0
0
AWScloud~20 mins

Resources section in AWS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
CloudFormation Resources Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding AWS CloudFormation Resources Section
In AWS CloudFormation, what is the primary purpose of the Resources section in a template?
ATo set conditions that control whether certain resources are created.
BTo specify the output values that the stack will return after creation.
CTo declare parameters that users must input when launching the stack.
DTo define the AWS infrastructure components like EC2 instances, S3 buckets, and IAM roles that will be created or updated.
Attempts:
2 left
💡 Hint

Think about where you describe the actual AWS services you want to build.

Configuration
intermediate
2:00remaining
Identifying a Valid Resource Definition in CloudFormation
Which of the following Resources section snippets will successfully create an S3 bucket with versioning enabled?
A
MyBucket:
  Type: AWS::S3::Bucket
  Properties:
    VersioningConfiguration:
      Status: Enabled
B
MyBucket:
  Type: AWS::S3::Bucket
  Properties:
    Versioning:
      Enabled: true
C
MyBucket:
  Type: AWS::S3::Bucket
  Properties:
    VersioningConfiguration:
      Status: True
D
MyBucket:
  Type: AWS::S3::Bucket
  Properties:
    VersioningConfiguration:
      State: Enabled
Attempts:
2 left
💡 Hint

Check the exact property names and values required by AWS for enabling versioning.

Architecture
advanced
2:00remaining
Choosing the Correct Resource Dependency Configuration
You have two resources in your CloudFormation template: an EC2 instance and an EBS volume. The EC2 instance must be created only after the EBS volume is ready. Which resource property correctly enforces this dependency?
APlace the EC2 instance resource before the EBS volume resource in the template.
BUse the Condition section to create the EC2 instance only if the EBS volume exists.
CAdd a DependsOn attribute to the EC2 instance resource referencing the EBS volume resource name.
DSet the EBS volume's Properties to include the EC2 instance's ID.
Attempts:
2 left
💡 Hint

Think about how CloudFormation controls creation order explicitly.

security
advanced
2:00remaining
Securing an IAM Role Resource in CloudFormation
Which of the following Resources section snippets correctly defines an IAM role with a policy that allows only read access to S3 buckets?
A
MyRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Statement:
        - Effect: Allow
          Principal:
            Service: ec2.amazonaws.com
          Action: sts:AssumeRole
    Policies:
      - PolicyName: ReadS3
        PolicyDocument:
          Statement:
            - Effect: Allow
              Action:
                - s3:GetObject
                - s3:ListBucket
              Resource: '*'
B
MyRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Statement:
        - Effect: Allow
          Principal:
            Service: ec2.amazonaws.com
          Action: sts:AssumeRole
    Policies:
      - PolicyName: ReadS3
        PolicyDocument:
          Statement:
            - Effect: Allow
              Action: s3:*
              Resource: '*'
C
MyRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Statement:
        - Effect: Deny
          Principal:
            Service: ec2.amazonaws.com
          Action: sts:AssumeRole
    Policies:
      - PolicyName: ReadS3
        PolicyDocument:
          Statement:
            - Effect: Allow
              Action:
                - s3:GetObject
                - s3:ListBucket
              Resource: '*'
D
MyRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Statement:
        - Effect: Allow
          Principal:
            Service: lambda.amazonaws.com
          Action: sts:AssumeRole
    Policies:
      - PolicyName: ReadS3
        PolicyDocument:
          Statement:
            - Effect: Allow
              Action:
                - s3:GetObject
                - s3:ListBucket
              Resource: '*'
Attempts:
2 left
💡 Hint

Check the service principal and the actions allowed in the policy.

service_behavior
expert
2:00remaining
Predicting CloudFormation Stack Behavior with Resource Updates
You update a CloudFormation template's Resources section by changing the InstanceType property of an EC2 instance resource from t2.micro to t3.micro. What will CloudFormation do when you update the stack?
ACloudFormation will fail the update with a validation error due to incompatible instance types.
BCloudFormation will replace the EC2 instance by creating a new one with the new instance type and deleting the old one.
CCloudFormation will ignore the change because instance type is not an updatable property.
DCloudFormation will perform an in-place update of the EC2 instance, changing the instance type without replacement.
Attempts:
2 left
💡 Hint

Consider whether changing instance type requires replacement or can be updated in place.