AWS Certified Solutions Architect – Professional — Question 891

A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also be deleted.
How can the company prevent users from accidentally deleting data in this way?

Answer options

• A. Modify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources.
• B. Configure a stack policy that disallows the deletion of RDS and EBS resources.
• C. Modify IAM policies to deny deleting RDS and EBS resources that are tagged with an ג€aws:cloudformation:stack-nameג€ tag.
• D. Use AWS Config rules to prevent deleting RDS and EBS resources.

Correct answer: A

Explanation

The DeletionPolicy attribute in AWS CloudFormation allows you to preserve or back up a resource when its associated stack is deleted, making it the correct way to protect Amazon RDS and Amazon EBS data. Stack policies only prevent resources from being accidentally updated or deleted during stack updates, not during a full stack deletion. IAM policies and AWS Config rules do not natively control CloudFormation's behavior during a stack deletion process in this scenario.