ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 3.1: Operational ExcellenceDeploymentCloudFormationReliability

AWS SAP-C02 · Question 73 · Domain 3.1: Operational Excellence

A development team is using AWS CloudFormation to manage their infrastructure. They frequently update a stack that contains an Amazon RDS database. Recently, a junior developer accidentally modified the database identifier in the CloudFormation template, which caused CloudFormation to replace (delete and recreate) the database, resulting in data loss. How can the Architect prevent this from happening again?

Answer options:

A.

Add a DeletionPolicy attribute with the value 'Retain' to the RDS database resource in the CloudFormation template.

B.

Enable Termination Protection on the CloudFormation stack.

C.

Use an AWS IAM policy to deny the 'rds:DeleteDBInstance' action for the CloudFormation execution role.

D.

Configure AWS Backup to take hourly snapshots of the RDS database.

How to approach this question

Identify the CloudFormation feature that protects individual resources from deletion during updates.

Full Answer

A.Add a DeletionPolicy attribute with the value 'Retain' to the RDS database resource in the CloudFormation template.✓ Correct
Add a DeletionPolicy attribute with the value 'Retain' to the RDS database resource in the CloudFormation template.
In AWS CloudFormation, certain updates to a resource (like changing the DB identifier) require the resource to be replaced. CloudFormation does this by creating a new resource and deleting the old one. To prevent accidental data loss, you should add the `DeletionPolicy: Retain` attribute to stateful resources like databases. If CloudFormation attempts to replace the resource, it will create the new one but leave the old one intact.

Common mistakes

Confusing Stack Termination Protection with Resource DeletionPolicy.
72All questions74

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A global enterprise is redesigning its AWS network architecture across 50 AWS accounts and 3 AWS ...HardQ02A company uses AWS Organizations to manage multiple accounts. The security team mandates that no ...MediumQ03A financial institution requires a disaster recovery strategy for its critical trading applicatio...HardQ04An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They nee...MediumQ05A company has a complex AWS environment with hundreds of linked accounts under AWS Organizations....Hard
View all 75 questions →