A CloudFormation stack has included several AWS resources including EC2 instances.
Previously, it used a mapping table to manage AMI IDs for different regions and instance types.
During the creation of the EC2 resource, the AMI ID is received from the function of "Fn::FindInMap"
However, you have to correct the mapping table for this approach whenever there is a new AMI ID available.
You are looking at other better approaches to fetch the updated AMIs automatically.
A Lambda function is already deployed by you to get the latest AMI with the region and instance type as the input.
What is the best way to use the Lambda function to achieve this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer - B.
This case asks for the best approach to use the Lambda.
That means that it is possible several options may work in theory.
However, we need to find out the option that needs less manual involvement and is more straightforward to implement.
Option A is incorrect: Because the user has to maintain another script and run that manually, which is unsuitable for this task.
Option B is CORRECT: Because the Custom resource can work with Lambda to get the required AMI ID and then continue the EC2 resource creation based on that.
Refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html for the details.
Option C is incorrect: This option is similar to Option.
B.
However, firstly it should be the property of ServiceToken instead of RequestId for Custom resource.
Secondly, the ARN of Lambda function should be used:
"AMICustomResource": {
"Type": "Custom::AMICustomResource",
"Properties": {
"ServiceToken": { "Fn::GetAtt" : ["AMILambdaFunction", "Arn"] },
"Region": { "Ref": "AWS::Region" },
"Architecture": { "Fn::FindInMap" : [ "EC2InstanceTypeToArch", { "Ref" : "InstanceType" }, "Arch" ] }
}
Option D is incorrect: Because the Lambda function has to run manually at first, which is inappropriate.
And for the CloudFormation stack, it cannot guarantee that the value in Parameter Store is the newest one.
The best approach to use the Lambda function to fetch the updated AMIs automatically in a CloudFormation stack is to create a custom resource in the CloudFormation template and associate the Lambda function with it by specifying the Amazon Resource Name (ARN) of the Lambda function for the ServiceToken property. This approach is provided by option C.
Here is a detailed explanation of each option:
A. Before updating/creating the CloudFormation stack, use a shell script to run the Lambda function to get the correct AMI ID.
This option is not the best way to fetch the updated AMIs automatically because it requires manual intervention to run the script every time a new AMI ID is available. Also, it doesn't use the CloudFormation template to automate the process.
B. Use the ID as a parameter for the CloudFormation template.
This option is a step in the right direction, but it still requires manual intervention to update the CloudFormation stack with the new AMI ID parameter value. The CloudFormation template should automate this process.
C. Create a custom resource in the CloudFormation template. Associate the Lambda with the custom resource by specifying the Amazon Resource Name (ARN) of the Lambda function for the ServiceToken property.
This option is the best approach because it automates the process of fetching the updated AMIs automatically. A custom resource is a way to extend CloudFormation templates with custom actions, such as invoking a Lambda function. In this case, the custom resource will invoke the Lambda function to get the latest AMI ID based on the region and instance type. The Lambda function will return the latest AMI ID, which will be used in the CloudFormation stack. By specifying the Lambda function's ARN in the ServiceToken property, CloudFormation will automatically create and manage the custom resource.
D. Create a custom resource in the CloudFormation template. In its RequestId property, specify the name of the Lambda function to associate it with the custom resource.
This option is not valid because the RequestId property is not a valid property for a custom resource in CloudFormation.
E. Manually trigger the Lambda function and store its output in the Systems Manager Parameter Store. Modify the CloudFormation template to get the latest AMI ID from Parameter store.
This option is not the best way to fetch the updated AMIs automatically because it still requires manual intervention to trigger the Lambda function and store its output in the Systems Manager Parameter Store. Also, it adds unnecessary complexity to the CloudFormation template by requiring it to get the latest AMI ID from the Parameter store instead of directly invoking the Lambda function.