AWS Certified SysOps Administrator – Associate — Question 379

A company uses AWS CloudFormation to deploy its infrastructure. The company recently retired an application. A cloud operations engineer initiates CloudFormation stack deletion, and the stack gets stuck in DELETE_FAILED status.

A SysOps administrator discovers that the stack had deployed a security group. The security group is referenced by other security groups in the environment. The SysOps administrator needs to delete the stack without affecting other applications.

Which solution will meet these requirements in the MOST operationally efficient manner?

Answer options

• A. Create a new security group that has a different name. Apply identical rules to the new security group. Replace all other security groups that reference the new security group Delete the stack.
• B. Create a CloudFormation change set to delete the security group. Deploy the change set.
• C. Delete the stack again. Specify that the security group be retained.
• D. Perform CloudFormation drift detection. Delete the stack.

Correct answer: C

Explanation

When a CloudFormation stack fails to delete due to an external dependency on one of its resources, such as a security group, the most efficient resolution is to retry the deletion and specify that the blocked resource should be retained. This allows CloudFormation to successfully delete all other resources and remove the stack while leaving the referenced security group intact. Other methods, like recreating security groups or deploying change sets, require unnecessary manual effort and do not resolve the primary blocker directly.