AWS Certified Solutions Architect – Professional (SAP-C02) — Question 86

A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also be deleted.

How can the company prevent users from accidentally deleting data in this way?

Answer options

• A. Modify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources.
• B. Configure a stack policy that disallows the deletion of RDS and EBS resources.
• C. Modify IAM policies lo deny deleting RDS and EBS resources that are tagged with an "aws:cloudformation:stack-name" tag.
• D. Use AWS Config rules to prevent deleting RDS and EBS resources.

Correct answer: A

Explanation

The correct answer is A because adding a DeletionPolicy attribute to the resources in the CloudFormation templates ensures that these resources are retained even if the stack is deleted. Option B is incorrect because stack policies do not prevent the deletion of resources with DeletionPolicy attributes. Option C is not effective as IAM policies do not control resource deletion based on tags in this scenario. Option D does not directly address the issue of stack deletion affecting RDS and EBS resources.