ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 983 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 983
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company uses an AWS CloudFormation template to deploy an Amazon Elastic Container Service (Amazon ECS) service into a production environment. The template includes an Amazon S3 bucket that is named by using a common prefix with the CloudFormation stack name.

The company uses the same template to create temporary environments for development and continuous integration. Developers can create environments successfully, but they receive errors from CloudFormation when they attempt to delete the environments. The developers often need to delete and recreate stacks with the same names as part of the development and testing process.

Which combination of steps should a solutions architect take to modify the solution to resolve this issue? (Choose two.)

  • A. Associate an AWS Lambda function with a CloudFormation custom resource to delete all keys that are present in a given S3 bucket. Implement this custom resource as part of the application's CloudFormation template.
  • B. Modify the S3 bucket resource in the CloudFormation template by specifying Delete for the DeletionPolicy attribute. Specify the CAPABILITY_DELETE_NONEMPTY capability to process CloudFormation delete operations.
  • C. Modify the S3 bucket resource in the CloudFormation template by specifying Retain for the DeletionPolicy attribute. Configure an AWS Config custom rule to run every 24 hours to identify, empty, and delete buckets that are no longer owned by a CloudFormation stack.
  • D. Ensure that CloudFormation operations are being invoked by a role that has s3:DeleteObject permissions on all objects in the bucket.
  • E. Modify the S3 bucket resource in the CloudFormation template to configure a bucket policy that grants s3:DeleteObject permissions on all objects in the bucket.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by TajSidKazi at March 20, 2023, 11 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kaws8902
1 year, 5 months ago
Confused: how can you run Custom resource only on deletion? Does not make sense to delete all objects when the Stack is first created. Lambda runs with an Execution role, so you need a bucket policy to allow deletes. CloudFormation role will not be effective.
upvoted 1 times
...
ggrodskiy
1 year, 10 months ago
Correct AD
upvoted 2 times
...
hobokabobo
2 years, 1 month ago
Selected Answer: AD
Afaik there is no way to delete non empty buckets with cloudformation. IT will complain. To work around you need a Lambda to delete the objects in the bucket before deleting the bucket. See for explanation: https://stackoverflow.com/questions/40383470/can-i-force-cloudformation-to-delete-non-empty-s3-bucket
upvoted 2 times
...
TajSidKazi
2 years, 2 months ago
BD Option B specifies that the DeletionPolicy attribute for the S3 bucket resource in the CloudFormation template should be set to Delete. This will enable CloudFormation to delete the S3 bucket and all of its contents when the stack is deleted. The CAPABILITY_DELETE_NONEMPTY capability allows CloudFormation to delete non-empty S3 buckets. Option D specifies that the CloudFormation operations should be invoked by a role that has s3:DeleteObject permissions on all objects in the bucket. This will ensure that CloudFormation can delete all objects in the S3 bucket before deleting the bucket itself.
upvoted 4 times
Jesuisleon
2 years ago
I didn't find CAPABILITY_DELETE_NONEMPTY option, would you add link to prove yourself ?
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel