DVA-C02: How to Prevent Accidental Database Deletion with AWS CloudFormation

Learn how to use AWS CloudFormation attributes and policies to protect your database from being deleted by mistake. Discover two solutions that will help you avoid data loss and ensure business continuity.

Question

A development team maintains a web application by using a single AWS CloudFormation template. The template defines web servers and an Amazon RDS database. The team uses the Cloud Formation template to deploy the Cloud Formation stack to different environments.

During a recent application deployment, a developer caused the primary development database to be dropped and recreated. The result of this incident was a loss of data. The team needs to avoid accidental database deletion in the future.

Which solutions will meet these requirements? (Choose two.)

A. Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource.
B. Update the CloudFormation stack policy to prevent updates to the database.
C. Modify the database to use a Multi-AZ deployment.
D. Create a CloudFormation stack set for the web application and database deployments.
E. Add a Cloud Formation DeletionPolicy attribute with the Retain value to the stack.

Answer

A. Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource.
B. Update the CloudFormation stack policy to prevent updates to the database.

Explanation

The correct answers are A and B.

A. Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource. This solution will prevent the database from being deleted when the stack is deleted or updated. The DeletionPolicy attribute controls how CloudFormation handles the deletion of a resource. The Retain value means that CloudFormation keeps the resource but does not manage or delete it. This way, the database and its data will be preserved even if the stack is deleted or updated.

B. Update the CloudFormation stack policy to prevent updates to the database. This solution will prevent the database from being modified when the stack is updated. The stack policy is a JSON document that defines which actions can be performed on specified resources during a stack update. The developer can use the Deny effect to block any updates to the database resource. This way, the database and its data will be protected from accidental changes.

Option C is incorrect because modifying the database to use a Multi-AZ deployment will not prevent accidental database deletion. A Multi-AZ deployment is a configuration that enhances the availability and durability of a database by replicating it across multiple Availability Zones. However, it does not affect how CloudFormation handles the deletion of the database resource.

Option D is incorrect because creating a CloudFormation stack set for the web application and database deployments will not prevent accidental database deletion. A stack set is a collection of CloudFormation stacks that can be managed as a single unit across multiple accounts and Regions. However, it does not change how CloudFormation handles the deletion of individual resources within each stack.

Option E is incorrect because adding a CloudFormation DeletionPolicy attribute with the Retain value to the stack will not prevent accidental database deletion. The DeletionPolicy attribute can only be applied to individual resources, not to the entire stack.

The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.