AWS CloudFormation stack updates allow you to modify existing infrastructure resources by updating the stack template or parameters. When you need to change your deployed resources, CloudFormation provides a controlled and predictable way to implement these modifications.
There are two primary upd…AWS CloudFormation stack updates allow you to modify existing infrastructure resources by updating the stack template or parameters. When you need to change your deployed resources, CloudFormation provides a controlled and predictable way to implement these modifications.
There are two primary update methods available. The first is a standard update, where CloudFormation compares your new template with the existing stack and determines what changes are necessary. The second is a change set, which previews the proposed modifications before execution, allowing you to review potential impacts on your resources.
Stack updates follow specific behaviors based on the resource type and property being modified. Some changes result in no interruption, meaning the resource continues operating while the update occurs. Other changes require replacement, where CloudFormation creates a new resource, updates dependencies, and then removes the old resource.
Stack policies provide an additional layer of protection during updates. These JSON documents specify which resources can be modified and by whom, preventing accidental changes to critical infrastructure components like production databases.
Rollback behavior is crucial for maintaining system stability. If an update fails, CloudFormation automatically reverts to the previous known working state. You can configure rollback triggers based on CloudWatch alarms to monitor for issues during the update process.
Drift detection helps identify when stack resources have been modified outside of CloudFormation. Running drift detection before updates ensures your template accurately reflects the current state of resources.
Best practices include using change sets to preview modifications, implementing stack policies for critical resources, testing updates in non-production environments first, and maintaining version control for your templates. Additionally, nested stacks can simplify updates for complex architectures by allowing modular template management.
Understanding update behaviors for each resource type is essential for the SysOps Administrator exam, as questions often focus on predicting outcomes when specific properties are modified.
CloudFormation stack updates are a critical skill for AWS SysOps Administrators because they enable you to modify your infrastructure safely and predictably. In production environments, you need to make changes to resources while minimizing downtime and avoiding unintended consequences. Understanding how updates work helps you maintain infrastructure stability and pass the certification exam.
What Are CloudFormation Stack Updates?
A CloudFormation stack update is the process of modifying an existing stack by submitting changes to the template or parameter values. When you update a stack, CloudFormation compares the changes and determines which resources need to be modified, replaced, or remain unchanged.
There are two main types of updates:
Update with No Interruption: The resource is updated with no disruption to its operation and no change to its physical ID.
Update with Some Interruption: The resource experiences some interruption during the update but retains its physical ID.
Replacement: CloudFormation creates a new resource with a new physical ID, then deletes the old resource.
How CloudFormation Stack Updates Work
1. Change Sets Before applying updates, you can create a change set to preview how proposed changes will affect your running resources. Change sets show you: - Which resources will be added - Which resources will be modified - Which resources will be removed - Whether changes require interruption or replacement
2. Update Behaviors Each resource property has an update behavior documented in AWS: - No Interruption: Updates applied with zero downtime (e.g., changing tags) - Some Interruption: Brief service disruption (e.g., changing instance type requires stop/start) - Replacement: New resource created (e.g., changing EC2 instance AMI)
3. Stack Policies Stack policies protect critical resources from unintentional updates. You define a JSON policy that specifies which resources can or cannot be updated. By default, all resources can be updated, but once you apply a stack policy, all resources are protected unless you explicitly allow updates.
4. Rollback Configuration If a stack update fails, CloudFormation automatically rolls back to the previous known working state. You can configure: - Rollback triggers based on CloudWatch alarms - Monitoring time to watch for failures after update completion
5. Update Methods - Direct Update: Submit changes and CloudFormation updates the stack - Change Set: Preview changes before executing them
Key Concepts for the Exam
DeletionPolicy Attribute: Controls what happens to a resource when it is removed from a stack or the stack is deleted: - Delete: Resource is deleted (default behavior) - Retain: Resource is kept after stack deletion - Snapshot: Creates a snapshot before deletion (supported for EBS, RDS, Redshift)
UpdatePolicy Attribute: Specifies how CloudFormation handles updates to Auto Scaling groups, Lambda aliases, and ElasticCache replication groups. For Auto Scaling groups, you can configure: - AutoScalingRollingUpdate - AutoScalingReplacingUpdate - AutoScalingScheduledAction
DependsOn Attribute: Ensures resources are created or updated in a specific order.
Exam Tips: Answering Questions on CloudFormation Stack Updates
Tip 1: Know When Replacement Occurs Questions often test whether you understand which property changes cause replacement. Remember that changing an EC2 instance AMI, RDS engine, or any property that defines the fundamental nature of a resource typically requires replacement.
Tip 2: Change Sets Are for Preview When a question asks about safely reviewing changes before applying them, the answer involves change sets. Change sets let you see the impact of updates before execution.
Tip 3: Stack Policies Protect Resources If a question mentions preventing accidental updates to production databases or critical resources, think stack policies. Remember that stack policies are different from IAM policies.
Tip 4: Understand Rollback Behavior By default, CloudFormation rolls back the entire stack update if any resource fails to update. Know that you can disable rollback for troubleshooting purposes.
Tip 5: DeletionPolicy for Data Protection Questions about preserving data during stack updates or deletions point to DeletionPolicy. Use Retain for resources you want to keep and Snapshot for stateful resources like databases.
Tip 6: UpdatePolicy for Auto Scaling Questions about rolling updates or maintaining availability during Auto Scaling group updates require UpdatePolicy with AutoScalingRollingUpdate configuration.
Tip 7: Drift Detection CloudFormation drift detection identifies resources that have been modified outside of CloudFormation. If a question asks about finding manual changes to stack resources, drift detection is the answer.
Tip 8: Nested Stacks When updating nested stacks, changes propagate from the root stack. The parent stack must be updated to trigger updates in nested stacks.
Common Exam Scenarios
- Scenario asking how to update an Auto Scaling group with zero downtime: Use UpdatePolicy with AutoScalingRollingUpdate - Scenario about keeping an RDS database after stack deletion: Use DeletionPolicy: Retain or DeletionPolicy: Snapshot - Scenario about preventing changes to a specific resource: Implement a stack policy - Scenario about understanding update impact before applying: Create a change set - Scenario about resources modified outside CloudFormation: Use drift detection