You have created two AWS CloudFormation stacks in the AWS region us-east-1
Stack A has exported the resource output for a security group.
Stack B uses the Fn::ImportValue intrinsic function to import the exported value in its template.
Both stacks are in the CREATE_COMPLETE status.
Now you would need to perform some actions on these stacks.
Which of the following actions can you perform successfully?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D.
Option A is incorrect because there are some limitations if there is a cross-stack reference between two CloudFormation stacks.
Stack A cannot be deleted as it has a resource output that is referenced by stack.
B.Option B is incorrect because you cannot modify the output value that is referenced by another stack.
This operation will fail.
Option C is incorrect because this is similar as Option.
B.
You cannot remove the output value that is referenced by another stack.
Option D is CORRECT because you can update stack B to remove the cross-stack reference.
This operation is allowed.
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-crossstackref.htmlThe scenario presented in this question involves two AWS CloudFormation stacks, Stack A and Stack B, both of which are in the CREATE_COMPLETE status. Stack A has exported a resource output for a security group, and Stack B uses the Fn::ImportValue intrinsic function to import the exported value in its template. The question asks which actions can be performed successfully on these stacks.
A. Delete stack A using AWS console as the created resources in stack A are no longer needed in the region.
This action is valid and can be performed successfully as the created resources in stack A are no longer needed. However, it will result in Stack B's template being unable to retrieve the security group output from Stack A, causing Stack B's stack creation/update to fail.
B. In stack A, update the resource output value as the security group needs to change its name.
This action is valid and can be performed successfully, as Stack A can be updated to change the name of the exported security group output. Stack B's stack creation/update will use the updated security group output from Stack A, assuming that the updated output still meets Stack B's requirements.
C. Update stack A to remove the resource output that is referenced by stack B.
This action is not valid and cannot be performed successfully, as Stack B relies on the resource output from Stack A. If the output is removed from Stack A, Stack B will be unable to retrieve the security group output from Stack A, causing Stack B's stack creation/update to fail.
D. Update stack B to remove the cross-stack reference so that stack B does not import the resource output from stack A.
This action is valid and can be performed successfully, as Stack B's cross-stack reference to Stack A can be removed. However, Stack B's stack creation/update will no longer be able to retrieve the security group output from Stack A, causing Stack B's stack creation/update to fail.
In summary, the only action that can be performed successfully without causing Stack B's stack creation/update to fail is to update Stack A's resource output value to change the name of the security group.