Explanation:
When a CloudFormation stack deletion fails because a resource (like a security group) is still being referenced by other resources outside the stack, the standard procedure is to retry the deletion. During the retry, CloudFormation allows you to select the problematic resources to "Retain." This removes the resource from the stack's management and allows the stack deletion to complete successfully without actually deleting the physical resource that is still in use. Options A and B involve significant manual effort or won't solve the dependency issue, while drift detection (D) is used for identifying changes made outside of CloudFormation, not for resolving deletion failures.
Ultimate access to all questions.
Question 1
A company uses AWS CloudFormation to deploy its infrastructure. The company recently retired an application. A cloud operations engineer initiates CloudFormation stack deletion, and the stack gets stuck in DELETE_FAILED status.
A SysOps administrator discovers that the stack had deployed a security group. The security group is referenced by other security groups in the environment. The SysOps administrator needs to delete the stack without affecting other applications.
Which solution will meet these requirements in the MOST operationally efficient manner?
A
Create a new security group that has a different name. Apply identical rules to the new security group. Replace all other security groups that reference the new security group. Delete the stack.
B
Create a CloudFormation change set to delete the security group. Deploy the change set.
C
Delete the stack again. Specify that the security group be retained.
D
Perform CloudFormation drift detection. Delete the stack.
No comments yet.