As a DevOps engineer, you are updating several AWS CloudFormation scripts to make them resilient against unexpected updates and overwritten passwords.
What ideas are considered recommended practices when it comes to solve these sorts of automation scenarios?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
The question is a clear mention to change sets since there is a need to protect against unexpected updates and overwritten passwords, this is possible in AWS CloudFormation via change sets.
The right order to do this is by creating the change set, listing the change sets to get the ID and then describing it to be able to see the list of changes.
All of these steps do not execute the change set.
When creating the change set, you can use the UsePreviousValue input parameter in order to not overwrite the current password.
Incorrect Answers:
Option B is incorrect because running list-change-sets does not give you the Changes field containing the list that describes the resources AWS CloudFormation changes if you execute the change set, that's possible only via a describe-change-set operation.
Also, there is no UseCurrentValue input parameter for the change set in the create-change-set operation.
Option C is incorrect because a list-change-sets operation does not give you the Changes field containing the list that describes the resources AWS CloudFormation changes if you execute the change set, that's possible only via a describe-change-set operation.
Option D is incorrect because there is no UseCurrentValue input parameter for the change set in the create-change-set operation.
References:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.htmlSure, I can provide a detailed explanation of the recommended practices for solving automation scenarios related to updating AWS CloudFormation scripts to make them resilient against unexpected updates and overwritten passwords.
AWS CloudFormation is a service that allows you to create and manage AWS infrastructure resources in a safe, repeatable way. It uses templates to define the resources you want to provision and the relationships between them. CloudFormation templates are written in JSON or YAML format, and they can be version controlled and shared.
When updating CloudFormation templates, it is important to ensure that the changes do not cause unexpected updates or overwrite important passwords. To achieve this, the recommended practices include:
Create a change set: A change set is a summary of the changes that CloudFormation will make to a stack if you execute the change. Creating a change set allows you to preview the changes before executing them, which can help you catch any unexpected updates or overwritten passwords. You can create a change set using the create-change-set API.
List change sets: You can use the list-change-sets API to get a list of all the change sets for a stack. This can help you keep track of the changes that have been made to the stack over time.
Describe change set: You can use the describe-change-set API to get the details of a specific change set. This includes the list of resources that will be affected by the change set, which can help you identify any potential issues.
Set a stack policy: A stack policy is a JSON document that specifies the rules for updating a stack. You can use a stack policy to prevent updates to certain resources or to require specific parameters to be set. To set a stack policy, you can use either the StackPolicyBody or StackPolicyURL parameters.
UsePreviousValue input parameter: When creating a change set, you can use the UsePreviousValue input parameter to specify that the previous value of a parameter should be used. This can help prevent passwords from being overwritten.
Based on the above recommended practices, option A is the correct answer. Option A correctly lists the steps to create a change set, list change sets, describe a change set, set a stack policy, and use the UsePreviousValue input parameter to prevent overwritten passwords.
Option B is incorrect because it suggests using the UseCurrentValue input parameter instead of the UsePreviousValue input parameter, which would not prevent overwritten passwords.
Option C is incorrect because it lists the steps in the wrong order and also suggests using the UsePreviousValue input parameter to prevent overwritten passwords.
Option D is incorrect because it suggests using the UseCurrentValue input parameter instead of the UsePreviousValue input parameter, which would not prevent overwritten passwords. Additionally, it does not include the step to list change sets.