Answer-first summary for fast verification
Answer: Use Drift Detection feature of CloudFormation
Use Drift Detection feature of CloudFormation Drift detection enables you to detect whether a stack's actual configuration differs, or has drifted, from its expected configuration. Use CloudFormation to detect drift on an entire stack, or individual resources within the stack. A resource is considered to have drifted if any of its actual property values differ from the expected property values. This includes if the property or resource has been deleted. A stack is considered to have drifted if one or more of its resources have drifted. To determine whether a resource has drifted, CloudFormation determines the expected resource property values, as defined in the stack template and any values specified as template parameters. CloudFormation then compares those expected values with the actual values of those resource properties as they currently exist in the stack. A resource is considered to have drifted if one or more of its properties have been deleted, or had their value changed. You can then take corrective action so that your stack resources are again in sync with their definitions in the stack template, such as updating the drifted resources directly so that they agree with their template definition. Resolving drift helps to ensure configuration consistency and successful stack operations. Incorrect options: Use CloudFormation in Elastic Beanstalk environment to reduce direct changes to CloudFormation resources - Elastic Beanstalk environment provides full access to the resources created. So, it is possible to edit the resources and hence does not solve the issue mentioned for the given use case. Use Tag feature of CloudFormation to monitor the changes happening on specific resources - Tags help you identify and categorize the resources created as part of CloudFormation template. This feature is not helpful for the given use case. Use Change Sets feature of CloudFormation - When you need to update a stack, understanding how your changes will affect running resources before you implement them can help you update stacks with confidence. Change sets allow you to preview how proposed changes to a stack might impact your running resources, for example, whether your changes will delete or replace any critical resources, AWS CloudFormation makes the changes to your stack only when you decide to execute the change set, allowing you to decide whether to proceed with your proposed changes or explore other changes by creating another change set. Change sets are not useful for the given use-case.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An e-commerce company has leveraged AWS CloudFormation to implement Infrastructure as Code (IaC) across the organization, resulting in significantly reduced management efforts for maintaining resources as stacks. Despite these benefits, some teams have reported issues with stack updates failing due to out-of-band modifications made to the stack resources.
Which of the following is the most effective solution to ensure that the CloudFormation stack and its associated resources remain synchronized?
A
Use Drift Detection feature of CloudFormation
B
Use CloudFormation in Elastic Beanstalk environment to reduce direct changes to CloudFormation resources
C
Use Change Sets feature of CloudFormation
D
Use Tag feature of CloudFormation to monitor the changes happening on specific resources
No comments yet.