AWS Certified Solutions Architect – Associate (SAA-C02) — Question 662

A company hosts a web-based application on AWS in a departmental level VPC. The company has used AWS CloudFormation stacks to provision all the required resources in the AWS Cloud. The company needs to migrate this application to the company level VPC. The application and network components need to be managed as separate entities. Before the company implements changes, the company wants to understand how the changes will affect resources that are already running.
Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

Answer options

• A. Perform drift detection on the CloudFormation stacks to track the changes.
• B. Enable AWS Config to track the changes to the CloudFormation stacks.
• C. Create change sets before updating the CloudFormation stacks.
• D. Create a CloudFormation root stack that has two nested stacks: one stack for the application layer and one stack for the network layer.
• E. Create a CloudFormation cross-stack reference. Export company level VPC stack outputs. Import the stack outputs into the application stack.

Correct answer: C, E

Explanation

Creating CloudFormation change sets (Option C) allows the architect to preview how proposed stack changes will impact currently running resources before executing the update. To manage the network and application components as separate entities, using cross-stack references (Option E) to export corporate VPC details and import them into the application stack is the best approach, whereas nested stacks (Option D) keep the lifecycles tightly coupled. Drift detection (Option A) and AWS Config (Option B) are for tracking post-deployment changes and compliance, rather than previewing planned changes or decoupling infrastructure components.