Which action should the SysOps administrator take before deleting the AWS CloudFormation stack?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A SysOps administrator has used AWS CloudFormation to deploy a serverless application into a production VPC.The application consists of an AWS Lambda function, an Amazon DynamoDB table, and an Amazon API Gateway API.The SysOps administrator must delete the AWS CloudFormation stack without deleting the DynamoDB table.

Which action should the SysOps administrator take before deleting the AWS CloudFormation stack?

Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack.

Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.

Enable termination protection on the AWS CloudFormation stack.

Update the application’s IAM policy with a Deny statement for the dynamodb:DeleteTable action.

Explanations:

Adding a Retain deletion policy to the DynamoDB resource in the CloudFormation stack ensures that the DynamoDB table will not be deleted when the stack is deleted. The Retain policy preserves the resource even if the stack is deleted.

There is no Snapshot deletion policy for DynamoDB tables. While snapshots are relevant for some AWS resources (like RDS), they do not apply to DynamoDB in this context.

Enabling termination protection on the CloudFormation stack prevents the entire stack from being deleted. It does not specifically address the need to retain the DynamoDB table while deleting other resources.

Updating the IAM policy to deny thedynamodb:DeleteTableaction does not prevent CloudFormation from deleting the table. CloudFormation will ignore the IAM policy during stack deletion and still delete resources unless a Retain policy is set.

Leave a Reply

Your email address will not be published. Required fields are marked *

seven + seventeen =