Recovering a Stack from Resource Drift: Best Practices | AWS Certified DevOps Engineer - Professional Exam Preparation

Recovering a Stack from Resource Drift: Best Practices

Prev Question Next Question

Question

You have been assigned to a project to solve a resource drift problem.

You have to recover a stack from not being able to reach a normal state.

What statement better describes how to proceed in this scenario?

Answers

A. When an AWS CloudFormation stack goes into the UPDATE_ROLLBACK_FAILED state you can try to make underlying account changes outside the scope of the stack to re-synchronize the stack with the expectation and then perform a ContinueUpdateRollback action with the ResourcesToSkip request parameter to let AWS CloudFormation set the status of the specified resources to UPDATE_COMPLETE and continue to roll back the stack. Also, if when trying to delete the stack a DELETE_FAILED state is reached, you can perform a DeleteStack action with the RetainResources request parameter to delete the stack while retaining resources failed to delete.

B. Protect the stack from being deleted via UpdateTerminationProtection action. Then perform a ContinueUpdateRollback action with the ResourcesToSkip request parameter to let AWS CloudFormation set the status of the specified resources to UPDATE_COMPLETE and continue to roll back the stack. A DeleteStack action with the RetainResources request parameter is no longer necessary.

C. When an AWS CloudFormation stack goes into the UPDATE_ROLLBACK_FAILED state, you can try to make underlying account changes outside the scope of the stack to re-synchronize the stack with the expectation and then perform a ContinueUpdateRollback action with the ResourcesToSkip request parameter to let AWS CloudFormation set the status of the specified resources to UPDATE_COMPLETE and continue to roll back the stack. Protect the stack from being deleted via UpdateTerminationProtection action. A DeleteStack action with the RetainResources request parameter is no longer necessary.

D. Protect the stack from being deleted via UpdateTerminationProtection action. Then perform a ContinueUpdateRollback action with the ResourcesToSkip request parameter to let AWS CloudFormation set the status of the specified resources to UPDATE_COMPLETE and continue to roll back the stack. Also, if when trying to delete the stack a DELETE_FAILED state is reached, you can perform a DeleteStack action with the RetainResources request parameter to delete the stack while retaining resources failed to delete.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A.

This is a scenario of a resource drift problem.

Even though it is possible to use drift detection in an AWS CloudFormation stack, solutions for a UPDATE_ROLLBACK_FAILED state could be manual changes to later re-synchronize to try a ContinueUpdateRollback action or just deleting the stack.

Incorrect Answers:

Options B, C, D are incorrect because protecting the stack from being deleted is not the right (if even relevant) way to proceed in a resource drift problem.

References:

https://go.aws/2YWd7Iu https://amzn.to/2YOVIS1

Sure, I'd be happy to help you understand the scenario and the options provided in the question.

Scenario: You have been assigned to a project to solve a resource drift problem. The problem has caused a CloudFormation stack to enter an UPDATE_ROLLBACK_FAILED state, which means the stack was not able to reach a normal state. You need to recover the stack to the expected state.

Option A: This option suggests making changes to the underlying AWS account outside of the CloudFormation stack to synchronize it with the expected state. Then perform a ContinueUpdateRollback action with the ResourcesToSkip request parameter to set the status of specified resources to UPDATE_COMPLETE and continue to roll back the stack. Additionally, if a DELETE_FAILED state is reached when trying to delete the stack, perform a DeleteStack action with the RetainResources request parameter to delete the stack while retaining the resources that failed to delete.

Option B: This option suggests protecting the stack from being deleted using the UpdateTerminationProtection action. Then, perform a ContinueUpdateRollback action with the ResourcesToSkip request parameter to set the status of specified resources to UPDATE_COMPLETE and continue to roll back the stack. A DeleteStack action with the RetainResources request parameter is no longer necessary.

Option C: This option combines options A and B, suggesting making changes outside the stack to synchronize it with the expected state, protecting the stack from deletion, and performing a ContinueUpdateRollback action with the ResourcesToSkip request parameter.

Option D: This option suggests protecting the stack from deletion using the UpdateTerminationProtection action. Then, perform a ContinueUpdateRollback action with the ResourcesToSkip request parameter to set the status of specified resources to UPDATE_COMPLETE and continue to roll back the stack. Additionally, if a DELETE_FAILED state is reached when trying to delete the stack, perform a DeleteStack action with the RetainResources request parameter to delete the stack while retaining the resources that failed to delete.

Explanation: The CloudFormation stack is a collection of AWS resources that can be managed as a single unit. A stack can enter the UPDATE_ROLLBACK_FAILED state if it cannot be updated to the expected state due to an error. In this scenario, the stack is not able to reach a normal state due to resource drift. Resource drift happens when the actual state of resources in the AWS account does not match the expected state defined in the CloudFormation template.

Option A suggests making changes outside the scope of the CloudFormation stack to synchronize the resources with the expected state. This can help to eliminate the resource drift. Then, the ContinueUpdateRollback action with the ResourcesToSkip request parameter can be used to set the status of specified resources to UPDATE_COMPLETE and continue to roll back the stack. This can help to recover the stack to the expected state. If the stack cannot be deleted due to DELETE_FAILED state, the DeleteStack action with the RetainResources request parameter can be used to delete the stack while retaining the resources that failed to delete.

Option B suggests protecting the stack from deletion using the UpdateTerminationProtection action. This can prevent the stack from being accidentally deleted. Then, the ContinueUpdateRollback action with the ResourcesToSkip request parameter can be used to set the status of specified resources to UPDATE_COMPLETE and continue to roll back the stack. This can help to recover the stack to the expected state. A DeleteStack action with the RetainResources request parameter is no longer necessary because the stack is protected from being deleted.

Option C combines options A and B. It suggests making changes outside the CloudFormation stack to synchronize the resources with the expected state. It also suggests protecting the stack from deletion using the UpdateTerminationProtection action. Then, the ContinueUpdateRollback action with the ResourcesToSkip request parameter can be used to set the status of specified resources to UPDATE_COMPLETE

Prev Question Next Question