Your team needs to create CloudFormation stacks for multiple web applications.
There are some common AWS resources that are used by most applications such as security groups.
These resources are not frequently modified after being created.
You want to manage these common AWS resources separately and other application stacks can easily reuse them when needed.
How would you achieve this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - A.
Option A is CORRECT because after a stack exports its output values, other stacks can import them through the Fn::ImportValue function.
This method is useful when certain AWS resources in a stack are frequently used by other stacks.
Option B is incorrect because Fn::GetAttr is not the correct function to import the exported values from other stacks.
Fn::ImportValue should be used.
Option C is incorrect because nested stacks are suitable when you want to use a single stack to manage all the resources.
In this question, the information is shared between different stacks so the stack should export its values for others to use.
Option D is incorrect because “Import resources into stack” is used for moving resources between CloudFormation stacks.
It is not suitable to be used here.
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html, https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-imports.htmlThe best way to manage common AWS resources such as security groups is to create a separate CloudFormation stack to manage them. This approach allows other application stacks to easily reuse these resources when needed.
Option A is the correct answer. You can use a CloudFormation stack to create these resources and export the output values. Other CloudFormation stacks can import the resources through the Fn::ImportValue function.
Here is how this approach works:
Create a separate CloudFormation stack to manage the common AWS resources. This stack can include resources such as security groups, IAM roles, and VPC configurations.
Export the output values of the resources you want to reuse in other CloudFormation stacks using the Export keyword. For example, you can export the Security Group ID as follows:
yamlResources: CommonSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: common-security-group Description: Common security group VpcId: vpc-12345678 Export: Name: CommonSecurityGroupID Value: Fn::GetAtt: - CommonSecurityGroup - GroupId
yamlResources: EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: ami-0123456789abcdef InstanceType: t2.micro SecurityGroupIds: - Fn::ImportValue: CommonSecurityGroupID
By using this approach, you can easily manage and reuse common AWS resources across multiple CloudFormation stacks. This simplifies the deployment process and helps ensure consistency and security across your infrastructure.