AWS Certified Developer – Associate — Question 346

A company’s developer has deployed an application in AWS by using AWS CloudFormation. The CloudFormation stack includes parameters in AWS Systems Manager Parameter Store that the application uses as configuration settings. The application can modify the parameter values.

When the developer updated the stack to create additional resources with tags, the developer noted that the parameter values were reset and that the values ignored the latest changes made by the application. The developer needs to change the way the company deploys the CloudFormation stack. The developer also needs to avoid resetting the parameter values outside the stack.

Which solution will meet these requirements with the LEAST development effort?

Answer options

• A. Modify the CloudFormation stack to set the deletion policy to Retain for the Parameter Store parameters.
• B. Create an Amazon DynamoDB table as a resource in the CloudFormation stack to hold configuration data for the application. Migrate the parameters that the application is modifying from Parameter Store to the DynamoDB table.
• C. Create an Amazon RDS DB instance as a resource in the CloudFormation stack. Create a table in the database for parameter configuration. Migrate the parameters that the application is modifying from Parameter Store to the configuration table.
• D. Modify the CloudFormation stack policy to deny updates on Parameter Store parameters.

Correct answer: D

Explanation

Applying a CloudFormation stack policy that denies updates to the Parameter Store parameters is the most efficient solution because it prevents CloudFormation from overwriting those resources during subsequent stack updates without requiring any application code changes. Setting a deletion policy to Retain only protects resources during stack deletion, not during stack updates. Migrating the data to Amazon DynamoDB or Amazon RDS would require substantial development effort to redesign the application's configuration management logic.