Вы находитесь на странице: 1из 43

AWS - Cloudformation quizlet

Terms in this set (13)

What is CloudFormation?
Allows you to script deploy infrastructure?
What does CloudFormation use to deploy a stack?
a template
- choose a source (stack)
- choose needed parameters (DB credentials, instance type, etc.)
- tag
- SNS notifications
- Timeout - how long stack has to start up
- rollback on failure
What 5 things are included in a CloudFormation template?
-An optional list of template parameters (input values supplied at stack creation time)
-An optional list of output values (e.g. the complete URL to a web application)
-An optional list of data tables used to lookup static configuration values (e.g., AMI
names)
-The list of AWS resources and their configuration values
-A template file format version number
What happens when a stack fails to deploy in CloudFormation?
If rollback on failure is enabled, all resources are deleted. Else, all resources
deployed up to the point of failure remain
Is CloudFormation free?
Yes, but the resources it deploys are not
What is the default behavior for rollback on failure?
Rollback on failure is enabled
What are examples of what you can output from your template script?
DNS name
public IPs
S3 bucket names
How do you specify in your script to output [attribute] from [resource name]?
{ "Outputs" :
{ "name of output" :
{ "value" :
{
"Fn::GetAtt"
{
[resource name], [attribute]
}
}
}
}
}
What are key-value pairs used for in a CloudFormation template?
credentials to SSH into linux box
How is AWS CloudFormation different from AWS Elastic Beanstalk?
CloudFormation supports AWS Elastic Beanstalk hosted applications as well as
other AWS services

Ex: script your AWS EB applications and attach them to RDS instance, and other
AWS resources
How can you create multiple stacks from a template without fear of name collisions
between AWS resources?
Supply a logical name for your resource

actual resource name will consist of stack resource name and logical name
Can you name all resources in a template? Why?
No. You can name S3 buckets, but others you cannot.
Naming resources restricts the reusability of templates and results in naming
conflicts when an update causes a resource to be replaced
Can I create a stack in VPC using CloudFormation?
Yes

Terms in this set (14)

CloudFormation Essential
It is the pure embodiment of infrastructure as code:
- You can describe your application's architecture in a CloudFormation template as
either JSON or YAML
- You can use that template to deploy copies of that architecture to:
- Other AWS regions
- Other AWS accounts
- CloudFormation stacks are a collection of AWS resources you can manage
together as one unit
- CloudFormation Stacks defined by CloudFormation templates
CloudFormation Benefits
- Saves you time by not having to manually create duplicate architectures in other
regions
- Since your infrastructure is now code, you can version control your infrastructure
- Allows for infrastructure rollbacks to previous versions if a new version has issues
- Allows you to prepare for disaster recovery scenarios by having your infrastructure
fully describe in code
CloudFormation Templates
- CloudFormation templates are JSON or YAML text files that describe your AWS
infrastructure.
- These templates can have several sections but only the Resources section is
required.
CloudFormation Templates - Resources
- Format Version: The AWS CloudFormation template version that the template
conforms to
- Description: A string that describes the template that must follow the format version
- Metadata: Additional information about the template that can provide
implementation details
- Parameters: Values to pass to your template when you create or update a stack
- Mappings: Match a provided key to a set of named values
- Conditions: Statements that determine when resources are created or properties
are defined using logical operators called condition intrinsic functions
- Transformation: An optional section used to integrate with the AWS Serverless
Application Model (AWS SAM)
- Resources: Specifies the resources to be created and their properties
- Outputs: Specifies output values that can be imported to other stacks, returned in
the response, or viewed in the AWS CloudFormation console
CloudFormation Intrinsic Functions
- CloudFormation syntax provides several built-in functions to help you manage your
stacks
- You can use these functions to assign values to different CloudFormation
properties that are only available at or after runtime
CloudFormation Intrinsic Functions usage
You can use Intrinsic Functions in:
- Resource properties
- Outputs
- Metadata attributes
- Update policy attributes
- You can also use conditional intrinsic functions to conditionally create your
CloudFormation resources
Common Intrinsic Functions
-Fn::GetAtt - Returns the value of an attribute from a resource in y our
CloudFormation template
- Frequently used to get things like the Name or ARN of other resources
- Fn::Join - Appends values into a single value separated by a delimiter
- Ref - Returns a value you can use to refer to the provided parameter or resource.
For example:
- A Ref to an EC2 instance would return the instance ID
- A Ref to a Lambda Function would return the function name
CloudFormation - What is it?
-It allows you to turn infrastructure code into code. This provides numerous benefits
including quick deployments, infrastructure version control and disaster recovery
solutions
CloudFormation Resources - Resource type identifiers
- CloudFormation supports a variety of AWS resources. These resources are
identified with Resource type identifiers:
- Resource type identifiers follow the format of: AWS::aws-product-name::data-type-
name
- Some examples of common resource type identifiers include:
- AWS::EC2::Instance
- AWS::DynamoDB::Table
- AWS::IAM::Role
CloudFormation Resources - Properties
- In addition to a resource type identifier, each CloudFormation resource also has its
own properties.
- Properties for each type of resource vary depending on the resource. For example:
- An AWS::EC2::Intance resource might have an AvailabilityZone or InstanceType
property
- An AWS::IAM::Role resource can have neither of those properties but might have a
ManagedPolicyArns property
CloudFormation Resources Attributes
You can also use Resource Attributes to control additional relationships and
behaviors of your resources. These include:
- CreationPolicy: Used to delay stack reaction when you want to confirm some other
part of the stack is setup completely
- DeletionPolicy: Can be used to optionally keep around certain resources, like S3
buckets, or backup resources, like EBS, with a snapshot before deleting it
- DependsOn: Allows you to specify that certain resources will be dependent on
other resources for their creation
- Metadata: Allows you to add optional metadata to resources
- UpdatePolicy: Allows you to specify how CloudFormation should update a small
subset of AWS resources
CloudFormation Stack
A CloudFormation stack is a group of AWS resources that you can manage together:
- Stack resources are defined by the stack's AWS CloudFormation template
- You can create, update, or delete a group of AWS resources by creating, updating,
or deleting a corresponding stack
CloudFormation - Conceptual Examples of stacks
Conceptual examples of stacks:
- All the AWS resources required to run a web application, such as a web server, a
database, and networking rules
- All the AWS resources required to run a serverless microservice, such as API
Gateway methods, resources, and deployments as well as Lambda Functions and
DynamoDB tables
CloudFormation - Stack Resources
Stack resources are treated as one single unit:
- Stacks resources must all be created/deleted successfully for the stack to be
created or deleted
- If a Stack resource cannot be created, CloudFormation will roll back the stack and
automatically delete any resources that were created

Terms in this set (108)

CloudFormation
https://aws.amazon.com/cloudformation/faqs/

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide

CloudFormation allows you to take what was once traditional hardware infrastructure
and convert it into code.

CloudFormation gives developers and systems administrators an easy way to create


and manage a collection of related AWS resources, provisioning and updating a
collection of related AWS resources, provisioning and updating them in an orderly
and predictable fashion.

You don't need to figure out the order of provisioning AWS services or the subtleties
of making those dependencies work, CloudFormation takes care of this for you.
After the AWS resources are deployed, you can modify and update them in a
controlled and predictable way, in effect you can apply version control to your AWS
infrastructure the same was you do with your software.
Maximum amount of data that cfn-signal can pass (bytes).
4,096
Maximum amount of data that a custom resource provider can pass (bytes).
4,096
Maximum number of mappings that you can declare in your AWS CloudFormation
template.
100
Maximum number of mapping attributes for each mapping that you can declare in
your AWS CloudFormation template.
64
Maximum size of each mapping name.
255
Maximum number of outputs that you can declare in your AWS CloudFormation
template.
60
Maximum size of an output name.
255
Maximum number of parameters that you can declare in your AWS CloudFormation
template.
60
Maximum size of a parameter name.
255
Maximum size(bytes) of a parameter value.
4,096
Maximum number of resources that you can declare in your AWS CloudFormation
template.
200
Maximum size of a resource name.
255
Maximum number of AWS CloudFormation stacks that you can create.
200
Maximum number of AWS CloudFormation stack sets you can create in your
administrator account.
20
Maximum number of stack instances you can create per stack set.
500
Maximum size(bytes) of a template body that you can pass in a CreateStack,
UpdateStack, or ValidateTemplate request.
51,200
Maximum size(bytes) of a template body that you can pass in an Amazon S3 object
for a CreateStack, UpdateStack, ValidateTemplate request with an Amazon S3
template URL.
460,800
Maximum size(bytes) of a template description.
1,024
CloudFormation Template
A CloudFormation Template is essentially an architectural diagram.

You create, update and delete a collection of resources by creating, updating, and
deleting stacks using CloudFormation Templates.

CloudFormation Template are in either JSON or YAML format.


CloudFormation Stack
CloudFormation Stack is the end result of CloudFormation Template (what is actually
provisioned)
Elements of Template - Mandatory Elements
List of AWS Resources and their associated configuration values
Elements of Template - Optional Elements
The template's file format & version number

Template Parameters: The input values that are supplied at Stack creation time
(such as Tags, AMI, etc), limit of 60.

Output Values: The output values required once a stack has finished building (such
as public IP, ELB address, etc), limit of 60, you can use Fn:GetAtt to output data

List of data tables: used to look up static configuration values such as AMI's etc
Resources Properties Values
Literal strings(enclosed in double quote)

List of strings (enclosed in [ ])

Booleans

Parameter references (enclosed in ({ })

Pseudo references or the value returned by a function. (enclosed in ({ })


Resource Attributes - CreationPolicy
You associate the CreationPolicy attribute with a resource to prevent its status from
reaching create complete until CloudFormation receives a specified number of
success signals or the timeout period is exceeded.
Resource Attributes - DeletionPolicy
With the DeletionPolicy attribute you can preserve or backup a resource when its
stack is deleted.

You specify a DeletionPolicy attribute for each resource that you want to control
Resource Attributes - DependsOn
With the DependsOn attribute you can specify that the creation of a specific resource
follows another.

When you add a DependsOn attribute to a resource, that resource is created only
after the creation of the resource specified in the DependsOn attribute.
Resource Attributes - Metadata
The Metadata attribute enables you to associate structured data with a resource. By
adding a Metadata attribute to a resource, you can add data in JSON format to the
resource declaration.
Resource Attributes - UpdatePolicy
Use the UpdatePolicy attribute to specify how CloudFormation handles updates to
the AWS::AutoScaling::AutoScalingGroup resource or AWS::Lambda::Alias
resource.
Create CloudFormation
Create a stack (default): You can use one of the templates AWS provide to get
started quickly with applications

Create a StackSet: A StackSet is a container for AWS CloudFormation stacks that


lets you provision stacks across AWS accounts and regions by using a single AWS
CloudFormation template.

Design a template: You can use the drag-and-drop tool called AWS CloudFormation
Designer. You drag-and-drop the resources that you want to add to your template
and drag lines between resources to create connections.

Create a Template from your Existing Resources: If you already have AWS
resources running, the CloudFormer tool can create a template from your existing
resources. This means you can capture and redeploy applications you already have
running.
Tips
By default, the "automatic rollback on error" feature is enabled

You are charged for resources you already deployed if CloudFormation errors out at
middle.

CloudFormation is free

Stacks can wait for applications to be provisioned using the "WaitCondition"

You can use Fn:GetAtt to output data

Route53 is completely supported. This includes creating new hosted zones or


updating existing ones. you can create A records, Aliases etc

IAM Role creation and assignment also supported.


CancelUpdateStack
Cancels an update on the specified stack. If the call completes successfully, the
stack rolls back the update and reverts to the previous stack configuration.
ContinueUpdateRollback
For a specified stack that is in the UPDATE_ROLLBACK_FAILED state, continues
rolling it back to the UPDATE_ROLLBACK_COMPLETE state.

Depending on the cause of the failure, you can manually fix the error and continue
the rollback. By continuing the rollback, you can return your stack to a working state
(the UPDATE_ROLLBACK_COMPLETE state), and then try to update the stack
again.
CreateChangeSet
Creates a list of changes that will be applied to a stack so that you can review the
changes before executing them.
You can create a change set for a stack that doesn't exist or an existing stack.

If you create a change set for a stack that doesn't exist, the change set shows all of
the resources that AWS CloudFormation will create.

If you create a change set for an existing stack, AWS CloudFormation compares the
stack's information with the information that you submit in the change set and lists
the differences.

Use change sets to understand which resources AWS CloudFormation will create or
change, and how it will change resources in an existing stack, before you create or
update a stack.
CreateStack
Creates a stack as specified in the template. After the call completes successfully,
the stack creation starts.
CreateStackInstances
Creates stack instances for the specified accounts, within the specified regions.

A stack instance refers to a stack in a specific account and region. Accounts and
Regions are required parameters—you must specify at least one account and one
region.
CreateStackSet
Creates a stack set.
DeleteChangeSet
Deletes the specified change set. Deleting change sets ensures that no one
executes the wrong change set.

If the call successfully completes, AWS CloudFormation successfully deleted the


change set.
DeleteStack
Deletes a specified stack. Once the call completes successfully, stack deletion
starts.

Deleted stacks do not show up in the DescribeStacks API if the deletion has been
completed successfully.
DeleteStackInstances
Deletes stack instances for the specified accounts, in the specified regions.
DeleteStackSet
Deletes a stack set. Before you can delete a stack set, all of its member stack
instances must be deleted.
DescribeAccountLimits
Retrieves your account's AWS CloudFormation limits, such as the maximum number
of stacks that you can create in your account.
DescribeChangeSet
Returns the inputs for the change set and a list of changes that AWS
CloudFormation will make if you execute the change set.
DescribeStackEvents
Returns all stack related events for a specified stack in reverse chronological order.
DescribeStackInstance
Returns the stack instance that's associated with the specified stack set, AWS
account, and region.
DescribeStackResource
Returns a description of the specified resource in the specified stack.
DescribeStackResources
Returns AWS resource descriptions for running and deleted stacks.

If StackName is specified, all the associated resources that are part of the stack are
returned.

If PhysicalResourceId is specified, the associated resources of the stack that the


resource belongs to are returned.
DescribeStacks
Returns the description for the specified stack; if no stack name was specified, then
it returns the description for all the stacks created.
DescribeStackSet
Returns the description of the specified stack set.
DescribeStackSetOperation
Returns the description of the specified stack set operation.
EstimateTemplateCost
Returns the estimated monthly cost of a template.

The return value is an AWS Simple Monthly Calculator URL with a query string that
describes the resources required to run the template.
ExecuteChangeSet
Updates a stack using the input information that was provided when the specified
change set was created.

After the call successfully completes, AWS CloudFormation starts updating the
stack.
GetStackPolicy
Returns the stack policy for a specified stack. If a stack doesn't have a policy, a null
value is returned.
GetTemplate
Returns the template body for a specified stack. You can get the template for running
or deleted stacks.
GetTemplateSummary
Returns information about a new or existing template.

The GetTemplateSummary action is useful for viewing parameter information, such


as default parameter values and parameter types, before you create or update a
stack or stack set.
ListChangeSets
Returns the ID and status of each active change set for a stack.

For example, AWS CloudFormation lists change sets that are in the
CREATE_IN_PROGRESS or CREATE_PENDING state.
ListExports
Lists all exported output values in the account and region in which you call this
action.
Use this action to see the exported output values that you can import into other
stacks.

To import values, use the Fn::ImportValue function.


ListImports
Lists all stacks that are importing an exported output value.

To modify or remove an exported output value, first use this action to see which
stacks are using it.
ListStackInstances
Returns summary information about stack instances that are associated with the
specified stack set.

You can filter for stack instances that are associated with a specific AWS account
name or region.
ListStackResources
Returns descriptions of all resources of the specified stack.
ListStacks
Returns the summary information for stacks whose status matches the specified
StackStatusFilter.

Summary information for stacks that have been deleted is kept for 90 days after the
stack is deleted.

If no StackStatusFilter is specified, summary information for all stacks is returned


(including existing stacks and stacks that have been deleted).
ListStackSetOperationResults
Returns summary information about the results of a stack set operation.
ListStackSetOperations
Returns summary information about operations performed on a stack set.
ListStackSets
Returns summary information about stack sets that are associated with the user.
SetStackPolicy
Sets a stack policy for a specified stack.
SignalResource
Sends a signal to the specified resource with a success or failure status.

You can use the SignalResource API in conjunction with a creation policy or update
policy.

AWS CloudFormation doesn't proceed with a stack creation or update until


resources receive the required number of signals or the timeout period is exceeded.

The SignalResource API is useful in cases where you want to send signals from
anywhere other than an Amazon EC2 instance.
StopStackSetOperation
Stops an in-progress operation on a stack set and its associated stack instances.
UpdateStack
Updates a stack as specified in the template. After the call completes successfully,
the stack update starts.
UpdateStackInstances
Updates the parameter values for stack instances for the specified accounts, within
the specified regions.

A stack instance refers to a stack in a specific account and region.


UpdateStackSet
Updates the stack set and all associated stack instances.
UpdateTerminationProtection
Updates termination protection for the specified stack.

If a user attempts to delete a stack with termination protection enabled, the operation
fails and the stack remains unchanged.
ValidateTemplate
Validates a specified template.

AWS CloudFormation first checks if the template is valid JSON.

If it isn't, AWS CloudFormation checks if the template is valid YAML.

If both these checks fail, AWS CloudFormation returns a template validation error.
Intrinsic Function Reference
AWS CloudFormation provides several built-in functions that help you manage your
stacks.

Use intrinsic functions in your templates to assign values to properties that are not
available until runtime.

You can use intrinsic functions only in specific parts of a template. Currently, you can
use intrinsic functions in resource properties, outputs, metadata attributes, and
update policy attributes.

You can also use intrinsic functions to conditionally create stack resources.
Template - Format Version
The AWSTemplateFormatVersion section (optional) identifies the capabilities of the
template.

The latest template format version is 2010-09-09 and is currently the only valid
value.

The AWSTemplateFormatVersion section (optional) identifies the capabilities of the


template.

The latest template format version is 2010-09-09 and is currently the only valid
value.
Template - Description
The Description section (optional) enables you to include arbitrary comments about
your template.
The Description must follow the AWSTemplateFormatVersion section.

The value for the description declaration must be a literal string that is between 0
and 1024 bytes in length.

You cannot use a parameter or function to specify the description.


Template - Metadata
You can use the optional Metadata section to include arbitrary JSON or YAML
objects that provide details about the template.

During a stack update, you cannot update the Metadata section by itself. You can
update it only when you include changes that add, modify, or delete resources.
Template - Metadata Keys
Some AWS CloudFormation features retrieve settings or configuration information
that you define from the Metadata section. You define this information in the
following AWS CloudFormation-specific metadata keys:

AWS::CloudFormation::Init
Defines configuration tasks for the cfn-init helper script. This script is useful for
configuring and installing applications on EC2 instances.

AWS::CloudFormation::Interface
Defines the grouping and ordering of input parameters when they are displayed in
the AWS CloudFormation console. By default, the AWS CloudFormation console
alphabetically sorts parameters by their logical ID.

AWS::CloudFormation::Designer
Describes how your resources are laid out in AWS CloudFormation Designer
(Designer). Designer automatically adds this information when you use it create and
update templates.
Template - Parameters
Use the optional Parameters section to customize your templates. Parameters
enable you to input custom values to your template each time you create or update a
stack.

You use the Ref intrinsic function to reference a parameter, and AWS
CloudFormation uses the parameter's value to provision the stack.

You can reference parameters from the Resources and Outputs sections of the
same template.

You can have a maximum of 60 parameters in an AWS CloudFormation template.

Each parameter must be given a logical name (also called logical ID), which must be
alphanumeric and unique among all logical names within the template.

Each parameter must be assigned a parameter type that is supported by AWS


CloudFormation.

Each parameter must be assigned a value at runtime for AWS CloudFormation to


successfully provision the stack. You can optionally specify a default value for AWS
CloudFormation to use unless another value is provided.

Parameters must be declared and referenced from within the same template. You
can reference parameters from the Resources and Outputs sections of the template.
Template - Mappings
The optional Mappings section matches a key to a corresponding set of named
values.

For example, if you want to set values based on a region, you can create a mapping
that uses the region name as a key and contains the values you want to specify for
each specific region.

You use the Fn::FindInMap intrinsic function to retrieve values in a map.


Template - Conditions
The optional Conditions section includes statements that define when a resource is
created or when a property is defined.

Based on the result of that condition, you can conditionally create resources.

If you have multiple conditions, separate them with commas.

You might use conditions when you want to reuse a template that can create
resources in different contexts, such as a test environment versus a production
environment.
Template - Transform
The optional Transform section specifies one or more transforms that AWS
CloudFormation uses to process your template.

The Transform section builds on the simple, declarative language of AWS


CloudFormation with a powerful macro system.

AWS CloudFormation transforms help simplify template authoring by condensing the


expression of AWS infrastructure as code and enabling reuse of template
components.

AWS CloudFormation supports AWS::Serverless and AWS::Include transform types.

To declare multiple transforms, use a list format and specify one or more
AWS::Include transforms and (optionally) an AWS::Serverless transform.
Template - Resources
The required Resources section declares the AWS resources that you want to
include in the stack, such as an Amazon EC2 instance or an Amazon S3 bucket.
Template - Outputs
The optional Outputs section declares output values that you can import into other
stacks (to create cross-stack references), return in response (to describe stack
calls), or view on the AWS CloudFormation console.

You can declare a maximum of 60 outputs in a template.


Intrinsic Function - Fn::Base64
The intrinsic function Fn::Base64 returns the Base64 representation of the input
string.

This function is typically used to pass encoded data to Amazon EC2 instances by
way of the UserData property.

{ "Fn::Base64" : valueToEncode }
Intrinsic Function - Condition Functions
You can use intrinsic functions, such as Fn::If, Fn::Equals, Fn::And, Fn::Or, and
Fn::Not, to conditionally create stack resources.

These conditions are evaluated based on input parameters that you declare when
you create or update a stack.

After you define all your conditions, you can associate them with resources or
resource properties in the Resources and Outputs sections of a template.
Intrinsic Function - Fn::FindInMap
The intrinsic function Fn::FindInMap returns the value corresponding to keys in a
two-level map that is declared in the Mappings section.

{ "Fn::FindInMap" : [ "MapName", "TopLevelKey", "SecondLevelKey"] }


Intrinsic Function - Fn::GetAtt
The Fn::GetAtt intrinsic function returns the value of an attribute from a resource in
the template.

{ "Fn::GetAtt" : [ "logicalNameOfResource", "attributeName" ] }


Intrinsic Function - Fn::GetAZs
The intrinsic function Fn::GetAZs returns an array that lists Availability Zones for a
specified region.

{ "Fn::GetAZs" : "region" }
Intrinsic Function - Fn::ImportValue
The intrinsic function Fn::ImportValue returns the value of an output exported by
another stack.

You typically use this function to create cross-stack references.

{ "Fn::ImportValue" : sharedValueToImport }
Intrinsic Function - Fn::Join
The intrinsic function Fn::Join appends a set of values into a single value, separated
by the specified delimiter.

If a delimiter is the empty string, the set of values are concatenated with no delimiter.

{ "Fn::Join" : [ "delimiter", [ comma-delimited list of values ] ] }


Intrinsic Function - Fn::Select
The intrinsic function Fn::Select returns a single object from a list of objects by index.

Fn::Select does not check for null values or if the index is out of bounds of the array.
Both conditions will result in a stack error, so you should be certain that the index
you choose is valid, and that the list contains non-null values.

Index must be a value from zero to N-1, where N represents the number of elements
in the array.

{ "Fn::Select" : [ index, listOfObjects ] }


Intrinsic Function - Fn::Split
To split a string into a list of string values so that you can select an element from the
resulting string list, use the Fn::Split intrinsic function.

{ "Fn::Split" : [ "delimiter", "source string" ] }


Intrinsic Function - Fn::Sub
The intrinsic function Fn::Sub substitutes variables in an input string with values that
you specify.

In your templates, you can use this function to construct commands or outputs that
include values that aren't available until you create or update a stack.

{ "Fn::Sub" : [ String, { Var1Name: Var1Value, Var2Name: Var2Value } ] }


Intrinsic Function - Ref
The intrinsic function Ref returns the value of the specified parameter or resource.

When you specify a parameter's logical name, it returns the value of the parameter.

When you specify a resource's logical name, it returns a value that you can typically
use to refer to that resource, such as a physical ID.

For some resources, an identifier is returned that has another significant meaning in
the context of the resource. An AWS::EC2::EIP resource, for instance, returns the IP
address, and an AWS::EC2::Instance returns the instance ID.
Pseudo Parameters
Pseudo parameters are parameters that are predefined by AWS CloudFormation.
You do not declare them in your template. Use them the same way as you would a
parameter, as the argument for the Ref function.
Pseudo Parameters - AWS::AccountId
Returns the AWS account ID of the account in which the stack is being created
Pseudo Parameters - AWS::NotificationARNs
Returns the list of notification Amazon Resource Names (ARNs) for the current
stack.
Pseudo Parameters - AWS::NoValue
Removes the corresponding resource property when specified as a return value in
the Fn::If intrinsic function.
Pseudo Parameters - AWS::Partition
Returns the partition that the resource is in. For standard AWS regions, the partition
is aws. For resources in other partitions, the partition is aws-partitionname. For
example, the partition for resources in the China (Beijing) region is aws-cn.
Pseudo Parameters - AWS::Region
Returns a string representing the AWS Region in which the encompassing resource
is being created, such as us-west-2.
Pseudo Parameters - AWS::StackId
Returns the ID of the stack as specified with the aws cloudformation create-stack
command.
Pseudo Parameters - AWS::StackName
Returns the name of the stack as specified with the aws cloudformation create-stack
command.
Pseudo Parameters - AWS::URLSuffix
Returns the suffix for a domain. The suffix is typically amazonaws.com, but might
differ by region. For example, the suffix for the China (Beijing) region is
amazonaws.com.cn.
Helper Scripts
CloudFormation provides a set of Python helper scripts that you can use to install
software and start services on an EC2 instance.

The helper scripts run on the EC2 instance as part of the stack creation process.

The helper scripts are pre-installed on the latest versions of the Amazon Linux AMI.

The scripts are not executed by default. You must include calls to execute specific
helper scripts.
Helper Scripts - cfn-init
Used to retrieve and interpret the resource metadata, installing packages, creating
files and starting services.
Helper Scripts - cfn-signal
A simple wrapper to signal an AWS CloudFormation CreationPolicy or
WaitCondition, enabling you to synchronize other resources in the stack with the
application being ready.

Send signal to CloudFormation to indicate the stack creation policy succeed or


timeout
Helper Scripts - cfn-get-metadata
A wrapper script making it easy to retrieve either all metadata defined for a resource
or path to a specific key or subtree of the resource metadata.
Helper Scripts - cfn-hup
A daemon to check for updates to metadata and execute custom hooks when the
changes are detected.

which aws tool allows you build the whole stack using templates?
CloudFormation
T/F: Jenkins and puppet and cloudformation can live together nicely.
Yes

erms in this set (24)

What is AWS CloudFormation?


CloudFormation is a service that gives developers and businesses an easy way to create a
collection of related AWS resources and provision them in an orderly and predictable
fashion.
How is CloudFormation difference from Elastic Beanstalk?
These services are designed to complement each other. Elastic Beanstalk provides an
environment to easily deploy and run applications in the cloud. It is integrated with developer
tools and provides a one-stop experience for your to manage the lifecycle of your
applications. CloudFormation is a convenient provisioning mechanism for a broad range of
AWS resources. It supports the infrastructure needs of many different types of applications
such as existing enterprise applications, legacy applications, applications built using a variety
of AWS resources and container-based solutions (including Elastic Beanstalk)

CloudFormation supports Elastic Beanstalk application environments as one of the AWS


resource types. This allows you, for example, to create and manage a Elastic Beanstalk-
hosted application along with an RDS database to store the application data. In addition to
RDS instances, any other supported AWS resource can be added to the group as well.
What new concepts does CloudFormation introduce?
The template: a JSON or YAML-format, text-based file that describes all the AWS resources
you need to deploy to run your application

The stack: the set of AWS resources that are created and managed as a single unit when
CloudFormation instantiates a template.
Can I manage individual AWS resources that are part of an AWS CloudFormation stack?
Yes, CloudFormation does not get in the way; you retain full control of all elements of your
infrastructure. You can continue using all your existing AWS and third-party tools to manage
your AWS resources.
What are the elements of a CloudFormation template?
CloudFormation templates are JSON or YAML-formatted text files that are comprised of five
types of elements:
1) An option list of template parameters (input values supplied at stack creation time)
2) An optional list of output values (e.g. the complete URL to a web application)
3) An optional list of data tables used to lookup static configuration values (e.g., AMI names)
4) The list of AWS resources and their configuration values
5) A template file format version number
How does CloudFormation choose actual resource names?
You can assign logical names to AWS resources in a template. When a stack is created,
CloudFormation binds the logical name to the name of the corresponding actual AWS
resource. Actual resource names are a combination of the stack and logical resource name.
This allows multiple stacks to be created from a template without fear of name collisions
between AWS resources.
Why can't I name all my resources?
Although CloudFormation allows you to name some resources (such as S3 buckets),
CloudFormation doesn't allow this for all resources. Naming resources restricts the
reusability of templates and results in naming conflicts when an update causes a resource to
be replaced. To minimize these issues, CloudFormation will support resource naming on a
case by case basis.
Can I install software at stack creation time using CloudFormation?
Yes. CloudFormation provides a set of application bootstrapping scripts that enable you to
install packages, files, and services on your EC2 instances by simply describing them in your
CloudFormation template.
Can I use CloudFormation with Chef?
Yes, CloudFormation can be used to bootstrap both the Chef Server and Chef Client software
on your EC2 instances.
Can I use CloudFormation with Puppet?
Yes, CloudFormation can be used to bootstrap both the Puppet Master and Puppet Client
software on your EC2 instances.
Does CloudFormation support EC2 tagging?
Yes, EC2 resources that support the tagging feature can also be tagged in an AWS template.
The tag values can refer to template parameters, other resource names, resource attribute
values (e.g. addresses), or values computed by simple functions (e.g. a concatenated list of
strings). CloudFormation automatically tags EBS volumes and EC2 instances with the name
of the CloudFormation stack they are part of.
Do I have access to the EC2 instance, or Auto Scaling Launch Configuration user-data fields?
Yes, you can use simple functions to concatenate string literals and attribute values of the
AWS resources and pass them to user-data fields in your template.
What happens when one of your resources in a stack cannot be created successfully?
By default, the "automatic rollback on error" feature is enabled. This will cause all AWS
resources that CloudFormation created successfully for a stack up to the point where an error
occurred to be deleted. This is useful when, for example, you accidentally exceed your
default limit of EIP addresses, or you don't have access to an EC2 AMI you're trying to run.
This feature enables you to rely on the fact that stacks are either fully created, or not at all,
which simplifies system administration and layered solutions built on top of CloudFormation.
Can stack creation wait for my application to start up?
Yes, CloudFormation provides a WaitCondition resource that acts as a barrier, blocking the
creation on other resources until a completion signal is received from an external source such
as your application, or management system.
Can I save my data when a stack is deleted?
Yes, CloudFormation allows you to define deletion policies for resources in the template.
You can specify that snapshots be created for EBS volumes or RDS database instances before
they are deleted. You can also specify that a resource should be preserved and not deleted
when the stack is deleted.
Can I update my stack after it has been created?
Yes, you can use CloudFormation to modify and update the resource in your existing stacks
in a controlled and predictable way. By using templates to manage your stack changes, you
have the ability to apply version control to your AWS infrastructure just as you do with the
software running on it.
What does the following template do:

{
"Resources" : {
"HelloBucket" : {
"Type" : "AWS::S3::Bucket",
"Properties" : {
"AccessControl" : "PublicRead"
}
}
}
}
Creates an S3 bucket and gives it PublicRead access control. PublicRead is a "Canned ACL"
What does the following template do:

{
"Resources" : {
"HelloBucket" : {
"Type" : "AWS::S3::Bucket",
"Properties" : {
"AccessControl" : "PublicRead",
"WebsiteConfiguration" : {
"IndexDocument" : "index.html",
"ErrorDocument" : "error.html"
}
}
}
}
}
Creates a static S3 website with PublicRead and defines the index and error pages
What does the following template do:

{
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" }, "MyExistingSecurityGroup" ],
"KeyName" : "mykey",
"ImageId" : "ami-7a11e213"
}
},

"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : "0.0.0.0/0"
}]
}
}
}
}
The MyExistingSecurityGroup refers to an existing EC2 security group instead of a security
group declared in the template. You can use literal strings to refer to existing AWS resources.
The Ref function is an intrinsic function that refers to the identifying property of a resource.
What does the following template do:

{
"Resources" : {
"myBucket" : {
"Type" : "AWS::S3::Bucket"
},
"myDistribution" : {
"Type" : "AWS::CloudFront::Distribution",
"Properties" : {
"DistributionConfig" : {
"Origins" : [ {
"DomainName": {"Fn::GetAtt" : ["myBucket", "DomainName"]},
"Id" : "myS3Origin",
"S3OriginConfig" : { }
} ],
"Enabled" : "true",
"DefaultCacheBehavior" : {
"TargetOriginId" : "myS3Origin",
"ForwardedValues" : {
"QueryString" : "false"
},
"ViewerProtocolPolicy" : "allow-all"
}
}
}
}
}
}
This template creates a CloudFront distribution resource that specifies the DNS name of an
S3 bucket resources using Fn::GetAtt function to get the bucket's DomainName attribute. The
Fn::GetAtt function references additional resource attributes as opposed to just the
identifying property returned by the Ref function.
What does the following template do:

"Parameters": {
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access into the WordPress
web server",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"WordPressUser": {
"Default": "admin",
"NoEcho": "true",
"Description" : "The WordPress database admin account user name",
"Type": "String",
"MinLength": "1",
"MaxLength": "16",
"AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*"
},
"WebServerPort": {
"Default": "8888",
"Description" : "TCP/IP port for the WordPress web server",
"Type": "Number",
"MinValue": "1",
"MaxValue": "65535"
}
}
For parameters with default values, CloudFormation uses the default values unless users
specify another value. If you omit the default attribute, users are required to specify a value
for that parameter; however, requiring the user input to input a value does not ensure that the
value is valid. WordPressUser has a default value of "admin", the KeyName has no default. If
the requested parameter is an AWS-specific parameter (e.g. KeyName) CloudFormation
checks that users specify a valid EC2 key pair name before creating the stack.
What does the following template do:

{
"Parameters" : {
"KeyName" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type" : "String"
}
},

"Mappings" : {
"RegionMap" : {
"us-east-1" : {
"AMI" : "ami-76f0061f"
},
"us-west-1" : {
"AMI" : "ami-655a0a20"
},
"eu-west-1" : {
"AMI" : "ami-7fd4e10b"
},
"ap-southeast-1" : {
"AMI" : "ami-72621c20"
},
"ap-northeast-1" : {
"AMI" : "ami-8e08a38f"
}
}
},

"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"KeyName" : { "Ref" : "KeyName" },
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
"UserData" : { "Fn::Base64" : "80" }
}
}
}
}
There are two methods for conditional input that helps a template deploy in multiple regions:
the Mappings object and the AWS::Region pseudo parameter. The AWS::Region pseudo
parameter is a value that CloudFormation resolves as the region where the stack is created.
Pseudo parameters are resolved by CloudFormation when you create the stack. Mappings
enable you to use an input value condition that determines another value. This template maps
the correct AMI to be deployed based on the current region.
"Resources" : {
"ElasticLoadBalancer" : {
"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties" : {
"AvailabilityZones" : { "Fn::GetAZs" : "" },
"Instances" : [ { "Ref" : "Ec2Instance1" },{ "Ref" : "Ec2Instance2" } ],
"Listeners" : [ {
"LoadBalancerPort" : "80",
"InstancePort" : { "Ref" : "WebServerPort" },
"Protocol" : "HTTP"
} ],
"HealthCheck" : {
"Target" : { "Fn::Join" : [ "", ["HTTP:", { "Ref" : "WebServerPort" }, "/"]]},
"HealthyThreshold" : "3",
"UnhealthyThreshold" : "5",
"Interval" : "30",
"Timeout" : "5"
}
}
}
}
In this template, the Fn::Join function constructs the Target sub-property of the HealthCheck
property for the ElasticLoadBalancer resource by concatenating the WebServerPort
parameter with other literal strings to form the value needed. Fn::Join function takes two
parameters, a delimiter that separates the values you want to concatenate and an array of
values in the order that you want them to appear. In this example, if the WebServerPort had a
port value of 8888 the Fn::Join would yield: HTTP:888/
What is the AWSTemplateFormatVersion and Description?
AWSTemplateFormatVersion is simply the version of the template formate - if you don't
specify it CloudFormation will use the latest version. The Description is any valid JSON or
YAML string. This description appears in the Specify Parameters page of the Create Stack
wizard.

Terms in this set (120)

What is true about Regions? (Choose 2)

A. All regions are located in one specific geographic area


B. Resources are replicated across all regions by default
C. Physical location of your customers
D. Physical location with multiple availability zones
E. Each region is located in separate geographic area
D, E
Which of the following AWS tools help your application scale up or down based on
demand? (Choose 2)
A. AWS CloudFormation
B. Auto Scaling
C. Auto Availability Zones
D. Agile Load Balancing
E. Elastic Load Balancing
B, E
Which of the following are NOT a benefit of AWS cloud computing? (Choose 2)

A. Multiple procurement cycles


B. Fault tolerant databases
C. High latency
D. Temporary and disposable resources
E. High availability
A, E
Which of the following is NOT an advantage of cloud computing over on-premise
computing?

A. Pay for racking, stacking and powering servers


B. Trade capital expense for variable expense
C. Eliminate guessing on your infrastructure capacity needs
D. Benefit from massive economies of scale increase speed and agility
A
Which of the following are advantages of AWS cloud security? (Choose 2)

A. AWS retains complete control and ownership of your data region


B. You retain complete control and ownership of your data region
C. AWS infrastructure security auditing is periodic and manual
D. AWS uses multi-factor access control systems
E. AWS uses single-factor access control systems
B, D
What is the number one reason customers are switching to cloud computing?

A. Automation
B. Overprovisioning
C. Finite infrastructure
D. Agility
E. Instant Configuration
D
What is the pricing model that allows AWS customers to pay for resources on an as
needed basis?

A. Pay as you go
B. Pay as you reserve
C. Pay as you use
D. Pay as you buy
E. Pay as you own
A
Which of the following is true about security groups? (Choose 2)

A. Acts as a virtual firewall to control inbound and outbound traffic


B. Acts as a virtual firewall to control outbound traffic only
C. Acts as a virtual firewall to control inbound traffic only
D. All inbound traffic is allowed and outbound traffic is denied by default
E. All inbound traffic is denied and outbound traffic is allowed by default
A, D
Which of the following statements are true about Availability Zones? (Choose 2)

A. A single zone equals a single data center


B. Multiple zones are physically connected on the same grid
C. Multiple zones are connected by low latency network links
D. Multiple zones will fail if one zone fails
E. A single zone can span multiple data centers
C, E
Which of the following is NOT an AWS region?

A. Oregon
B. Ireland
C. Moscow
D. Frankfurt
E. Virginia
C
How does an edge location help end users?

A. Increases latency
B. Reduces power consumption
C. Increases storage
D. Reduces latency
E. Reduces scaling
D
What AWS tool utilizes edge location to cache content and reduce latency>

A. EC2 Instances
B. AWS CloudFront
C. EBS storage
D. RDS
E. VPCs
B
Which service should an administrator use to register a new domain name with
AWS?

A. Amazon Route 53
B. Amazon CloudFront
C. Elastic load Balancing
D. Amazon Virtual Private Cloud (Amazon VPC)
A
Which of the following is a benefit of running an application across two Availability
Zones?

A. Performance is improved over running in a single Availability Zone


B. It is more secure than running in a single Availability Zone
C. It significantly reduces the total cost of ownership versus running in a single
Availability Zone
D. It increases the availability of an application compared to running in a single
Availability Zone
D
Which service allows an administrator to create and modify AWS user Permissions?

A. AWS Config
B. AWS CloudTrail
C. AWS Key Management Service (AWS KMS)
D. AWS Identity and Access Management (IAM)
D
Where can a customer go to get more detail about Amazon Elastic Cloud (Amazon
EC2) billing activity that took place 3 months ago?

A. Amazon EC2 dashboard


B. AWS Cost and Usage reports
C. AWS Trusted Advisor dashboard
D. AWs CloudTrail logs stored in Amazon Simple Storage Service (Amazon S3)
D
Which of the following security requirements are managed by AWS customer?
(Select 2)

A. Password policies
B. User permissions
C. Physical Security
D. Disk disposal
E. Hardware patching
A, B
Which of the following services uses AWS edge locations?

A. Amazon Virtual Private Cloud (Amazon VPC)


B. Amazon CloudFront
C. Amazon Elastic Compute Cloud (Amazon EC2)
D. AWS Storage Gateway
B
The main benefit of decoupling an application is to

A. Create a tightly integrated application


B. Reduce inter-dependencies so failures do not impact other components
C. Enable data synchronization across the web application layer
D. Have the ability to execute automated bootstrapping actions
B
What is the value of having AWS Cloud services accessible through an Application
Programming interface (API)?

A. Cloud resources can be managed programmatically


B. AWS infrastructure use will always be cost-optimized.
C. Al application testing is managed by AWS
D. Customer-owned, on-premises infrastructure becomes programmable
A
Which service allows for the collection and tracking of metrics for AWS services?

A. Amazon CloudFront
B. Amazon CloudSearch
C. Amazon CloudWatch
D. Amazon Machine Learning (Amazon ML)
C
Which AWS services can be used to store files? (Select Two)

A. Amazon CloudWatch
B. Amazon Simple Storage Service (Amazon S3)
C. Amazon Elastic Block Store (Amazon EBS)
D. AWS config
E. Amazon Athena
B, C
Which AWS Cloud service is used to turn on Multi-Factor Authentication (MFA)?

A. AWS Identity and Access Management (IAM)


B. Amazon Elastic Compute Cloud (Amazon EC2)
C. AWS Config
D. Amazon Inspector
A
What AWS feature enables a user to manage services through a web-based user
interface?

A. AWS Management Console


B. AWS Application Programming interface (API)
C. AWS Software Development Kit (SDK)
D. Amazon CloudWatch
A
Amazon Elastic Compute Cloud (Amazon EC2) Spot instances are appropriate for
which of the following workloads?

A. Workloads that are only run in the morning and stopped at night
B. Workloads where the availability of the Amazon EC2 instances can be flexible
C. Workloads that need to run for long periods of time without interruption
D. Workloads that are critical and need Amazon EC2 instances with termination
protection
B
Which AWS service provides infrastructure security optimization recommendations?

A. AWS Price List Application Programming interface (API)


B. Reserved instances
C. AWS Trusted Advisor
D. Amazon Elastic Compute Cloud (Amazon EC2) Spot Fleet
C
Which AWS service automates infrastructure provisioning and administrative tasks
for an analytical data warehouse?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon ElasticCache
D. Amazon Aurora
A
A company needs to know which user was responsible for terminating several critical
Amazon Elastic Compute Cloud (Amazon EC2) instances.

A. AWS Trusted Advisor


B. Amazon EC2 instance usage report
C. Amazon CloudWatch
D. AWS CloudTrail logs
D
Which of the following is the responsibility of the AWS customer according to the
Shared Security Model?

A. Managing AWS Identity and Access Management (IAM)


B. Securing edge locations
C. Monitoring physical device security
D. Implementing Service Organization Control (SOC) standards
A
Which tool can display the distribution of AWS spending?

A. AWS Organizations
B. Amazon DevPay
C. AWS Trusted Advisor
D. AWS Cost Explorer
D
Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon EC2)
over physical servers?

A. Automated backup
B. Paying only for what you use
C. The ability to choose hardware vendors
D. Root/administrator access
B
How can the AWS Management Console be secured against unauthorized access?

A. Apply Multi-Factor Authentication (MFA)


B. Set up a secondary password
C. Request root access privileges
D. Disable AWS console access
A
Systems applying the cloud architecture principle of elasticity will

A. Minimize storage requirements by reducing logging and auditing activities


B. Create systems that scale to the required capacity based on changes in demand
C. Enable AWS to automatically select the most cost-effective services
D. Accelerate the design process because recovery from failure is automated,
reducing the need for testing
B
Which of the following is a factor when calculating Total Cost of Ownership (TCO)

A. The number of servers migrated to AWS


B. The number of users migrated to AWS
C. The number of passwords migrated to AWS
D. The number of keys migrated to AWS
A
Who has control of the data in an AWS account?

A. AWS Support Team


B. AWS Account Owner
C. AWS Security Team
D. AWS Technical Account Manager (TAM)
B
A disaster recovery strategy on AWS should be based on launching infrastructure in
a separate

A. Subnet
B. AWS Region
C. AWS edge location
D. Amazon Virtual Private Cloud (Amazon VPC)
B
Which of the following examples supports the cloud design principle "design for
failure and nothing will fail?"

A. Adding an elastic load balancer in front of a single B. Amazon Elastic Compute


Cloud (Amazon EC2) instance
B. Creating and deploying the most cost-effective solution
C. Deploying an application in multiple Availability Zones
D. Using Amazon CloudWatch alerts to monitor performance
C
Why is AWS more economical than traditional data centers for applications with
varying compute workloads?

A. Amazon Elastic Compute Cloud (Amazon EC2) costs are billed on a monthly
basis.
B. Customers retain full administrative access to their Amazon EC2 instances.
C. Amazon EC2 instances can be launched on-demand when needed.
D).Customers can permanently run enough instances to handle peak workloads.
C
Which AWS service would simplify migration of a database to AWS?

A. AWS Storage Gateway


B. AWS Database Migration Service (AWS DMS)
C. Amazon Elastic Compute Cloud (Amazon EC2)
D. Amazon AppStream 2.0
B
Which AWS offering enables customers to find, buy, and immediately start using
software solutions in their AWS environment?
A. AWS Config
B. AWS OpsWorks
C. AWS SDK
D. AWS Marketplace
D
Which AWS networking service enables a company to create a virtual network within
AWS?

A. AWS Config
B. Amazon Route 53
C. AWS Direct Connect
D. Amazon Virtual Private Cloud (Amazon VPC)
D
Which of the following is AWS's responsibility under the AWS shared responsibility
model?

A. Configuring third-party applications


B. Maintaining physical hardware
C. Securing application access and data
D. Managing custom Amazon Machine Images (AMIs)
B
Which component of AWS global infrastructure does Amazon CloudFront use to
ensure low-latency delivery?

A. AWS Regions
B. AWS edge locations
C. AWS Availability Zones
D. Amazon Virtual Private Cloud (Amazon VPC)
B
How would a system administrator add an additional layer of login security to a
user's AWS Management Console?

A. Use AWS Cloud Directory


B. Audit AWS Identity and Access Management (IAM) roles
C. Enable Multi-Factor Authentication
D. Enable AWS CloudTrail
C
Which service can identify the user that made the API call when an Amazon Elastic
Compute Cloud (Amazon EC2) instance is terminated?

A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS X-Ray
D. AWS Identity and Access Management (AWS IAM)
B
Which service would you use to send alerts based on Amazon CloudWatch alarms?

A. Amazon Simple Notification Service (Amazon SNS)


B. AWS CloudTrail
C. AWS Trusted Advisor
D. Amazon Route 53
A
Where can a customer find information about prohibited actions on AWS
infrastructure?

A. AWS Trusted Advisor


B. AWS Identity and Access Management (IAM)
C. AWS Billing Console
D. AWS Acceptable Use Policy
D
Which of the following best describes EBS?

A. A managed database service


B. A NoSQL database service
C. A bitcoin-mining service
D. A virtual hard-disk in the cloud
D
Which of the following best describes Availability Zones?

A. Two zones containing compute resources that are designed to automatically


maintain synchronized copies of each other's data.

B. A Content Distribution Network used to deliver content to users.

C. Distinct locations from within an AWS region that are engineered to be isolated
from failures.

D. Restricted areas designed specifically for the creation of Virtual Private Clouds.
C
There are at least _______ Availability Zones per AWS Region.

A. 3
B. 4
C. 2
D. 1
C
IAM policies are written using ________.

A. SGML
B. XML
C. SAML
D. JSON
D
True or False: Access Control Lists are used to make entire buckets (like one
hosting an S3 website) public.

A. False
B. True
A
True or False: To restrict access to an entire bucket, you use bucket control lists;
and to restrict access to an individual object, you use object policies.

A. False
B. True
A
Which of the following are types of cloud computing deployments? (Choose 3)

A. Hybrid cloud
B. Mixed cloud
C. Public cloud
D. Private cloud
A, C, D
True or False: Objects stored in S3 are stored in a single, central location within
AWS.

A. True
B. False
B
True or False: S3 can be used to host a dynamic website, like one that runs on a
LAMP stack.

A. True
B. False
B
In which of the following is CloudFront content cached?

A. Availability Zone
B. Region
C. Edge Location
D. Data Center
C
Which of the following are advantages of cloud computing? (Choose 4)

A. Elasticity - you need not worry about capacity.


B. Requires large amounts of capital
C. Variable expense
D. Increased speed and agility
E. The ability to 'go global' in minutes
A, C, D, E
True or False: There are more Regions than there are Availability Zones.

A. True
B. False
B
True or False: S3 is object storage suitable for the storage of 'flat' files like Word
documents, photos, etc.
A. True
B. False
A
Which of the following are characteristics of cloud computing? (Choose 3)

A. On-demand delivery
B. Cloud charges are capital expenditures.
C. Services are delivered via the Internet.
D. Pay-as-you-go pricing
A, C, D
Which of the following is correct?

A. # of Availability Zones > # of Regions > # of Edge Locations


B.# of Availability Zones > # of Edge Locations > # of Regions
C. # of Edge Locations > # of Availability Zones > # of Regions
D. # of Regions > # of Availability Zones > # of Edge Locations
C
Which of the following best describes an AWS Region?

A. A collection of data centers that is spread evenly around a specific continent.


B. A console that gives you a quick, global picture of your cloud computing
environment.
C. A collection of databases that can only be accessed from a specific geographic
region.
D. A distinct location within a geographic area designed to provide high availability to
a specific geography.
D
True or False: Both you and a friend can have an S3 bucket called 'mytestbucket'.

A. True
B. False
B
Which of the following AWS Support levels offers the assistance of a Technical
Account Manager?

A. Elite
B. Enterprise
C. Business
D. Developer
B
True or False: A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic
Load Balancer, or Route 53.

A. True
B. False
A
Which of the following are valid access types for an IAM user? (Choose 3)

A. Emergency access via Identity Access Management (IAM)


B. Using the AWS Software Developers Kit
C. Security Group access via the AWS command line
D. Programmatic access via the command line
E. AWS Management Console access
B, D, E
Which of the following is the document used to grant permissions to users, groups,
and roles?

A. Paradigm
B. Passbook
C. Policy
D. Protocol
C
True or False: S3 Transfer Acceleration uses AWS' network of Availability Zones to
more quickly get your data into AWS.

A. False
B. True
A
True or False: Identity Access Management (IAM) is a Regional service.

A. True
B. False
B
Which of the following EC2 options is best for long-term workloads with predictable
usage patterns?

A. Reserved instances
B. On-Demand instances
C. Spot instances
D. Dedicated Host
A
True or False: A Distribution is what we call a series of Edge Locations that make up
CDN.

A. True
B. False
A
Which of the following AWS Support levels offers 24x7 support via phone or chat?

A. Developer
B. Basic
C. Business
D. Individual
C
Which of the following are steps you should take in securing your AWS account?
(Choose 3)

A. Use Groups to assign permissions to IAM users.


B. Activate Multifactor Authentication (MFA) on your root account.
C. Create individual IAM users.
D. Create a Root IAM role.
A, B, C
Which of the following data archival services is extremely inexpensive, but has a
several hour data-retrieval window?

A. S3-1Zone-IA
B. S3-IA
C. Glacier
D. S3
E. S3-RRS
C
Amazon Lightsail is an example of which of the following?

A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
D. Functions as a Service
B
Which of the following are Support Levels offered by AWS? (Choose 3)

A. Individual
B. Business
C. Developer
D. Start-up
E. Basic
B, C, E
Which of the following are not valid CloudFormation template sections?

A. Outputs
B. Options
C. Parameters
D. Resources
B
Choose the features of Consolidated Billing. (Choose 3)

A. Account charges can be tracked individually


B. Multiple standalone accounts are combined and may reduce your overall bill
C. Charging is based per VPC
D. A single bill is issued containing the charges for all AWS Accounts
A, B, D
Which of the following EC2 instance types will realize a savings over time in
exchange for a contracted term-of-service?

A. On-demand instances
B. Reserved instances
C. Spot instances
D. Discount instances
B
Which of the following Route 53 policies allow you to a) route data to a second
resource if the first is unhealthy, and b) route data to resources that have better
performance?

A. Failover Routing and Latency-based Routing


B. Failover Routing and Simple Routing
C. Geoproximity Routing and Geolocation Routing
D. Geolocation Routing and Latency-based Routing
A
Which of the following support plans features access to AWS Support during
business hours via email?

A. Enterprise
B. Business
C. Developer
D. Basic
C
True or False: With Consolidated Billing, the Paying Account can make changes to
any of the resources owned by a Linked Account.

A. False
B. True
A
Which of the following support plans features a < 4-hour response time in the event
of an impaired production system?

A. Developer
B. Basic
C. Business
D. Individual
C
Which of the following is not a fundamental AWS charge?

A. Data-in
B. Storage
C. Compute
D. Data-out
A
Which of the following AWS services are free to use? (Choose 5)

A. EC2
B. RDS
C. S3
D. CloudFormation
E. Elastic Beanstalk
F. Route53
G. Auto-Scaling
H. VPC
I. EBS
J. IAM
D, E, G, H, J
Which of the following are criteria affecting your billing for RDS? (Choose 3)

A. Standby time
B. Data transfer in
C. Additional storage
D. Number of requests
E. Clock hours of server time
C, D, E
Which of the following best describes a Resource Group?

A. A resource group is a collection of resources that are deployed in the same AWS
Region.
B. A resource group is a collection of resources that share one or more tags (or
portions of tags.)
C. A resource group is a collection of resources of the same type (EC2, S3, etc.) that
are deployed in the same Availability Zone.
D. A resource group is a collection of resources of the same type (EC2, S3, etc.) that
share one or more tags or portions of tags.
B
Which of the following are valid EC2 pricing options? (Choose 2)

A. Enterprise
B. On-Demand
C. Stop
D. Reserved
B, D
By default, what is the maximum number of Linked Accounts per Paying Account
under Consolidated Billing?

A. 10
B. 50
C. 20
D. 100
C
True or False: The Standard version of AWS Shield offers automated application
(layer 7) traffic monitoring.

A. True
B. False
B
You need to use an AWS service to assess the security and compliance of your EC2
instances. Which of the following services should you use?

A. AWS Trusted Advisor


B. AWS Inspector
C. AWS Shield
D. AWS WAF
B
Which of the following Compliance certifications attests to the security of the AWS
platform regarding credit card transactions?

A. SOC 1
B. ISO 27001
C. SOC 2
D. PCI DSS Level 1
D
The AWS Web Application Firewall can go down to which of the following OSI
layers?

A. 7
B. 6
C. 4
D. 5
A
Which of the following AWS services can help you assess the fault-tolerance of your
AWS environment?

A. AWS Trusted Advisor


B. AWS Inspector
C. AWS WAF
D. AWS Shield
A
True or False: It's safer to use Access Keys than it is to use IAM roles.

A. False
B. True
A
Which of the following Compliance guarantees attests to the fact that the AWS
Platform has met the standard required for the secure storage of medical records in
the US?

A. HITECH
B. HIPPA
C. GLBA
D. FERPA
B
True or False: Security in the cloud is the responsibility of AWS.

A. True
B. False
B
Which of the following is AWS' managed DDoS protection service?

A. AWS WAF
B. Security Groups
C. AWS Shield
D. Access Control Lists
C
Which of the following services will help you optimize your entire AWS environment
in real time following AWS best practices?

A. AWS Trusted Advisor


B. AWS Shield
C. AWS WAF
D. AWS Inspector
A
True or False: With AWS Organizations, you can use either just the Consolidated
Billing feature, or all the offered features.

A. True
B. False
A
You have a project that will require 90 hours of computing time. There is no deadline,
and the work can be stopped and restarted without adverse effect. Which of the
following computing options offers the most cost-effective solution?

A. Reserved instances
B. On-demand instances
C. ECS instances
D. Spot instances
D
Which of the following are AWS compute services? (Choose 2)

A. SNS
B. Lambda
C. EBS
D. EC2
B, D
Which of the following is AWS' Data Warehousing service?

A. Elastic Map Reduce


B. Snowball
C. S3 Big Data
D. Redshift
D
You have a mission-critical application which must be globally available at all times.
Which deployment strategy should you follow?

A. Multi-VPC in two AWS Regions


B. Deploy to all Availability Zones in your home region.
C. Multi-Availability Zone
D. Multi-Region
D
Which of the following are principles of sound cloud design? (Choose 4)

A. Disposable resources
B. Infrastructure as code
C. Assume everything will fail.
D. Treat your servers like pets, not cattle.
E. Limit the number of 3rd-party services.
F. Tightly-coupled components
G. Scalability
A, B, C, G
Your Development team uses four on-demand EC2 instances and your QA team has
5 reserved instances, only three of which are being used. Assuming all AWS
accounts are under a single AWS Organization, how will the Development team's
instances be billed?

A. The pricing for the reserved instances will shift from QA to Dev.
B. All the Dev team's instances will be billed at the on-demand rate.
C. All the Dev instances will be billed at the reserved instance rate.
D. The Dev team will be billed for two instances at on-demand prices and two
instances at the reserved instance price.
D
You need to implement an automated service that will scan your AWS environment
with the goal of both improving security and reducing costs. Which service should
you use?

A. Config Rules
B. Trusted Advisor
C. Service Catalog
D. CloudTrail
B
Which of the following AWS services can assist you with cost optimization?

A. AWS WAF
B. AWS Inspector
C. AWS Trusted Advisor
D. AWS Shield
C
Which of the following support services do all accounts receive as standard?

A. 24/7 support via phone and chat


B. Technical support
C. Billing support
D. Technical Account Manager
C
Which of the following AWS services should you use to migrate an existing database
to AWS?

A. Route 53
B. Storage Gateway
C. SNS
D. DMS
D
Which of the following AWS services should you use if you'd like to be notified when
you have crossed a billing threshold? (Choose 2)
A. AWS Bugdet
B. Trusted Advisor
C. CloudWatch
D. AWS Cost Allocation
A, C
Which of the following support plans features unlimited (customer-side) contacts and
unlimited support cases? (Choose 2)

A. Basic
B. Enterprise
C. Developer
D. Business
B, D
Which native AWS service will act as a file system mounted on an S3 bucket?

A. Amazon Elastic File System


B. AWS Storage Gateway
C. Amazon S3
D. Amazon Elastic Block Store
B
Which of the following is AWS' managed database service that is up to 5X faster
than a traditional MySQL database.

A. MariaDB
B. PostgreSQL
C. Aurora
D. DynamoDB
C
Which AWS service allows you to run code without having to worry about
provisioning any underlying resources (such as virtual machines, databases etc.)

A. EC2
B. Lambda
C. DynamoDB
D. EC2 Container Service
B
Under the Shared Responsibility model, for which of the following does AWS not
assume responsibility?

A. Hypervisors
B. Networking
C. Customer data
D. Physical security of AWS facilities
C
Which of the following is not a feature of AWS Organizations?

A. Grouping all of your AWS accounts into Organisational Units (OUs) as part of a
hierarchy
B. Hierarchical based control over groups of IAM users and roles, within multiple
Accounts
C. AWS accounts which are members of an Organization can have the benefit of
Consolidated Billing
D. Granular configuration of Security Groups within a VPC
D
You need to host a file in a location that's publicly accessible from anywhere in the
world. Which AWS service would best meet that need?

A. S3
B. EC2
C. EBS
D. RDS
A
Which AWS service is specifically designed to assist you in processing large data
sets?

A. AWS Big Data Processing


B. EC2
C. EMR
D. ElastiCache
C

Terms in this set (13)

CloudFormation
What is it
Cloud Formation
You can track Stack status as CloudFormation builds up your stack and send notifications to
SNS for example
Limits
200 Stacks

NO Limit on number of Templates


Templates
Templates give you the ability to break up your CloudFormation into different components so
that you may have one to create your VPC another to create Data Tier, Application Tier etc.
Chef and Puppet
Both of these integrate with CloudFormation and you can use them with CloudFormation.
Example have CF create your EC2 instances and have Chef put them into some kind of state.
Updating Resources
Not only can CloudFormation create resouces for you it can also update them. Example
change an IAM policy or change an AMI instance. You cannot update every CloudFormation
resource, but there are some that you can.

Updates to metadate can take a while because there is a script called "cfn-hub" which by
default runs every 15 minutes.

Some Examples Updates Allowed


1) Update versions of packages via metadata changes
2) Update AutoScaling Groups
3) Change resource properties like Instance Type
4) Change AMI for our instances.

You can also setup Cloudformation to ask for information to be entered during the creation of
the template/Stack. This is another way of enabling changes into your CloudFormation.
Updating CloudFormation
CloudFormation gives us the ability to update which is great, but this comes with danger also.
When updating new Instances the IDs change and in some cases other resources are using
these id values.

There is the probability that Updates will require downtime to your environment depending
on the update.
Stack Policies
Policy is a JSON document that defines which resource can be updated in the
CloudFormation template. The things that can be updated are not to be changed are the only
thing to be change.
Stack Polices are the same as Bucket Policies or IAM Policies. The use the same format and
use ALLOW and DENY and DENY overrides ALLOW.
Failures
During CloudFormation building there is the possibility of Failure.
During failure the entire Stack gets rolledback.
There is also WAIT conditions you can put in your templates where it waits on some
condition and the condition is never met. You will get a WAIT error during creation.

You can change default behavior NOT to Rollback. This way you can begin debugging what
the problem that occurred and fix it. During Rollback nothing exists for you to determine
what the problem is.

You can have Create Failures, Delete Failures and Update Failures.
RetainResources
This is a CloudFormation parameter that can be set that will allow you to delete Resources
during a CloudFormation failure. This parameter will delete Resources that are Stuck in
DELETE_FAILED because of a Resource that cannot be deleted. RetainResource helps to
remove these stacks that are stuck.

Problem with deleting Stacks during Rollback is because you have nested templates. Nest
templates are when you use templates within templates. Sometime this causes problems.
Common Errors when Building from CloudFormation Template
Dependency Error:
This situation occurs when one of your resources your are building in your template is
dependent on another resource being there. For example an EC2 instance with a public IP
address. The Internet Gateway needs to be attached to the VPC first and this is a dependency
problem.

Insufficient IAM Permissions:


Occurrs when you as an executor of the CloudFormation template does not have permission
to say create a VPC. This goes for all of the resources in AWS.

Invalid Value:
When there is invalid input values in your template
Security Group Does Not Exist:
When you specify a Security Group that was not created by the template and or it does not
exist in the account. Another problem is if you use the Security Group name instead of the
Security Group ID.

Wait Condition:
Sometime you can put Wait Conditions in your templates. And in some situations the Wait
signal is never received by the CloudFormation template creation. This will cause errors.
Wait Conditions in CloudFormation
You can define WaitCondition in your CloudFormation templates that will wait on a certain
condition or signal to be revieved. CREATE_IN_PROGRESS is the state that your resource
will be in waiting for the signal results, which could be a Success or Failure.

With WaitConditions you can have it wait for different resources to be available. Extreme
example is some database in your on-premise to be available. Another example is for an RDS
instance to be up and running before starting one of your services.

Wait is very complex and involved. Not sure need to know indebt.
Disaster Recovery Situation
In a Disaster Recovery Situation you most likely would NOT use CloudFormation during
DR. During DR you need to get your services scaled up and you most likely just need to
increase the size of your instances and start scaling, not run CloudFormation to increase your
instance sizes. This would most like take your systems down, at least for some of them.