ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 777 discussion

Exam question from Amazon's AWS-SysOps
Question #: 777
Topic #: 1
[All AWS-SysOps Questions]

A SysOps Administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Choose two.)

  • A. The template referenced an IAM user that is not available in eu-west-1
  • B. The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1
  • C. The template did not have the proper level of permissions to deploy the resources
  • D. The template requested services that do not exist in eu-west-1
  • E. CloudFormation templates can be used only to update existing services
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by nicat at May 8, 2020, 3:53 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nicat
Highly Voted 2 years, 11 months ago
B. The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1 D. The template requested services that do not exist in eu-west-1
upvoted 12 times
...
Golddust
Highly Voted 2 years, 10 months ago
We can confirm with 100% certainty that A and E is NOT correct. That leaves BC and D which in my opinion would be possible. We know AMI's is per region so I will select that one. I will toss a coin between C and D. C: Possible that he does not have permission even though he is a "SysOps Admin" D: Also possible that a specific service is not available in Region. Also slim chance since most services is available in eu-west-1. (Doubt that is part of the actual question) Now that I read through it again. C states the "template" did not have the proper level of permission to deploy the resources... Wondering if you need to assign permissions to the template? https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html I do not see here references that permissions gets assigned to a template but rather to users that deploy the template. I am going on a limb and say B and D. If someone can confirm that would be great.
upvoted 5 times
wahlbergusa
2 years, 9 months ago
You assign the role that the template will use when deploying the resources. Good read => https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html Although at first I thought of B and C; after reading Cloudformation service roles again it should be B and D.
upvoted 1 times
...
...
albert_kuo
Most Recent 1 year, 1 month ago
Selected Answer: BD
B. The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1. When launching instances using CloudFormation templates, if the template specifies an AMI that is not available in the target region (eu-west-1 in this case), the deployment will fail. Each AWS region has its own set of AMIs, and AMIs are not automatically available in all regions. You need to ensure that the template references an AMI that exists in the desired region. D. The template requested services that do not exist in eu-west-1. If the CloudFormation template requests AWS services that are not available in the target region (eu-west-1), the deployment will fail. Each AWS region has a specific set of services available, and not all services are available in every region. You should check the AWS Regional Services List to verify if the required services are available in eu-west-1.
upvoted 1 times
...
gulu73
1 year, 6 months ago
Selected Answer: BD
Correct B & D
upvoted 1 times
...
studentbelfort
2 years, 9 months ago
Verify the availability of your resource type 1. Verify that your resource is available in your AWS Region. Not all resource types are available in every AWS Region. For example, the resource type AWS::WAFRegional::IPSet in the following JSON and YAML templates is currently unavailable in ap-south-1. These templates result in the following error: "Unrecognized resource types: [XXXXXXXX]." https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-template-validation/
upvoted 1 times
...
alexsandroe
2 years, 9 months ago
BD, BD, BD,
upvoted 1 times
...
RicardoD
2 years, 9 months ago
B | D are the answers
upvoted 1 times
...
PKss
2 years, 9 months ago
I'll go with B,D
upvoted 1 times
...
abhishek_m_86
2 years, 9 months ago
B. The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1 D. The template requested services that do not exist in eu-west-1
upvoted 2 times
...
jackdryan
2 years, 9 months ago
I'll go with B,D
upvoted 1 times
...
weril
2 years, 9 months ago
it's BD. C - cannot be you can create own policy/roles in the template to deploy it in AWS
upvoted 2 times
...
waterzhong
2 years, 9 months ago
Correct B and C. Templates are not dependent on services but need right permission to deploy.
upvoted 1 times
MrCarter
2 years, 9 months ago
Nope. If he has permissions to deploy in the east he can deploy in the west. It is the same account. Correct is B and D
upvoted 1 times
...
...
rewiga
2 years, 10 months ago
C is wrong. Templates don't have permissions.
upvoted 2 times
...
MrKhan
2 years, 10 months ago
The question came in my exam and answer is BC correct one.
upvoted 2 times
...
Abrar01
2 years, 10 months ago
Correct B and C. Templates are not dependent on services but need right permission to deploy.
upvoted 5 times
...
AWS_Noob
2 years, 11 months ago
B & D ?
upvoted 4 times
Phil31
2 years, 10 months ago
B for sure And agree too for the D. From my experience several services available in eu-west-1 are not available in eu-west-3, so a cloudformation template imported from eu-west-1 to eu-west-3 that call one more service unvailable in eu-west-3 will encounter the same issue
upvoted 2 times
...
AWSvad
2 years, 10 months ago
Makes sense. An Administrator account should not have issues deploying CloudFormation templates in other regions. Any other feedback is welcome though.
upvoted 3 times
lemist
2 years, 9 months ago
A service role is an AWS Identity and Access Management (IAM) role that allows AWS CloudFormation to make calls to resources in a stack on your behalf. You can specify an IAM role that allows AWS CloudFormation to create, update, or delete your stack resources. By default, AWS CloudFormation uses a temporary session that it generates from your user credentials for stack operations. If you specify a service role, AWS CloudFormation uses that role's credentials.
upvoted 1 times
...
...
AWSum1
2 years, 10 months ago
+1 for B & D, My reason being. If there was a permissions error, how did the stack partially deploy? "By default, the “automatic rollback on error” feature is enabled. This will cause all AWS resources that AWS CloudFormation created successfully for a stack up to the point where an error occurred to be deleted. This is useful when, for example, you accidentally exceed your default limit of Elastic IP addresses, or you don’t have access to an EC2 AMI you’re trying to run. This feature enables you to rely on the fact that stacks are either fully created, or not at all, which simplifies system administration and layered solutions built on top of AWS CloudFormation." https://aws.amazon.com/cloudformation/faqs/
upvoted 8 times
...
kung07
2 years, 10 months ago
agree, templates as such don't have permissions (the users/roles that execute them have)
upvoted 1 times
...
Load full discussion...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel