
- A stack uses this role, rather than the identity interacting with the stack to create, update and delete AWS resources.
- It allows role separation and is a powerful security feature.
